diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5694221 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + + - package-ecosystem: "cargo" + directory: "/" + schedule: + # Check for updates to cargo dependencies every week + interval: "weekly" + open-pull-requests-limit: 1 + allow: + - dependency-type: direct + - dependency-type: indirect + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "weekly" \ No newline at end of file diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 0000000..5b14da4 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,157 @@ +name: Coverage +on: + push: + branches: [coverage] + tags: + - "**" + pull_request: + branches: [coverage] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +jobs: + generate_coverage: + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + - uses: ilammy/setup-nasm@v1 + + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install LLVM and Clang + uses: KyleMayes/install-llvm-action@v1 + with: + version: "12.0.1" + directory: ${{ runner.temp }}/llvm + + - name: Install toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: rust-src, rustfmt, clippy, llvm-tools-preview + + - name: Run cargo install grcov + uses: actions-rs/cargo@v1 + with: + command: install + args: grcov + + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Check code + run: | + ./sh_script/build.sh -c + + - name: Install AFL (Linux) + uses: actions-rs/cargo@v1 + with: + command: install + args: --force --version 0.12.12 afl + if: runner.os == 'Linux' + + - name: Install Cargo-Fuzz (Linux) + uses: actions-rs/cargo@v1 + with: + command: install + args: cargo-fuzz + if: runner.os == 'Linux' + + - name: set core_pattern for core + run: | + sudo su - root </proc/sys/kernel/core_pattern + pushd /sys/devices/system/cpu + echo performance | tee cpu*/cpufreq/scaling_governor + popd + exit + EOF + if: runner.os == 'Linux' + + - name: cargo build + env: + LLVM_PROFILE_FILE: build-%p-%m.profraw + RUSTFLAGS: "-C instrument-coverage" + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + RUN_REQUESTER_FEATURES: "spdm-ring" + RUN_RESPONDER_FEATURES: "spdm-ring" + run: | + ./sh_script/build.sh -r + + - name: cargo build hashed-transcript-data + env: + LLVM_PROFILE_FILE: build-hashed-transcript-data-%p-%m.profraw + RUSTFLAGS: "-C instrument-coverage" + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + RUN_REQUESTER_FEATURES: "spdm-ring,hashed-transcript-data,async-executor" + RUN_RESPONDER_FEATURES: "spdm-ring,hashed-transcript-data,async-executor" + run: | + ./sh_script/build.sh -r + + - name: cargo build spdm-mbedtls + env: + LLVM_PROFILE_FILE: build-hashed-transcript-data-%p-%m.profraw + RUSTFLAGS: "-C instrument-coverage" + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + RUN_REQUESTER_FEATURES: "spdm-mbedtls,async-executor" + RUN_RESPONDER_FEATURES: "spdm-mbedtls,async-executor" + run: | + ./sh_script/build.sh -r + + - name: cargo build mbedtls hashed-transcript-data + env: + LLVM_PROFILE_FILE: build-hashed-transcript-data-%p-%m.profraw + RUSTFLAGS: "-C instrument-coverage" + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + RUN_REQUESTER_FEATURES: "spdm-mbedtls,hashed-transcript-data,async-executor" + RUN_RESPONDER_FEATURES: "spdm-mbedtls,hashed-transcript-data,async-executor" + run: | + ./sh_script/build.sh -r + + - name: Run fuzz hash-transcript-data + env: + FUZZ_HASH_TRANSCRIPT_DATA_FEATURE: true + run: | + ./sh_script/fuzz_run.sh -c Scoverage + + - name: Run fuzz + env: + FUZZ_HASH_TRANSCRIPT_DATA_FEATURE: false + run: | + ./sh_script/fuzz_run.sh -c Scoverage + + - name: Run tests and collect coverage + run: | + grcov $(find . -name "*.profraw") \ + --branch \ + --binary-path ./target/debug/ \ + -s . \ + -t html \ + --ignore-not-existing \ + -o coverage + grcov $(find . -name "*.profraw") \ + --branch \ + --binary-path ./target/debug/ \ + -s . \ + -t lcov \ + --ignore-not-existing \ + -o coverage/lcov.info + - uses: actions/upload-artifact@v4 + with: + name: coverage_data-${{ github.sha }} + path: coverage/ + - name: Upload coverage reports to Codecov with GitHub Action + uses: codecov/codecov-action@v3 + with: + files: coverage/lcov.info + fail_ci_if_error: false + verbose: true diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml new file mode 100644 index 0000000..8274c73 --- /dev/null +++ b/.github/workflows/deny.yml @@ -0,0 +1,28 @@ +name: deny +on: [push, pull_request] +jobs: + cargo-deny: + runs-on: ubuntu-latest + strategy: + matrix: + checks: + - sources + - bans + - advisories + + # Prevent sudden announcement of a new advisory from failing ci: + continue-on-error: ${{ matrix.checks == 'sources' }} + + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Apply patch + shell: bash + run: | + ./sh_script/pre-build.sh + + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check ${{ matrix.checks }} diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml new file mode 100644 index 0000000..45b3521 --- /dev/null +++ b/.github/workflows/format.yml @@ -0,0 +1,103 @@ +on: [push, pull_request] + +name: Nightly lints + +jobs: + clippy: + name: Clippy + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Apply patch + shell: bash + run: | + ./sh_script/pre-build.sh + - name: Install nightly toolchain with clippy available + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: clippy + + - name: Run cargo clippy + uses: actions-rs/cargo@v1 + with: + command: clippy + args: -- -D warnings -A clippy::only-used-in-recursion -A incomplete-features -A clippy::bad_bit_mask -A clippy::derivable_impls + + rustfmt: + name: Format + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Apply patch + shell: bash + run: | + ./sh_script/pre-build.sh + - name: Install nightly toolchain with rustfmt available + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: rustfmt + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Run cargo check + uses: actions-rs/cargo@v1 + with: + command: check + + - name: Run cargo fmt + uses: actions-rs/cargo@v1 + with: + command: fmt + args: --all -- --check + + combo: + name: Clippy + rustfmt + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Apply patch + shell: bash + run: | + ./sh_script/pre-build.sh + - name: Install nightly toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: rustfmt, clippy + + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Run cargo check + uses: actions-rs/cargo@v1 + with: + command: check + + - name: Run cargo fmt + uses: actions-rs/cargo@v1 + with: + command: fmt + args: --all -- --check + + - name: Run cargo clippy + uses: actions-rs/cargo@v1 + with: + command: clippy + args: -- -D warnings -A clippy::only-used-in-recursion -A incomplete-features -A clippy::bad_bit_mask -A clippy::derivable_impls \ No newline at end of file diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml new file mode 100644 index 0000000..c743cc5 --- /dev/null +++ b/.github/workflows/fuzz.yml @@ -0,0 +1,81 @@ +name: FUZZING CODE + +on: + push: + branches: [main] + pull_request: + branches: [main] + + workflow_dispatch: + +jobs: + fuzzing_test: + strategy: + matrix: + fuzz_hash_transcript_data_feature: [true, false] + fuzz_mut_auth_feature: [true, false] + + runs-on: ubuntu-22.04 + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + - name: install NASM + uses: ilammy/setup-nasm@v1 + + - name: Install LLVM and Clang + uses: KyleMayes/install-llvm-action@v1 + with: + version: "12.0.1" + directory: ${{ runner.temp }}/llvm + + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: rust-src, rustfmt, clippy, llvm-tools-preview + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Check code + run: | + ./sh_script/build.sh -c + + - name: Install AFL (Linux) + uses: actions-rs/cargo@v1 + with: + command: install + args: --force --version 0.12.17 afl + if: runner.os == 'Linux' + + - name: Install Cargo-Fuzz (Linux) + uses: actions-rs/cargo@v1 + with: + command: install + args: cargo-fuzz + if: runner.os == 'Linux' + - name: set core_pattern for core + run: | + sudo su - root </proc/sys/kernel/core_pattern + pushd /sys/devices/system/cpu + echo performance | tee cpu*/cpufreq/scaling_governor + popd + exit + EOF + if: runner.os == 'Linux' + + - name: Run fuzz + env: + FUZZ_HASH_TRANSCRIPT_DATA_FEATURE: ${{ matrix.fuzz_hash_transcript_data_feature }} + FUZZ_MUT_AUTH_FEATURE: ${{ matrix.fuzz_mut_auth_feature }} + run: | + ./sh_script/fuzz_run.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..468a883 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,91 @@ +# This is a basic workflow to help you get started with Actions + +name: RUN CODE + +# Controls when the action will run. +on: + # Triggers the workflow on push or pull request events but only for the master branch + push: + branches: [main] + pull_request: + branches: [main] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + strategy: + matrix: + runs-on: [ubuntu-latest] + run_requester_features: + [ + "spdm-ring,async-executor", + "spdm-ring,hashed-transcript-data,async-executor", + "spdm-mbedtls,async-executor", + "spdm-mbedtls,hashed-transcript-data,async-executor", + "spdm-ring,hashed-transcript-data,is_sync", + "spdm-ring,is_sync", + ] + run_responder_features: + [ + "spdm-ring,async-executor", + "spdm-ring,hashed-transcript-data,async-executor", + "spdm-mbedtls,async-executor", + "spdm-mbedtls,hashed-transcript-data,async-executor", + "spdm-ring,hashed-transcript-data,is_sync", + "spdm-ring,is_sync", + ] + include: + - runs-on: windows-latest + run_requester_features: "spdm-ring,hashed-transcript-data,async-executor" + run_responder_features: "spdm-ring,hashed-transcript-data,async-executor" + # The type of runner that the job will run on + runs-on: ${{ matrix.runs-on }} + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + - name: install NASM + uses: ilammy/setup-nasm@v1 + + - name: Install LLVM and Clang + uses: KyleMayes/install-llvm-action@v1 + with: + version: "12.0.1" + directory: ${{ runner.temp }}/llvm + + - name: Checkout sources + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: nightly-2023-08-28 + override: true + components: rust-src, rustfmt, clippy + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Build and Run test + shell: bash + env: + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + run: | + ./sh_script/build.sh -c + ./sh_script/build.sh + + - name: Requester-Responder test + shell: bash + env: + CC_x86_64_unknown_none: clang + AR_x86_64_unknown_none: llvm-ar + RUN_REQUESTER_FEATURES: ${{ matrix.run_requester_features }} + RUN_RESPONDER_FEATURES: ${{ matrix.run_responder_features }} + run: | + ./sh_script/build.sh -r diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..466b827 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +target +out/ +.vscode +*.swp +*.profraw diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..2c88aba --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "external/ring"] + path = external/ring + url = https://github.com/briansmith/ring.git +[submodule "external/webpki"] + path = external/webpki + url = https://github.com/briansmith/webpki.git diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..cfe7194 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2260 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "afl" +version = "0.12.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcb7c2f23f9a940474a22088ff3fe75bd2d7fdc6174be00c10e4f8611d23e745" +dependencies = [ + "clap", + "fs_extra", + "libc", + "rustc_version", + "tempfile", + "xdg", +] + +[[package]] +name = "aho-corasick" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783" +dependencies = [ + "memchr", +] + +[[package]] +name = "algorithm_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spdmlib-test", + "spin 0.9.8", +] + +[[package]] +name = "algorithm_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "android-tzdata" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "anstream" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f58811cfac344940f1a400b6e6231ce35171f614f26439e80f8c1465c5cc0c" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15c4c2c83f81532e5845a733998b6971faca23490340a418e9b72a3ec9de12ea" + +[[package]] +name = "anstyle-parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "938874ff5980b03a87c5524b3ae5b59cf99b1d6bc836848df7bc5ada9643c333" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +dependencies = [ + "windows-sys 0.48.0", +] + +[[package]] +name = "anstyle-wincon" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58f54d10c6dfa51283a066ceab3ec1ab78d13fae00aa49243a45e4571fb79dfd" +dependencies = [ + "anstyle", + "windows-sys 0.48.0", +] + +[[package]] +name = "async-recursion" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd55a5ba1179988837d24ab4c7cc8ed6efdeff578ede0416b4225a5fca35bd0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] + +[[package]] +name = "async-trait" +version = "0.1.73" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "backtrace" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "bindgen" +version = "0.65.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfdf7b466f9a4903edc73f95d6d2bcd5baf8ae620638762244d3f60143643cc5" +dependencies = [ + "bitflags 1.3.2", + "cexpr", + "clang-sys", + "lazy_static", + "lazycell", + "log", + "peeking_take_while", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn 2.0.31", + "which", +] + +[[package]] +name = "bit_field" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc827186963e592360843fb5ba4b973e145841266c1357f7180c43526f2e5b61" + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "bitflags" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" + +[[package]] +name = "bumpalo" +version = "3.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "bytes" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" + +[[package]] +name = "capability_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "capability_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + +[[package]] +name = "certificate_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "log", + "simple_logger", + "spin 0.9.8", +] + +[[package]] +name = "certificate_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "challenge_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "rand", + "spin 0.9.8", +] + +[[package]] +name = "challenge_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "chrono" +version = "0.4.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" +dependencies = [ + "android-tzdata", + "iana-time-zone", + "js-sys", + "num-traits", + "wasm-bindgen", + "windows-targets", +] + +[[package]] +name = "clang-sys" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "clap" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a13b88d2c62ff462f88e4a121f17a82c1af05693a2f192b5c38d14de73c19f6" +dependencies = [ + "clap_builder", +] + +[[package]] +name = "clap_builder" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2bb9faaa7c2ef94b2743a21f5a29e6f0010dff4caa69ac8e9d6cf8b6fa74da08" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_lex" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd7cc57abe963c6d3b9d8be5b06ba7c8957a930305ca90304f24ef040aa6f961" + +[[package]] +name = "cmake" +version = "0.1.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +dependencies = [ + "cc", +] + +[[package]] +name = "codec" +version = "0.2.2" + +[[package]] +name = "colorchoice" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" + +[[package]] +name = "colored" +version = "2.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2674ec482fbc38012cf31e6c42ba0177b431a0cb6f15fe40efa5aab1bda516f6" +dependencies = [ + "is-terminal", + "lazy_static", + "windows-sys 0.48.0", +] + +[[package]] +name = "conquer-once" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c6d3a9775a69f6d1fe2cc888999b67ed30257d3da4d2af91984e722f2ec918a" +dependencies = [ + "conquer-util", +] + +[[package]] +name = "conquer-util" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e763eef8846b13b380f37dfecda401770b0ca4e56e95170237bd7c25c7db3582" + +[[package]] +name = "core-foundation-sys" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" + +[[package]] +name = "deliver_encapsulated_response_certificate_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "deliver_encapsulated_response_digest_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "deliver_encapsulated_response_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "der" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" + +[[package]] +name = "deranged" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" + +[[package]] +name = "digest_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "digest_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "either" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" + +[[package]] +name = "encapsulated_request_certificate_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "encapsulated_request_digest_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "encapsulated_request_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "end_session_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "end_session_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "env_logger" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0" +dependencies = [ + "humantime", + "is-terminal", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "errno" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +dependencies = [ + "errno-dragonfly", + "libc", + "windows-sys 0.48.0", +] + +[[package]] +name = "errno-dragonfly" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" +dependencies = [ + "cc", + "libc", +] + +[[package]] +name = "executor" +version = "0.1.0" +dependencies = [ + "futures", + "spin 0.9.8", + "woke", +] + +[[package]] +name = "fastrand" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" + +[[package]] +name = "finish_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "finish_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "flexi_logger" +version = "0.27.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64d1984eeb4ccb9a6f3fa5f2a1850d34afed6fd4ffcd1513b691eef9dda0f057" +dependencies = [ + "chrono", + "glob", + "is-terminal", + "lazy_static", + "log", + "nu-ansi-term", + "regex", + "thiserror", +] + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "futures" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" + +[[package]] +name = "futures-io" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" + +[[package]] +name = "futures-sink" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" + +[[package]] +name = "futures-task" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" + +[[package]] +name = "futures-util" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" +dependencies = [ + "futures-core", + "futures-sink", + "futures-task", + "pin-project-lite", + "pin-utils", +] + +[[package]] +name = "fuzzlib" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "flexi_logger", + "futures", + "log", + "ring", + "simple_logger", + "spdmlib", + "spdmlib-test", + "spin 0.9.8", +] + +[[package]] +name = "get_encapsulated_request_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "getrandom" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "gimli" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" + +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "heartbeat_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "heartbeat_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "hermit-abi" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" + +[[package]] +name = "home" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +dependencies = [ + "windows-sys 0.48.0", +] + +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + +[[package]] +name = "iana-time-zone" +version = "0.1.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "wasm-bindgen", + "windows", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "idekm" +version = "0.1.0" +dependencies = [ + "codec", + "conquer-once", + "maybe-async", + "spdmlib", + "zeroize", +] + +[[package]] +name = "is-terminal" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +dependencies = [ + "hermit-abi", + "rustix", + "windows-sys 0.48.0", +] + +[[package]] +name = "itoa" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" + +[[package]] +name = "js-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "key_exchange_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "key_update_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "key_update_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "keyexchange_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin 0.5.2", +] + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "libc" +version = "0.2.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" + +[[package]] +name = "libloading" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +dependencies = [ + "cfg-if", + "winapi", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" + +[[package]] +name = "lock_api" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +dependencies = [ + "autocfg", + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "maybe-async" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f1b8c13cb1f814b634a96b2c725449fe7ed464a7b8781de8688be5ffbd3f305" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "mbedtls" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77f2c88dbe2fcc6fddc0dc33eb2694471fef46f48b2081996335adb2f8085c53" +dependencies = [ + "bitflags 1.3.2", + "byteorder", + "cc", + "cfg-if", + "mbedtls-platform-support", + "mbedtls-sys-auto", + "rs-libc", + "serde", + "serde_derive", +] + +[[package]] +name = "mbedtls-platform-support" +version = "0.1.1" +dependencies = [ + "cc", + "cfg-if", + "chrono", + "mbedtls-sys-auto", + "spin 0.5.2", +] + +[[package]] +name = "mbedtls-sys-auto" +version = "2.28.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fe62c26febfff31e5ece6c342e20b1b356fbbf5a5c112f781bee30ae6381499" +dependencies = [ + "bindgen", + "cc", + "cfg-if", + "cmake", + "lazy_static", + "libc", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "mctp_transport" +version = "0.1.0" +dependencies = [ + "async-trait", + "codec", + "executor", + "futures", + "maybe-async", + "spdmlib", + "spin 0.9.8", +] + +[[package]] +name = "measurement_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "measurement_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "memchr" +version = "2.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + +[[package]] +name = "mio" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.48.0", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "nu-ansi-term" +version = "0.49.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c073d3c1930d0751774acf49e66653acecb416c3a54c6ec095a9b11caddb5a68" +dependencies = [ + "windows-sys 0.48.0", +] + +[[package]] +name = "num-traits" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +dependencies = [ + "autocfg", +] + +[[package]] +name = "num_cpus" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "num_threads" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44" +dependencies = [ + "libc", +] + +[[package]] +name = "object" +version = "0.32.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +dependencies = [ + "memchr", +] + +[[package]] +name = "once_cell" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" + +[[package]] +name = "parking_lot" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-targets", +] + +[[package]] +name = "pass_context" +version = "0.1.0" +dependencies = [ + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "log", + "simple_logger", + "spin 0.9.8", +] + +[[package]] +name = "pcidoe_transport" +version = "0.1.0" +dependencies = [ + "async-trait", + "codec", + "futures", + "maybe-async", + "spdmlib", + "spin 0.9.8", +] + +[[package]] +name = "peeking_take_while" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" + +[[package]] +name = "pin-project-lite" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "prettyplease" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8832c0f9be7e3cae60727e6256cfd2cd3c3e2b6cd5dad4190ecb2fd658c9030b" +dependencies = [ + "proc-macro2", + "syn 2.0.31", +] + +[[package]] +name = "proc-macro2" +version = "1.0.66" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "psk_exchange_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "psk_finish_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "psk_finish_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "pskexchange_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "random_requester" +version = "0.1.0" +dependencies = [ + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "rand", + "spin 0.9.8", +] + +[[package]] +name = "redox_syscall" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +dependencies = [ + "bitflags 1.3.2", +] + +[[package]] +name = "regex" +version = "1.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" + +[[package]] +name = "ring" +version = "0.17.6" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted", + "windows-sys 0.48.0", +] + +[[package]] +name = "rs-libc" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683e8c8e8aac6ffa4b2287bac3c69575d5346accac4f218ae1e084303bb174ca" +dependencies = [ + "cc", + "zeroize", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "0.38.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" +dependencies = [ + "bitflags 2.4.0", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.48.0", +] + +[[package]] +name = "rustversion" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" + +[[package]] +name = "ryu" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "semver" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" + +[[package]] +name = "serde" +version = "1.0.188" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.188" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] + +[[package]] +name = "serde_json" +version = "1.0.105" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "shlex" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" + +[[package]] +name = "signal-hook-registry" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +dependencies = [ + "libc", +] + +[[package]] +name = "simple_logger" +version = "4.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2230cd5c29b815c9b699fb610b49a5ed65588f3509d9f0108be3a885da629333" +dependencies = [ + "colored", + "log", + "time", + "windows-sys 0.42.0", +] + +[[package]] +name = "smallvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" + +[[package]] +name = "socket2" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" +dependencies = [ + "libc", + "windows-sys 0.48.0", +] + +[[package]] +name = "spdm-emu" +version = "0.1.0" +dependencies = [ + "async-recursion", + "async-trait", + "bytes", + "codec", + "executor", + "futures", + "log", + "maybe-async", + "mctp_transport", + "pcidoe_transport", + "ring", + "spdmlib", + "spdmlib_crypto_mbedtls", + "spin 0.9.8", + "tokio", + "untrusted", + "webpki", +] + +[[package]] +name = "spdm-requester-emu" +version = "0.1.0" +dependencies = [ + "codec", + "executor", + "futures", + "idekm", + "log", + "maybe-async", + "mctp_transport", + "pcidoe_transport", + "simple_logger", + "spdm-emu", + "spdmlib", + "spin 0.9.8", + "tdisp", + "tokio", +] + +[[package]] +name = "spdm-responder-emu" +version = "0.1.0" +dependencies = [ + "codec", + "executor", + "futures", + "idekm", + "log", + "maybe-async", + "mctp_transport", + "pcidoe_transport", + "simple_logger", + "spdm-emu", + "spdmlib", + "spin 0.9.8", + "tdisp", + "tokio", + "zeroize", +] + +[[package]] +name = "spdmlib" +version = "0.1.0" +dependencies = [ + "async-trait", + "bit_field", + "bitflags 1.3.2", + "byteorder", + "bytes", + "codec", + "conquer-once", + "env_logger", + "futures", + "lazy_static", + "log", + "maybe-async", + "pcidoe_transport", + "ring", + "serde", + "serde_json", + "spin 0.9.8", + "sys_time", + "untrusted", + "webpki", + "zeroize", +] + +[[package]] +name = "spdmlib-test" +version = "0.1.0" +dependencies = [ + "async-recursion", + "async-trait", + "bytes", + "codec", + "env_logger", + "executor", + "futures", + "log", + "pcidoe_transport", + "ring", + "spdmlib", + "spin 0.9.8", +] + +[[package]] +name = "spdmlib_crypto_mbedtls" +version = "0.1.0" +dependencies = [ + "der", + "lazy_static", + "mbedtls", + "mbedtls-sys-auto", + "spdmlib", + "spin 0.9.8", + "zeroize", +] + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +dependencies = [ + "lock_api", +] + +[[package]] +name = "strsim" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "718fa2415bcb8d8bd775917a1bf12a7931b6dfa890753378538118181e0cb398" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sys_time" +version = "0.1.0" +dependencies = [ + "time", + "x86_64", +] + +[[package]] +name = "tdisp" +version = "0.2.0" +dependencies = [ + "bitflags 1.3.2", + "codec", + "conquer-once", + "maybe-async", + "spdmlib", + "spin 0.9.8", +] + +[[package]] +name = "tempfile" +version = "3.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" +dependencies = [ + "cfg-if", + "fastrand", + "redox_syscall", + "rustix", + "windows-sys 0.48.0", +] + +[[package]] +name = "termcolor" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "thiserror" +version = "1.0.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d6d7a740b8a666a7e828dd00da9c0dc290dff53154ea77ac109281de90589b7" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] + +[[package]] +name = "time" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48" +dependencies = [ + "deranged", + "itoa", + "libc", + "num_threads", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" + +[[package]] +name = "time-macros" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572" +dependencies = [ + "time-core", +] + +[[package]] +name = "tokio" +version = "1.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "17ed6077ed6cd6c74735e21f37eb16dc3935f96878b1fe961074089cc80893f9" +dependencies = [ + "backtrace", + "bytes", + "libc", + "mio", + "num_cpus", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.48.0", +] + +[[package]] +name = "tokio-macros" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] + +[[package]] +name = "unicode-ident" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "utf8parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" + +[[package]] +name = "vendor_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "vendor_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "version_req" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "version_rsp" +version = "0.1.0" +dependencies = [ + "afl", + "async-recursion", + "async-trait", + "codec", + "executor", + "futures", + "fuzzlib", + "spin 0.9.8", +] + +[[package]] +name = "volatile" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "442887c63f2c839b346c192d047a7c87e73d0689c9157b00b53dcc27dd5ea793" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn 2.0.31", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" + +[[package]] +name = "webpki" +version = "0.22.4" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-sys" +version = "0.42.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "woke" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f84a0acf95762131790eb4f458d5b9c8ae90dc521f8c5901906203764b261b0b" + +[[package]] +name = "x86_64" +version = "0.14.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "100555a863c0092238c2e0e814c1096c1e5cf066a309c696a87e907b5f8c5d69" +dependencies = [ + "bit_field", + "bitflags 1.3.2", + "rustversion", + "volatile", +] + +[[package]] +name = "xdg" +version = "2.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "213b7324336b53d2414b2db8537e56544d981803139155afa84f76eeebb7a546" + +[[package]] +name = "zeroize" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.31", +] diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..597c770 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,83 @@ +[workspace] + +default-members = [ + "spdmlib", + "codec", + "executor", + "sys_time", + "test/spdm-requester-emu", + "test/spdm-responder-emu", +] + +members = [ + "spdmlib", + "codec", + "executor", + "sys_time", + "idekm", + "tdisp", + "test/spdm-requester-emu", + "test/spdm-responder-emu", + "test/spdmlib-test", + + "fuzz-target/responder/version_rsp", + "fuzz-target/responder/capability_rsp", + "fuzz-target/responder/algorithm_rsp", + "fuzz-target/responder/digest_rsp", + "fuzz-target/responder/certificate_rsp", + "fuzz-target/responder/challenge_rsp", + "fuzz-target/responder/measurement_rsp", + "fuzz-target/responder/keyexchange_rsp", + "fuzz-target/responder/pskexchange_rsp", + "fuzz-target/responder/finish_rsp", + "fuzz-target/responder/psk_finish_rsp", + "fuzz-target/responder/heartbeat_rsp", + "fuzz-target/responder/key_update_rsp", + "fuzz-target/responder/end_session_rsp", + "fuzz-target/responder/vendor_rsp", + "fuzz-target/responder/deliver_encapsulated_response_digest_rsp", + "fuzz-target/responder/deliver_encapsulated_response_certificate_rsp", + "fuzz-target/responder/get_encapsulated_request_rsp", + "fuzz-target/responder/deliver_encapsulated_response_rsp", + + "fuzz-target/requester/version_req", + "fuzz-target/requester/capability_req", + "fuzz-target/requester/algorithm_req", + "fuzz-target/requester/digest_req", + "fuzz-target/requester/certificate_req", + "fuzz-target/requester/challenge_req", + "fuzz-target/requester/measurement_req", + "fuzz-target/requester/key_exchange_req", + "fuzz-target/requester/psk_exchange_req", + "fuzz-target/requester/finish_req", + "fuzz-target/requester/psk_finish_req", + "fuzz-target/requester/heartbeat_req", + "fuzz-target/requester/key_update_req", + "fuzz-target/requester/end_session_req", + "fuzz-target/requester/vendor_req", + "fuzz-target/requester/encapsulated_request_digest_req", + "fuzz-target/requester/encapsulated_request_certificate_req", + "fuzz-target/requester/encapsulated_request_req", + + "fuzz-target/random_requester", + "fuzz-target/pass_context", +] +exclude = [ + "external/ring", + "external/webpki", + "fuzz-target/", +] + +resolver = "2" + +# The dev profile used for `cargo build` +[profile.dev] +opt-level = 3 +# The release profile used for `cargo build --release` +[profile.release] +opt-level = 3 + +[patch.crates-io] + ring = { path = "external/ring" } + webpki = { path = "external/webpki" } + mbedtls-platform-support = { path = "spdmlib_crypto_mbedtls/mbedtls-platform-support" } \ No newline at end of file diff --git a/codec/Cargo.toml b/codec/Cargo.toml new file mode 100644 index 0000000..5a358f2 --- /dev/null +++ b/codec/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "codec" +version = "0.2.2" +authors = [ + "Xiaoyu Lu ", + "Jiewen Yao ", + "Longlong Yang " + ] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] + +[features] +default = [] +alloc = [] diff --git a/codec/src/codec.rs b/codec/src/codec.rs new file mode 100644 index 0000000..487703e --- /dev/null +++ b/codec/src/codec.rs @@ -0,0 +1,494 @@ +// Taken from rustls +// +// Copyright (c) 2016 Joe Birr-Pixton and rustls project contributors +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[cfg(feature = "alloc")] +extern crate alloc; + +use core::{fmt::Debug, mem}; + +/// Read from a byte slice. +pub struct Reader<'a> { + buf: &'a [u8], + offs: usize, +} + +impl<'a> Reader<'a> { + pub fn init(bytes: &[u8]) -> Reader { + Reader { + buf: bytes, + offs: 0, + } + } + + pub fn rest(&mut self) -> &[u8] { + let ret = &self.buf[self.offs..]; + self.offs = self.buf.len(); + ret + } + + pub fn take(&mut self, len: usize) -> Option<&[u8]> { + if self.left() < len { + return None; + } + + let current = self.offs; + self.offs += len; + Some(&self.buf[current..current + len]) + } + + pub fn any_left(&self) -> bool { + self.offs < self.buf.len() + } + + pub fn left(&self) -> usize { + self.buf.len() - self.offs + } + + pub fn used(&self) -> usize { + self.offs + } + + pub fn sub(&mut self, len: usize) -> Option { + self.take(len).map(Reader::init) + } +} + +impl AsRef<[u8]> for Reader<'_> { + fn as_ref(&self) -> &[u8] { + &self.buf[self.offs..] + } +} + +/// Write to a byte slice. +pub struct Writer<'a> { + buf: &'a mut [u8], + offs: usize, +} + +impl<'a> Writer<'a> { + pub fn init(bytes: &mut [u8]) -> Writer { + Writer { + buf: bytes, + offs: 0, + } + } + + pub fn clear(&mut self) { + self.offs = 0; + } + + pub fn extend_from_slice(&mut self, value: &[u8]) -> Option { + if self.left() < value.len() { + return None; + } + let added = value.len(); + for (i, v) in value.iter().enumerate().take(added) { + self.buf[self.offs + i] = *v; + } + self.offs += added; + Some(added) + } + + pub fn push(&mut self, value: u8) -> Option { + if self.left() < 1 { + return None; + } + self.buf[self.offs] = value; + self.offs += 1; + Some(value) + } + + pub fn left(&self) -> usize { + self.buf.len() - self.offs + } + + pub fn left_slice(&self) -> &[u8] { + &self.buf[self.offs..] + } + + pub fn mut_left_slice(&mut self) -> &mut [u8] { + &mut self.buf[self.offs..] + } + + pub fn used(&self) -> usize { + self.offs + } + + pub fn used_slice(&self) -> &[u8] { + &self.buf[..self.offs] + } + + pub fn mut_used_slice(&mut self) -> &mut [u8] { + &mut self.buf[..self.offs] + } +} + +#[derive(Debug, PartialEq, Eq, PartialOrd, Ord)] +pub struct EncodeErr; + +/// Things we can encode and read from a Reader. +pub trait Codec: Debug + Sized { + /// Encode yourself by appending onto `bytes`. + /// Return Ok(encoded size) or Err(()) + fn encode(&self, bytes: &mut Writer) -> Result; + + /// Decode yourself by fiddling with the `Reader`. + /// Return Some if it worked, None if not. + fn read(_: &mut Reader) -> Option; + + /// Read one of these from the front of `bytes` and + /// return it. + fn read_bytes(bytes: &[u8]) -> Option { + let mut rd = Reader::init(bytes); + Self::read(&mut rd) + } + + #[cfg(feature = "alloc")] + /// Read count T's and returns Vec + /// count: the number of T wants to read. + fn read_vec(reader: &mut Reader, count: usize) -> Option> { + let mut data = alloc::vec::Vec::new(); + for _ in 0..count { + let t = T::read(reader)?; + data.push(t) + } + Some(data) + } +} + +#[cfg(feature = "alloc")] +impl Codec for alloc::vec::Vec { + fn encode(&self, bytes: &mut Writer) -> Result { + let used = bytes.used(); + for t in self.iter() { + let _ = t.encode(bytes)?; + } + Ok(bytes.used() - used) + } + + fn read(_reader: &mut Reader) -> Option { + // Not support can't known the length + panic!("Should not call this API for reading vec. Use read_vec instead.") + } +} + +// Encoding functions. +pub fn decode_u8(bytes: &[u8]) -> Option { + Some(bytes[0]) +} + +impl Codec for u8 { + fn encode(&self, bytes: &mut Writer) -> Result { + bytes.push(*self).ok_or(EncodeErr)?; + Ok(1) + } + fn read(r: &mut Reader) -> Option { + r.take(1).and_then(decode_u8) + } +} + +pub fn put_u16(v: u16, out: &mut [u8]) { + out[0] = v as u8; + out[1] = (v >> 8) as u8; +} + +pub fn decode_u16(bytes: &[u8]) -> Option { + Some(u16::from(bytes[0]) | (u16::from(bytes[1]) << 8)) +} + +impl Codec for u16 { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut b16 = [0u8; 2]; + put_u16(*self, &mut b16); + bytes.extend_from_slice(&b16).ok_or(EncodeErr)?; + Ok(2) + } + + fn read(r: &mut Reader) -> Option { + r.take(2).and_then(decode_u16) + } +} + +// Make a distinct type for u24, even though it's a u32 underneath +#[allow(non_camel_case_types)] +#[derive(Debug, Copy, Clone, Default)] +pub struct u24(u32); + +impl u24 { + pub fn new(v: u32) -> u24 { + assert_eq!(v >> 24, 0); + u24(v) + } + + pub fn get(&self) -> u32 { + self.0 + } + + fn decode(bytes: &[u8]) -> Option { + Some(u24(u32::from(bytes[0]) + | (u32::from(bytes[1]) << 8) + | (u32::from(bytes[2]) << 16))) + } +} + +impl Codec for u24 { + fn encode(&self, bytes: &mut Writer) -> Result { + bytes.push(self.0 as u8).ok_or(EncodeErr)?; + bytes.push((self.0 >> 8) as u8).ok_or(EncodeErr)?; + bytes.push((self.0 >> 16) as u8).ok_or(EncodeErr)?; + Ok(3) + } + + fn read(r: &mut Reader) -> Option { + r.take(3).and_then(u24::decode) + } +} + +pub fn decode_u32(bytes: &[u8]) -> Option { + Some( + u32::from(bytes[0]) + | (u32::from(bytes[1]) << 8) + | (u32::from(bytes[2]) << 16) + | (u32::from(bytes[3]) << 24), + ) +} + +impl Codec for u32 { + fn encode(&self, bytes: &mut Writer) -> Result { + bytes.push(*self as u8).ok_or(EncodeErr)?; + bytes.push((*self >> 8) as u8).ok_or(EncodeErr)?; + bytes.push((*self >> 16) as u8).ok_or(EncodeErr)?; + bytes.push((*self >> 24) as u8).ok_or(EncodeErr)?; + Ok(4) + } + + fn read(r: &mut Reader) -> Option { + r.take(4).and_then(decode_u32) + } +} + +pub fn put_u64(v: u64, bytes: &mut [u8]) { + bytes[0] = v as u8; + bytes[1] = (v >> 8) as u8; + bytes[2] = (v >> 16) as u8; + bytes[3] = (v >> 24) as u8; + bytes[4] = (v >> 32) as u8; + bytes[5] = (v >> 40) as u8; + bytes[6] = (v >> 48) as u8; + bytes[7] = (v >> 56) as u8; +} + +pub fn decode_u64(bytes: &[u8]) -> Option { + Some( + u64::from(bytes[0]) + | (u64::from(bytes[1]) << 8) + | (u64::from(bytes[2]) << 16) + | (u64::from(bytes[3]) << 24) + | (u64::from(bytes[4]) << 32) + | (u64::from(bytes[5]) << 40) + | (u64::from(bytes[6]) << 48) + | (u64::from(bytes[7]) << 56), + ) +} + +impl Codec for u64 { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut b64 = [0u8; 8]; + put_u64(*self, &mut b64); + bytes.extend_from_slice(&b64).ok_or(EncodeErr)?; + Ok(8) + } + + fn read(r: &mut Reader) -> Option { + r.take(8).and_then(decode_u64) + } +} + +impl Codec for u128 { + fn encode(&self, bytes: &mut Writer) -> Result { + bytes + .extend_from_slice(&u128::to_le_bytes(*self)) + .ok_or(EncodeErr)?; + Ok(16) + } + + fn read(r: &mut Reader) -> Option { + let mut v = [0u8; mem::size_of::()]; + v.copy_from_slice(r.take(mem::size_of::())?); + + Some(u128::from_le_bytes(v)) + } +} + +impl Codec for [T; N] { + fn encode(&self, bytes: &mut Writer) -> Result { + let used = bytes.used(); + for d in self.iter() { + let _ = d.encode(bytes)?; + } + Ok(bytes.used() - used) + } + + fn read(reader: &mut Reader) -> Option { + let mut target = [T::default(); N]; + for t in target.iter_mut() { + *t = T::read(reader)?; + } + + Some(target) + } +} + +#[cfg(test)] +mod tests { + use crate::codec::Codec; + use crate::codec::{Reader, Writer}; + use crate::u24; + + #[test] + fn test_u128() { + let u8_slice = &mut [0u8; 16]; + { + let mut writer = Writer::init(u8_slice); + let value = 0x1234567890FFFEFEFFFFFE1234567890u128; + assert_eq!(value.encode(&mut writer), Ok(16)); + } + let mut ser_data = [ + 0x12u8, 0x34, 0x56, 0x78, 0x90, 0xFF, 0xFE, 0xFE, 0xFF, 0xFF, 0xFE, 0x12, 0x34, 0x56, + 0x78, 0x90, + ]; + ser_data.reverse(); + + let mut reader = Reader::init(u8_slice); + assert_eq!(16, reader.left()); + assert_eq!(u8_slice, &ser_data); + assert_eq!( + u128::read(&mut reader).unwrap(), + 0x1234567890FFFEFEFFFFFE1234567890u128 + ); + } + + #[test] + fn test_u64() { + let u8_slice = &mut [0u8; 8]; + u8_slice[1] = 1; + { + let mut writer = Writer::init(u8_slice); + let value = 100u64; + assert_eq!(value.encode(&mut writer), Ok(8)); + } + + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + assert_eq!(u64::read(&mut reader).unwrap(), 100); + } + #[test] + fn test_u32() { + let u8_slice = &mut [0u8; 4]; + let mut witer = Writer::init(u8_slice); + let value = 100u32; + assert_eq!(value.encode(&mut witer), Ok(4)); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!(u32::read(&mut reader).unwrap(), 100); + } + #[test] + fn test_u16() { + let u8_slice = &mut [0u8; 2]; + let mut witer = Writer::init(u8_slice); + let value = 10u16; + assert_eq!(value.encode(&mut witer), Ok(2)); + + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + assert_eq!(u16::read(&mut reader).unwrap(), 10); + } + #[test] + fn test_u24() { + let u8_slice = &mut [0u8; 3]; + let mut witer = Writer::init(u8_slice); + let value = u24::new(100); + assert_eq!(value.encode(&mut witer), Ok(3)); + let mut reader = Reader::init(u8_slice); + assert_eq!(3, reader.left()); + assert_eq!(u24::read(&mut reader).unwrap().0, u24::new(100).0); + } + #[test] + #[should_panic] + fn test_u24_max_size() { + let _ = u24::new(1 << 24); + } + #[test] + fn test_u8() { + let u8_slice = &mut [0u8; 4]; + let mut witer = Writer::init(u8_slice); + let value = 100u8; + assert_eq!(value.encode(&mut witer), Ok(1)); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!(u8::read(&mut reader).unwrap(), 100); + } + #[test] + fn test_case0_rest() { + let u8_slice = &mut [0u8; 4]; + let mut witer = Writer::init(u8_slice); + let value = 0xAA5555AAu32; + assert_eq!(value.encode(&mut witer), Ok(4)); + let mut reader = Reader::init(u8_slice); + let rust_ret = reader.rest(); + assert_eq!(rust_ret[0], 0xAA); + assert_eq!(rust_ret[1], 0x55); + assert_eq!(rust_ret[2], 0x55); + assert_eq!(rust_ret[3], 0xAA); + } + #[test] + fn test_case0_any_left() { + let u8_slice = &mut [0u8; 4]; + let reader = Reader { + buf: u8_slice, + offs: 0, + }; + assert_eq!(reader.any_left(), true); + } + #[test] + fn test_case1_any_left() { + let u8_slice = &mut [0u8; 4]; + let reader = Reader { + buf: u8_slice, + offs: 4, + }; + assert_eq!(reader.any_left(), false); + } + #[test] + fn test_case0_read_bytes() { + let u8_slice = &mut [0u8; 4]; + let mut witer = Writer::init(u8_slice); + let value = 0xAA5555AAu32; + assert_eq!(value.encode(&mut witer), Ok(4)); + assert_eq!(u32::read_bytes(u8_slice).unwrap(), 0xAA5555AAu32); + } + #[test] + fn test_case0_sub() { + let u8_slice = &mut [100u8; 4]; + let mut reader = Reader { + buf: u8_slice, + offs: 4, + }; + assert_eq!(reader.sub(4).is_none(), true); + } + + #[test] + fn test_case0_array() { + let u8_slice = &mut [0x0u8; 2]; + let value = [0x5au8; 2]; + let writer = &mut Writer::init(u8_slice); + value.encode(writer).unwrap(); + let reader = &mut Reader::init(u8_slice); + assert_eq!(value, <[u8; 2]>::read(reader).unwrap()); + } +} diff --git a/codec/src/lib.rs b/codec/src/lib.rs new file mode 100644 index 0000000..e2b6ece --- /dev/null +++ b/codec/src/lib.rs @@ -0,0 +1,36 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![no_std] + +pub mod codec; +pub use crate::codec::*; + +#[allow(unused_macros)] +#[macro_use] +pub mod macros; + +#[cfg(test)] +mod tests { + + use crate::{Codec, Reader, Writer}; + + enum_builder! { + @U8 + EnumName: TestEnum; + EnumVal{ + Value1 => 0x1, + Value2 => 0x2 + } + } + + #[test] + fn it_works() { + let u8_slice = &[1u8; 2]; + let mut r = Reader::init(u8_slice); + assert_eq!(TestEnum::Value1, TestEnum::read(&mut r).unwrap()); + assert_eq!(2 + 2, 4); + } +} diff --git a/codec/src/macros.rs b/codec/src/macros.rs new file mode 100644 index 0000000..3701a25 --- /dev/null +++ b/codec/src/macros.rs @@ -0,0 +1,116 @@ +// Taken from rustls +// +// Copyright (c) 2016 Joe Birr-Pixton and rustls project contributors +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +/// A macro which defines an enum type. +#[macro_export] +macro_rules! enum_builder { + ( + $(#[$comment:meta])* + @U8 + EnumName: $enum_name: ident; + EnumVal { $( $enum_var: ident => $enum_val: expr ),* } + ) => { + $(#[$comment])* + #[derive(Debug, PartialEq, Eq, Clone, Copy)] + pub enum $enum_name { + $( $enum_var),* + ,Unknown(u8) + } + impl $enum_name { + pub fn get_u8(&self) -> u8 { + let x = self.clone(); + match x { + $( $enum_name::$enum_var => $enum_val),* + ,$enum_name::Unknown(x) => x + } + } + } + impl Codec for $enum_name { + fn encode(&self, bytes: &mut Writer) -> Result { + self.get_u8().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + Some(match u8::read(r) { + None => return None, + $( Some($enum_val) => $enum_name::$enum_var),* + ,Some(x) => $enum_name::Unknown(x) + }) + } + } + }; + ( + $(#[$comment:meta])* + @U16 + EnumName: $enum_name: ident; + EnumVal { $( $enum_var: ident => $enum_val: expr ),* } + ) => { + $(#[$comment])* + #[derive(Debug, PartialEq, Eq, Clone, Copy)] + pub enum $enum_name { + $( $enum_var),* + ,Unknown(u16) + } + impl $enum_name { + pub fn get_u16(&self) -> u16 { + let x = self.clone(); + match x { + $( $enum_name::$enum_var => $enum_val),* + ,$enum_name::Unknown(x) => x + } + } + } + impl Codec for $enum_name { + fn encode(&self, bytes: &mut Writer) -> Result { + self.get_u16().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + Some(match u16::read(r) { + None => return None, + $( Some($enum_val) => $enum_name::$enum_var),* + ,Some(x) => $enum_name::Unknown(x) + }) + } + } + }; + ( + $(#[$comment:meta])* + @U32 + EnumName: $enum_name: ident; + EnumVal { $( $enum_var: ident => $enum_val: expr ),* } + ) => { + $(#[$comment])* + #[derive(Debug, PartialEq, Eq, Clone, Copy)] + pub enum $enum_name { + $( $enum_var),* + ,Unknown(u32) + } + impl $enum_name { + pub fn get_u32(&self) -> u32 { + let x = self.clone(); + match x { + $( $enum_name::$enum_var => $enum_val),* + ,$enum_name::Unknown(x) => x + } + } + } + impl Codec for $enum_name { + fn encode(&self, bytes: &mut Writer) -> Result { + self.get_u32().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + Some(match u32::read(r) { + None => return None, + $( Some($enum_val) => $enum_name::$enum_var),* + ,Some(x) => $enum_name::Unknown(x) + }) + } + } + }; +} diff --git a/doc/cargo_deny.md b/doc/cargo_deny.md new file mode 100644 index 0000000..24628bc --- /dev/null +++ b/doc/cargo_deny.md @@ -0,0 +1,39 @@ +⌠cargo-deny + +We use in CI. + +Create deny.yml file in .github/workflows/deny.yml. + +``` +name: CI +on: [push, pull_request] +jobs: + cargo-deny: + runs-on: ubuntu-latest + strategy: + matrix: + checks: + - sources + - bans + + # Prevent sudden announcement of a new advisory from failing ci: + continue-on-error: ${{ matrix.checks == 'sources' }} + + steps: + - uses: actions/checkout@v2 + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check ${{ matrix.checks }} + +``` + +## Quick installation for local use + +Installs cargo-deny, initializes your project with a default configuration, then runs all of the checks against your project. + + +`cargo install --locked cargo-deny && cargo deny init && cargo deny check` + +### reference + +[cargo-deny book](https://embarkstudios.github.io/cargo-deny/index.html) diff --git a/doc/coverage.md b/doc/coverage.md new file mode 100644 index 0000000..e7d3388 --- /dev/null +++ b/doc/coverage.md @@ -0,0 +1,88 @@ +### coverage + +The Rust compiler includes two code coverage implementations: + +**A GCC-compatible, gcov-based coverage implementation, enabled with -Z profile, which derives coverage data based on DebugInfo.** + +[profile environment](https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/profile.html) + +**A source-based code coverage implementation, enabled with -C instrument-coverage, which uses LLVM's native, efficient coverage instrumentation to generate very precise coverage data.** + + [instrument-coverage environment](https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/instrument-coverage.html) + +**grcov has a bug in Windows, please run the command line with administrator** + + [bug issues](https://github.com/mozilla/grcov/issues/561) + +First of all, install grcov + +``` +cargo install grcov +``` + +Second, install the llvm-tools Rust component (`llvm-tools-preview` for now, it might become `llvm-tools` soon): + +``` +rustup component add llvm-tools-preview +``` + +# source-based coverage + +**Project is enables source-based coverage** + +```bash +# Export the flags needed to instrument the program to collect code coverage. +export RUSTFLAGS="-Zinstrument-coverage" +export LLVM_PROFILE_FILE="rust-spdm-%p%m.profraw" + +# Build the program +cargo build -p spdm-responder-emu -p spdm-requester-emu + +# Run the program +cargo run -p spdm-responder-emu & +cargo run -p spdm-requester-emu + +# Generate a HTML report in the ./target/debug/gcov_coverage/ directory. +grcov . -s . --binary-path ./target/debug/ -t html --branch --ignore-not-existing -o ./target/debug/source_coverage/ +``` + +# gcov-based coverage + +**Project is disables gcov-based coverage** + +```bash +# Export the flags needed to instrument the program to collect code coverage. +export CARGO_INCREMENTAL=0 +export RUSTDOCFLAGS="-Cpanic=abort" +export RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Copt-level=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests -Cpanic=abort" + +# Build the program +cargo build -p spdm-responder-emu -p spdm-requester-emu + +# Run the program +cargo run -p spdm-responder-emu & +cargo run -p spdm-requester-emu + +# Generate a HTML report in the ./target/debug/gcov_coverage/ directory. +grcov . -s . --binary-path ./target/debug/ -t html --branch --ignore-not-existing -o ./target/debug/gcov_coverage/ +``` + + + +# The difference between source-based coverage and gcov-based coverage + +1. RUSTFLAG set by source-based coverage and gcov-based coverage are different. +2. source-based coverage has no branch data. +3. Our project gcov-based coverage can't be run under Windows, and a library fails to build. + +![image](https://user-images.githubusercontent.com/39472702/127297588-bbf91601-b6b1-4e33-973d-1bf1b2c3af1e.png) + + + +Reference: + + [rust-code-coverage-sample](https://github.com/marco-c/rust-code-coverage-sample) + + [source_based_code_coverage](https://doc.rust-lang.org/beta/unstable-book/compiler-flags/source-based-code-coverage.html#running-the-instrumented-binary-to-generate-raw-coverage-profiling-data) + + [grcov](https://github.com/mozilla/grcov) \ No newline at end of file diff --git a/doc/design_guideline.md b/doc/design_guideline.md new file mode 100644 index 0000000..39dcfe8 --- /dev/null +++ b/doc/design_guideline.md @@ -0,0 +1,91 @@ +# Design Guideline + +## Threat Model and Crypto Usage + +1. spdm_secret is to handle persistent secret. (Device Specific) + +It can access the device private key and sign the message. It can access the PSK and HMAC the message. It can collect the device measurement. + +API: Sign the data with private key. HMAC the data with PSK. Return DeviceMeasurement. + +External Input: None. + +Internal Input: Data to be signed. Data to be HMACed. + +Threat: Information disclosure (including side channel), Elevation of privilege, Tampering with data. + +2. spdm_session_secret is to handle ephemeral secret. (Crypto engine specific) + +It can generate DH secret and derive the session key. (The keys can be imported and exported as an option.) It can handle key update. It can encrypt and decrypt the message. + +API: Generate DH secret. Manage the SPDM session. Encrypt and decrypt the SPDM secured message. + +External Input: Cipher message to be decrypted. (Malicious) + +Internal Input: Plain message to be encrypted. Internal SPDM session context. + +Threat: Information disclosure (including side channel), Elevation of privilege, Tampering with data, Denial of service. + +3. spdm_crypto is to handle no secret operation. + +API: Verify the signature. Hash data. Generate random number. + +External Input: Public certificate/key. (Malicious) + +Internal Input: Message to be hashed. Internal SPDM context. + +Threat: Tampering with data, Denial of service. + +## Execution Environment + +1. spdmlib should only use core. + +2. alloc is not allowed in spdmlib or the trait defined by spdmlib, such as spdm_crypt. + +The trait implenmtation may use alloc, such as ring or webpki. + +3. std is not allowed in spdmlib. + +The whole solution may use std, such as spdm_emu tool. + +## Sanity Check + +### A. Data Structure Check + +1. Every data structure / function should do sanity check based upon its own knowledge, and return error if requirement is not satisfied. Every data structure function should rely on the checkin result from the lower layer and not duplicate the check. Every data structure should NOT check for the upper layer use case. + +Example 1: It is legal that SpdmBaseHashAlgo contains mutiple bits in requester, but illegal in responder. + +SpdmBaseHashAlgo.read() should not check that it only contains 1 bit. + +SpdmAlgorithmsResponderPayload.read() should check it contains 1 bit or none. + +send_receive_spdm_algorithm() should check the responder bit is also supported by requeter. + +Example 2: Digest/Signature structure should match the negotiated digest/signature algorithm. + +SpdmDigestStruct/SpdmSignatureStruct need guarantee the match between size and algorithm. + +2. For bitflags type, the reserved field should be ingored during read(), and should be 0 during encode(). + +3. For enum type, the reserved type should be treated as error during read(), and should not be present during encode(). + +4. For enum type, the enum_name::Unknown(v) may be a valid or invalid type in some data structure. If the data structure should do sanity check based upon its own knowledge, and only reject the invalid one. + +Example 1: SpdmMeasurementOperation::Unknown(0x1) may be a valid type. It means to return measurement index 1. + +Example 2: SpdmAlg::SpdmAlgoUnknown(SpdmUnknownAlgo) is invalid type. It should be treated as an error. + +### B. Error handling in Codec + +1. read() uses Option<>, because it is from untrusted source. + +2. encode() uses panic!(), because it is from trusted source. + +### C. Error Code + +1. Use Option<>, if the function just returns Some(v)/None. + +2. Use Result<(),()>, if the function wants to return Ok(v)/Err(e). + + diff --git a/doc/fuzzing.md b/doc/fuzzing.md new file mode 100644 index 0000000..f0488ac --- /dev/null +++ b/doc/fuzzing.md @@ -0,0 +1,160 @@ +# rust fuzzing + +## Setup + +### Requirements + +### Tools + +- C compiler (e.g. gcc or clang) +- make + +### Platform + +* afl.rs works on x86-64 Linux and x86-64 macOS. +* libFuzzer works on x86-64 Linux, x86-64 macOS and Apple-Silicon (aarch64) macOS for now. + +* `cargo install afl` +* `cargo install cargo-fuzz` + +### Upgrading + +* `cargo install --force afl` +* `cargo install --force cargo-fuzz` + +### Provide starting inputs + +Use RAMdisks for input since, we don't want to destroy harddrives + +``` +$sudo mount -t tmpfs -o size=1024M tmpfs in +``` + + +### Build the fuzz target + +`cargo afl build --features "fuzz" -p rspversion` + +``` +# for cargo fuzz: +cd spdmlib +# list all fuzz +`cargo fuzz list` +# build: replace xxx with one listed in cargo fuzz list. +`cargo fuzz build xxx` +# run +`cargo fuzz run xxx` +``` + +### Start fuzzing + +`cargo afl fuzz -i fuzz-target/in -o fuzz-target/outrspversion target/debug/rspversion` + +As soon as you run this command, you should see AFL’s interface start up: + +![image-20210628084437384](../fuzz-target/fuzz1.png) + +### View the fuzz log file + +`cargo afl build --features "fuzz fuzzlogfile" -p rspversion` + +There are fuzz log files in the current folder traces. + +### view coverage + +If you need to check coverage, follow the [coverage.md](./coverage.md) operation, Script fuzz_run.sh runs for a period fo time in each case. +Add the coverage string after the script collects info information and generates html files. The html file location is target/debug/fuzz_coverge. +If you need to run a specific case, please modify the cmd tuple in the script. +Can run at the same time but merge will cause problems + + ``` + # Install screen + sudo apt install screen + # Install expect + sudoapt install expect + # Run each fuzz for one hour + bash fuzz_run.sh + # Run each fuzz for one hour and Genarate source-based coverage report + bash fuzz_run.sh Scoverage + # Run each fuzz for one hour and Genarate gcov-based coverage report + bash fuzz_run.sh Gcoverage + + # If thre is an error in fuzzing, please follow, and switch to the root + user to execute the command if the error is reported. + + [-] Hmm, your system is configured to send core dump notifications to an + external utility. This will cause issues: there will be an extended delay + between stumbling upon a crash and having this information relayed to the + fuzzer via the standard waitpid() API. + If you're just testing, set 'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'. + + To avoid having crashes misinterpreted as timeouts, please log in as root + and temporarily modify /proc/sys/kernel/core_pattern, like so: + + echo core >/proc/sys/kernel/core_pattern + + [-] Whoops, your system uses on-demand CPU frequency scaling, adjusted + between 781 and 3808 MHz. Unfortunately, the scaling algorithm in the + kernel is imperfect and can miss the short-lived processes spawned by + afl-fuzz. To keep things moving, run these commands as root: + + cd /sys/devices/system/cpu + echo performance | tee cpu*/cpufreq/scaling_governor + + You can later go back to the original state by replacing 'performance' + with 'ondemand' or 'powersave'. If you don't want to change the settings, + set AFL_SKIP_CPUFREQ to make afl-fuzz skip this check - but expect some + performance drop. + ``` + +## Single File Data Analysis + +### Analyze a piece of data to run + +If you have some data to test + +``` +if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = [1, 26, 0, 1, 0, 0, 0, 128, 0, 0, 2, 0, 0, 4, 128, 0, 0, 2, 11, 4, 128, 0, 0, 2, 0, 246, 255, 10, 128, 0, 0, 11, 4, 0, 0, 0]; + fuzz_send_receive_spdm_version(&fuzzdata); +} +``` + +`cargo r -p package` + +### Analyze the contents of a file as input + +If some data is written in the file + +``` +let args: Vec = std::env::args().collect(); +if args.len() < 2 { + +} else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + fuzz_send_receive_spdm_version(data.as_slice()); +} +``` +`cargo r -p package -- file_address` + + +## How to debug fuzz failure. + +Step1. Get the input which cause the failure. + +Step2. Build an application to debug that input. + +Note: If fuzzing failed in CI, crash file will be displayed in base64 encoded format. search `[encode_base64_string]` in CI log. + +For example: + +``` +echo -n [encode_base64_string] | base64 -d > seed.raw +cargo run -p version_rsp --no-default-features -- seed.raw +``` + +## reference + +[Rust Fuzz Book](https://rust-fuzz.github.io/book/afl/setup.html) diff --git a/doc/mirai.md b/doc/mirai.md new file mode 100644 index 0000000..0d7f489 --- /dev/null +++ b/doc/mirai.md @@ -0,0 +1,40 @@ +## Static analysis (MIRAI) + +### Why: +current static tool like clippy can't detect rust programs that terminate abruptly and disgracefully. + +### MIRAI + +https://github.com/facebookexperimental/MIRAI + +MIRAI does this by doing a reachability analysis: Given an entry point, it will analyze all possible code paths that start from that entry point and determine if any of them can reach a program point where an abrupt runtime termination will happen. + +### How to use + +#### Step 1: Install MIRAI + +``` +git clone https://github.com/facebookexperimental/MIRAI.git +cd MIRAI +git checkout c6c1a4f84c2b463c393761a8c60f6d084a11389b +cargo install --locked --path ./checker +``` + +Note: MIRAI required rust toolchain version: nightly-2022-08-08 + +#### Step 2: Scan your crate + +Use td-shim as example + +``` +git clone https://github.com/confidential-containers/td-shim.git; cd td-shim +git checkout a0b51c0f7f4736c65de8a6eb9644e31e762df623 +echo "nightly-2022-08-08" > rust-toolchain +cd td-shim +cargo mirai --features="main,tdx" +``` + +### Limitation + +* MIRAI requires a specific rust toolchain. +* MIRAI needs to consume a lot of memory.(td-shim 32G+) diff --git a/doc/rudra.md b/doc/rudra.md new file mode 100644 index 0000000..88f55bf --- /dev/null +++ b/doc/rudra.md @@ -0,0 +1,79 @@ +### Rust Memory Safety & Undefined Behavior Detection + +https://github.com/sslab-gatech/Rudra + +[Currently rust can't work in the workspace(2021-08-31)](https://github.com/sslab-gatech/Rudra/issues/11) + +The use of docker will have a depend problem. + +https://github.com/sslab-gatech/Rudra/blob/master/DEV.md + +### clone rudra project and install rudra + +use nightly-2021-08-20 + +``` +git clone https://github.com/bjorn3/Rudra.git +cd rudra + +# Toolchain setup +rustup install nightly-2021-08-20 +rustup override set nightly-2021-08-20 +rustup component add rustc-dev +rustup component add miri + +# Environment variable setup, put these in your `.bashrc` +export RUDRA_RUST_CHANNEL=nightly-2021-08-20 +export RUDRA_RUNNER_HOME="" + +export RUSTFLAGS="-L $HOME/.rustup/toolchains/${RUDRA_RUST_CHANNEL}-x86_64-unknown-linux-gnu/lib" +export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:$HOME/.rustup/toolchains/${RUDRA_RUST_CHANNEL}-x86_64-unknown-linux-gnu/lib" + +# Test your installation +python test.py +``` +### How to use Rudra +``` +# this executes: cargo install --path "$(dirname "$0")" --force +./install-release + +rudra --crate-type lib tests/unsafe_destructor/normal1.rs # for single file testing (you need to set library include path, or use `cargo run` instead) +cargo rudra # for crate compilation +Rudra Configurations +``` + +Now rudra works on nightly-2021-08-20, the items that need to be checked, + +need to change the toolchain data to nightly-2021-08-20. + +Otherwise rudra won't work. + +If there are deprecated warnings, please use`RUSTFLAGS="$RUSTFLAGS -A deprecated" cargo rudra` ignore the warning. + +If there is component A and security bug component B. +``` +mkdir workspace +cd workspace +echo "[workspace]" > Cargo.toml +echo 'members = ["member","member1"]' >> Cargo.toml +cargo new member + +cargo new --lib member1 +echo "struct Atom

(P);" > member1/src/lib.rs +echo "unsafe impl Send for Atom

{}" >> member1/src/lib.rs + +echo 'member1 = {path="../member1"}' >> member/Cargo.toml +# pass +cargo build -p member +# pass +cargo build -p member1 +cd member +cargo rudra + +2021-09-09 23:19:12.603401 |INFO | [rudra-progress] Rudra finished +Error (SendSyncVariance:/PhantomSendForSend/NaiveSendForSend/RelaxSend): Suspicious impl of `Send` found +-> member1/src/lib.rs:2:1: 2:40 +unsafe impl Send for Atom

{} +2021-09-09 23:19:12.760596 |INFO | [rudra-progress] Rudra started +``` +Scan Component A can find the issue. \ No newline at end of file diff --git a/doc/unit_test_coverage.md b/doc/unit_test_coverage.md new file mode 100644 index 0000000..dd7a1b0 --- /dev/null +++ b/doc/unit_test_coverage.md @@ -0,0 +1,48 @@ +### source coded coverage + +**grcov has a bug in Windows, please run the command line with administrator** + +​ [bug issues](https://github.com/mozilla/grcov/issues/561) + + +First of all, install grcov +```sh +cargo install grcov +``` + +Second, install the llvm-tools Rust component (`llvm-tools-preview` for now, it might become `llvm-tools` soon): +```sh +rustup component add llvm-tools-preview +``` + +# Generate source-based coverage + +```sh +# Export the flags needed to instrument the program to collect code coverage. +export RUSTFLAGS="-Zinstrument-coverage" + +# Ensure each test runs gets its own profile information by defining the LLVM_PROFILE_FILE environment variable (%p will be replaced by the process ID, and %m by the binary signature): +export LLVM_PROFILE_FILE="your_name-%p-%m.profraw" + +# Build the program +cargo build + +# test the program +cargo test + +# Generate a HTML report in the coverage/ directory. +grcov . --binary-path ./target/debug/ -s . -t html --branch --ignore-not-existing -o ./target/debug/coverage/ +``` + +# View report: +```sh +browser open the target/debug/coverage/index.html +``` +Reference: + +​[rust-code-coverage-sample](https://github.com/marco-c/rust-code-coverage-sample) + +​ [source_based_code_coverage](https://doc.rust-lang.org/beta/unstable-book/compiler-flags/source-based-code-coverage.html#running-the-instrumented-binary-to-generate-raw-coverage-profiling-data) + +​ [grcov](https://github.com/mozilla/grcov) + diff --git a/executor/Cargo.toml b/executor/Cargo.toml new file mode 100644 index 0000000..d252c1d --- /dev/null +++ b/executor/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "executor" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +[dependencies] +futures = { version = "0.3", default-features = false } +woke = "0" +spin = "0" + +[features] diff --git a/executor/src/executor.rs b/executor/src/executor.rs new file mode 100644 index 0000000..39319b7 --- /dev/null +++ b/executor/src/executor.rs @@ -0,0 +1,134 @@ +// @file +// +// Copyright (c) 2023 Intel Corporation +// SPDX-License-Identifier: Apache-2.0 or MIT +// + +extern crate alloc; +use { + alloc::{boxed::Box, collections::vec_deque::VecDeque, sync::Arc}, + core::{ + future::Future, + pin::Pin, + task::{Context, Poll}, + }, + spin::Mutex, + woke::{waker_ref, Woke}, +}; + +type TasksList = VecDeque>; + +pub struct Executor { + tasks: Option, +} + +trait Pendable { + fn is_pending(&self) -> bool; +} + +/// Task is our unit of execution and holds a future are waiting on +struct Task { + pub future: Mutex + Send + 'static>>>, +} + +/// Implement what we would like to do when a task gets woken up +impl Woke for Task { + fn wake_by_ref(_: &Arc) { + // we check if there's a lock because some immediate executing futures screw this up + if let Some(mut e) = DEFAULT_EXECUTOR.try_lock() { + // poll everything because future is done and may have created conditions for something to finish + e.poll_tasks(); + } + } +} + +impl Pendable for Arc> { + fn is_pending(&self) -> bool { + let mut future = self.future.lock(); + // make a waker for our task + let waker = waker_ref(self); + // poll our future and give it a waker + let context = &mut Context::from_waker(&waker); + matches!(future.as_mut().poll(context), Poll::Pending) + } +} + +impl Executor { + // Run async task + pub fn run(&mut self, future: Pin + 'static + Send>>) -> Poll + where + T: Send + 'static, + { + let task = Arc::new(Task { + future: Mutex::new(future), + }); + + let mut future = task.future.lock(); + let waker = waker_ref(&task); + let context = &mut Context::from_waker(&waker); + future.as_mut().poll(context) + } + + // Run async task + pub fn block_on(&mut self, future: Pin + 'static + Send>>) -> T + where + T: Send + 'static, + { + let task = Arc::new(Task { + future: Mutex::new(future), + }); + + let mut future = task.future.lock(); + let waker = waker_ref(&task); + let context = &mut Context::from_waker(&waker); + loop { + match future.as_mut().poll(context) { + Poll::Pending => continue, + Poll::Ready(v) => return v, + } + } + } + + /// Add task for a future to the list of tasks + pub fn add_task(&mut self, future: Pin + 'static + Send>>) + where + T: Send + 'static, + { + // store our task + let task = Arc::new(Task { + future: Mutex::new(future), + }); + if self.tasks.is_none() { + self.tasks = Some(TasksList::new()); + } + let tasks: &mut TasksList = self.tasks.as_mut().expect("tasks not initialized"); + tasks.push_back(Box::new(task)); + } + + // Poll all tasks on global executor + // output: left? + pub fn poll_tasks(&mut self) -> bool { + if self.tasks.is_none() { + self.tasks = Some(TasksList::new()); + } + let tasks: &mut TasksList = self.tasks.as_mut().expect("tasks not initialized"); + for _ in 0..tasks.len() { + let task = tasks.pop_front().unwrap(); + if task.is_pending() { + tasks.push_back(task); + } + } + + tasks.front().is_some() + } + + pub fn active_tasks_count(&self) -> usize { + if let Some(tl) = &self.tasks { + tl.len() + } else { + 0 + } + } +} + +pub(crate) static DEFAULT_EXECUTOR: Mutex = Mutex::new(Executor { tasks: None }); diff --git a/executor/src/lib.rs b/executor/src/lib.rs new file mode 100644 index 0000000..743f44d --- /dev/null +++ b/executor/src/lib.rs @@ -0,0 +1,44 @@ +// @file +// +// Copyright (c) 2023 Intel Corporation +// SPDX-License-Identifier: Apache-2.0 or MIT +// + +#![cfg_attr(any(target_os = "uefi", target_os = "none"), no_std)] + +mod executor; +use crate::executor::*; +use core::future::Future; +extern crate alloc; +use alloc::boxed::Box; +use core::task::Poll; + +pub fn run(future: impl Future + 'static + Send) -> Poll +where + T: Send + 'static, +{ + DEFAULT_EXECUTOR.lock().run(Box::pin(future)) +} + +pub fn block_on(future: impl Future + 'static + Send) -> T +where + T: Send + 'static, +{ + DEFAULT_EXECUTOR.lock().block_on(Box::pin(future)) +} + +pub fn add_task(future: impl Future + 'static + Send) +where + T: Send + 'static, +{ + DEFAULT_EXECUTOR.lock().add_task(Box::pin(future)) +} + +// output: left? +pub fn poll_tasks() -> bool { + DEFAULT_EXECUTOR.lock().poll_tasks() +} + +pub fn active_tasks_count() -> usize { + DEFAULT_EXECUTOR.lock().active_tasks_count() +} diff --git a/external/patches/ring/0001-Support-x86_64-unknown-none-target.patch b/external/patches/ring/0001-Support-x86_64-unknown-none-target.patch new file mode 100644 index 0000000..e942cc5 --- /dev/null +++ b/external/patches/ring/0001-Support-x86_64-unknown-none-target.patch @@ -0,0 +1,76 @@ +diff --git a/Cargo.toml b/Cargo.toml +index 2c8ba6964..209c3d4a1 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -171,7 +171,7 @@ all-features = true + name = "ring" + + [dependencies] +-getrandom = { version = "0.2.10" } ++getrandom = { version = "0.2.10", features = ["rdrand"] } + untrusted = { version = "0.9" } + + [target.'cfg(any(target_arch = "x86",target_arch = "x86_64", all(any(target_arch = "aarch64", target_arch = "arm"), any(target_os = "android", target_os = "fuchsia", target_os = "linux", target_os = "windows"))))'.dependencies] +diff --git a/build.rs b/build.rs +index f7b94108b..3bdc8cd29 100644 +--- a/build.rs ++++ b/build.rs +@@ -121,7 +121,9 @@ fn cpp_flags(compiler: &cc::Tool) -> &'static [&'static str] { + "-Wenum-compare", + "-Wfloat-equal", + "-Wformat=2", +- "-Winline", ++ // Clear the `-Winline` because warnings will be treated as errors ++ // when `ring` is used as git submodules. ++ // "-Winline", + "-Winvalid-pch", + "-Wmissing-field-initializers", + "-Wmissing-include-dirs", +@@ -260,6 +262,8 @@ const LINUX_ABI: &[&str] = &[ + "linux", + "redox", + "solaris", ++ // For `x86_64-unknown-none` target ++ "none", + ]; + + /// Operating systems that have the same ABI as macOS on every architecture +@@ -604,16 +608,29 @@ fn configure_cc(c: &mut cc::Build, target: &Target, include_dir: &Path) { + // poly1305_vec.c requires which requires . + if (target.arch == "wasm32") + || (target.os == "linux" && target.is_musl && target.arch != "x86_64") ++ || (target.os == "none") + { + if let Ok(compiler) = c.try_get_compiler() { + // TODO: Expand this to non-clang compilers in 0.17.0 if practical. + if compiler.is_like_clang() { + let _ = c.flag("-nostdlibinc"); ++ // Required on windows for cross compilation to `x86_64-unknown-none` ++ let _ = c.flag("-ffreestanding"); + let _ = c.define("RING_CORE_NOSTDLIBINC", "1"); + } + } + } + ++ // `clang` does not define `__ELF__` for `x86_64-unknown-none` target. ++ // Manually define it. ++ if target.os == "none" { ++ if let Ok(compiler) = c.try_get_compiler() { ++ if compiler.is_like_clang() { ++ let _ = c.define("__ELF__", None); ++ } ++ } ++ } ++ + if target.force_warnings_into_errors { + c.warnings_into_errors(true); + } +@@ -645,7 +662,7 @@ fn nasm(file: &Path, arch: &str, include_dir: &Path, out_file: &Path) -> Command + std::path::MAIN_SEPARATOR, + ))); + +- let mut c = Command::new("./target/tools/windows/nasm/nasm"); ++ let mut c = Command::new("nasm"); + let _ = c + .arg("-o") + .arg(out_file.to_str().expect("Invalid path")) diff --git a/external/patches/webpki/0001-Add-support-for-verifying-certificate-chain-with-EKU.patch b/external/patches/webpki/0001-Add-support-for-verifying-certificate-chain-with-EKU.patch new file mode 100644 index 0000000..294d1b7 --- /dev/null +++ b/external/patches/webpki/0001-Add-support-for-verifying-certificate-chain-with-EKU.patch @@ -0,0 +1,58 @@ +diff --git a/src/end_entity.rs b/src/end_entity.rs +index cfe9ef1..8fd7e84 100644 +--- a/src/end_entity.rs ++++ b/src/end_entity.rs +@@ -239,4 +239,40 @@ impl<'a> EndEntityCert<'a> { + untrusted::Input::from(signature), + ) + } ++ ++ /// Verifies that the end-entity certificate is valid for use by cert chain ++ /// ++ /// `required_eku` is the Certificate Extended Key Usage Oid in bytes. ++ /// If the certificate is not valid for `required_eku` then this ++ /// fails with `Error::CertNotValidForName`. ++ /// `supported_sig_algs` is the list of signature algorithms that are ++ /// trusted for use in certificate signatures; the end-entity certificate's ++ /// public key is not validated against this list. `trust_anchors` is the ++ /// list of root CAs to trust. `intermediate_certs` is the sequence of ++ /// intermediate certificates that the client sent in the TLS handshake. ++ /// `cert` is the purported end-entity certificate of the client. `time` is ++ /// the time for which the validation is effective (usually the current ++ /// time). ++ /// ++ pub fn verify_cert_chain_with_eku( ++ &self, ++ required_eku: &'static [u8], ++ supported_sig_algs: &[&SignatureAlgorithm], ++ trust_anchors: &[crate::TrustAnchor], ++ intermediate_certs: &[&[u8]], ++ time: Time, ++ ) -> Result<(), ErrorExt> { ++ let eku = verify_cert::KeyPurposeId { ++ oid_value: untrusted::Input::from(required_eku), ++ }; ++ ++ crate::verify_cert::build_chain( ++ eku, ++ supported_sig_algs, ++ trust_anchors, ++ intermediate_certs, ++ &self.inner, ++ time, ++ ) ++ } + } +diff --git a/src/verify_cert.rs b/src/verify_cert.rs +index fe7ef9d..139f307 100644 +--- a/src/verify_cert.rs ++++ b/src/verify_cert.rs +@@ -306,7 +306,7 @@ fn check_basic_constraints( + + #[derive(Clone, Copy)] + pub struct KeyPurposeId { +- oid_value: untrusted::Input<'static>, ++ pub(crate) oid_value: untrusted::Input<'static>, + } + + // id-pkix OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 7 } diff --git a/fuzz-target/fuzz1.png b/fuzz-target/fuzz1.png new file mode 100644 index 0000000..8ea4f36 Binary files /dev/null and b/fuzz-target/fuzz1.png differ diff --git a/fuzz-target/fuzzlib/Cargo.toml b/fuzz-target/fuzzlib/Cargo.toml new file mode 100644 index 0000000..17ac323 --- /dev/null +++ b/fuzz-target/fuzzlib/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "fuzzlib" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +afl = { version = "=0.12.12", optional = true } +spdmlib = { path = "../../spdmlib", default-features = false, features=["spdm-ring"] } +simple_logger = "4.2.0" +log = "0.4.13" +ring = { version = "0.17.6" } +flexi_logger = "0.27.2" +spdmlib-test = { path = "../../test/spdmlib-test" } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../executor" } + +[features] +default = ["hashed-transcript-data", "afl"] +hashed-transcript-data = ["spdmlib/hashed-transcript-data"] +mut-auth = ["spdmlib/mut-auth"] diff --git a/fuzz-target/fuzzlib/src/fake_aead_impl.rs b/fuzz-target/fuzzlib/src/fake_aead_impl.rs new file mode 100644 index 0000000..ebacdbe --- /dev/null +++ b/fuzz-target/fuzzlib/src/fake_aead_impl.rs @@ -0,0 +1,48 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::crypto::SpdmAead; +use spdmlib::error::SpdmResult; +use spdmlib::protocol::{SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct}; + +pub static FAKE_AEAD: SpdmAead = SpdmAead { + encrypt_cb: fake_encrypt, + decrypt_cb: fake_decrypt, +}; + +fn fake_encrypt( + _aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)> { + let plain_text_size = plain_text.len(); + let cipher_text_size = cipher_text.len(); + if cipher_text_size != plain_text_size { + panic!("cipher_text len invalid"); + } + cipher_text.copy_from_slice(plain_text); + Ok((plain_text_size, tag.len())) +} + +fn fake_decrypt( + _aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + cipher_text: &[u8], + _tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult { + let plain_text_size = plain_text.len(); + let cipher_text_size = cipher_text.len(); + if cipher_text_size != plain_text_size { + panic!("plain_text len invalid"); + } + plain_text.copy_from_slice(cipher_text); + Ok(cipher_text_size) +} diff --git a/fuzz-target/fuzzlib/src/fake_device_io.rs b/fuzz-target/fuzzlib/src/fake_device_io.rs new file mode 100644 index 0000000..3c0f634 --- /dev/null +++ b/fuzz-target/fuzzlib/src/fake_device_io.rs @@ -0,0 +1,182 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +use super::*; +use crate::spdmlib::error::SPDM_STATUS_SEND_FAIL; +use async_trait::async_trait; +use spdmlib_test::common::device_io::SharedBuffer; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::borrow::BorrowMut; +use core::ops::DerefMut; + +pub struct FakeSpdmDeviceIoReceve { + data: Arc, +} + +impl FakeSpdmDeviceIoReceve { + pub fn new(data: Arc) -> Self { + FakeSpdmDeviceIoReceve { data: data } + } +} + +#[async_trait] +impl SpdmDeviceIo for FakeSpdmDeviceIoReceve { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.data.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + log::info!("responder receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + self.data.set_buffer_ref(buffer.clone()); + log::info!("responder send RAW - {:02x?}\n", buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct FuzzTmpSpdmDeviceIoReceve { + data: Arc, + fuzzdata: [[u8; 528]; 4], + current: usize, +} + +impl FuzzTmpSpdmDeviceIoReceve { + pub fn new(data: Arc, fuzzdata: [[u8; 528]; 4], current: usize) -> Self { + FuzzTmpSpdmDeviceIoReceve { + data: data, + fuzzdata, + current, + } + } +} + +#[async_trait] +impl SpdmDeviceIo for FuzzTmpSpdmDeviceIoReceve { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.data.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + log::info!("responder receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + let buffer: &[u8] = &self.fuzzdata[self.current]; + self.data.set_buffer_ref(Arc::new(buffer)); + log::info!("responder send RAW - {:02x?}\n", buffer); + self.current += 1; + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct FuzzSpdmDeviceIoReceve { + data: Arc, + fuzzdata: Arc<[u8]>, +} + +impl FuzzSpdmDeviceIoReceve { + pub fn new(data: Arc, fuzzdata: Arc<[u8]>) -> Self { + FuzzSpdmDeviceIoReceve { + data: data, + fuzzdata, + } + } +} + +#[async_trait] +impl SpdmDeviceIo for FuzzSpdmDeviceIoReceve { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.data.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + log::info!("responder receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + self.data.set_buffer(self.fuzzdata.clone()); + log::info!("responder send RAW - {:02x?}\n", buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct FakeSpdmDeviceIo { + pub rx: Arc, +} + +impl FakeSpdmDeviceIo { + pub fn new(rx: Arc) -> Self { + FakeSpdmDeviceIo { rx } + } + pub fn set_rx(&mut self, buffer: &[u8]) { + self.rx.set_buffer_ref(Arc::new(buffer)); + } +} + +#[async_trait] +impl SpdmDeviceIo for FakeSpdmDeviceIo { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.rx.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + log::info!("requester receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + log::info!("requester send RAW - {:02x?}\n", buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +#[test] +fn test_single_run() { + let buffer = SharedBuffer::new(); + let mut server = FakeSpdmDeviceIoReceve::new(&buffer); + let mut client = FakeSpdmDeviceIoReceve::new(&buffer); + client.send(&[1, 2]).unwrap(); + let mut rev = [0u8, 64]; + client.receive(&mut rev, 0).unwrap(); + println!("rev: {:?}", rev); +} diff --git a/fuzz-target/fuzzlib/src/fake_hkdf_impl.rs b/fuzz-target/fuzzlib/src/fake_hkdf_impl.rs new file mode 100644 index 0000000..65c8291 --- /dev/null +++ b/fuzz-target/fuzzlib/src/fake_hkdf_impl.rs @@ -0,0 +1,60 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::spdmlib::crypto::SpdmHkdf; +use spdmlib::protocol::{ + SpdmBaseHashAlgo, SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, + SpdmHkdfPseudoRandomKey, SHA256_DIGEST_SIZE, SHA384_DIGEST_SIZE, SHA512_DIGEST_SIZE, + SPDM_MAX_HASH_SIZE, SPDM_MAX_HKDF_OKM_SIZE, +}; + +pub static FAKE_HKDF: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: fake_hkdf_extract, + hkdf_expand_cb: fake_hkdf_expand, +}; + +fn fake_hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + _salt: &[u8], + _ikm: &SpdmHkdfInputKeyingMaterial, +) -> Option { + match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA256_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA384_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA512_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + _ => None, + } +} + +fn fake_hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + _pk: &SpdmHkdfPseudoRandomKey, + _info: &[u8], + _out_size: u16, +) -> Option { + match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: SHA256_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: SHA384_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: SHA512_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + _ => None, + } +} diff --git a/fuzz-target/fuzzlib/src/lib.rs b/fuzz-target/fuzzlib/src/lib.rs new file mode 100644 index 0000000..83754ae --- /dev/null +++ b/fuzz-target/fuzzlib/src/lib.rs @@ -0,0 +1,194 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub mod fake_device_io; +pub mod time; + +pub use fake_device_io::{ + FakeSpdmDeviceIoReceve, FuzzSpdmDeviceIoReceve, FuzzTmpSpdmDeviceIoReceve, +}; + +pub use spdmlib_test::common::crypto_callback::*; +pub use spdmlib_test::common::device_io::SharedBuffer; +pub use spdmlib_test::common::secret_callback::*; +pub use spdmlib_test::common::transport::PciDoeTransportEncap; +pub use spdmlib_test::common::util::{get_rsp_cert_chain_buff, req_create_info, rsp_create_info}; + +pub use spdmlib; +pub use spdmlib::common::{SpdmDeviceIo, SpdmTransportEncap}; +pub use spdmlib::error::SpdmResult; +pub use spdmlib::{common, config, requester, responder}; + +pub use flexi_logger; +pub use flexi_logger::FileSpec; +use log::LevelFilter; +use simple_logger::SimpleLogger; + +pub fn new_logger_from_env() -> SimpleLogger { + let level = match std::env::var("SPDM_LOG") { + Ok(x) => match x.to_lowercase().as_str() { + "trace" => LevelFilter::Trace, + "debug" => LevelFilter::Debug, + "info" => LevelFilter::Info, + "warn" => LevelFilter::Warn, + _ => LevelFilter::Error, + }, + _ => LevelFilter::Trace, + }; + + SimpleLogger::new().with_level(level) +} + +pub fn certificata_data() -> [[u8; 528]; 4] { + [ + [ + 0x1, 0x0, 0x1, 0x0, 0x84, 0x0, 0x0, 0x0, 0x11, 0x2, 0x0, 0x0, 0x0, 0x2, 0x8, 0x4, 0x8, + 0x6, 0x0, 0x0, 0x5a, 0x64, 0xb3, 0x8b, 0x5d, 0x5f, 0x4d, 0xb3, 0x5f, 0xb2, 0xaa, 0x1d, + 0x46, 0x9f, 0x6a, 0xdc, 0xca, 0x7f, 0xac, 0x85, 0xbe, 0xf0, 0x84, 0x10, 0x9c, 0xcd, + 0x54, 0x9, 0xf0, 0xab, 0x38, 0x3a, 0xaa, 0xf7, 0xa6, 0x2e, 0x3b, 0xd7, 0x81, 0x2c, + 0xea, 0x24, 0x7e, 0x14, 0xa9, 0x56, 0x9d, 0x28, 0x30, 0x82, 0x1, 0xcf, 0x30, 0x82, 0x1, + 0x56, 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x14, 0x20, 0x3a, 0xc2, 0x59, 0xcc, 0xda, 0xcb, + 0xf6, 0x72, 0xf1, 0xc0, 0x1a, 0x62, 0x1a, 0x45, 0x82, 0x90, 0x24, 0xb8, 0xaf, 0x30, + 0xa, 0x6, 0x8, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x4, 0x3, 0x3, 0x30, 0x1f, 0x31, 0x1d, + 0x30, 0x1b, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x14, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0xd, 0x32, 0x31, 0x30, 0x32, 0x30, 0x39, 0x30, 0x30, 0x35, 0x30, + 0x35, 0x38, 0x5a, 0x17, 0xd, 0x33, 0x31, 0x30, 0x32, 0x30, 0x37, 0x30, 0x30, 0x35, + 0x30, 0x35, 0x38, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x6, 0x3, 0x55, 0x4, 0x3, + 0xc, 0x14, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, + 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x6, 0x7, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x2, 0x1, 0x6, 0x5, 0x2b, 0x81, 0x4, 0x0, 0x22, 0x3, 0x62, 0x0, + 0x4, 0x99, 0x8f, 0x81, 0x68, 0x9a, 0x83, 0x9b, 0x83, 0x39, 0xad, 0xe, 0x32, 0x8d, 0xb9, + 0x42, 0xd, 0xae, 0xcc, 0x91, 0xa9, 0xbc, 0x4a, 0xe1, 0xbb, 0x79, 0x4c, 0x22, 0xfa, + 0x3f, 0xc, 0x9d, 0x93, 0x3c, 0x1a, 0x2, 0x5c, 0xc2, 0x73, 0x5, 0xec, 0x43, 0x5d, 0x4, + 0x2, 0xb1, 0x68, 0xb3, 0xf4, 0xd8, 0xde, 0xc, 0x8d, 0x53, 0xb7, 0x4, 0x8e, 0xa1, 0x43, + 0x9a, 0xeb, 0x31, 0xd, 0xaa, 0xce, 0x89, 0x2d, 0xba, 0x73, 0xda, 0x4f, 0x1e, 0x39, + 0x5d, 0x92, 0x11, 0x21, 0x38, 0xb4, 0x0, 0xd4, 0xf5, 0x55, 0x8c, 0xe8, 0x71, 0x30, + 0x3d, 0x46, 0x83, 0xf4, 0xc4, 0x52, 0x50, 0xda, 0x12, 0x5b, 0xa3, 0x53, 0x30, 0x51, + 0x30, 0x1d, 0x6, 0x3, 0x55, 0x1d, 0xe, 0x4, 0x16, 0x4, 0x14, 0xcf, 0x9, 0xd4, 0x7a, + 0xee, 0x8, 0x90, 0x62, 0xbf, 0xe6, 0x9c, 0xb4, 0xb9, 0xdf, 0xe1, 0x41, 0x33, 0x1c, 0x3, + 0xa5, 0x30, 0x1f, 0x6, 0x3, 0x55, 0x1d, 0x23, 0x4, 0x18, 0x30, 0x16, 0x80, 0x14, 0xcf, + 0x9, 0xd4, 0x7a, 0xee, 0x8, 0x90, 0x62, 0xbf, 0xe6, 0x9c, 0xb4, 0xb9, 0xdf, 0xe1, 0x41, + 0x33, 0x1c, 0x3, 0xa5, 0x30, 0xf, 0x6, 0x3, 0x55, 0x1d, 0x13, 0x1, 0x1, 0xff, 0x4, 0x5, + 0x30, 0x3, 0x1, 0x1, 0xff, 0x30, 0xa, 0x6, 0x8, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x4, 0x3, + 0x3, 0x3, 0x67, 0x0, 0x30, 0x64, 0x2, 0x30, 0x5a, 0xb4, 0xf5, 0x95, 0x25, 0x82, 0xf6, + 0x68, 0x3e, 0x49, 0xc7, 0xb4, 0xbb, 0x42, 0x81, 0x91, 0x7e, 0x38, 0xd0, 0x2d, 0xac, + 0x53, 0xae, 0x8e, 0xb0, 0x51, 0x50, 0xaa, 0xf8, 0x7e, 0xff, 0xc0, 0x30, 0xab, 0xd5, + 0x8, 0x5b, 0x6, 0xf7, 0xe1, 0xbf, 0x39, 0xd2, 0x3e, 0xae, 0xbf, 0x8e, 0x48, 0x2, 0x30, + 0x9, 0x75, 0xa8, 0xc0, 0x6f, 0x4f, 0x3c, 0xad, 0x5d, 0x4e, 0x4f, 0xf8, 0x2c, 0x3b, + 0x39, 0x46, 0xa0, 0xdf, 0x83, 0x8e, 0xb5, 0xd3, 0x61, 0x61, 0x59, 0xbc, 0x39, 0xd7, + 0xad, 0x68, 0x5e, 0xd, 0x4f, 0x3f, 0xe2, 0xca, 0xc1, 0x74, 0x8f, 0x47, 0x37, + ], + [ + 0x1, 0x0, 0x1, 0x0, 0x84, 0x0, 0x0, 0x0, 0x11, 0x2, 0x0, 0x0, 0x0, 0x2, 0x8, 0x2, 0x11, + 0xc8, 0x22, 0x59, 0x6f, 0x64, 0x52, 0x30, 0x82, 0x1, 0xd7, 0x30, 0x82, 0x1, 0x5d, 0xa0, + 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x1, 0x30, 0xa, 0x6, 0x8, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x4, 0x3, 0x3, 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x14, + 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, + 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0xd, 0x32, 0x31, 0x30, 0x32, + 0x30, 0x39, 0x30, 0x30, 0x35, 0x30, 0x35, 0x39, 0x5a, 0x17, 0xd, 0x33, 0x31, 0x30, + 0x32, 0x30, 0x37, 0x30, 0x30, 0x35, 0x30, 0x35, 0x39, 0x5a, 0x30, 0x2e, 0x31, 0x2c, + 0x30, 0x2a, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x23, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, + 0x74, 0x30, 0x76, 0x30, 0x10, 0x6, 0x7, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x2, 0x1, 0x6, + 0x5, 0x2b, 0x81, 0x4, 0x0, 0x22, 0x3, 0x62, 0x0, 0x4, 0x77, 0x1b, 0x24, 0xf6, 0xc6, + 0x76, 0x1f, 0xb8, 0x30, 0x7, 0x8b, 0xb8, 0xa3, 0x9e, 0xc0, 0x26, 0xc1, 0xea, 0x7d, + 0xfc, 0x29, 0x7d, 0xe0, 0x59, 0xb2, 0x64, 0x32, 0x75, 0x4a, 0xe3, 0x2, 0x64, 0x3c, + 0xbc, 0x85, 0x8e, 0xc6, 0xec, 0xef, 0xb0, 0x79, 0xf4, 0xc1, 0xa4, 0xb9, 0xbb, 0x29, + 0x6b, 0xae, 0xad, 0xf0, 0x7d, 0x63, 0xc6, 0xaf, 0xb3, 0x73, 0x5e, 0x4f, 0x3f, 0xfe, + 0x89, 0x8a, 0xbb, 0x7d, 0x2b, 0x60, 0x3e, 0x16, 0xba, 0x82, 0xcf, 0xa4, 0x70, 0x4, + 0x85, 0xc3, 0xa3, 0x3c, 0x5e, 0x6a, 0xa0, 0xef, 0xda, 0xd5, 0x20, 0x30, 0x19, 0xba, + 0x79, 0x95, 0xb0, 0xc2, 0x7f, 0x4c, 0xdd, 0xa3, 0x5e, 0x30, 0x5c, 0x30, 0xc, 0x6, 0x3, + 0x55, 0x1d, 0x13, 0x4, 0x5, 0x30, 0x3, 0x1, 0x1, 0xff, 0x30, 0xb, 0x6, 0x3, 0x55, 0x1d, + 0xf, 0x4, 0x4, 0x3, 0x2, 0x1, 0xfe, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x1d, 0xe, 0x4, 0x16, + 0x4, 0x14, 0x12, 0xe0, 0x1a, 0x23, 0xc6, 0x23, 0xe4, 0x2, 0x58, 0xb, 0x6, 0xac, 0x90, + 0xfa, 0x4b, 0x80, 0x3d, 0xc9, 0xf1, 0x1d, 0x30, 0x20, 0x6, 0x3, 0x55, 0x1d, 0x25, 0x1, + 0x1, 0xff, 0x4, 0x16, 0x30, 0x14, 0x6, 0x8, 0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x3, 0x1, + 0x6, 0x8, 0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x3, 0x2, 0x30, 0xa, 0x6, 0x8, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x4, 0x3, 0x3, 0x3, 0x68, 0x0, 0x30, 0x65, 0x2, 0x30, 0x3, 0x32, + 0xb1, 0x8b, 0x20, 0xf4, 0x76, 0xda, 0x8c, 0x83, 0x96, 0x87, 0x55, 0xd9, 0x12, 0x72, + 0xbd, 0x58, 0x4d, 0xa, 0x37, 0xaf, 0x29, 0x95, 0x1d, 0x36, 0xc4, 0x9e, 0xa5, 0xcd, + 0xe2, 0x3b, 0xf5, 0xe0, 0x7a, 0x64, 0x36, 0x1e, 0xd4, 0xf1, 0xe1, 0xbb, 0x14, 0x57, + 0x9e, 0x86, 0x82, 0x72, 0x2, 0x31, 0x0, 0xc0, 0xd6, 0x2, 0x99, 0x50, 0x76, 0x34, 0x16, + 0xd6, 0x51, 0x9c, 0xc4, 0x86, 0x8, 0x68, 0x94, 0xbf, 0x3c, 0x9, 0x7e, 0x10, 0xe5, 0x62, + 0x8a, 0xba, 0x48, 0xa, 0xa5, 0xed, 0x1a, 0x6a, 0xf6, 0x3c, 0x2f, 0x4d, 0x38, 0x5d, + 0x7d, 0x5c, 0x60, 0x63, 0x88, 0x84, 0x5d, 0x49, 0x33, 0xe2, 0xa7, 0x30, 0x82, 0x2, + 0x22, 0x30, 0x82, 0x1, 0xa8, 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x3, 0x30, 0xa, 0x6, + 0x8, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x4, 0x3, 0x3, 0x30, 0x2e, + ], + [ + 0x1, 0x0, 0x1, 0x0, 0x84, 0x0, 0x0, 0x0, 0x11, 0x2, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0x31, + 0x2c, 0x30, 0x2a, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x23, 0x69, 0x6e, 0x74, 0x65, 0x6c, + 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, + 0x72, 0x74, 0x30, 0x1e, 0x17, 0xd, 0x32, 0x31, 0x30, 0x32, 0x30, 0x39, 0x30, 0x30, + 0x35, 0x30, 0x35, 0x39, 0x5a, 0x17, 0xd, 0x32, 0x32, 0x30, 0x32, 0x30, 0x39, 0x30, + 0x30, 0x35, 0x30, 0x35, 0x39, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x6, 0x3, 0x55, + 0x4, 0x3, 0xc, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x76, 0x30, 0x10, 0x6, 0x7, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x2, 0x1, 0x6, 0x5, 0x2b, 0x81, 0x4, 0x0, 0x22, 0x3, 0x62, 0x0, 0x4, + 0x6c, 0x22, 0x41, 0xdf, 0xb7, 0xe4, 0xd6, 0x8d, 0x53, 0x72, 0x4e, 0x4a, 0x1b, 0x99, + 0x82, 0xe6, 0x56, 0xd2, 0x2d, 0x97, 0x4b, 0x98, 0x40, 0xa9, 0x99, 0xd6, 0xd, 0xd8, + 0xe9, 0xa6, 0xfc, 0x74, 0xb9, 0xce, 0x89, 0x48, 0xa7, 0xb5, 0x9, 0xb6, 0x24, 0x49, + 0xd6, 0x23, 0xb3, 0x5f, 0x3a, 0xf0, 0x99, 0xb0, 0xca, 0x63, 0x7d, 0x24, 0xfe, 0xe9, + 0x12, 0x19, 0xf, 0xc2, 0x73, 0x1c, 0xe3, 0x76, 0x91, 0xec, 0x57, 0x6c, 0xcd, 0x7b, + 0xab, 0x32, 0xfd, 0x6d, 0x6e, 0x92, 0x7d, 0x37, 0x60, 0x1, 0xdb, 0x13, 0x92, 0x3b, + 0x77, 0xf7, 0x12, 0x97, 0x1d, 0x5e, 0xe3, 0xb9, 0x15, 0x83, 0xaf, 0x89, 0xa3, 0x81, + 0x9c, 0x30, 0x81, 0x99, 0x30, 0xc, 0x6, 0x3, 0x55, 0x1d, 0x13, 0x1, 0x1, 0xff, 0x4, + 0x2, 0x30, 0x0, 0x30, 0xb, 0x6, 0x3, 0x55, 0x1d, 0xf, 0x4, 0x4, 0x3, 0x2, 0x5, 0xe0, + 0x30, 0x1d, 0x6, 0x3, 0x55, 0x1d, 0xe, 0x4, 0x16, 0x4, 0x14, 0x48, 0x1f, 0x5d, 0x95, + 0xce, 0x89, 0xd4, 0x7d, 0xa4, 0x4c, 0x21, 0x8f, 0x5b, 0xd5, 0x50, 0x96, 0xff, 0xba, + 0xe2, 0xee, 0x30, 0x31, 0x6, 0x3, 0x55, 0x1d, 0x11, 0x4, 0x2a, 0x30, 0x28, 0xa0, 0x26, + 0x6, 0xa, 0x2b, 0x6, 0x1, 0x4, 0x1, 0x83, 0x1c, 0x82, 0x12, 0x1, 0xa0, 0x18, 0xc, 0x16, + 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x30, 0x2a, 0x6, 0x3, 0x55, 0x1d, 0x25, + 0x1, 0x1, 0xff, 0x4, 0x20, 0x30, 0x1e, 0x6, 0x8, 0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x3, + 0x1, 0x6, 0x8, 0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x3, 0x2, 0x6, 0x8, 0x2b, 0x6, 0x1, 0x5, + 0x5, 0x7, 0x3, 0x9, 0x30, 0xa, 0x6, 0x8, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x4, 0x3, 0x3, + 0x3, 0x68, 0x0, 0x30, 0x65, 0x2, 0x30, 0x8, 0xe6, 0x1f, 0xd, 0xdf, 0x18, 0xd3, 0x2f, + 0x50, 0x49, 0x99, 0xb0, 0xe2, 0x64, 0x95, 0x30, 0xa9, 0x5a, 0xbf, 0x83, 0x76, 0xae, + 0x4a, 0x39, 0xd8, 0xe2, 0x51, 0x12, 0x84, 0x9c, 0xbe, 0x11, 0x1d, 0x3b, 0x77, 0x20, + 0x6f, 0x5, 0x6c, 0xc7, 0x98, 0xb2, 0xba, 0xb8, 0x96, 0x75, 0x25, 0xcf, 0x2, 0x31, 0x0, + 0x93, 0x12, 0x5b, 0x66, 0x93, 0xc0, 0xe7, 0x56, 0x1b, 0x68, 0x28, 0x27, 0xd8, 0x8e, + 0x69, 0xaa, 0x30, 0x76, 0x5, 0x6f, 0x4b, 0xd0, 0xce, 0x10, 0xf, 0xf8, 0xdf, 0x4a, 0xab, + 0x9b, 0x4d, 0xb1, 0x47, 0xe4, 0xcd, 0xce, 0xce, 0x48, 0xd, 0xf8, + ], + [ + 0x1, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x11, 0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x35, + 0x3d, 0xbc, 0x25, 0xce, 0xec, 0xb9, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, + ], + ] +} diff --git a/fuzz-target/fuzzlib/src/secret.rs b/fuzz-target/fuzzlib/src/secret.rs new file mode 100644 index 0000000..8d110a1 --- /dev/null +++ b/fuzz-target/fuzzlib/src/secret.rs @@ -0,0 +1,275 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(dead_code)] +#![allow(unused_variables)] +use crate::codec::*; +use spdmlib::common::key_schedule::SpdmKeySchedule; +use spdmlib::config; +use spdmlib::crypto; +use spdmlib::crypto::hash; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::protocol::{ + SpdmBaseHashAlgo, SpdmDigestStruct, SpdmHkdfOutputKeyingMaterial, SpdmMeasurementHashAlgo, + SpdmMeasurementRecordStructure, SpdmMeasurementSpecification, SpdmMeasurementSummaryHashType, +}; +use spdmlib::secret::*; + +pub static SECRET_MEASUREMENT_IMPL_INSTANCE: SpdmSecretMeasurement = SpdmSecretMeasurement { + measurement_collection_cb: measurement_collection_impl, + generate_measurement_summary_hash_cb: generate_measurement_summary_hash_impl, +}; + +pub static SECRET_PSK_IMPL_INSTANCE: SpdmSecretPsk = SpdmSecretPsk { + handshake_secret_hkdf_expand_cb: handshake_secret_hkdf_expand_impl, + master_secret_hkdf_expand_cb: master_secret_hkdf_expand_impl, +}; + +#[allow(clippy::field_reassign_with_default)] +fn measurement_collection_impl( + spdm_version: SpdmVersion, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_index: usize, +) -> Option { + if measurement_specification != SpdmMeasurementSpecification::DMTF { + None + } else { + let base_hash_algo = match measurement_hash_algo { + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256 => SpdmBaseHashAlgo::TPM_ALG_SHA_256, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384 => SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_512 => SpdmBaseHashAlgo::TPM_ALG_SHA_512, + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_256 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_384 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_512 + | SpdmMeasurementHashAlgo::TPM_ALG_SM3 => return None, + _ => return None, + }; + let hashsize = base_hash_algo.get_size(); + if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber.get_u8() as usize + { + let mut dummy_spdm_measurement_record_structure = + SpdmMeasurementRecordStructure::default(); + dummy_spdm_measurement_record_structure.number_of_blocks = 10; + Some(dummy_spdm_measurement_record_structure) + } else if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementRequestAll.get_u8() as usize + { + let mut firmware1: [u8; 8] = [0; 8]; + let mut firmware2: [u8; 8] = [0; 8]; + let mut firmware3: [u8; 8] = [0; 8]; + let mut firmware4: [u8; 8] = [0; 8]; + let mut firmware5: [u8; 8] = [0; 8]; + let mut firmware6: [u8; 8] = [0; 8]; + let mut firmware7: [u8; 8] = [0; 8]; + let mut firmware8: [u8; 8] = [0; 8]; + let mut firmware9: [u8; 8] = [0; 8]; + let mut firmware10: [u8; 8] = [0; 8]; + firmware1.copy_from_slice("deadbeef".as_bytes()); + firmware2.copy_from_slice("eadbeefd".as_bytes()); + firmware3.copy_from_slice("adbeefde".as_bytes()); + firmware4.copy_from_slice("dbeefdea".as_bytes()); + firmware5.copy_from_slice("beefdead".as_bytes()); + firmware6.copy_from_slice("deadbeef".as_bytes()); + firmware7.copy_from_slice("eadbeefd".as_bytes()); + firmware8.copy_from_slice("adbeefde".as_bytes()); + firmware9.copy_from_slice("dbeefdea".as_bytes()); + firmware10.copy_from_slice("beefdead".as_bytes()); + let digest1 = hash::hash_all(base_hash_algo, &firmware1).expect("hash_all failed!"); + let digest2 = hash::hash_all(base_hash_algo, &firmware2).expect("hash_all failed!"); + let digest3 = hash::hash_all(base_hash_algo, &firmware3).expect("hash_all failed!"); + let digest4 = hash::hash_all(base_hash_algo, &firmware4).expect("hash_all failed!"); + let digest5 = hash::hash_all(base_hash_algo, &firmware5).expect("hash_all failed!"); + let digest6 = hash::hash_all(base_hash_algo, &firmware6).expect("hash_all failed!"); + let digest7 = hash::hash_all(base_hash_algo, &firmware7).expect("hash_all failed!"); + let digest8 = hash::hash_all(base_hash_algo, &firmware8).expect("hash_all failed!"); + let digest9 = hash::hash_all(base_hash_algo, &firmware9).expect("hash_all failed!"); + let digest10 = hash::hash_all(base_hash_algo, &firmware10).expect("hash_all failed!"); + let mut digest_value1: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value2: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value3: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value4: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value5: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value6: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value7: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value8: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value9: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value10: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value1[..64].copy_from_slice(digest1.data.as_ref()); + digest_value2[..64].copy_from_slice(digest2.data.as_ref()); + digest_value3[..64].copy_from_slice(digest3.data.as_ref()); + digest_value4[..64].copy_from_slice(digest4.data.as_ref()); + digest_value5[..64].copy_from_slice(digest5.data.as_ref()); + digest_value6[..64].copy_from_slice(digest6.data.as_ref()); + digest_value7[..64].copy_from_slice(digest7.data.as_ref()); + digest_value8[..64].copy_from_slice(digest8.data.as_ref()); + digest_value9[..64].copy_from_slice(digest9.data.as_ref()); + digest_value10[..64].copy_from_slice(digest10.data.as_ref()); + + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification, + measurement_size: digest1.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest1.data_size, + value: digest_value1, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + for i in 0..10 { + spdm_measurement_block_structure.encode(&mut writer).ok()?; + spdm_measurement_block_structure.index += 1; + } + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 10, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } else if measurement_index > 10 { + None + } else { + let mut firmware: [u8; 8] = [0; 8]; + firmware.copy_from_slice("deadbeef".as_bytes()); + + let digest = hash::hash_all(base_hash_algo, &firmware)?; + + let mut digest_value: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value[(measurement_index) * SPDM_MAX_HASH_SIZE + ..(measurement_index + 1) * SPDM_MAX_HASH_SIZE] + .copy_from_slice(digest.data.as_ref()); + + let spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: measurement_index as u8, + measurement_specification, + measurement_size: digest.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest.data_size, + value: digest_value, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + spdm_measurement_block_structure.encode(&mut writer).ok()?; + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 1, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } + } +} + +fn generate_measurement_summary_hash_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, +) -> Option { + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll => { + let mut dummyall: [u8; 8] = [0; 8]; + dummyall.copy_from_slice("dummyall".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummyall)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + let mut dummytcb: [u8; 8] = [0; 8]; + dummytcb.copy_from_slice("dummytcb".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummytcb)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => None, + _ => None, + } +} + +const MAX_BIN_CONCAT_BUF_SIZE: usize = 2 + 8 + 12 + SPDM_MAX_HASH_SIZE; +const SALT_0: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const ZERO_FILLED: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const BIN_STR0_LABEL: &[u8] = b"derived"; + +fn handshake_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, info, base_hash_algo.get_size()) +} + +fn master_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str0 = SpdmKeySchedule::binconcat( + &SpdmKeySchedule, + base_hash_algo.get_size(), + spdm_version, + BIN_STR0_LABEL, + None, + buffer, + )?; + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + let salt_1 = + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, bin_str0, base_hash_algo.get_size())?; + + let mst_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + salt_1.as_ref(), + &SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(&SpdmZeroFilledStruct { + data_size: base_hash_algo.get_size(), + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &mst_sec, info, base_hash_algo.get_size()) +} diff --git a/fuzz-target/fuzzlib/src/time.rs b/fuzz-target/fuzzlib/src/time.rs new file mode 100644 index 0000000..daa2760 --- /dev/null +++ b/fuzz-target/fuzzlib/src/time.rs @@ -0,0 +1,11 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::time::SpdmTime; +pub static SPDM_TIME_IMPL: SpdmTime = SpdmTime { + sleep_cb: |time: usize| { + use std::{thread, time::Duration}; + thread::sleep(Duration::from_millis(time as u64)); + }, +}; diff --git a/fuzz-target/in/algorithm_req/algorithm_req.raw b/fuzz-target/in/algorithm_req/algorithm_req.raw new file mode 100644 index 0000000..8863d2a Binary files /dev/null and b/fuzz-target/in/algorithm_req/algorithm_req.raw differ diff --git a/fuzz-target/in/algorithm_req/algorithm_req_2.raw b/fuzz-target/in/algorithm_req/algorithm_req_2.raw new file mode 100644 index 0000000..2bc2bbd Binary files /dev/null and b/fuzz-target/in/algorithm_req/algorithm_req_2.raw differ diff --git a/fuzz-target/in/algorithm_req/default.raw b/fuzz-target/in/algorithm_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/algorithm_req/default.raw differ diff --git a/fuzz-target/in/algorithm_rsp/algorithm_rsp.raw b/fuzz-target/in/algorithm_rsp/algorithm_rsp.raw new file mode 100644 index 0000000..fa116dd Binary files /dev/null and b/fuzz-target/in/algorithm_rsp/algorithm_rsp.raw differ diff --git a/fuzz-target/in/algorithm_rsp/default.raw b/fuzz-target/in/algorithm_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/algorithm_rsp/default.raw differ diff --git a/fuzz-target/in/capability_req/capability_req.raw b/fuzz-target/in/capability_req/capability_req.raw new file mode 100644 index 0000000..01f0913 Binary files /dev/null and b/fuzz-target/in/capability_req/capability_req.raw differ diff --git a/fuzz-target/in/capability_req/default.raw b/fuzz-target/in/capability_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/capability_req/default.raw differ diff --git a/fuzz-target/in/capability_rsp/capability_rsp.raw b/fuzz-target/in/capability_rsp/capability_rsp.raw new file mode 100644 index 0000000..5b568d8 Binary files /dev/null and b/fuzz-target/in/capability_rsp/capability_rsp.raw differ diff --git a/fuzz-target/in/capability_rsp/default.raw b/fuzz-target/in/capability_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/capability_rsp/default.raw differ diff --git a/fuzz-target/in/certificate_req/certificate_req.raw b/fuzz-target/in/certificate_req/certificate_req.raw new file mode 100644 index 0000000..8f74dc1 Binary files /dev/null and b/fuzz-target/in/certificate_req/certificate_req.raw differ diff --git a/fuzz-target/in/certificate_req/default.raw b/fuzz-target/in/certificate_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/certificate_req/default.raw differ diff --git a/fuzz-target/in/certificate_rsp/certificate_rsp.raw b/fuzz-target/in/certificate_rsp/certificate_rsp.raw new file mode 100644 index 0000000..17efca8 Binary files /dev/null and b/fuzz-target/in/certificate_rsp/certificate_rsp.raw differ diff --git a/fuzz-target/in/certificate_rsp/certificate_rsp_2.raw b/fuzz-target/in/certificate_rsp/certificate_rsp_2.raw new file mode 100644 index 0000000..964a164 Binary files /dev/null and b/fuzz-target/in/certificate_rsp/certificate_rsp_2.raw differ diff --git a/fuzz-target/in/certificate_rsp/default.raw b/fuzz-target/in/certificate_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/certificate_rsp/default.raw differ diff --git a/fuzz-target/in/challenge_req/challenge_req.raw b/fuzz-target/in/challenge_req/challenge_req.raw new file mode 100644 index 0000000..d225059 Binary files /dev/null and b/fuzz-target/in/challenge_req/challenge_req.raw differ diff --git a/fuzz-target/in/challenge_req/default.raw b/fuzz-target/in/challenge_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/challenge_req/default.raw differ diff --git a/fuzz-target/in/challenge_rsp/challenge_rsp.raw b/fuzz-target/in/challenge_rsp/challenge_rsp.raw new file mode 100644 index 0000000..b40cd2c Binary files /dev/null and b/fuzz-target/in/challenge_rsp/challenge_rsp.raw differ diff --git a/fuzz-target/in/challenge_rsp/default.raw b/fuzz-target/in/challenge_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/challenge_rsp/default.raw differ diff --git a/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/default.raw b/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/default.raw differ diff --git a/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/encap_get_certificate.raw b/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/encap_get_certificate.raw new file mode 100644 index 0000000..932903b Binary files /dev/null and b/fuzz-target/in/deliver_encapsulated_response_certificate_rsp/encap_get_certificate.raw differ diff --git a/fuzz-target/in/deliver_encapsulated_response_digest_rsp/default.raw b/fuzz-target/in/deliver_encapsulated_response_digest_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/deliver_encapsulated_response_digest_rsp/default.raw differ diff --git a/fuzz-target/in/deliver_encapsulated_response_rsp/default.raw b/fuzz-target/in/deliver_encapsulated_response_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/deliver_encapsulated_response_rsp/default.raw differ diff --git a/fuzz-target/in/deliver_encapsulated_response_rsp/encap_certificate.raw b/fuzz-target/in/deliver_encapsulated_response_rsp/encap_certificate.raw new file mode 100644 index 0000000..06c3a16 Binary files /dev/null and b/fuzz-target/in/deliver_encapsulated_response_rsp/encap_certificate.raw differ diff --git a/fuzz-target/in/digest_req/default.raw b/fuzz-target/in/digest_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/digest_req/default.raw differ diff --git a/fuzz-target/in/digest_req/digest_req_2.raw b/fuzz-target/in/digest_req/digest_req_2.raw new file mode 100644 index 0000000..683dd24 Binary files /dev/null and b/fuzz-target/in/digest_req/digest_req_2.raw differ diff --git a/fuzz-target/in/digest_req/digests_req.raw b/fuzz-target/in/digest_req/digests_req.raw new file mode 100644 index 0000000..ec1d4e2 Binary files /dev/null and b/fuzz-target/in/digest_req/digests_req.raw differ diff --git a/fuzz-target/in/digest_rsp/digest_rsp.raw b/fuzz-target/in/digest_rsp/digest_rsp.raw new file mode 100644 index 0000000..3277031 Binary files /dev/null and b/fuzz-target/in/digest_rsp/digest_rsp.raw differ diff --git a/fuzz-target/in/digest_rsp/digest_rsp_2.raw b/fuzz-target/in/digest_rsp/digest_rsp_2.raw new file mode 100644 index 0000000..b6c3fee Binary files /dev/null and b/fuzz-target/in/digest_rsp/digest_rsp_2.raw differ diff --git a/fuzz-target/in/encapsulated_request_certificate_req/default.raw b/fuzz-target/in/encapsulated_request_certificate_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/encapsulated_request_certificate_req/default.raw differ diff --git a/fuzz-target/in/encapsulated_request_digest_req/default.raw b/fuzz-target/in/encapsulated_request_digest_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/encapsulated_request_digest_req/default.raw differ diff --git a/fuzz-target/in/encapsulated_request_req/default.raw b/fuzz-target/in/encapsulated_request_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/encapsulated_request_req/default.raw differ diff --git a/fuzz-target/in/encapsulated_request_req/encap_resp_ack.raw b/fuzz-target/in/encapsulated_request_req/encap_resp_ack.raw new file mode 100644 index 0000000..a5e0b50 Binary files /dev/null and b/fuzz-target/in/encapsulated_request_req/encap_resp_ack.raw differ diff --git a/fuzz-target/in/end_session_req/default.raw b/fuzz-target/in/end_session_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/end_session_req/default.raw differ diff --git a/fuzz-target/in/end_session_req/end_session_req_1.raw b/fuzz-target/in/end_session_req/end_session_req_1.raw new file mode 100644 index 0000000..a7b855c Binary files /dev/null and b/fuzz-target/in/end_session_req/end_session_req_1.raw differ diff --git a/fuzz-target/in/end_session_req/end_session_req_2.raw b/fuzz-target/in/end_session_req/end_session_req_2.raw new file mode 100644 index 0000000..01f82aa Binary files /dev/null and b/fuzz-target/in/end_session_req/end_session_req_2.raw differ diff --git a/fuzz-target/in/end_session_rsp/default.raw b/fuzz-target/in/end_session_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/end_session_rsp/default.raw differ diff --git a/fuzz-target/in/end_session_rsp/end_session_rsp.raw b/fuzz-target/in/end_session_rsp/end_session_rsp.raw new file mode 100644 index 0000000..1167e50 Binary files /dev/null and b/fuzz-target/in/end_session_rsp/end_session_rsp.raw differ diff --git a/fuzz-target/in/finish_req/default.raw b/fuzz-target/in/finish_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/finish_req/default.raw differ diff --git a/fuzz-target/in/finish_req/finish_req.raw b/fuzz-target/in/finish_req/finish_req.raw new file mode 100644 index 0000000..5a158f1 Binary files /dev/null and b/fuzz-target/in/finish_req/finish_req.raw differ diff --git a/fuzz-target/in/finish_req/finish_req_in_clear.raw b/fuzz-target/in/finish_req/finish_req_in_clear.raw new file mode 100644 index 0000000..69eb2f9 Binary files /dev/null and b/fuzz-target/in/finish_req/finish_req_in_clear.raw differ diff --git a/fuzz-target/in/finish_rsp/default.raw b/fuzz-target/in/finish_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/finish_rsp/default.raw differ diff --git a/fuzz-target/in/finish_rsp/finish_rsp.raw b/fuzz-target/in/finish_rsp/finish_rsp.raw new file mode 100644 index 0000000..8bbba41 Binary files /dev/null and b/fuzz-target/in/finish_rsp/finish_rsp.raw differ diff --git a/fuzz-target/in/finish_rsp/finish_rsp_mut_auth.raw b/fuzz-target/in/finish_rsp/finish_rsp_mut_auth.raw new file mode 100644 index 0000000..f179502 Binary files /dev/null and b/fuzz-target/in/finish_rsp/finish_rsp_mut_auth.raw differ diff --git a/fuzz-target/in/get_encapsulated_request_rsp/default.raw b/fuzz-target/in/get_encapsulated_request_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/get_encapsulated_request_rsp/default.raw differ diff --git a/fuzz-target/in/heartbeat_req/default.raw b/fuzz-target/in/heartbeat_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/heartbeat_req/default.raw differ diff --git a/fuzz-target/in/heartbeat_req/heartbeat_req.raw b/fuzz-target/in/heartbeat_req/heartbeat_req.raw new file mode 100644 index 0000000..e888ecb Binary files /dev/null and b/fuzz-target/in/heartbeat_req/heartbeat_req.raw differ diff --git a/fuzz-target/in/heartbeat_req/heartbeat_req_2.raw b/fuzz-target/in/heartbeat_req/heartbeat_req_2.raw new file mode 100644 index 0000000..a85ce1f Binary files /dev/null and b/fuzz-target/in/heartbeat_req/heartbeat_req_2.raw differ diff --git a/fuzz-target/in/heartbeat_rsp/default.raw b/fuzz-target/in/heartbeat_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/heartbeat_rsp/default.raw differ diff --git a/fuzz-target/in/heartbeat_rsp/heartbeat_rsp.raw b/fuzz-target/in/heartbeat_rsp/heartbeat_rsp.raw new file mode 100644 index 0000000..a4dfc7f Binary files /dev/null and b/fuzz-target/in/heartbeat_rsp/heartbeat_rsp.raw differ diff --git a/fuzz-target/in/key_exchange_req/default.raw b/fuzz-target/in/key_exchange_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/key_exchange_req/default.raw differ diff --git a/fuzz-target/in/key_exchange_req/key_exchange_req.raw b/fuzz-target/in/key_exchange_req/key_exchange_req.raw new file mode 100644 index 0000000..c6baf27 Binary files /dev/null and b/fuzz-target/in/key_exchange_req/key_exchange_req.raw differ diff --git a/fuzz-target/in/key_exchange_req/key_exchange_req_mut_auth.raw b/fuzz-target/in/key_exchange_req/key_exchange_req_mut_auth.raw new file mode 100644 index 0000000..6008fa5 Binary files /dev/null and b/fuzz-target/in/key_exchange_req/key_exchange_req_mut_auth.raw differ diff --git a/fuzz-target/in/key_update_req/default.raw b/fuzz-target/in/key_update_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/key_update_req/default.raw differ diff --git a/fuzz-target/in/key_update_req/key_update_req.raw b/fuzz-target/in/key_update_req/key_update_req.raw new file mode 100644 index 0000000..b3aba74 Binary files /dev/null and b/fuzz-target/in/key_update_req/key_update_req.raw differ diff --git a/fuzz-target/in/key_update_req/key_update_req1.raw b/fuzz-target/in/key_update_req/key_update_req1.raw new file mode 100644 index 0000000..089dc23 Binary files /dev/null and b/fuzz-target/in/key_update_req/key_update_req1.raw differ diff --git a/fuzz-target/in/key_update_req/key_update_req_2.raw b/fuzz-target/in/key_update_req/key_update_req_2.raw new file mode 100644 index 0000000..03f6eaf Binary files /dev/null and b/fuzz-target/in/key_update_req/key_update_req_2.raw differ diff --git a/fuzz-target/in/key_update_rsp/default.raw b/fuzz-target/in/key_update_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/key_update_rsp/default.raw differ diff --git a/fuzz-target/in/key_update_rsp/key_update_rsp.raw b/fuzz-target/in/key_update_rsp/key_update_rsp.raw new file mode 100644 index 0000000..cdcc3d9 --- /dev/null +++ b/fuzz-target/in/key_update_rsp/key_update_rsp.raw @@ -0,0 +1 @@ +é \ No newline at end of file diff --git a/fuzz-target/in/keyexchange_rsp/default.raw b/fuzz-target/in/keyexchange_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/keyexchange_rsp/default.raw differ diff --git a/fuzz-target/in/keyexchange_rsp/key_exchange.raw b/fuzz-target/in/keyexchange_rsp/key_exchange.raw new file mode 100644 index 0000000..f570b87 Binary files /dev/null and b/fuzz-target/in/keyexchange_rsp/key_exchange.raw differ diff --git a/fuzz-target/in/keyexchange_rsp/key_exchange_rsp.raw b/fuzz-target/in/keyexchange_rsp/key_exchange_rsp.raw new file mode 100644 index 0000000..7a05cd6 Binary files /dev/null and b/fuzz-target/in/keyexchange_rsp/key_exchange_rsp.raw differ diff --git a/fuzz-target/in/measurement_req/default.raw b/fuzz-target/in/measurement_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/measurement_req/default.raw differ diff --git a/fuzz-target/in/measurement_req/measurement_req.raw b/fuzz-target/in/measurement_req/measurement_req.raw new file mode 100644 index 0000000..c302f31 Binary files /dev/null and b/fuzz-target/in/measurement_req/measurement_req.raw differ diff --git a/fuzz-target/in/measurement_req/measurement_req_session.raw b/fuzz-target/in/measurement_req/measurement_req_session.raw new file mode 100644 index 0000000..3895e1f Binary files /dev/null and b/fuzz-target/in/measurement_req/measurement_req_session.raw differ diff --git a/fuzz-target/in/measurement_rsp/default.raw b/fuzz-target/in/measurement_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/measurement_rsp/default.raw differ diff --git a/fuzz-target/in/measurement_rsp/measurement_rsp.raw b/fuzz-target/in/measurement_rsp/measurement_rsp.raw new file mode 100644 index 0000000..31ae30b Binary files /dev/null and b/fuzz-target/in/measurement_rsp/measurement_rsp.raw differ diff --git a/fuzz-target/in/psk_exchange_req/default.raw b/fuzz-target/in/psk_exchange_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/psk_exchange_req/default.raw differ diff --git a/fuzz-target/in/psk_exchange_req/psk_exchange_req.raw b/fuzz-target/in/psk_exchange_req/psk_exchange_req.raw new file mode 100644 index 0000000..e58f110 Binary files /dev/null and b/fuzz-target/in/psk_exchange_req/psk_exchange_req.raw differ diff --git a/fuzz-target/in/psk_finish_req/default.raw b/fuzz-target/in/psk_finish_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/psk_finish_req/default.raw differ diff --git a/fuzz-target/in/psk_finish_req/psk_finish_req_1.raw b/fuzz-target/in/psk_finish_req/psk_finish_req_1.raw new file mode 100644 index 0000000..e888ecb Binary files /dev/null and b/fuzz-target/in/psk_finish_req/psk_finish_req_1.raw differ diff --git a/fuzz-target/in/psk_finish_req/psk_finish_req_2.raw b/fuzz-target/in/psk_finish_req/psk_finish_req_2.raw new file mode 100644 index 0000000..03f7b1a Binary files /dev/null and b/fuzz-target/in/psk_finish_req/psk_finish_req_2.raw differ diff --git a/fuzz-target/in/psk_finish_rsp/default.raw b/fuzz-target/in/psk_finish_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/psk_finish_rsp/default.raw differ diff --git a/fuzz-target/in/psk_finish_rsp/psk_finish_rsp.raw b/fuzz-target/in/psk_finish_rsp/psk_finish_rsp.raw new file mode 100644 index 0000000..f614acf Binary files /dev/null and b/fuzz-target/in/psk_finish_rsp/psk_finish_rsp.raw differ diff --git a/fuzz-target/in/pskexchange_rsp/default.raw b/fuzz-target/in/pskexchange_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/pskexchange_rsp/default.raw differ diff --git a/fuzz-target/in/pskexchange_rsp/psk_exchange_rsp.raw b/fuzz-target/in/pskexchange_rsp/psk_exchange_rsp.raw new file mode 100644 index 0000000..feb500c Binary files /dev/null and b/fuzz-target/in/pskexchange_rsp/psk_exchange_rsp.raw differ diff --git a/fuzz-target/in/vendor_req/default.raw b/fuzz-target/in/vendor_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/vendor_req/default.raw differ diff --git a/fuzz-target/in/vendor_rsp/default.raw b/fuzz-target/in/vendor_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/vendor_rsp/default.raw differ diff --git a/fuzz-target/in/version_req/default.raw b/fuzz-target/in/version_req/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/version_req/default.raw differ diff --git a/fuzz-target/in/version_req/version_req.raw b/fuzz-target/in/version_req/version_req.raw new file mode 100644 index 0000000..1b66ebb Binary files /dev/null and b/fuzz-target/in/version_req/version_req.raw differ diff --git a/fuzz-target/in/version_rsp/default.raw b/fuzz-target/in/version_rsp/default.raw new file mode 100644 index 0000000..7a97102 Binary files /dev/null and b/fuzz-target/in/version_rsp/default.raw differ diff --git a/fuzz-target/in/version_rsp/version_rsp.raw b/fuzz-target/in/version_rsp/version_rsp.raw new file mode 100644 index 0000000..276423a Binary files /dev/null and b/fuzz-target/in/version_rsp/version_rsp.raw differ diff --git a/fuzz-target/pass_context/Cargo.toml b/fuzz-target/pass_context/Cargo.toml new file mode 100644 index 0000000..6ab68a1 --- /dev/null +++ b/fuzz-target/pass_context/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "pass_context" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../executor" } +fuzzlib = { path = "../fuzzlib" } +log = "0.4.13" +simple_logger = "4.2.0" diff --git a/fuzz-target/pass_context/src/main.rs b/fuzz-target/pass_context/src/main.rs new file mode 100644 index 0000000..c6c070a --- /dev/null +++ b/fuzz-target/pass_context/src/main.rs @@ -0,0 +1,52 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod pass_responder; +use pass_responder::*; + +mod pass_requester; +use pass_requester::*; + +use log::LevelFilter; +use simple_logger::SimpleLogger; + +fn new_logger_from_env() -> SimpleLogger { + let level = match std::env::var("SPDM_LOG") { + Ok(x) => match x.to_lowercase().as_str() { + "trace" => LevelFilter::Trace, + "debug" => LevelFilter::Debug, + "info" => LevelFilter::Info, + "warn" => LevelFilter::Warn, + _ => LevelFilter::Error, + }, + _ => LevelFilter::Trace, + }; + + SimpleLogger::new().with_level(level) +} + +fn main() { + new_logger_from_env().init().unwrap(); + + println!("run version"); + executor::block_on(pass_rsp_handle_spdm_version()); + println!("run capability"); + executor::block_on(pass_rsp_handle_spdm_capability()); + println!("run algorithm"); + executor::block_on(pass_rsp_handle_spdm_algorithm()); + println!("run digests"); + executor::block_on(pass_rsp_handle_spdm_digest()); + println!("run certificate"); + executor::block_on(pass_rsp_handle_spdm_certificate()); + println!("run challenge"); + executor::block_on(pass_rsp_handle_spdm_challenge()); + println!("run measurement"); + executor::block_on(pass_rsp_handle_spdm_measurement()); + println!("run key exchange"); + executor::block_on(pass_rsp_handle_spdm_key_exchange()); + println!("run psk exchange"); + executor::block_on(pass_rsp_handle_spdm_psk_exchange()); + + executor::block_on(fuzz_total_requesters()); +} diff --git a/fuzz-target/pass_context/src/pass_requester.rs b/fuzz-target/pass_context/src/pass_requester.rs new file mode 100644 index 0000000..2977a4f --- /dev/null +++ b/fuzz-target/pass_context/src/pass_requester.rs @@ -0,0 +1,105 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::protocol::SpdmMeasurementSummaryHashType; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +pub async fn fuzz_total_requesters() { + let (rsp_config_info, rsp_provision_info) = rsp_create_info(); + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap2: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let device_io_requester = Arc::new(Mutex::new(fake_device_io::FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + ))); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let mut transcript_vca = None; + if requester + .init_connection(&mut transcript_vca) + .await + .is_err() + { + return; + } + + if requester.send_receive_spdm_digest(None).await.is_err() { + return; + } + + if requester + .send_receive_spdm_certificate(None, 0) + .await + .is_err() + { + return; + } + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + if let Ok(session_id) = result { + log::info!( + "\nSession established ... session_id is {:0x?}\n", + session_id + ); + log::info!("Key Information ...\n"); + + let session = requester.common.get_session_via_id(session_id).unwrap(); + let (request_direction, response_direction) = session.export_keys(); + log::info!( + "equest_direction.encryption_key {:0x?}\n", + request_direction.encryption_key.as_ref() + ); + log::info!( + "equest_direction.salt {:0x?}\n", + request_direction.salt.as_ref() + ); + log::info!( + "esponse_direction.encryption_key {:0x?}\n", + response_direction.encryption_key.as_ref() + ); + log::info!( + "esponse_direction.salt {:0x?}\n", + response_direction.salt.as_ref() + ); + } else { + log::info!("\nSession session_id not got ????? \n"); + } +} diff --git a/fuzz-target/pass_context/src/pass_responder.rs b/fuzz-target/pass_context/src/pass_responder.rs new file mode 100644 index 0000000..66f5e7a --- /dev/null +++ b/fuzz-target/pass_context/src/pass_responder.rs @@ -0,0 +1,465 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +pub async fn pass_rsp_handle_spdm_version() { + let (config_info, provision_info) = rsp_create_info(); + + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context + .handle_spdm_version(&[00, 00, 00, 00]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_capability() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + // context.handle_spdm_capability(&[0x10, 0x84, 00,00, 0x11, 0xE1, 00, 00, 00, 00, 00, 00, 00,00,00,0x0C]); + context + .handle_spdm_capability(&[17, 225, 0, 0, 0, 0, 0, 0, 198, 118, 0, 0]) + .await + .unwrap(); + let mut req_buf = [0u8; 512]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_algorithm() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_digest() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_certificate() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + context + .handle_spdm_certificate(&[17, 130, 0, 0, 0, 0, 0, 2], None) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_challenge() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + context + .handle_spdm_certificate(&[17, 130, 0, 0, 0, 0, 0, 2], None) + .await + .unwrap(); + context + .handle_spdm_challenge(&[ + 17, 131, 0, 0, 96, 98, 50, 80, 166, 189, 68, 2, 27, 142, 255, 200, 180, 230, 76, 45, + 12, 178, 253, 70, 242, 202, 83, 171, 115, 148, 32, 249, 52, 170, 141, 122, + ]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_measurement() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + context + .handle_spdm_certificate(&[17, 130, 0, 0, 0, 0, 0, 2], None) + .await + .unwrap(); + context + .handle_spdm_challenge(&[ + 17, 131, 0, 0, 96, 98, 50, 80, 166, 189, 68, 2, 27, 142, 255, 200, 180, 230, 76, 45, + 12, 178, 253, 70, 242, 202, 83, 171, 115, 148, 32, 249, 52, 170, 141, 122, + ]) + .await + .unwrap(); + context + .handle_spdm_measurement(None, &[17, 224, 0, 0]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_key_exchange() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + context + .handle_spdm_certificate(&[17, 130, 0, 0, 0, 0, 0, 2], None) + .await + .unwrap(); + context + .handle_spdm_challenge(&[ + 17, 131, 0, 0, 96, 98, 50, 80, 166, 189, 68, 2, 27, 142, 255, 200, 180, 230, 76, 45, + 12, 178, 253, 70, 242, 202, 83, 171, 115, 148, 32, 249, 52, 170, 141, 122, + ]) + .await + .unwrap(); + context + .handle_spdm_measurement(None, &[17, 224, 0, 0]) + .await + .unwrap(); + context + .handle_spdm_key_exchange(&[ + 17, 228, 0, 0, 254, 255, 0, 0, 227, 11, 91, 150, 99, 148, 85, 82, 35, 135, 88, 241, + 249, 244, 105, 233, 225, 89, 237, 166, 13, 142, 13, 115, 102, 29, 108, 90, 113, 211, + 174, 92, 16, 14, 136, 6, 200, 113, 5, 174, 212, 211, 70, 68, 204, 188, 78, 228, 190, + 118, 132, 77, 185, 118, 93, 140, 122, 16, 249, 41, 82, 143, 79, 77, 248, 113, 230, 73, + 72, 135, 132, 15, 32, 138, 130, 163, 95, 80, 59, 109, 65, 92, 6, 36, 29, 182, 124, 73, + 92, 173, 125, 81, 95, 136, 251, 177, 48, 95, 136, 77, 252, 72, 31, 208, 25, 145, 113, + 245, 11, 229, 125, 252, 154, 63, 97, 36, 64, 150, 86, 131, 90, 36, 64, 150, 86, 131, + 90, 36, 93, 181, 85, 154, 164, 34, 20, 0, 70, 84, 77, 68, 1, 1, 0, 0, 0, 0, 5, 0, 1, 1, + 1, 0, 17, 0, 0, 0, 0, 0, + ]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +pub async fn pass_rsp_handle_spdm_psk_exchange() { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap: Arc< + Mutex<(dyn fuzzlib::SpdmTransportEncap + Send + Sync + 'static)>, + > = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + context + .handle_spdm_algorithm(&[ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_digest(&[17, 129, 0, 0], None) + .await + .unwrap(); + context + .handle_spdm_certificate(&[17, 130, 0, 0, 0, 0, 0, 2], None) + .await + .unwrap(); + context + .handle_spdm_challenge(&[ + 17, 131, 0, 0, 96, 98, 50, 80, 166, 189, 68, 2, 27, 142, 255, 200, 180, 230, 76, 45, + 12, 178, 253, 70, 242, 202, 83, 171, 115, 148, 32, 249, 52, 170, 141, 122, + ]) + .await + .unwrap(); + context + .handle_spdm_measurement(None, &[17, 224, 0, 0]) + .await + .unwrap(); + context + .handle_spdm_key_exchange(&[ + 17, 228, 0, 0, 254, 255, 0, 0, 227, 11, 91, 150, 99, 148, 85, 82, 35, 135, 88, 241, + 249, 244, 105, 233, 225, 89, 237, 166, 13, 142, 13, 115, 102, 29, 108, 90, 113, 211, + 174, 92, 16, 14, 136, 6, 200, 113, 5, 174, 212, 211, 70, 68, 204, 188, 78, 228, 190, + 118, 132, 77, 185, 118, 93, 140, 122, 16, 249, 41, 82, 143, 79, 77, 248, 113, 230, 73, + 72, 135, 132, 15, 32, 138, 130, 163, 95, 80, 59, 109, 65, 92, 6, 36, 29, 182, 124, 73, + 92, 173, 125, 81, 95, 136, 251, 177, 48, 95, 136, 77, 252, 72, 31, 208, 25, 145, 113, + 245, 11, 229, 125, 252, 154, 63, 97, 36, 64, 150, 86, 131, 90, 36, 64, 150, 86, 131, + 90, 36, 93, 181, 85, 154, 164, 34, 20, 0, 70, 84, 77, 68, 1, 1, 0, 0, 0, 0, 5, 0, 1, 1, + 1, 0, 17, 0, 0, 0, 0, 0, + ]) + .await + .unwrap(); + context + .handle_spdm_psk_exchange(&[ + 17, 230, 0, 0, 253, 255, 0, 0, 48, 0, 20, 0, 61, 242, 81, 71, 115, 174, 43, 116, 19, + 203, 159, 205, 247, 38, 95, 20, 209, 170, 249, 97, 98, 89, 160, 168, 4, 8, 69, 184, 51, + 15, 78, 178, 208, 229, 109, 184, 239, 207, 44, 98, 13, 141, 223, 116, 114, 42, 39, 215, + 70, 84, 77, 68, 1, 10, 0, 0, 0, 5, 0, 1, 1, 1, 0, 17, 0, 0, 0, + ]) + .await + .unwrap(); + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} diff --git a/fuzz-target/random_requester/Cargo.toml b/fuzz-target/random_requester/Cargo.toml new file mode 100644 index 0000000..30959e7 --- /dev/null +++ b/fuzz-target/random_requester/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "random_requester" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +rand = "0.8.4" +fuzzlib = { path = "../fuzzlib" } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../executor" } \ No newline at end of file diff --git a/fuzz-target/random_requester/src/main.rs b/fuzz-target/random_requester/src/main.rs new file mode 100644 index 0000000..ea8c11a --- /dev/null +++ b/fuzz-target/random_requester/src/main.rs @@ -0,0 +1,199 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use async_recursion::async_recursion; +// import commonly used items from the prelude: +use fuzzlib::*; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn run_spdm(spdm: Vec) { + let (rsp_config_info, rsp_provision_info) = rsp_create_info(); + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let device_io_requester = Arc::new(Mutex::new(fake_device_io::FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + ))); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + println!("Run sequence {:?}", &spdm); + for i in spdm.iter() { + match i { + 1 => { + if requester.send_receive_spdm_version().await.is_err() { + println!("{:?} error in send_receive_spdm_version", &spdm); + return; + } + } + 2 => { + if requester.send_receive_spdm_capability().await.is_err() { + println!("{:?} error in send_receive_spdm_capability", &spdm); + return; + } + } + 3 => { + if requester.send_receive_spdm_algorithm().await.is_err() { + println!("{:?} error in send_receive_spdm_algorithm", &spdm); + return; + } + } + 4 => { + if requester.send_receive_spdm_digest(None).await.is_err() { + println!("{:?} 4, error in send_receive_spdm_digest", &spdm); + return; + } + } + 5 => { + if requester + .send_receive_spdm_certificate(None, 0) + .await + .is_err() + { + println!("{:?} 5, error in send_receive_spdm_certificate", &spdm); + return; + } + } + 6 => { + if requester + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .is_err() + { + println!("{:?} 6, error in send_receive_spdm_challenge", &spdm); + return; + } + } + 7 => { + let mut total_number = 0; + let mut spdm_measurement_record_structure = + SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + if requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementRequestAll, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_err() + { + println!("{:?} 7, error in send_receive_spdm_measurement", &spdm); + return; + } + } + 8 => { + if requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .is_err() + { + println!("{:?} 8, error in send_receive_spdm_key_exchange", &spdm); + return; + }; + } + 9 => { + if requester + .send_receive_spdm_psk_exchange( + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + None, + ) + .await + .is_err() + { + println!("{:?} 9, error in send_receive_spdm_psk_exchange", &spdm); + return; + }; + } + _ => {} + } + } +} + +#[async_recursion] +async fn permutation( + from: Arc<&[i32]>, + count: usize, + bool_array: Arc>, + last_vec: Vec, +) { + if last_vec.len() == count { + run_spdm(last_vec).await; + return; + } + + for (i, &n) in from.iter().enumerate() { + let last_vec = { + let mut bool_array = bool_array.lock(); + let bool_array = bool_array.deref_mut(); + + if bool_array[i] { + continue; + } + + let mut last_vec = last_vec.clone(); + last_vec.push(n); + bool_array[i] = true; + last_vec + }; + + permutation(from.clone(), count, bool_array.clone(), last_vec).await; + + { + let mut bool_array = bool_array.lock(); + let bool_array = bool_array.deref_mut(); + bool_array[i] = false; + } + } +} + +fn main() { + let nums: &[i32] = &[1, 2, 3, 4, 5, 6, 7, 8, 9]; + executor::block_on(permutation( + Arc::new(nums), + nums.len(), + Arc::new(Mutex::new(&mut vec![false; nums.len()])), + Vec::new(), + )); +} diff --git a/fuzz-target/requester/algorithm_req/Cargo.toml b/fuzz-target/requester/algorithm_req/Cargo.toml new file mode 100644 index 0000000..ba24289 --- /dev/null +++ b/fuzz-target/requester/algorithm_req/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "algorithm_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +spdmlib-test = { path = "../../../test/spdmlib-test" } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/algorithm_req/src/main.rs b/fuzz-target/requester/algorithm_req/src/main.rs new file mode 100644 index 0000000..0b84121 --- /dev/null +++ b/fuzz-target/requester/algorithm_req/src/main.rs @@ -0,0 +1,76 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{spdmlib::protocol::SpdmVersion, *}; +use spdmlib::common::SpdmConnectionState; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_algorithm(fuzzdata: Arc>) { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let _ = requester.send_receive_spdm_algorithm().await.is_err(); +} + +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x1, 0x0, 0xf, 0x0, 0x0, 0x0, 0x11, 0x63, 0x4, 0x0, 0x34, 0x0, 0x1, 0x0, + 0x4, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x10, 0x0, + 0x3, 0x20, 0x2, 0x0, 0x4, 0x20, 0x2, 0x0, 0x5, 0x20, 0x1, 0x0, + ]; + executor::block_on(fuzz_send_receive_spdm_algorithm(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_algorithm(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_algorithm(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/capability_req/Cargo.toml b/fuzz-target/requester/capability_req/Cargo.toml new file mode 100644 index 0000000..ba32626 --- /dev/null +++ b/fuzz-target/requester/capability_req/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "capability_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/capability_req/src/main.rs b/fuzz-target/requester/capability_req/src/main.rs new file mode 100644 index 0000000..32c08a6 --- /dev/null +++ b/fuzz-target/requester/capability_req/src/main.rs @@ -0,0 +1,70 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{spdmlib::protocol::SpdmVersion, *}; +use spdmlib::common::SpdmConnectionState; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_capability(fuzzdata: Arc>) { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let _ = requester.send_receive_spdm_capability().await; +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 224, 0, 0]; + executor::block_on(fuzz_send_receive_spdm_capability(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_capability(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_capability(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/certificate_req/Cargo.toml b/fuzz-target/requester/certificate_req/Cargo.toml new file mode 100644 index 0000000..e2afa29 --- /dev/null +++ b/fuzz-target/requester/certificate_req/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "certificate_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +log = "0.4.13" +simple_logger = "4.2.0" +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/certificate_req/src/main.rs b/fuzz-target/requester/certificate_req/src/main.rs new file mode 100644 index 0000000..49e0cb6 --- /dev/null +++ b/fuzz-target/requester/certificate_req/src/main.rs @@ -0,0 +1,183 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_certificate(fuzzdata: Arc>) { + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + spdmlib::crypto::cert_operation::register(FAKE_CERT_OPERATION.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle certificate response' + // - description: '

Request certificate and receive partial certificate.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + + let _ = requester + .send_receive_spdm_certificate(None, 0) + .await + .is_err(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle certificate response' + // - description: '

Requester receives certificate and pass the verification of provisioned root cert.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + // to pass the verification of provisioned root cert with fake cert_operation + let mut fake_root = SpdmCertChainData::default(); + // range [68..101] of seed `certificate_req.raw` is fake root cert + fake_root.data_size = 33; + let start_index = 68; + let end_index = start_index + fake_root.data_size as usize; + if fuzzdata.len() >= end_index { + fake_root.data[0..fake_root.data_size as usize] + .copy_from_slice(&fuzzdata[start_index..end_index]); + } + + let mut peer_root_cert_data_list = + gen_array_clone(None, spdmlib::config::MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(fake_root); + + requester.common.provision_info.peer_root_cert_data = peer_root_cert_data_list; + let _ = requester + .send_receive_spdm_certificate(None, 0) + .await + .is_err(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle certificate response' + // - description: '

Request certificate and receive partial certificate in session.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let _ = requester + .send_receive_spdm_certificate(Some(4294836221), 0) + .await + .is_err(); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 1, 0, 1, 0, 48, 0, 0, 0, 17, 2, 255, 1, 127, 0, 0, 0, 0, 17, 3, 0, 1, 40, 175, 112, + 39, 188, 132, 74, 57, 59, 221, 138, 200, 158, 146, 216, 163, 112, 23, 18, 131, 155, + 102, 225, 58, 58, 49, 11, 42, 205, 113, 132, 74, 251, 185, 250, 222, 111, 123, 34, + 132, 180, 134, 168, 183, 103, 238, 4, 45, 255, 255, 255, 127, 198, 199, 61, 112, + 123, 231, 0, 206, 47, 251, 131, 40, 175, 112, 39, 188, 132, 74, 190, 105, 0, 64, + 36, 157, 254, 244, 68, 221, 19, 51, 22, 40, 110, 235, 82, 62, 86, 193, 20, 43, 245, + 230, 18, 193, 240, 192, 137, 158, 145, 137, 119, 25, 53, 131, 79, 219, 238, 133, + 74, 194, 76, 145, 125, 17, 153, 210, 123, 49, 221, 151, 25, 130, 110, 134, 159, + 182, 154, 251, 94, + ]; + executor::block_on(fuzz_send_receive_spdm_certificate(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_certificate(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_certificate(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/challenge_req/Cargo.toml b/fuzz-target/requester/challenge_req/Cargo.toml new file mode 100644 index 0000000..56eb220 --- /dev/null +++ b/fuzz-target/requester/challenge_req/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "challenge_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +rand = "0.8.4" +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/challenge_req/src/main.rs b/fuzz-target/requester/challenge_req/src/main.rs new file mode 100644 index 0000000..49d77b8 --- /dev/null +++ b/fuzz-target/requester/challenge_req/src/main.rs @@ -0,0 +1,104 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_challenge(fuzzdata: Arc>) { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::crypto::rand::register(FAKE_RAND.clone()); + + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.reset_runtime_info(); + + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + let _ = requester + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .is_err(); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x1, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x3, 0x0, 0x1, 0x28, 0xaf, 0x70, + 0x27, 0xbc, 0x2d, 0x95, 0xb5, 0xa0, 0xe4, 0x26, 0x4, 0xc5, 0x8c, 0x5c, 0x3c, 0xbf, + 0xa2, 0xc8, 0x24, 0xa6, 0x30, 0xca, 0x2f, 0xf, 0x4a, 0x79, 0x35, 0x57, 0xfb, 0x39, + 0x3b, 0xdd, 0x8a, 0xc8, 0x8a, 0x92, 0xd8, 0xa3, 0x70, 0x17, 0x12, 0x83, 0x9b, 0x66, + 0xe1, 0x3a, 0x3a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x3, 0x76, 0xd, 0x57, 0x9b, + 0xaf, 0xe9, 0x6f, 0xc2, 0x5c, 0x2f, 0x3a, 0xfb, 0x81, 0xb, 0x4f, 0xa4, 0x5a, 0x65, + 0x4a, 0xc8, 0x64, 0x38, 0x91, 0xb1, 0x89, 0x8d, 0x42, 0xe9, 0xff, 0x55, 0xb, 0xfd, + 0xb1, 0xe1, 0x3c, 0x19, 0x1f, 0x1e, 0x8, 0xa2, 0x78, 0xd, 0xf3, 0x6, 0x6a, 0xfa, + 0xe, 0xee, 0xde, 0x27, 0x9, 0xb3, 0x20, 0xa1, 0xf5, 0x8d, 0x6e, 0xfc, 0x8a, 0x30, + 0x91, 0x5, 0x80, 0xae, 0x89, 0xb4, 0xee, 0x38, 0xcc, 0x92, 0x8e, 0x5e, 0x5b, 0x25, + 0x10, 0xdb, 0xd8, 0x32, 0x11, 0xd7, 0xf8, 0x23, 0x76, 0x49, 0x3d, 0x96, 0x7e, 0xb3, + 0x22, 0x4c, 0x5d, 0x50, 0x79, 0x71, 0x98, 0x0, 0x0, + ]; + executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/digest_req/Cargo.toml b/fuzz-target/requester/digest_req/Cargo.toml new file mode 100644 index 0000000..14c1a6d --- /dev/null +++ b/fuzz-target/requester/digest_req/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "digest_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/digest_req/src/main.rs b/fuzz-target/requester/digest_req/src/main.rs new file mode 100644 index 0000000..39cb8d6 --- /dev/null +++ b/fuzz-target/requester/digest_req/src/main.rs @@ -0,0 +1,83 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_digest(fuzzdata: Arc>) { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + let _ = requester.send_receive_spdm_digest(None).await.is_err(); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 1, 0, 1, 0, 48, 0, 0, 0, 17, 2, 255, 1, 127, 0, 0, 0, 0, 17, 3, 0, 1, 40, 175, 112, + 39, 188, 132, 74, 57, 59, 221, 138, 200, 158, 146, 216, 163, 112, 23, 18, 131, 155, + 102, 225, 58, 58, 49, 11, 42, 205, 113, 132, 74, 251, 185, 250, 222, 111, 123, 34, + 132, 180, 134, 168, 183, 103, 238, 4, 45, 255, 255, 255, 127, 198, 199, 61, 112, + 123, 231, 0, 206, 47, 251, 131, 40, 175, 112, 39, 188, 132, 74, 190, 105, 0, 64, + 36, 157, 254, 244, 68, 221, 19, 51, 22, 40, 110, 235, 82, 62, 86, 193, 20, 43, 245, + 230, 18, 193, 240, 192, 137, 158, 145, 137, 119, 25, 53, 131, 79, 219, 238, 133, + 74, 194, 76, 145, 125, 17, 153, 210, 123, 49, 221, 151, 25, 130, 110, 134, 159, + 182, 154, 251, 94, + ]; + executor::block_on(fuzz_send_receive_spdm_digest(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_digest(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_digest(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/encapsulated_request_certificate_req/Cargo.toml b/fuzz-target/requester/encapsulated_request_certificate_req/Cargo.toml new file mode 100644 index 0000000..fd234d7 --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_certificate_req/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "encapsulated_request_certificate_req" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +codec = {path= "../../../codec"} +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] diff --git a/fuzz-target/requester/encapsulated_request_certificate_req/src/main.rs b/fuzz-target/requester/encapsulated_request_certificate_req/src/main.rs new file mode 100644 index 0000000..351d352 --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_certificate_req/src/main.rs @@ -0,0 +1,222 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Writer; +use fuzzlib::spdmlib::message::SpdmKeyExchangeMutAuthAttributes; +use fuzzlib::*; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_encap_handle_get_certificate(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap get certificate' + // - description: '

Requester process encapsulated GET_CERTIFICATE request and write send buffer.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut requester = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + requester.encap_handle_get_certificate(&fuzzdata, &mut writer) + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap get certificate' + // - description: '

Requester process encapsulated GET_CERTIFICATE request failed due to no CERT_CAP.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut requester = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + requester.encap_handle_get_certificate(&fuzzdata, &mut writer) + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap get certificate' + // - description: '

Requester process encapsulated GET_CERTIFICATE request failed due to none certificate.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut requester = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.provision_info.my_cert_chain = + [None, None, None, None, None, None, None, None]; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + requester.encap_handle_get_certificate(&fuzzdata, &mut writer) + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![1, 0, 1, 0, 48, 0, 0, 0, 17, 2, 255, 1, 127, 0, 0, 0]; + executor::block_on(fuzz_encap_handle_get_certificate(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_encap_handle_get_certificate(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_encap_handle_get_certificate(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/encapsulated_request_digest_req/Cargo.toml b/fuzz-target/requester/encapsulated_request_digest_req/Cargo.toml new file mode 100644 index 0000000..3b3a76d --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_digest_req/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "encapsulated_request_digest_req" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +codec = {path= "../../../codec"} +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] diff --git a/fuzz-target/requester/encapsulated_request_digest_req/src/main.rs b/fuzz-target/requester/encapsulated_request_digest_req/src/main.rs new file mode 100644 index 0000000..c344741 --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_digest_req/src/main.rs @@ -0,0 +1,172 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Writer; +use fuzzlib::spdmlib::message::SpdmKeyExchangeMutAuthAttributes; +use fuzzlib::*; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_encap_handle_get_digest(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap get digest' + // - description: '

Requester process encapsulated GET_DIGEST request and write send buffer.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut requester = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + requester.encap_handle_get_digest(&fuzzdata, &mut writer) + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap get digest' + // - description: '

Requester process encapsulated GET_DIGEST request failed due to no CERT_CAP.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut requester = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + requester.encap_handle_get_digest(&fuzzdata, &mut writer) + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![1, 0, 1, 0, 48, 0, 0, 0, 17, 2, 255, 1, 127, 0, 0, 0]; + executor::block_on(fuzz_encap_handle_get_digest(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_encap_handle_get_digest(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_encap_handle_get_digest(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/encapsulated_request_req/Cargo.toml b/fuzz-target/requester/encapsulated_request_req/Cargo.toml new file mode 100644 index 0000000..4c03ba1 --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_req/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "encapsulated_request_req" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] diff --git a/fuzz-target/requester/encapsulated_request_req/src/main.rs b/fuzz-target/requester/encapsulated_request_req/src/main.rs new file mode 100644 index 0000000..41b5bbf --- /dev/null +++ b/fuzz-target/requester/encapsulated_request_req/src/main.rs @@ -0,0 +1,255 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::spdmlib::message::SpdmKeyExchangeMutAuthAttributes; +use fuzzlib::*; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_session_based_mutual_authenticate(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle start session based mutual authenticate' + // - description: '

Requester start mutual authenticate without using the encapsulated request flow.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0] + .set_mut_auth_requested(SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ); + + let _ = requester + .session_based_mutual_authenticate(4294836221) + .await + .is_ok(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle start session based mutual authenticate' + // - description: '

Requester start mutual authenticate with the encapsulated request flow (not optimized).

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_ENCAP_REQUEST, + ); + + let _ = requester + .session_based_mutual_authenticate(4294836221) + .await + .is_ok(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle start session based mutual authenticate' + // - description: '

Requester start mutual authenticate with the optimized encapsulated request flow.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let _ = requester + .session_based_mutual_authenticate(4294836221) + .await + .is_ok(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle start session based mutual authenticate' + // - description: '

Requester start mutual authenticate failed due to no mut_auth_requested.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.negotiate_info.req_capabilities_sel = + requester.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let _ = requester + .session_based_mutual_authenticate(4294836221) + .await + .is_ok(); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = + include_bytes!("../../../in/encapsulated_request_req/encap_resp_ack.raw"); + executor::block_on(fuzz_session_based_mutual_authenticate(Arc::new( + fuzzdata.to_vec(), + ))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_session_based_mutual_authenticate(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_session_based_mutual_authenticate(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/requester/end_session_req/Cargo.toml b/fuzz-target/requester/end_session_req/Cargo.toml new file mode 100644 index 0000000..8a46bd5 --- /dev/null +++ b/fuzz-target/requester/end_session_req/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "end_session_req" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/end_session_req/src/main.rs b/fuzz-target/requester/end_session_req/src/main.rs new file mode 100644 index 0000000..4e03c78 --- /dev/null +++ b/fuzz-target/requester/end_session_req/src/main.rs @@ -0,0 +1,87 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_end_session(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let _ = requester.send_receive_spdm_end_session(4294836221).await; +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x51, 0x4d, 0x60, 0xb5, 0x2e, 0x73, 0xb7, 0xfc, 0xd, 0xba, 0x50, 0x24, + 0xf1, 0xa8, 0xee, 0x87, 0x5d, 0x37, + ]; + executor::block_on(fuzz_send_receive_spdm_end_session(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_end_session(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_end_session(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/finish_req/Cargo.toml b/fuzz-target/requester/finish_req/Cargo.toml new file mode 100644 index 0000000..43b9f0f --- /dev/null +++ b/fuzz-target/requester/finish_req/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "finish_req" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/finish_req/src/main.rs b/fuzz-target/requester/finish_req/src/main.rs new file mode 100644 index 0000000..bdc826d --- /dev/null +++ b/fuzz-target/requester/finish_req/src/main.rs @@ -0,0 +1,270 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::{ + common::session::{SpdmSession, SpdmSessionState}, + message::SpdmKeyExchangeMutAuthAttributes, + }, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_finish(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + spdmlib::crypto::hmac::register(FAKE_HMAC.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish response' + // - description: '

Request finish to complete the handshake, and the handshake is performed in the clear.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + requester.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + + requester.common.reset_runtime_info(); + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + requester.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + requester.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + + let _ = requester.send_receive_spdm_finish(None, 4294836221).await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish response' + // - description: '

Request finish to complete the handshake, and the handshake messages are secured.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + requester.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + + requester.common.reset_runtime_info(); + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + requester.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + requester.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + + let _ = requester.send_receive_spdm_finish(None, 4294836221).await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish response' + // - description: '

Request finish to complete the handshake with mut auth requested.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + requester.common.reset_runtime_info(); + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + requester.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + requester.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + + let _ = requester + .send_receive_spdm_finish(Some(0), 4294836221) + .await; + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x58, 0x4d, 0x60, 0xe6, 0xc5, 0x74, 0x1c, 0xb3, 0xae, 0xaf, 0x62, 0x4b, + 0x2e, 0x49, 0x54, 0x7a, 0x75, 0x86, 0x37, + ]; + executor::block_on(fuzz_send_receive_spdm_finish(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_finish(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_finish(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/heartbeat_req/Cargo.toml b/fuzz-target/requester/heartbeat_req/Cargo.toml new file mode 100644 index 0000000..d78f6ed --- /dev/null +++ b/fuzz-target/requester/heartbeat_req/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "heartbeat_req" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/heartbeat_req/src/main.rs b/fuzz-target/requester/heartbeat_req/src/main.rs new file mode 100644 index 0000000..7e45ce6 --- /dev/null +++ b/fuzz-target/requester/heartbeat_req/src/main.rs @@ -0,0 +1,105 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::protocol::*; + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_heartbeat(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let _ = requester.send_receive_spdm_heartbeat(4294836221).await; +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x55, 0x4d, 0x60, 0xe6, 0x39, 0x1d, 0xa0, 0xb2, 0x1e, 0x4e, 0x4a, 0x5c, + 0x0, 0x61, 0xf, 0xd3, 0x4b, 0xbe, 0xc, + ]; + + new_logger_from_env().init().unwrap(); + executor::block_on(fuzz_send_receive_spdm_heartbeat(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_heartbeat(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + { + afl::fuzz!(|data: &[u8]| { + let fuzzdata = [ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x55, 0x4d, 0x60, 0xe6, 0x39, 0x1d, 0xa0, 0xb2, 0x1e, 0x4e, 0x4a, 0x5c, + 0x0, 0x61, 0xf, 0xd3, 0x4b, 0xbe, 0xc, + ]; + let mut buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + buffer[..fuzzdata.len()].copy_from_slice(&fuzzdata); + let left = buffer.len() - fuzzdata.len(); + let data_len = data.len(); + match data_len > left { + true => buffer[fuzzdata.len()..].copy_from_slice(&data[..left]), + false => buffer[fuzzdata.len()..data_len + fuzzdata.len()].copy_from_slice(data), + } + executor::block_on(fuzz_send_receive_spdm_heartbeat(Arc::new(data.to_vec()))); + }); + } +} diff --git a/fuzz-target/requester/key_exchange_req/Cargo.toml b/fuzz-target/requester/key_exchange_req/Cargo.toml new file mode 100644 index 0000000..3d40fc9 --- /dev/null +++ b/fuzz-target/requester/key_exchange_req/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "key_exchange_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/key_exchange_req/src/main.rs b/fuzz-target/requester/key_exchange_req/src/main.rs new file mode 100644 index 0000000..fb40bd6 --- /dev/null +++ b/fuzz-target/requester/key_exchange_req/src/main.rs @@ -0,0 +1,281 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{common::SpdmOpaqueSupport, *}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::crypto::asym_verify::register(FAKE_ASYM_VERIFY.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange response' + // - description: '

Request key exchange, fail to verify HMAC and teardown the session.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.reset_runtime_info(); + + let _ = requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + } + + spdmlib::crypto::hmac::register(FAKE_HMAC.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange response' + // - description: '

Request key exchange and success.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.reset_runtime_info(); + + let _ = requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange response' + // - description: '

Request key exchange with spdm version less than 1.2.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.reset_runtime_info(); + + let _ = requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + } + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange response' + // - description: '

Request key exchange with HANDSHAKE_IN_THE_CLEAR_CAP.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + requester.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + requester.common.reset_runtime_info(); + + let _ = requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange response' + // - description: '

Request key exchange and requester responder all have MUT_AUTH_CAP.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + requester.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + requester.common.reset_runtime_info(); + + let _ = requester + .send_receive_spdm_key_exchange( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x1, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x11, 0x64, 0x0, 0x0, 0xfe, 0xff, 0x0, + 0x0, 0x61, 0x10, 0xf0, 0x2c, 0x73, 0x72, 0xb8, 0x4e, 0x45, 0x2d, 0x68, 0x5c, 0xe1, + 0x23, 0xd2, 0x10, 0x4b, 0x74, 0x13, 0x7d, 0xd7, 0xfa, 0xa2, 0x95, 0xab, 0x14, 0x45, + 0x26, 0x6, 0xbf, 0xdb, 0x2a, 0xac, 0x52, 0xc3, 0x2f, 0x5d, 0x9, 0x81, 0x19, 0xfb, + 0x2, 0xf9, 0x7b, 0xfc, 0xa6, 0xfb, 0x72, 0xc6, 0x1b, 0xc5, 0xc4, 0xcb, 0x59, 0x81, + 0xd4, 0x35, 0xb3, 0xd2, 0x7d, 0x87, 0xb, 0x3d, 0x72, 0x43, 0x68, 0x3d, 0xc0, 0x49, + 0xbd, 0x41, 0xd3, 0xa8, 0xbd, 0xad, 0xf, 0x46, 0x1d, 0xb8, 0x50, 0x83, 0xe2, 0xb6, + 0xe8, 0x43, 0x4b, 0x8c, 0x98, 0x22, 0xb, 0x82, 0x40, 0xf8, 0xb9, 0x44, 0xda, 0x91, + 0x7c, 0xf3, 0xa4, 0x3e, 0x6f, 0xa7, 0x92, 0xd9, 0x2f, 0x5d, 0x3c, 0x35, 0xa3, 0xd, + 0x7e, 0xbf, 0x8f, 0x43, 0x1, 0xf8, 0xe, 0x65, 0x9d, 0x20, 0xc2, 0xf5, 0xfb, 0x4c, + 0x83, 0xa5, 0x78, 0x10, 0x0, 0x46, 0x54, 0x4d, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, + 0x4, 0x0, 0x1, 0x0, 0x0, 0x11, 0xce, 0x78, 0xc5, 0xb6, 0xa9, 0xcb, 0x5b, 0xe5, + 0x57, 0xe6, 0xb6, 0x71, 0xf5, 0xeb, 0xa, 0x6, 0x18, 0x43, 0x97, 0x87, 0x92, 0x11, + 0x9c, 0x41, 0x1b, 0xb, 0xf6, 0xfd, 0x3c, 0x74, 0xad, 0x34, 0xaf, 0xf5, 0x8a, 0x31, + 0x2, 0x20, 0x58, 0x57, 0x17, 0x33, 0x13, 0x6b, 0x5, 0x5, 0x67, 0x7f, 0xee, 0x2a, + 0xd0, 0x4a, 0x47, 0xe3, 0xd9, 0x20, 0x58, 0xcd, 0x6e, 0x6a, 0xe6, 0x24, 0x51, 0x77, + 0x22, 0xab, 0x7, 0x2c, 0x9b, 0x4a, 0xe5, 0x2c, 0x55, 0x7f, 0x8c, 0x5b, 0x4a, 0x54, + 0x65, 0xd8, 0xd, 0xb, 0xcd, 0xec, 0x9b, 0xa5, 0xac, 0xee, 0x31, 0x77, 0x57, 0xa3, + 0x8a, 0x79, 0x34, 0xd, 0xd1, 0xbe, 0xf, 0x15, 0x81, 0x2a, 0xe4, 0x7a, 0xd, 0xdc, + 0xf9, 0x62, 0x52, 0xf3, 0x1a, 0x9f, 0x30, 0x29, 0xb4, 0x8e, 0x12, 0x68, 0x10, 0xd1, + 0xd1, 0x40, 0x8f, 0x9c, 0x98, 0xc5, 0xd2, 0x9f, 0x3e, 0x6f, 0x9b, 0xf8, 0x10, 0x21, + 0xfd, 0x34, 0x29, 0x15, 0x76, 0x72, 0x9c, 0xf7, 0x5f, 0x96, 0x0, 0x0, + ]; + executor::block_on(fuzz_send_receive_spdm_key_exchange(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_key_exchange(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_key_exchange(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/key_update_req/Cargo.toml b/fuzz-target/requester/key_update_req/Cargo.toml new file mode 100644 index 0000000..8027fe1 --- /dev/null +++ b/fuzz-target/requester/key_update_req/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "key_update_req" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlog = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/key_update_req/src/main.rs b/fuzz-target/requester/key_update_req/src/main.rs new file mode 100644 index 0000000..4e9bf36 --- /dev/null +++ b/fuzz-target/requester/key_update_req/src/main.rs @@ -0,0 +1,109 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::spdmlib::message::*; +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_key_update(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + + async fn f(fuzzdata: &[u8], key_update_op: SpdmKeyUpdateOperation) { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + requester.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + let digest = [0xFF; SPDM_MAX_HASH_SIZE]; + let digest_struct = SpdmDigestStruct::from(digest.as_ref()); + let _ = requester.common.session[0] + .generate_data_secret(SpdmVersion::SpdmVersion12, &digest_struct); + + let _ = requester + .send_receive_spdm_key_update(4294836221, key_update_op) + .await; + } + + f(&data, SpdmKeyUpdateOperation::SpdmUpdateAllKeys).await; + f(&data, SpdmKeyUpdateOperation::SpdmUpdateSingleKey).await; +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x54, 0x4f, 0x61, 0x62, 0xc2, 0x9a, 0x57, 0xb1, 0xb8, 0x69, 0x32, 0x32, + 0x6, 0xf5, 0xaf, 0x4, 0x9c, 0x42, 0x3c, + ]; + + executor::block_on(fuzz_send_receive_spdm_key_update(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_key_update(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_key_update(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/measurement_req/Cargo.toml b/fuzz-target/requester/measurement_req/Cargo.toml new file mode 100644 index 0000000..374f4bb --- /dev/null +++ b/fuzz-target/requester/measurement_req/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "measurement_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/measurement_req/src/main.rs b/fuzz-target/requester/measurement_req/src/main.rs new file mode 100644 index 0000000..3676bfc --- /dev/null +++ b/fuzz-target/requester/measurement_req/src/main.rs @@ -0,0 +1,391 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + spdmlib::message::SpdmMeasurementOperation, + *, +}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::message::*; +use spdmlib::protocol::*; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::borrow::BorrowMut; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { + spdmlib::crypto::asym_verify::register(FAKE_ASYM_VERIFY.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement response' + // - description: '

Request with SIGNATURE_REQUESTED attribute and SpdmMeasurementRequestAll operation.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap: Arc> = + Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester: Arc> = + Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + requester.common.reset_runtime_info(); + + let mut total_number = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let _ = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementRequestAll, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement response' + // - description: '

No peer cert chain set, but request with SIGNATURE_REQUESTED.

When requester receive measurements, it will verify signature and return error.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.reset_runtime_info(); + + let mut total_number = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let _ = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement response' + // - description: '

Request raw bit stream measurement and signature verification is not required.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.reset_runtime_info(); + + let mut total_number = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let _ = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement response' + // - description: '

Request with empty attribute and unknown operation value.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.reset_runtime_info(); + + let mut total_number = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let _ = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::empty(), + SpdmMeasurementOperation::Unknown(4), + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement response' + // - description: '

Request measurement in a session.

' + // - + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + { + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + requester.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + requester.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + requester.common.reset_runtime_info(); + let mut total_number = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let _ = requester + .send_receive_spdm_measurement( + Some(4294836221), + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementRequestAll, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 01, 00, 01, 00, 0x0c, 00, 00, 00, 11, 0xe0, 01, 04, 0x0a, 0xfc, 04, 0xa0, 63, 0x5c, + 0x2e, 0x6c, 0x4b, 0x62, 0xd6, 0xc0, 0x1c, 0xf5, 0xc5, 0xa1, 0xb0, 0x9f, 0xff, 0x5a, + 0x1a, 68, 0xab, 78, 0xb1, 0xea, 25, 0xa8, 94, 0x6b, 0xac, 0xf4, 00, 00, 00, 00, + ]; + executor::block_on(fuzz_send_receive_spdm_measurement(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_measurement(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_measurement(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/psk_exchange_req/Cargo.toml b/fuzz-target/requester/psk_exchange_req/Cargo.toml new file mode 100644 index 0000000..8d0e26f --- /dev/null +++ b/fuzz-target/requester/psk_exchange_req/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "psk_exchange_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/requester/psk_exchange_req/src/main.rs b/fuzz-target/requester/psk_exchange_req/src/main.rs new file mode 100644 index 0000000..a143107 --- /dev/null +++ b/fuzz-target/requester/psk_exchange_req/src/main.rs @@ -0,0 +1,211 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{common::SpdmOpaqueSupport, *}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange response' + // - description: '

Request PSK exchange and fail to verify hmac.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT; + + let _ = requester + .send_receive_spdm_psk_exchange( + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + None, + ) + .await; + } + + spdmlib::crypto::hmac::register(FAKE_HMAC.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange response' + // - description: '

Request PSK exchange successfully and get session id.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT; + + let _ = requester + .send_receive_spdm_psk_exchange( + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + None, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange response' + // - description: '

Request PSK exchange success with PSK_CAP_WITHOUT_CONTEXT cap.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT; + + let _ = requester + .send_receive_spdm_psk_exchange( + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + None, + ) + .await; + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange response' + // - description: '

Request PSK exchange with version less than 1.2.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.rsp_capabilities_sel = + requester.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT; + + let _ = requester + .send_receive_spdm_psk_exchange( + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + None, + ) + .await; + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x1, 0x0, 0x21, 0x0, 0x0, 0x0, 0x11, 0x66, 0x0, 0x0, 0xfd, 0xff, 0x0, + 0x0, 0x30, 0x0, 0x10, 0x0, 0xfc, 0xed, 0xa7, 0xd8, 0x7f, 0x87, 0xc1, 0x93, 0x3d, + 0x5c, 0x9c, 0x60, 0x65, 0xa0, 0xc5, 0xf7, 0xb7, 0x88, 0x98, 0x7c, 0x24, 0x83, 0xf, + 0xe5, 0x5e, 0xc7, 0x8, 0x73, 0xb7, 0xbe, 0x79, 0xd4, 0x30, 0x8e, 0x70, 0x19, 0x8c, + 0xa3, 0xa4, 0x6a, 0x52, 0xd5, 0x8e, 0xb8, 0x4, 0x88, 0x38, 0x66, 0x46, 0x54, 0x4d, + 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x11, 0x99, 0x97, 0x7, + 0xc5, 0x29, 0x1a, 0x16, 0x57, 0xff, 0x6c, 0xa3, 0x45, 0xef, 0xd7, 0xda, 0xdc, 0x95, + 0x3d, 0x36, 0x1d, 0xf4, 0x1b, 0xea, 0x22, 0x66, 0xeb, 0xfe, 0x76, 0x7f, 0x8e, 0x57, + 0x7c, 0x9f, 0x1e, 0xe2, 0xc1, 0x9d, 0x41, 0x38, 0x4d, 0xa1, 0xd, 0xdd, 0x7d, 0xaf, + 0xc9, 0xa2, 0xfa, + ]; + + executor::block_on(fuzz_send_receive_spdm_psk_exchange(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_psk_exchange(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_psk_exchange(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/psk_finish_req/Cargo.toml b/fuzz-target/requester/psk_finish_req/Cargo.toml new file mode 100644 index 0000000..747b5b5 --- /dev/null +++ b/fuzz-target/requester/psk_finish_req/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "psk_finish_req" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/psk_finish_req/src/main.rs b/fuzz-target/requester/psk_finish_req/src/main.rs new file mode 100644 index 0000000..4333ac0 --- /dev/null +++ b/fuzz-target/requester/psk_finish_req/src/main.rs @@ -0,0 +1,101 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_psk_finish(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + requester.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + + requester.common.session[0] = SpdmSession::new(); + requester.common.session[0].setup(4294836221).unwrap(); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_use_psk(true); + requester.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct::default()); + + #[cfg(feature = "hashed-transcript-data")] + { + requester.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + let _ = requester.send_receive_spdm_psk_finish(4294836221).await; +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x5a, 0x4d, 0x60, 0xcf, 0x4e, 0xc3, 0x17, 0x14, 0xa7, 0x55, 0x6f, 0x77, + 0x56, 0xad, 0xa4, 0xd0, 0x7e, 0xc2, 0xd4, + ]; + executor::block_on(fuzz_send_receive_spdm_psk_finish(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_psk_finish(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_psk_finish(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/requester/vendor_req/Cargo.toml b/fuzz-target/requester/vendor_req/Cargo.toml new file mode 100644 index 0000000..f788207 --- /dev/null +++ b/fuzz-target/requester/vendor_req/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "vendor_req" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] diff --git a/fuzz-target/requester/vendor_req/src/main.rs b/fuzz-target/requester/vendor_req/src/main.rs new file mode 100644 index 0000000..8c59f32 --- /dev/null +++ b/fuzz-target/requester/vendor_req/src/main.rs @@ -0,0 +1,93 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::message::{ + RegistryOrStandardsBodyID, VendorDefinedReqPayloadStruct, VendorIDStruct, + MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_spdm_vendor_defined_request(fuzzdata: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let (req_config_info, req_provision_info) = req_create_info(); + + let shared_buffer = SharedBuffer::new(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = requester::RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + let standard_id: RegistryOrStandardsBodyID = RegistryOrStandardsBodyID::DMTF; + let vendor_idstruct: VendorIDStruct = VendorIDStruct { + len: 0, + vendor_id: [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], + }; + let req_payload_struct: VendorDefinedReqPayloadStruct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; config::MAX_SPDM_MSG_SIZE - 7 - 2], + }; + + let _ = requester + .send_spdm_vendor_defined_request(None, standard_id, vendor_idstruct, req_payload_struct) + .await + .is_ok(); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 1, 0, 1, 0, 48, 0, 0, 0, 17, 2, 255, 1, 127, 0, 0, 0, 0, 17, 3, 0, 1, 40, 175, + ]; + executor::block_on(fuzz_send_spdm_vendor_defined_request(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_spdm_vendor_defined_request(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_spdm_vendor_defined_request(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/requester/version_req/Cargo.toml b/fuzz-target/requester/version_req/Cargo.toml new file mode 100644 index 0000000..b80a483 --- /dev/null +++ b/fuzz-target/requester/version_req/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "version_req" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/requester/version_req/src/main.rs b/fuzz-target/requester/version_req/src/main.rs new file mode 100644 index 0000000..a25f003 --- /dev/null +++ b/fuzz-target/requester/version_req/src/main.rs @@ -0,0 +1,119 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + fake_device_io::{self, FakeSpdmDeviceIo}, + req_create_info, spdmlib, + spdmlib::protocol::MAX_SPDM_VERSION_COUNT, + spdmlib::{protocol::SpdmVersion, requester::RequesterContext}, + time::SPDM_TIME_IMPL, + PciDoeTransportEncap, SharedBuffer, SECRET_ASYM_IMPL_INSTANCE, +}; + +#[allow(unused)] +use fuzzlib::flexi_logger; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_send_receive_spdm_version(fuzzdata: Arc>) { + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle version response' + // - description: '

Version can be negotiated.

' + // - + { + let (req_config_info, req_provision_info) = req_create_info(); + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + let _ = requester.send_receive_spdm_version().await.is_err(); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle version response' + // - description: '

Version can not be negotiated.

' + // - + { + let (mut req_config_info, req_provision_info) = req_create_info(); + for i in 0..MAX_SPDM_VERSION_COUNT { + req_config_info.spdm_version[i] = Some(SpdmVersion::default()); + } + + let shared_buffer = SharedBuffer::new(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut device_io_requester = + fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer)); + device_io_requester.set_rx(&fuzzdata); + let device_io_requester = Arc::new(Mutex::new(device_io_requester)); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + + let _ = requester.send_receive_spdm_version().await.is_err(); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::time::register(SPDM_TIME_IMPL.clone()); + + #[cfg(not(feature = "fuzz"))] + { + flexi_logger::Logger::try_with_env() + .unwrap() + .start() + .unwrap(); + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 4, 0, 0, 0, 2, 0, 16, 0, 17]; + executor::block_on(fuzz_send_receive_spdm_version(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_send_receive_spdm_version(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_send_receive_spdm_version(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/algorithm_rsp/Cargo.toml b/fuzz-target/responder/algorithm_rsp/Cargo.toml new file mode 100644 index 0000000..044b8e7 --- /dev/null +++ b/fuzz-target/responder/algorithm_rsp/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "algorithm_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/algorithm_rsp/src/main.rs b/fuzz-target/responder/algorithm_rsp/src/main.rs new file mode 100644 index 0000000..b50a944 --- /dev/null +++ b/fuzz-target/responder/algorithm_rsp/src/main.rs @@ -0,0 +1,79 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::config::MAX_SPDM_MSG_SIZE; +use fuzzlib::{spdmlib::protocol::SpdmVersion, *}; +use spdmlib::common::SpdmConnectionState; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_algorithm(data: Arc>) { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCapabilities); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_algorithm(&data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]; + executor::block_on(fuzz_handle_spdm_algorithm(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_algorithm(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_algorithm(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/capability_rsp/Cargo.toml b/fuzz-target/responder/capability_rsp/Cargo.toml new file mode 100644 index 0000000..7e4ef77 --- /dev/null +++ b/fuzz-target/responder/capability_rsp/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "capability_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/capability_rsp/src/main.rs b/fuzz-target/responder/capability_rsp/src/main.rs new file mode 100644 index 0000000..bf1d030 --- /dev/null +++ b/fuzz-target/responder/capability_rsp/src/main.rs @@ -0,0 +1,77 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{spdmlib::protocol::SpdmVersion, *}; +use spdmlib::common::SpdmConnectionState; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_capability(data: Arc>) { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterVersion); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_capability(&data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x10, 0x84, 00, 00, 0x11, 0xE1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0x0C, + ]; + executor::block_on(fuzz_handle_spdm_capability(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_capability(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_capability(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/certificate_rsp/Cargo.toml b/fuzz-target/responder/certificate_rsp/Cargo.toml new file mode 100644 index 0000000..bc27fda --- /dev/null +++ b/fuzz-target/responder/certificate_rsp/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "certificate_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/certificate_rsp/src/main.rs b/fuzz-target/responder/certificate_rsp/src/main.rs new file mode 100644 index 0000000..422d77d --- /dev/null +++ b/fuzz-target/responder/certificate_rsp/src/main.rs @@ -0,0 +1,151 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + spdmlib::common::SpdmConnectionState, + spdmlib::protocol::{SpdmBaseHashAlgo, SpdmVersion}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_certificate(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle certificate request' + // - description: '

Responder send certificate response to requester.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_certificate(&data, None, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle certificate request' + // - description: '

Responder send certificate response to requester in session.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_certificate(&data, Some(4294836221), &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, + ]; + executor::block_on(fuzz_handle_spdm_certificate(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_certificate(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_certificate(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/challenge_rsp/Cargo.toml b/fuzz-target/responder/challenge_rsp/Cargo.toml new file mode 100644 index 0000000..07a04a8 --- /dev/null +++ b/fuzz-target/responder/challenge_rsp/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "challenge_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/challenge_rsp/src/main.rs b/fuzz-target/responder/challenge_rsp/src/main.rs new file mode 100644 index 0000000..120f829 --- /dev/null +++ b/fuzz-target/responder/challenge_rsp/src/main.rs @@ -0,0 +1,144 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_challenge(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::crypto::rand::register(FAKE_RAND.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle challenge request' + // - description: '

Responder handle with SpdmMeasurementSummaryHashTypeNone and send CHALLENGE_AUTH response to requester.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_challenge(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle challenge request' + // - description: '

Responder handle with SpdmMeasurementSummaryHashTypeAll and send CHALLENGE_AUTH response to requester.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_challenge(&data, &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 17, 131, 0, 0, 96, 98, 50, 80, 166, 189, 68, 2, 27, 142, 255, 200, 180, 230, 76, + 45, 12, 178, 253, 70, 242, 202, 83, 171, 115, 148, 32, 249, 52, 170, 141, 122, + ]; + executor::block_on(fuzz_handle_spdm_challenge(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_challenge(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_challenge(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/Cargo.toml b/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/Cargo.toml new file mode 100644 index 0000000..e137dcf --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "deliver_encapsulated_response_certificate_rsp" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] \ No newline at end of file diff --git a/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/src/main.rs b/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/src/main.rs new file mode 100644 index 0000000..f146935 --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/src/main.rs @@ -0,0 +1,152 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_encap_response_certificate(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::cert_operation::register(FAKE_CERT_OPERATION.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap certificate from requester' + // - description: '

Responder process encapsulated CERTIFICATE and no need to verify the authority of cert chain.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + let _ = context.handle_encap_response_certificate(&data); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap certificate from requester' + // - description: '

Responder process encapsulated CERTIFICATE and pass the verification of provisioned root cert.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + // to pass the verification of provisioned root cert with fake cert_operation + let mut fake_root = SpdmCertChainData::default(); + // range [60..93] of seed `encap_get_certificate.raw` is fake root cert + fake_root.data_size = 33; + let start_index = 60; + let end_index = start_index + fake_root.data_size as usize; + if data.len() >= end_index { + fake_root.data[0..fake_root.data_size as usize] + .copy_from_slice(&data[start_index..end_index]); + } + + let mut peer_root_cert_data_list = + gen_array_clone(None, spdmlib::config::MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(fake_root); + + context.common.provision_info.peer_root_cert_data = peer_root_cert_data_list; + + let _ = context.handle_encap_response_certificate(&data); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = + include_bytes!("../../../in/deliver_encapsulated_response_certificate_rsp/encap_get_certificate.raw"); + executor::block_on(fuzz_handle_encap_response_certificate(Arc::new( + fuzzdata.to_vec(), + ))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_encap_response_certificate(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_encap_response_certificate(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/Cargo.toml b/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/Cargo.toml new file mode 100644 index 0000000..72feb3b --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "deliver_encapsulated_response_digest_rsp" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] \ No newline at end of file diff --git a/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/src/main.rs b/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/src/main.rs new file mode 100644 index 0000000..16eba80 --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_digest_rsp/src/main.rs @@ -0,0 +1,94 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_encap_response_digest(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let _ = context.handle_encap_response_digest(&data); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 129, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + executor::block_on(fuzz_handle_encap_response_digest(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_encap_response_digest(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_encap_response_digest(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/deliver_encapsulated_response_rsp/Cargo.toml b/fuzz-target/responder/deliver_encapsulated_response_rsp/Cargo.toml new file mode 100644 index 0000000..6f24751 --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_rsp/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "deliver_encapsulated_response_rsp" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] \ No newline at end of file diff --git a/fuzz-target/responder/deliver_encapsulated_response_rsp/src/main.rs b/fuzz-target/responder/deliver_encapsulated_response_rsp/src/main.rs new file mode 100644 index 0000000..543b355 --- /dev/null +++ b/fuzz-target/responder/deliver_encapsulated_response_rsp/src/main.rs @@ -0,0 +1,180 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_deliver_encapsulated_reponse(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::cert_operation::register(FAKE_CERT_OPERATION.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle deliver encapsulated response from requester' + // - description: '

Responder process deliver encapsulated response and handle DIGEST/CERTIFICATE.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_deliver_encapsulated_reponse(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle deliver encapsulated response from requester' + // - description: '

Responder process deliver encapsulated response failed due to low version.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_deliver_encapsulated_reponse(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle deliver encapsulated response from requester' + // - description: '

Responder process deliver encapsulated response failed due to no ENCAP_CAP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_deliver_encapsulated_reponse(&data, &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = include_bytes!( + "../../../in/deliver_encapsulated_response_rsp/encap_certificate.raw" + ); + executor::block_on(fuzz_handle_deliver_encapsulated_reponse(Arc::new( + fuzzdata.to_vec(), + ))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_deliver_encapsulated_reponse(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_deliver_encapsulated_reponse(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/responder/digest_rsp/Cargo.toml b/fuzz-target/responder/digest_rsp/Cargo.toml new file mode 100644 index 0000000..196c04a --- /dev/null +++ b/fuzz-target/responder/digest_rsp/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "digest_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/digest_rsp/src/main.rs b/fuzz-target/responder/digest_rsp/src/main.rs new file mode 100644 index 0000000..326784a --- /dev/null +++ b/fuzz-target/responder/digest_rsp/src/main.rs @@ -0,0 +1,151 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_digest(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle digest request' + // - description: '

Responder send digest response to requester.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_digest(&data, None, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle digest request' + // - description: '

Responder send digest response to requester in session.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_digest(&data, Some(4294836221), &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 129, 0, 0]; + executor::block_on(fuzz_handle_spdm_digest(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_digest(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_digest(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/end_session_rsp/Cargo.toml b/fuzz-target/responder/end_session_rsp/Cargo.toml new file mode 100644 index 0000000..f94e6ea --- /dev/null +++ b/fuzz-target/responder/end_session_rsp/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "end_session_rsp" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/end_session_rsp/src/main.rs b/fuzz-target/responder/end_session_rsp/src/main.rs new file mode 100644 index 0000000..284b696 --- /dev/null +++ b/fuzz-target/responder/end_session_rsp/src/main.rs @@ -0,0 +1,88 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_end_session(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_end_session(4294901758, &data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x1, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfe, 0xff, 0xfe, 0xff, 0x16, 0x0, 0xca, + 0xa7, 0x51, 0x58, 0x4d, 0x60, 0xe6, 0xc5, 0x74, 0x1c, 0xb3, 0xae, 0xaf, 0x62, 0x4b, + 0x2e, 0x49, 0x54, 0x7a, 0x75, 0x86, 0x37, + ]; + executor::block_on(fuzz_handle_spdm_end_session(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_end_session(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_end_session(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/finish_rsp/Cargo.toml b/fuzz-target/responder/finish_rsp/Cargo.toml new file mode 100644 index 0000000..3fa4915 --- /dev/null +++ b/fuzz-target/responder/finish_rsp/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "finish_rsp" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/finish_rsp/src/main.rs b/fuzz-target/responder/finish_rsp/src/main.rs new file mode 100644 index 0000000..b5a68bd --- /dev/null +++ b/fuzz-target/responder/finish_rsp/src/main.rs @@ -0,0 +1,410 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + spdmlib::message::SpdmKeyExchangeMutAuthAttributes, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_finish(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::hmac::register(FAKE_HMAC.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + spdmlib::crypto::asym_verify::register(FAKE_ASYM_VERIFY.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish request' + // - description: '

Respond finish rsp to complete the handshake, with HANDSHAKE_IN_THE_CLEAR_CAP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + context.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context + .common + .runtime_info + .set_last_session_id(Some(4294836221)); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_finish(4294836221, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish request' + // - description: '

Respond finish rsp to complete the handshake, with KEY_UPD_CAP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + context.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context + .common + .runtime_info + .set_last_session_id(Some(4294836221)); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_finish(4294836221, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish request' + // - description: '

Respond finish rsp to complete the handshake, but fail to verify hmac.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + context.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context + .common + .runtime_info + .set_last_session_id(Some(4294836221)); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_finish(4294836221, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish request' + // - description: '

Respond finish rsp to complete the handshake, with message_a set.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + context.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context + .common + .runtime_info + .message_a + .append_message(&[1u8; config::MAX_SPDM_MSG_SIZE - 103]); + context + .common + .runtime_info + .set_last_session_id(Some(4294836221)); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_finish(4294836221, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle finish request' + // - description: '

Respond finish rsp to complete the handshake, with mut auth requested.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + context.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + #[cfg(feature = "hashed-transcript-data")] + { + let mut dhe_secret = SpdmDheFinalKeyStruct::default(); + dhe_secret.data_size = SpdmDheAlgo::SECP_384_R1.get_size(); + context.common.session[0] + .set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret) + .unwrap(); + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context.common.session[0].set_mut_auth_requested( + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS, + ); + context + .common + .runtime_info + .set_last_session_id(Some(4294836221)); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_finish(4294836221, &data, &mut writer); + } +} +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 0x11, 0xe5, 0x0, 0x0, 0xd4, 0xab, 0xc, 0x98, 0x44, 0x6, 0xc1, 0x77, 0xe4, 0x37, + 0x79, 0x78, 0x26, 0xd4, 0x4c, 0x9b, 0x38, 0x30, 0xb2, 0xa3, 0xa, 0x5c, 0xa4, 0xd9, + 0x7b, 0x12, 0xe1, 0xd6, 0x38, 0xcb, 0xe0, 0xfb, 0xaa, 0x1c, 0xeb, 0xc5, 0xcb, 0x35, + 0x9b, 0xf8, 0x21, 0x9c, 0x7c, 0xd4, 0x33, 0x49, 0xdc, 0x61, + ]; + executor::block_on(fuzz_handle_spdm_finish(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_finish(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_finish(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/get_encapsulated_request_rsp/Cargo.toml b/fuzz-target/responder/get_encapsulated_request_rsp/Cargo.toml new file mode 100644 index 0000000..71c6abe --- /dev/null +++ b/fuzz-target/responder/get_encapsulated_request_rsp/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "get_encapsulated_request_rsp" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] +mut-auth = ["fuzzlib/mut-auth"] \ No newline at end of file diff --git a/fuzz-target/responder/get_encapsulated_request_rsp/src/main.rs b/fuzz-target/responder/get_encapsulated_request_rsp/src/main.rs new file mode 100644 index 0000000..9514574 --- /dev/null +++ b/fuzz-target/responder/get_encapsulated_request_rsp/src/main.rs @@ -0,0 +1,97 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_get_encapsulated_request(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::crypto::cert_operation::register(FAKE_CERT_OPERATION.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle encap certificate from requester' + // - description: '

Responder process GET_ENCAPSULATED_REQUEST and request encap GET_DIGEST.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + context.common.negotiate_info.req_capabilities_sel + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_get_encapsulated_request(&data, &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = include_bytes!("../../../in/get_encapsulated_request_rsp/default.raw"); + executor::block_on(fuzz_handle_get_encapsulated_request(Arc::new( + fuzzdata.to_vec(), + ))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_get_encapsulated_request(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_get_encapsulated_request(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/responder/heartbeat_rsp/Cargo.toml b/fuzz-target/responder/heartbeat_rsp/Cargo.toml new file mode 100644 index 0000000..1a78bdd --- /dev/null +++ b/fuzz-target/responder/heartbeat_rsp/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "heartbeat_rsp" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/heartbeat_rsp/src/main.rs b/fuzz-target/responder/heartbeat_rsp/src/main.rs new file mode 100644 index 0000000..7c0e63e --- /dev/null +++ b/fuzz-target/responder/heartbeat_rsp/src/main.rs @@ -0,0 +1,84 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_heartbeat(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_heartbeat(4294901758, &data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 46, 43]; + executor::block_on(fuzz_handle_spdm_heartbeat(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_heartbeat(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_heartbeat(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/key_update_rsp/Cargo.toml b/fuzz-target/responder/key_update_rsp/Cargo.toml new file mode 100644 index 0000000..ddded12 --- /dev/null +++ b/fuzz-target/responder/key_update_rsp/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "key_update_rsp" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/key_update_rsp/src/main.rs b/fuzz-target/responder/key_update_rsp/src/main.rs new file mode 100644 index 0000000..2fd29f1 --- /dev/null +++ b/fuzz-target/responder/key_update_rsp/src/main.rs @@ -0,0 +1,84 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_key_update(data: Arc>) { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_key_update(4294901758, &data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 46, 43]; + executor::block_on(fuzz_handle_spdm_key_update(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_key_update(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_key_update(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/keyexchange_rsp/Cargo.toml b/fuzz-target/responder/keyexchange_rsp/Cargo.toml new file mode 100644 index 0000000..71a684b --- /dev/null +++ b/fuzz-target/responder/keyexchange_rsp/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "keyexchange_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/keyexchange_rsp/src/main.rs b/fuzz-target/responder/keyexchange_rsp/src/main.rs new file mode 100644 index 0000000..69ecbd2 --- /dev/null +++ b/fuzz-target/responder/keyexchange_rsp/src/main.rs @@ -0,0 +1,217 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{common::SpdmOpaqueSupport, *}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_key_exchange(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange request' + // - description: '

Responder handle with SpdmMeasurementSummaryHashTypeNone and send KEY_EXCHANGE_RSP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_key_exchange(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange request' + // - description: '

Responder handle key exchange with HANDSHAKE_IN_THE_CLEAR_CAP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.negotiate_info.rsp_capabilities_sel |= SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_key_exchange(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle key exchange request' + // - description: '

Responder handle with SpdmMeasurementSummaryHashTypeAll and send KEY_EXCHANGE_RSP.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_key_exchange(&data, &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![ + 17, 228, 0, 0, 254, 255, 0, 0, 164, 168, 149, 35, 47, 201, 46, 27, 159, 172, 140, + 250, 56, 72, 129, 27, 241, 183, 219, 225, 241, 166, 116, 200, 20, 253, 145, 57, + 222, 45, 78, 168, 5, 106, 25, 148, 247, 253, 178, 151, 59, 213, 123, 199, 11, 108, + 92, 59, 33, 210, 5, 89, 52, 18, 79, 67, 12, 199, 200, 127, 207, 2, 92, 244, 184, + 140, 1, 63, 239, 90, 154, 1, 33, 57, 212, 7, 189, 192, 196, 254, 66, 150, 138, 127, + 89, 215, 107, 166, 163, 99, 184, 59, 232, 234, 137, 81, 162, 177, 220, 235, 235, + 171, 95, 178, 148, 83, 120, 80, 222, 234, 96, 254, 120, 223, 93, 247, 191, 95, 75, + 190, 151, 183, 121, 147, 55, 40, 61, 132, 20, 0, 70, 84, 77, 68, 1, 1, 0, 0, 0, 0, + 5, 0, 1, 1, 1, 0, 17, 0, 0, 0, 0, 0, + ]; + executor::block_on(fuzz_handle_spdm_key_exchange(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_key_exchange(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_key_exchange(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/measurement_rsp/Cargo.toml b/fuzz-target/responder/measurement_rsp/Cargo.toml new file mode 100644 index 0000000..04f4a0d --- /dev/null +++ b/fuzz-target/responder/measurement_rsp/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "measurement_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/measurement_rsp/src/main.rs b/fuzz-target/responder/measurement_rsp/src/main.rs new file mode 100644 index 0000000..1d18ea9 --- /dev/null +++ b/fuzz-target/responder/measurement_rsp/src/main.rs @@ -0,0 +1,158 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + spdmlib::common::SpdmConnectionState, + spdmlib::protocol::*, + *, +}; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_measurement(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement request' + // - description: '

Respond MEASUREMENTS without session.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.measurement_specification_sel = + SpdmMeasurementSpecification::DMTF; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_measurement(None, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle measurement request' + // - description: '

Respond MEASUREMENTS in a session.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.measurement_specification_sel = + SpdmMeasurementSpecification::DMTF; + context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_measurement(Some(4294836221), &data, &mut writer); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 224, 0, 0]; + executor::block_on(fuzz_handle_spdm_measurement(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_measurement(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_measurement(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/psk_finish_rsp/Cargo.toml b/fuzz-target/responder/psk_finish_rsp/Cargo.toml new file mode 100644 index 0000000..cd28ed1 --- /dev/null +++ b/fuzz-target/responder/psk_finish_rsp/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "psk_finish_rsp" +version = "0.1.0" +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/psk_finish_rsp/src/main.rs b/fuzz-target/responder/psk_finish_rsp/src/main.rs new file mode 100644 index 0000000..698aac0 --- /dev/null +++ b/fuzz-target/responder/psk_finish_rsp/src/main.rs @@ -0,0 +1,197 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::{ + spdmlib::common::session::{SpdmSession, SpdmSessionState}, + *, +}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_psk_finish(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + spdmlib::crypto::hmac::register(FAKE_HMAC.clone()); + spdmlib::crypto::hkdf::register(FAKE_HKDF.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK finish request' + // - description: '

Respond PSK finish rsp to complete the handshake.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_use_psk(true); + context.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct::default()); + + #[cfg(feature = "hashed-transcript-data")] + { + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_finish(4294836221, &data, &mut writer); + //assert!(status.is_ok()); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK finish request' + // - description: '

Respond PSK finish rsp to complete the handshake, with message_a set.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_use_psk(true); + context.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct::default()); + + context + .common + .runtime_info + .message_a + .append_message(&[1u8; config::MAX_SPDM_MSG_SIZE]); + + #[cfg(feature = "hashed-transcript-data")] + { + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_psk_finish(4294836221, &data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK finish request' + // - description: '

Respond PSK finish rsp to complete the handshake, with wrong base hash algo.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + context.common.session[0] = SpdmSession::new(); + context.common.session[0].setup(4294836221).unwrap(); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_use_psk(true); + context.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct::default()); + + #[cfg(feature = "hashed-transcript-data")] + { + context.common.session[0].runtime_info.digest_context_th = + spdmlib::crypto::hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_384); + } + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_finish(4294836221, &data, &mut writer); + //assert!(status.is_ok()); + } +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 46, 43]; + executor::block_on(fuzz_handle_spdm_psk_finish(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_psk_finish(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_psk_finish(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/pskexchange_rsp/Cargo.toml b/fuzz-target/responder/pskexchange_rsp/Cargo.toml new file mode 100644 index 0000000..fdc4b5e --- /dev/null +++ b/fuzz-target/responder/pskexchange_rsp/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "pskexchange_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/pskexchange_rsp/src/main.rs b/fuzz-target/responder/pskexchange_rsp/src/main.rs new file mode 100644 index 0000000..1a2f5ec --- /dev/null +++ b/fuzz-target/responder/pskexchange_rsp/src/main.rs @@ -0,0 +1,230 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::config::MAX_SPDM_SESSION_COUNT; +use fuzzlib::spdmlib::common::session::SpdmSession; +use fuzzlib::{common::SpdmConnectionState, common::SpdmOpaqueSupport, *}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_psk_exchange(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange request' + // - description: '

Respond PSK exchange rsp and skip PSK_FINISH.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_psk_exchange(&data, &mut writer); + } + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange request' + // - description: '

Respond PSK exchange rsp with PSK_CAP_WITH_CONTEXT cap.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_psk_exchange(&data, &mut writer); + } + + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange request' + // - description: '

Respond PSK exchange rsp with session limit exceeded.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.rsp_capabilities_sel = + context.common.negotiate_info.rsp_capabilities_sel + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + for i in 0..MAX_SPDM_SESSION_COUNT { + context.common.session[i] = SpdmSession::new(); + context.common.session[i].setup(4294836221).unwrap(); + } + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_psk_exchange(&data, &mut writer); + } + // TCD: + // - id: 0 + // - title: 'Fuzz SPDM handle PSK exchange request' + // - description: '

Respond PSK exchange rsp with SpdmMeasurementSummaryHashTypeAll.

' + // - + { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + context.common.negotiate_info.req_asym_sel = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + context.common.negotiate_info.key_schedule_sel = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + context.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG + | SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT; + + context.common.reset_runtime_info(); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_psk_exchange(&data, &mut writer); + } +} +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 46, 43]; + executor::block_on(fuzz_handle_spdm_psk_exchange(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_psk_exchange(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_psk_exchange(Arc::new(data.to_vec()))); + }); +} diff --git a/fuzz-target/responder/vendor_rsp/Cargo.toml b/fuzz-target/responder/vendor_rsp/Cargo.toml new file mode 100644 index 0000000..a05c5b6 --- /dev/null +++ b/fuzz-target/responder/vendor_rsp/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "vendor_rsp" +version = "0.1.0" +authors = ["Xiaotian Chen "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +default = ["hashed-transcript-data"] +hashed-transcript-data = ["fuzzlib/hashed-transcript-data"] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/vendor_rsp/src/main.rs b/fuzz-target/responder/vendor_rsp/src/main.rs new file mode 100644 index 0000000..1556735 --- /dev/null +++ b/fuzz-target/responder/vendor_rsp/src/main.rs @@ -0,0 +1,120 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::spdmlib::error::SpdmResult; +use fuzzlib::spdmlib::message::{ + register_vendor_defined_struct, VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + VendorDefinedStruct, VendorIDStruct, +}; +use fuzzlib::*; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_vendor_defined_request(data: Arc>) { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let vendor_defined_func: for<'r> fn( + usize, + &VendorIDStruct, + &'r VendorDefinedReqPayloadStruct, + ) -> Result<_, _> = |_: usize, + _: &VendorIDStruct, + _vendor_defined_req_payload_struct| + -> SpdmResult { + let mut vendor_defined_res_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0; config::MAX_SPDM_MSG_SIZE - 7 - 2], + }; + vendor_defined_res_payload_struct.rsp_length = 8; + vendor_defined_res_payload_struct.vendor_defined_rsp_payload[0..8] + .clone_from_slice(b"deadbeef"); + Ok(vendor_defined_res_payload_struct) + }; + + register_vendor_defined_struct(VendorDefinedStruct { + vendor_defined_request_handler: vendor_defined_func, + vdm_handle: 0, + }); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_vendor_defined_request(None, &data, &mut writer); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 129, 0, 0]; + executor::block_on(fuzz_handle_spdm_vendor_defined_request(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_vendor_defined_request(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_vendor_defined_request(Arc::new( + data.to_vec(), + ))); + }); +} diff --git a/fuzz-target/responder/version_rsp/Cargo.toml b/fuzz-target/responder/version_rsp/Cargo.toml new file mode 100644 index 0000000..9c26f51 --- /dev/null +++ b/fuzz-target/responder/version_rsp/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "version_rsp" +version = "0.1.0" +authors = ["haowei "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +fuzzlib = { path = "../../fuzzlib", default-features = false } +afl = { version = "=0.12.12", optional = true } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../../executor" } +codec = {path= "../../../codec"} + +[features] +fuzzlogfile = [] +fuzz = ["afl"] \ No newline at end of file diff --git a/fuzz-target/responder/version_rsp/src/main.rs b/fuzz-target/responder/version_rsp/src/main.rs new file mode 100644 index 0000000..61924dd --- /dev/null +++ b/fuzz-target/responder/version_rsp/src/main.rs @@ -0,0 +1,78 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use fuzzlib::*; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +async fn fuzz_handle_spdm_version(data: Arc>) { + let (config_info, provision_info) = rsp_create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport.clone(), + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = codec::Writer::init(&mut response_buffer); + let _ = context.handle_spdm_version(&data, &mut writer); + + let mut req_buf = [0u8; 1024]; + let mut socket_io_transport = socket_io_transport.lock(); + let socket_io_transport = socket_io_transport.deref_mut(); + socket_io_transport + .receive(Arc::new(Mutex::new(&mut req_buf)), 60) + .await + .unwrap(); + println!("Received: {:?}", req_buf); +} + +#[cfg(not(feature = "use_libfuzzer"))] +fn main() { + #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] + flexi_logger::Logger::try_with_str("info") + .unwrap() + .log_to_file( + FileSpec::default() + .directory("traces") + .basename("foo") + .discriminant("Sample4711A") + .suffix("trc"), + ) + .print_message() + .create_symlink("current_run") + .start() + .unwrap(); + + #[cfg(not(feature = "fuzz"))] + { + let args: Vec = std::env::args().collect(); + if args.len() < 2 { + // Here you can replace the single-step debugging value in the fuzzdata array. + let fuzzdata = vec![17, 46, 43, 0]; + executor::block_on(fuzz_handle_spdm_version(Arc::new(fuzzdata))); + } else { + let path = &args[1]; + let data = std::fs::read(path).expect("read crash file fail"); + executor::block_on(fuzz_handle_spdm_version(Arc::new(data))); + } + } + #[cfg(feature = "fuzz")] + afl::fuzz!(|data: &[u8]| { + executor::block_on(fuzz_handle_spdm_version(Arc::new(data.to_vec()))); + }); +} diff --git a/idekm/Cargo.toml b/idekm/Cargo.toml new file mode 100644 index 0000000..5c31e5f --- /dev/null +++ b/idekm/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "idekm" +license = "BSD-2-Clause-Patent" +version = "0.1.0" +authors = [ + "Jiewen Yao ", + "Xiaoyu Lu ", + "Longlong Yang " + ] +edition = "2018" + +[dev-dependencies] + +[build-dependencies] + +[dependencies] +codec = { path = "../codec" } +zeroize = { version = "1.5.0", features = ["zeroize_derive"]} +spdmlib = { path = "../spdmlib", default-features = false, features = ["spdm-ring"]} +conquer-once = { version = "0.3.2", default-features = false } +maybe-async = "0.2.7" + +[features] +is_sync = ["spdmlib/is_sync", "maybe-async/is_sync"] \ No newline at end of file diff --git a/idekm/src/lib.rs b/idekm/src/lib.rs new file mode 100644 index 0000000..a61d1ce --- /dev/null +++ b/idekm/src/lib.rs @@ -0,0 +1,10 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![cfg_attr(not(feature = "std"), no_std)] + +pub mod pci_ide_km_requester; +pub mod pci_ide_km_responder; +pub mod pci_idekm; diff --git a/idekm/src/pci_ide_km_requester/mod.rs b/idekm/src/pci_ide_km_requester/mod.rs new file mode 100644 index 0000000..e5489f4 --- /dev/null +++ b/idekm/src/pci_ide_km_requester/mod.rs @@ -0,0 +1,18 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[derive(Debug, Default, Copy, Clone)] +pub struct IdekmReqContext; + +pub mod pci_ide_km_req_query; +pub use pci_ide_km_req_query::*; + +pub mod pci_ide_km_req_key_prog; +pub use pci_ide_km_req_key_prog::*; + +pub mod pci_ide_km_req_key_set_go; +pub use pci_ide_km_req_key_set_go::*; + +pub mod pci_ide_km_req_key_set_stop; +pub use pci_ide_km_req_key_set_stop::*; diff --git a/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_prog.rs b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_prog.rs new file mode 100644 index 0000000..034a9a1 --- /dev/null +++ b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_prog.rs @@ -0,0 +1,87 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SpdmResult; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_idekm::vendor_id; +use crate::pci_idekm::KpAckDataObject; +use crate::pci_idekm::STANDARD_ID; +use crate::pci_idekm::{Aes256GcmKeyBuffer, KeyProgDataObject, KpAckStatus}; + +use super::IdekmReqContext; + +impl IdekmReqContext { + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + pub async fn pci_ide_km_key_prog( + &mut self, + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + key_iv: &Aes256GcmKeyBuffer, + // OUT + kp_ack_status: &mut KpAckStatus, + ) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = KeyProgDataObject { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + key_iv: key_iv.clone(), + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let kp_ack_data_object = KpAckDataObject::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if kp_ack_data_object.stream_id != stream_id + || kp_ack_data_object.key_set != key_set + || kp_ack_data_object.key_direction != key_direction + || kp_ack_data_object.key_sub_stream != key_sub_stream + || kp_ack_data_object.port_index != port_index + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } else { + *kp_ack_status = kp_ack_data_object.status; + } + + Ok(()) + } +} diff --git a/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_go.rs b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_go.rs new file mode 100644 index 0000000..60ecd4a --- /dev/null +++ b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_go.rs @@ -0,0 +1,81 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_idekm::vendor_id; +use crate::pci_idekm::KGoStopAckDataObject; +use crate::pci_idekm::KSetGoDataObject; +use crate::pci_idekm::STANDARD_ID; + +use super::IdekmReqContext; + +impl IdekmReqContext { + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + pub async fn pci_ide_km_key_set_go( + &mut self, + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + ) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = KSetGoDataObject { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if kgo_stop_ack_data_object.stream_id != stream_id + || kgo_stop_ack_data_object.key_set != key_set + || kgo_stop_ack_data_object.key_direction != key_direction + || kgo_stop_ack_data_object.key_sub_stream != key_sub_stream + || kgo_stop_ack_data_object.port_index != port_index + { + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } else { + Ok(()) + } + } +} diff --git a/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_stop.rs b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_stop.rs new file mode 100644 index 0000000..428f234 --- /dev/null +++ b/idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_stop.rs @@ -0,0 +1,81 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_idekm::vendor_id; +use crate::pci_idekm::KGoStopAckDataObject; +use crate::pci_idekm::KSetStopDataObject; +use crate::pci_idekm::STANDARD_ID; + +use super::IdekmReqContext; + +impl IdekmReqContext { + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + pub async fn pci_ide_km_key_set_stop( + &mut self, + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + ) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = KSetStopDataObject { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if kgo_stop_ack_data_object.stream_id != stream_id + || kgo_stop_ack_data_object.key_set != key_set + || kgo_stop_ack_data_object.key_direction != key_direction + || kgo_stop_ack_data_object.key_sub_stream != key_sub_stream + || kgo_stop_ack_data_object.port_index != port_index + { + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } else { + Ok(()) + } + } +} diff --git a/idekm/src/pci_ide_km_requester/pci_ide_km_req_query.rs b/idekm/src/pci_ide_km_requester/pci_ide_km_req_query.rs new file mode 100644 index 0000000..cead631 --- /dev/null +++ b/idekm/src/pci_ide_km_requester/pci_ide_km_req_query.rs @@ -0,0 +1,77 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use spdmlib::{ + error::{SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD}, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_idekm::{ + vendor_id, QueryDataObject, QueryRespDataObject, PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT, + STANDARD_ID, +}; + +use super::IdekmReqContext; + +impl IdekmReqContext { + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + pub async fn pci_ide_km_query( + &mut self, + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + port_index: u8, + // OUT + dev_func_num: &mut u8, + bus_num: &mut u8, + segment: &mut u8, + max_port_index: &mut u8, + ide_reg_block: &mut [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], + ide_reg_block_cnt: &mut usize, + ) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = QueryDataObject { port_index } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let query_resp_data_object = QueryRespDataObject::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if port_index != query_resp_data_object.port_index { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + *dev_func_num = query_resp_data_object.dev_func_num; + *bus_num = query_resp_data_object.bus_num; + *segment = query_resp_data_object.segment; + *max_port_index = query_resp_data_object.max_port_index; + *ide_reg_block = query_resp_data_object.ide_reg_block; + *ide_reg_block_cnt = query_resp_data_object.ide_reg_block_cnt; + + Ok(()) + } +} diff --git a/idekm/src/pci_ide_km_responder/mod.rs b/idekm/src/pci_ide_km_responder/mod.rs new file mode 100644 index 0000000..8de674d --- /dev/null +++ b/idekm/src/pci_ide_km_responder/mod.rs @@ -0,0 +1,17 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[derive(Debug, Default, Copy, Clone)] +pub struct IdekmRspContext; + +pub mod pci_ide_km_rsp_dispatcher; +pub use pci_ide_km_rsp_dispatcher::*; + +pub mod pci_ide_km_rsp_query; + +pub mod pci_ide_km_rsp_key_prog; + +pub mod pci_ide_km_rsp_key_set_go; + +pub mod pci_ide_km_rsp_key_set_stop; diff --git a/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_dispatcher.rs b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_dispatcher.rs new file mode 100644 index 0000000..d8dcdd7 --- /dev/null +++ b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_dispatcher.rs @@ -0,0 +1,53 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::{ + pci_ide_km_rsp_key_prog, pci_ide_km_rsp_key_set_go, pci_ide_km_rsp_key_set_stop, + pci_ide_km_rsp_query, +}; +use crate::pci_idekm::{ + vendor_id, IDEKM_PROTOCOL_ID, KEY_PROG_OBJECT_ID, K_SET_GO_OBJECT_ID, K_SET_STOP_OBJECT_ID, + QUERY_OBJECT_ID, +}; +use spdmlib::{ + error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD}, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, VendorDefinedStruct, + VendorIDStruct, + }, +}; + +pub const PCI_IDE_KM_INSTANCE: VendorDefinedStruct = VendorDefinedStruct { + vendor_defined_request_handler: pci_ide_km_rsp_dispatcher, + vdm_handle: 0, +}; + +pub fn pci_ide_km_rsp_dispatcher( + _vdm_handle: usize, + vendor_id_struct: &VendorIDStruct, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + if vendor_defined_req_payload_struct.req_length < 2 + || vendor_id_struct != &vendor_id() + || vendor_defined_req_payload_struct.vendor_defined_req_payload[0] != IDEKM_PROTOCOL_ID + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + match vendor_defined_req_payload_struct.vendor_defined_req_payload[1] { + QUERY_OBJECT_ID => { + pci_ide_km_rsp_query::pci_ide_km_rsp_query(vendor_defined_req_payload_struct) + } + KEY_PROG_OBJECT_ID => { + pci_ide_km_rsp_key_prog::pci_ide_km_rsp_key_prog(vendor_defined_req_payload_struct) + } + K_SET_GO_OBJECT_ID => { + pci_ide_km_rsp_key_set_go::pci_ide_km_rsp_key_set_go(vendor_defined_req_payload_struct) + } + K_SET_STOP_OBJECT_ID => pci_ide_km_rsp_key_set_stop::pci_ide_km_rsp_key_set_stop( + vendor_defined_req_payload_struct, + ), + _ => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } +} diff --git a/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_prog.rs b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_prog.rs new file mode 100644 index 0000000..ea30578 --- /dev/null +++ b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_prog.rs @@ -0,0 +1,123 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use conquer_once::spin::OnceCell; + +use crate::pci_idekm::{Aes256GcmKeyBuffer, KeyProgDataObject, KpAckDataObject, KpAckStatus}; +static PCI_IDE_KM_DEVICE_KEY_PROG_INSTANCE: OnceCell = OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciIdeKmDeviceKeyProg { + pub pci_ide_km_device_key_prog_cb: fn( + // IN + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + key_iv: Aes256GcmKeyBuffer, + // OUT + status: &mut KpAckStatus, + ) -> SpdmResult, +} + +pub fn register(context: PciIdeKmDeviceKeyProg) -> bool { + PCI_IDE_KM_DEVICE_KEY_PROG_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciIdeKmDeviceKeyProg = PciIdeKmDeviceKeyProg { + pci_ide_km_device_key_prog_cb: |_stream_id: u8, + _key_set: u8, + _key_direction: u8, + _key_sub_stream: u8, + _port_index: u8, + _key_iv: Aes256GcmKeyBuffer, + _status: &mut KpAckStatus| + -> SpdmResult { unimplemented!() }, +}; + +fn pci_ide_km_device_key_prog( + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + key_iv: Aes256GcmKeyBuffer, + status: &mut KpAckStatus, +) -> SpdmResult { + (PCI_IDE_KM_DEVICE_KEY_PROG_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_ide_km_device_key_prog_cb)( + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + key_iv, + status, + ) +} + +pub(crate) fn pci_ide_km_rsp_key_prog( + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let key_prog_data_object = KeyProgDataObject::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut status = KpAckStatus::default(); + let key_iv = key_prog_data_object.key_iv.clone(); + pci_ide_km_device_key_prog( + key_prog_data_object.stream_id, + key_prog_data_object.key_set, + key_prog_data_object.key_direction, + key_prog_data_object.key_sub_stream, + key_prog_data_object.port_index, + key_iv, + &mut status, + )?; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + let cnt = KpAckDataObject { + stream_id: key_prog_data_object.stream_id, + status, + key_set: key_prog_data_object.key_set, + key_direction: key_prog_data_object.key_direction, + key_sub_stream: key_prog_data_object.key_sub_stream, + port_index: key_prog_data_object.port_index, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_go.rs b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_go.rs new file mode 100644 index 0000000..b48fbaa --- /dev/null +++ b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_go.rs @@ -0,0 +1,109 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_idekm::{KGoStopAckDataObject, KSetGoDataObject}; + +static PCI_IDE_KM_DEVICE_KEY_SET_GO_INSTANCE: OnceCell = OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciIdeKmDeviceKeySetGo { + pub pci_ide_km_device_key_set_go_cb: fn( + // IN + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + ) -> SpdmResult, +} + +pub fn register(context: PciIdeKmDeviceKeySetGo) -> bool { + PCI_IDE_KM_DEVICE_KEY_SET_GO_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciIdeKmDeviceKeySetGo = PciIdeKmDeviceKeySetGo { + pci_ide_km_device_key_set_go_cb: |_stream_id: u8, + _key_set: u8, + _key_direction: u8, + _key_sub_stream: u8, + _port_index: u8| + -> SpdmResult { unimplemented!() }, +}; + +fn pci_ide_km_device_key_set_go( + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, +) -> SpdmResult { + (PCI_IDE_KM_DEVICE_KEY_SET_GO_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_ide_km_device_key_set_go_cb)( + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) +} + +pub(crate) fn pci_ide_km_rsp_key_set_go( + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let kset_go_data_object = KSetGoDataObject::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + pci_ide_km_device_key_set_go( + kset_go_data_object.stream_id, + kset_go_data_object.key_set, + kset_go_data_object.key_direction, + kset_go_data_object.key_sub_stream, + kset_go_data_object.port_index, + )?; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + let cnt = KGoStopAckDataObject { + stream_id: kset_go_data_object.stream_id, + key_set: kset_go_data_object.key_set, + key_direction: kset_go_data_object.key_direction, + key_sub_stream: kset_go_data_object.key_sub_stream, + port_index: kset_go_data_object.port_index, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_stop.rs b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_stop.rs new file mode 100644 index 0000000..8eb7bb8 --- /dev/null +++ b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_key_set_stop.rs @@ -0,0 +1,110 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_idekm::{KGoStopAckDataObject, KSetStopDataObject}; + +static PCI_IDE_KM_DEVICE_KEY_SET_STOP_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciIdeKmDeviceKeySetStop { + pub pci_ide_km_device_key_set_stop_cb: fn( + // IN + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + ) -> SpdmResult, +} + +pub fn register(context: PciIdeKmDeviceKeySetStop) -> bool { + PCI_IDE_KM_DEVICE_KEY_SET_STOP_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciIdeKmDeviceKeySetStop = PciIdeKmDeviceKeySetStop { + pci_ide_km_device_key_set_stop_cb: |_stream_id: u8, + _key_set: u8, + _key_direction: u8, + _key_sub_stream: u8, + _port_index: u8| + -> SpdmResult { unimplemented!() }, +}; + +fn pci_ide_km_device_key_set_stop( + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, +) -> SpdmResult { + (PCI_IDE_KM_DEVICE_KEY_SET_STOP_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_ide_km_device_key_set_stop_cb)( + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) +} + +pub(crate) fn pci_ide_km_rsp_key_set_stop( + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let kset_stop_data_object = KSetStopDataObject::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + pci_ide_km_device_key_set_stop( + kset_stop_data_object.stream_id, + kset_stop_data_object.key_set, + kset_stop_data_object.key_direction, + kset_stop_data_object.key_sub_stream, + kset_stop_data_object.port_index, + )?; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + let cnt = KGoStopAckDataObject { + stream_id: kset_stop_data_object.stream_id, + key_set: kset_stop_data_object.key_set, + key_direction: kset_stop_data_object.key_direction, + key_sub_stream: kset_stop_data_object.key_sub_stream, + port_index: kset_stop_data_object.port_index, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_query.rs b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_query.rs new file mode 100644 index 0000000..73d622c --- /dev/null +++ b/idekm/src/pci_ide_km_responder/pci_ide_km_rsp_query.rs @@ -0,0 +1,129 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_idekm::{QueryDataObject, QueryRespDataObject, PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT}; + +use conquer_once::spin::OnceCell; +static PCI_IDE_KM_DEVICE_QUERY_INSTANCE: OnceCell = OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciIdeKmDeviceQuery { + pub pci_ide_km_device_query_cb: fn( + port_index: u8, + dev_func_num: &mut u8, + bus_num: &mut u8, + segment: &mut u8, + max_port_index: &mut u8, + ide_reg_block: &mut [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], + ide_reg_block_cnt: &mut usize, + ) -> SpdmResult, +} + +pub fn register(context: PciIdeKmDeviceQuery) -> bool { + PCI_IDE_KM_DEVICE_QUERY_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciIdeKmDeviceQuery = PciIdeKmDeviceQuery { + pci_ide_km_device_query_cb: |_port_index: u8, + _dev_func_num: &mut u8, + _bus_num: &mut u8, + _segment: &mut u8, + _max_port_index: &mut u8, + _ide_reg_block: &mut [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], + _ide_reg_block_cnt: &mut usize| + -> SpdmResult { unimplemented!() }, +}; + +fn pci_ide_km_device_query( + port_index: u8, + dev_func_num: &mut u8, + bus_num: &mut u8, + segment: &mut u8, + max_port_index: &mut u8, + ide_reg_block: &mut [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], + ide_reg_block_cnt: &mut usize, +) -> SpdmResult { + (PCI_IDE_KM_DEVICE_QUERY_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_ide_km_device_query_cb)( + port_index, + dev_func_num, + bus_num, + segment, + max_port_index, + ide_reg_block, + ide_reg_block_cnt, + ) +} + +pub(crate) fn pci_ide_km_rsp_query( + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let query_data_object = QueryDataObject::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let port_index = query_data_object.port_index; + let mut dev_func_num = 0u8; + let mut bus_num = 0u8; + let mut segment = 0u8; + let mut max_port_index = 0u8; + let mut ide_reg_block = [0u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT]; + let mut ide_reg_block_cnt = 0usize; + + pci_ide_km_device_query( + port_index, + &mut dev_func_num, + &mut bus_num, + &mut segment, + &mut max_port_index, + &mut ide_reg_block, + &mut ide_reg_block_cnt, + )?; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = QueryRespDataObject { + port_index, + dev_func_num, + bus_num, + segment, + max_port_index, + ide_reg_block_cnt, + ide_reg_block, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/idekm/src/pci_idekm.rs b/idekm/src/pci_idekm.rs new file mode 100644 index 0000000..3b22ae2 --- /dev/null +++ b/idekm/src/pci_idekm.rs @@ -0,0 +1,567 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use core::convert::TryFrom; +use spdmlib::message::{ + RegistryOrStandardsBodyID, VendorIDStruct, MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN, +}; +use zeroize::ZeroizeOnDrop; +extern crate alloc; +use alloc::boxed::Box; + +pub const PCI_IDE_KM_LINK_IDE_REG_BLOCK_MAX_COUNT: usize = 8; +pub const PCI_IDE_KM_SELECTIVE_IDE_REG_BLOCK_MAX_COUNT: usize = 255; +pub const PCI_IDE_KM_SELECTIVE_IDE_ADDRESS_ASSOCIATION_REG_BLOCK_MAX_COUNT: usize = 15; + +pub const PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT: usize = 2 + + 2 * PCI_IDE_KM_LINK_IDE_REG_BLOCK_MAX_COUNT + + (3 + 2 + 3 * PCI_IDE_KM_SELECTIVE_IDE_ADDRESS_ASSOCIATION_REG_BLOCK_MAX_COUNT) + * PCI_IDE_KM_SELECTIVE_IDE_REG_BLOCK_MAX_COUNT; +pub const PCI_IDE_KM_IDE_REG_BLOCK_MIN_COUNT: usize = 2; + +pub const IDEKM_PROTOCOL_ID: u8 = 0; + +pub const QUERY_OBJECT_ID: u8 = 0; +pub const QUERY_RESP_OBJECT_ID: u8 = 1; +pub const KEY_PROG_OBJECT_ID: u8 = 2; +pub const KP_ACK_OBJECT_ID: u8 = 3; +pub const K_SET_GO_OBJECT_ID: u8 = 4; +pub const K_SET_STOP_OBJECT_ID: u8 = 5; +pub const K_GOSTOP_ACK_OBJECT_ID: u8 = 6; + +pub const KEY_SET_MASK: u8 = 0x1; +pub const KEY_SET_0: u8 = 0x0; +pub const KEY_SET_1: u8 = 0x1; + +pub const KEY_DIRECTION_MASK: u8 = 0x2; +pub const KEY_DIRECTION_RX: u8 = 0x0; +pub const KEY_DIRECTION_TX: u8 = 0x2; + +pub const KEY_SUB_STREAM_MASK: u8 = 0xF0; +pub const KEY_SUB_STREAM_PR: u8 = 0x0; +pub const KEY_SUB_STREAM_NPR: u8 = 0x10; +pub const KEY_SUB_STREAM_CPL: u8 = 0x20; + +#[derive(Debug)] +pub struct QueryDataObject { + pub port_index: u8, +} + +impl Codec for QueryDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += QUERY_OBJECT_ID.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + + let object_id = u8::read(r)?; + if object_id != QUERY_OBJECT_ID { + return None; + } + + u8::read(r)?; + + let port_index = u8::read(r)?; + + Some(Self { port_index }) + } +} + +#[derive(Debug)] +pub struct QueryRespDataObject { + pub port_index: u8, + pub dev_func_num: u8, + pub bus_num: u8, + pub segment: u8, + pub max_port_index: u8, + pub ide_reg_block_cnt: usize, + pub ide_reg_block: [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], +} + +impl Codec for QueryRespDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += QUERY_RESP_OBJECT_ID.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + cnt += self.dev_func_num.encode(bytes)?; + cnt += self.bus_num.encode(bytes)?; + cnt += self.segment.encode(bytes)?; + cnt += self.max_port_index.encode(bytes)?; + for ide_reg in self.ide_reg_block.iter().take(self.ide_reg_block_cnt) { + cnt += ide_reg.encode(bytes)?; + } + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != QUERY_RESP_OBJECT_ID { + return None; + } + u8::read(r)?; + let port_index = u8::read(r)?; + let dev_func_num = u8::read(r)?; + let bus_num = u8::read(r)?; + let segment = u8::read(r)?; + let max_port_index = u8::read(r)?; + + let left = r.left(); + if left % 4 != 0 { + return None; + } + + let ide_reg_block_cnt = left / 4; + if !(PCI_IDE_KM_IDE_REG_BLOCK_MIN_COUNT..=PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT) + .contains(&ide_reg_block_cnt) + { + return None; + } + + let mut ide_reg_block = [0u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT]; + for ide_reg in ide_reg_block.iter_mut().take(ide_reg_block_cnt) { + *ide_reg = u32::read(r)?; + } + + Some(Self { + port_index, + dev_func_num, + bus_num, + segment, + max_port_index, + ide_reg_block_cnt, + ide_reg_block, + }) + } +} + +#[derive(Debug, Default, Clone, ZeroizeOnDrop)] +pub struct Aes256GcmKeyBuffer { + pub key: Box<[u32; 8]>, + pub iv: Box<[u32; 2]>, +} + +impl Codec for Aes256GcmKeyBuffer { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.key[7].encode(bytes)?; + cnt += self.key[6].encode(bytes)?; + cnt += self.key[5].encode(bytes)?; + cnt += self.key[4].encode(bytes)?; + cnt += self.key[3].encode(bytes)?; + cnt += self.key[2].encode(bytes)?; + cnt += self.key[1].encode(bytes)?; + cnt += self.key[0].encode(bytes)?; + cnt += self.iv[1].encode(bytes)?; + cnt += self.iv[0].encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let mut key = Box::new([0u32; 8]); + let mut iv = Box::new([0u32; 2]); + + for k in key.iter_mut().take(8) { + *k = u32::read(r)?; + } + + key.reverse(); + + for i in iv.iter_mut().take(2) { + *i = u32::read(r)?; + } + + iv.reverse(); + + Some(Self { key, iv }) + } +} + +#[derive(Debug, Default, ZeroizeOnDrop)] +pub struct KeyProgDataObject { + pub stream_id: u8, + pub key_set: u8, + pub key_direction: u8, + pub key_sub_stream: u8, + pub port_index: u8, + pub key_iv: Aes256GcmKeyBuffer, +} + +impl Codec for KeyProgDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += KEY_PROG_OBJECT_ID.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.stream_id.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += (self.key_set | self.key_direction | self.key_sub_stream).encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + cnt += self.key_iv.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != KEY_PROG_OBJECT_ID { + return None; + } + u16::read(r)?; + let stream_id = u8::read(r)?; + u8::read(r)?; + let key_set_direction_sub_stream = u8::read(r)?; + let key_set = key_set_direction_sub_stream & KEY_SET_MASK; + let key_direction = key_set_direction_sub_stream & KEY_DIRECTION_MASK; + let key_sub_stream = key_set_direction_sub_stream & KEY_SUB_STREAM_MASK; + if key_sub_stream != KEY_SUB_STREAM_PR + && key_sub_stream != KEY_SUB_STREAM_NPR + && key_sub_stream != KEY_SUB_STREAM_CPL + { + return None; + } + let port_index = u8::read(r)?; + let key_iv = Aes256GcmKeyBuffer::read(r)?; + + Some(Self { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + key_iv, + }) + } +} + +#[allow(non_camel_case_types)] +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +pub enum KpAckStatus { + SUCCESS, + INCORRECT_LENGTH, + UNSUPPORTED_PORT_INDEX, + UNSUPPORTED_VALUE, + UNSPECIFIED_FAILURE, +} + +impl Default for KpAckStatus { + fn default() -> Self { + Self::UNSPECIFIED_FAILURE + } +} + +impl From for u8 { + fn from(status: KpAckStatus) -> Self { + match status { + KpAckStatus::SUCCESS => 0, + KpAckStatus::INCORRECT_LENGTH => 1, + KpAckStatus::UNSUPPORTED_PORT_INDEX => 2, + KpAckStatus::UNSUPPORTED_VALUE => 3, + KpAckStatus::UNSPECIFIED_FAILURE => 4, + } + } +} + +impl TryFrom for KpAckStatus { + type Error = (); + fn try_from(untrusted_status: u8) -> Result>::Error> { + match untrusted_status { + 0 => Ok(KpAckStatus::SUCCESS), + 1 => Ok(KpAckStatus::INCORRECT_LENGTH), + 2 => Ok(KpAckStatus::UNSUPPORTED_PORT_INDEX), + 3 => Ok(KpAckStatus::UNSUPPORTED_VALUE), + 4 => Ok(KpAckStatus::UNSPECIFIED_FAILURE), + _ => Err(()), + } + } +} + +impl Codec for KpAckStatus { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += u8::from(*self).encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let status = u8::read(r)?; + KpAckStatus::try_from(status).ok() + } +} + +#[derive(Debug, Default)] +pub struct KpAckDataObject { + pub stream_id: u8, + pub status: KpAckStatus, + pub key_set: u8, + pub key_direction: u8, + pub key_sub_stream: u8, + pub port_index: u8, +} + +impl Codec for KpAckDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += KP_ACK_OBJECT_ID.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.stream_id.encode(bytes)?; + cnt += self.status.encode(bytes)?; + cnt += (self.key_set | self.key_direction | self.key_sub_stream).encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != KP_ACK_OBJECT_ID { + return None; + } + u16::read(r)?; + let stream_id = u8::read(r)?; + let status = KpAckStatus::read(r)?; + let key_set_direction_sub_stream = u8::read(r)?; + let key_set = key_set_direction_sub_stream & KEY_SET_MASK; + let key_direction = key_set_direction_sub_stream & KEY_DIRECTION_MASK; + let key_sub_stream = key_set_direction_sub_stream & KEY_SUB_STREAM_MASK; + if key_sub_stream != KEY_SUB_STREAM_PR + && key_sub_stream != KEY_SUB_STREAM_NPR + && key_sub_stream != KEY_SUB_STREAM_CPL + { + return None; + } + let port_index = u8::read(r)?; + + Some(Self { + stream_id, + status, + key_set, + key_direction, + key_sub_stream, + port_index, + }) + } +} + +#[derive(Debug, Default)] +pub struct KSetGoDataObject { + pub stream_id: u8, + pub key_set: u8, + pub key_direction: u8, + pub key_sub_stream: u8, + pub port_index: u8, +} + +impl Codec for KSetGoDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += K_SET_GO_OBJECT_ID.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.stream_id.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += (self.key_set | self.key_direction | self.key_sub_stream).encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != K_SET_GO_OBJECT_ID { + return None; + } + u16::read(r)?; + let stream_id = u8::read(r)?; + u8::read(r)?; + let key_set_direction_sub_stream = u8::read(r)?; + let key_set = key_set_direction_sub_stream & KEY_SET_MASK; + let key_direction = key_set_direction_sub_stream & KEY_DIRECTION_MASK; + let key_sub_stream = key_set_direction_sub_stream & KEY_SUB_STREAM_MASK; + if key_sub_stream != KEY_SUB_STREAM_PR + && key_sub_stream != KEY_SUB_STREAM_NPR + && key_sub_stream != KEY_SUB_STREAM_CPL + { + return None; + } + let port_index = u8::read(r)?; + + Some(Self { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + }) + } +} + +#[derive(Debug, Default)] +pub struct KSetStopDataObject { + pub stream_id: u8, + pub key_set: u8, + pub key_direction: u8, + pub key_sub_stream: u8, + pub port_index: u8, +} + +impl Codec for KSetStopDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += K_SET_STOP_OBJECT_ID.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.stream_id.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += (self.key_set | self.key_direction | self.key_sub_stream).encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != K_SET_STOP_OBJECT_ID { + return None; + } + u16::read(r)?; + let stream_id = u8::read(r)?; + u8::read(r)?; + let key_set_direction_sub_stream = u8::read(r)?; + let key_set = key_set_direction_sub_stream & KEY_SET_MASK; + let key_direction = key_set_direction_sub_stream & KEY_DIRECTION_MASK; + let key_sub_stream = key_set_direction_sub_stream & KEY_SUB_STREAM_MASK; + if key_sub_stream != KEY_SUB_STREAM_PR + && key_sub_stream != KEY_SUB_STREAM_NPR + && key_sub_stream != KEY_SUB_STREAM_CPL + { + return None; + } + let port_index = u8::read(r)?; + + Some(Self { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + }) + } +} + +#[derive(Debug, Default)] +pub struct KGoStopAckDataObject { + pub stream_id: u8, + pub key_set: u8, + pub key_direction: u8, + pub key_sub_stream: u8, + pub port_index: u8, +} + +impl Codec for KGoStopAckDataObject { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += IDEKM_PROTOCOL_ID.encode(bytes)?; + cnt += K_GOSTOP_ACK_OBJECT_ID.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.stream_id.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + cnt += (self.key_set | self.key_direction | self.key_sub_stream).encode(bytes)?; + cnt += self.port_index.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != IDEKM_PROTOCOL_ID { + return None; + } + let object_id = u8::read(r)?; + if object_id != K_GOSTOP_ACK_OBJECT_ID { + return None; + } + u16::read(r)?; + let stream_id = u8::read(r)?; + u8::read(r)?; + let key_set_direction_sub_stream = u8::read(r)?; + let key_set = key_set_direction_sub_stream & KEY_SET_MASK; + let key_direction = key_set_direction_sub_stream & KEY_DIRECTION_MASK; + let key_sub_stream = key_set_direction_sub_stream & KEY_SUB_STREAM_MASK; + if key_sub_stream != KEY_SUB_STREAM_PR + && key_sub_stream != KEY_SUB_STREAM_NPR + && key_sub_stream != KEY_SUB_STREAM_CPL + { + return None; + } + let port_index = u8::read(r)?; + + Some(Self { + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + }) + } +} + +pub const STANDARD_ID: RegistryOrStandardsBodyID = RegistryOrStandardsBodyID::PCISIG; + +#[inline] +pub const fn vendor_id() -> VendorIDStruct { + let mut vendor_idstruct = VendorIDStruct { + len: 2, + vendor_id: [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], + }; + + vendor_idstruct.vendor_id[0] = 0x01; + + vendor_idstruct +} diff --git a/mctp_transport/Cargo.toml b/mctp_transport/Cargo.toml new file mode 100644 index 0000000..7b824ef --- /dev/null +++ b/mctp_transport/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "mctp_transport" +version = "0.1.0" +authors = [ + "Xiaoyu Lu ", + "Jiewen Yao " + ] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +spin = { version = "0.9.8" } +codec = {path= "../codec"} +spdmlib = { path = "../spdmlib", default-features = false} +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +executor = { path = "../executor" } +maybe-async = "0.2.7" + +[features] +is_sync = ["spdmlib/is_sync", "maybe-async/is_sync"] \ No newline at end of file diff --git a/mctp_transport/src/header.rs b/mctp_transport/src/header.rs new file mode 100644 index 0000000..666ec20 --- /dev/null +++ b/mctp_transport/src/header.rs @@ -0,0 +1,354 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmTransportEncap; +use spdmlib::error::{ + SpdmResult, SPDM_STATUS_DECAP_APP_FAIL, SPDM_STATUS_DECAP_FAIL, SPDM_STATUS_ENCAP_APP_FAIL, + SPDM_STATUS_ENCAP_FAIL, +}; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::Deref; +use core::ops::DerefMut; +use spin::Mutex; + +enum_builder! { + @U8 + EnumName: MctpMessageType; + EnumVal{ + MctpMessageTypeMctpControl => 0x00, + MctpMessageTypePldm => 0x01, + MctpMessageTypeNcsi => 0x02, + MctpMessageTypeEthernet => 0x03, + MctpMessageTypeNvme => 0x04, + MctpMessageTypeSpdm => 0x05, + MctpMessageTypeSecuredMctp => 0x06, + MctpMessageTypeVendorDefinedPci => 0x7E, + MctpMessageTypeVendorDefinedIana => 0x7F + } +} +impl Default for MctpMessageType { + fn default() -> MctpMessageType { + MctpMessageType::MctpMessageTypeMctpControl + } +} + +#[derive(Debug, Copy, Clone, Default)] +pub struct MctpMessageHeader { + pub r#type: MctpMessageType, +} + +impl Codec for MctpMessageHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + self.r#type.encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let r#type = MctpMessageType::read(r)?; + Some(MctpMessageHeader { r#type }) + } +} + +#[derive(Debug, Copy, Clone, Default)] +pub struct MctpTransportEncap {} + +#[maybe_async::maybe_async] +impl SpdmTransportEncap for MctpTransportEncap { + async fn encap( + &mut self, + spdm_buffer: Arc<&[u8]>, + transport_buffer: Arc>, + secured_message: bool, + ) -> SpdmResult { + let payload_len = spdm_buffer.len(); + let mut transport_buffer = transport_buffer.lock(); + let transport_buffer = transport_buffer.deref_mut(); + let mut writer = Writer::init(transport_buffer); + let mctp_header = MctpMessageHeader { + r#type: if secured_message { + MctpMessageType::MctpMessageTypeSecuredMctp + } else { + MctpMessageType::MctpMessageTypeSpdm + }, + }; + mctp_header + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_ENCAP_FAIL)?; + let header_size = writer.used(); + if transport_buffer.len() < header_size + payload_len { + return Err(SPDM_STATUS_ENCAP_FAIL); + } + transport_buffer[header_size..(header_size + payload_len)].copy_from_slice(&spdm_buffer); + Ok(header_size + payload_len) + } + + async fn decap( + &mut self, + transport_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let transport_buffer: &[u8] = transport_buffer.deref(); + let mut reader = Reader::init(transport_buffer); + let secured_message; + match MctpMessageHeader::read(&mut reader) { + Some(mctp_header) => match mctp_header.r#type { + MctpMessageType::MctpMessageTypeSpdm => { + secured_message = false; + } + MctpMessageType::MctpMessageTypeSecuredMctp => { + secured_message = true; + } + _ => return Err(SPDM_STATUS_DECAP_FAIL), + }, + None => return Err(SPDM_STATUS_DECAP_FAIL), + } + let header_size = reader.used(); + let payload_size = transport_buffer.len() - header_size; + let mut spdm_buffer = spdm_buffer.lock(); + let spdm_buffer = spdm_buffer.deref_mut(); + if spdm_buffer.len() < payload_size { + return Err(SPDM_STATUS_DECAP_FAIL); + } + let payload = &transport_buffer[header_size..]; + spdm_buffer[..payload_size].copy_from_slice(payload); + Ok((payload_size, secured_message)) + } + + async fn encap_app( + &mut self, + spdm_buffer: Arc<&[u8]>, + app_buffer: Arc>, + is_app_message: bool, + ) -> SpdmResult { + let payload_len = spdm_buffer.len(); + let mut app_buffer = app_buffer.lock(); + let app_buffer = app_buffer.deref_mut(); + let mut writer = Writer::init(app_buffer); + let mctp_header = if is_app_message { + MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypePldm, + } + } else { + MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypeSpdm, + } + }; + mctp_header + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_ENCAP_APP_FAIL)?; + let header_size = writer.used(); + if app_buffer.len() < header_size + payload_len { + return Err(SPDM_STATUS_ENCAP_APP_FAIL); + } + app_buffer[header_size..(header_size + payload_len)].copy_from_slice(&spdm_buffer); + Ok(header_size + payload_len) + } + + async fn decap_app( + &mut self, + app_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let mut reader = Reader::init(&app_buffer); + let mut is_app_mesaage = false; + match MctpMessageHeader::read(&mut reader) { + Some(mctp_header) => match mctp_header.r#type { + MctpMessageType::MctpMessageTypeSpdm => {} + MctpMessageType::MctpMessageTypePldm => { + is_app_mesaage = true; + } + _ => return Err(SPDM_STATUS_DECAP_APP_FAIL), + }, + None => return Err(SPDM_STATUS_DECAP_APP_FAIL), + } + let header_size = reader.used(); + let payload_size = app_buffer.len() - header_size; + let mut spdm_buffer = spdm_buffer.lock(); + let spdm_buffer = spdm_buffer.deref_mut(); + if spdm_buffer.len() < payload_size { + return Err(SPDM_STATUS_DECAP_APP_FAIL); + } + let payload = &app_buffer[header_size..]; + spdm_buffer[..payload_size].copy_from_slice(payload); + Ok((payload_size, is_app_mesaage)) + } + + fn get_sequence_number_count(&mut self) -> u8 { + 2 + } + fn get_max_random_count(&mut self) -> u16 { + 32 + } +} + +#[cfg(test)] +mod tests { + use spdmlib::config; + + use super::*; + + #[test] + fn test_case0_mctpmessageheader() { + let u8_slice = &mut [0u8; 1]; + let mut writer = Writer::init(u8_slice); + let value = MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypeMctpControl, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(1, reader.left()); + let mctp_message_header = MctpMessageHeader::read(&mut reader).unwrap(); + assert_eq!(0, reader.left()); + assert_eq!( + mctp_message_header.r#type, + MctpMessageType::MctpMessageTypeMctpControl + ); + } + #[test] + fn test_case0_encap() { + use crate::header::tests::alloc::sync::Arc; + extern crate alloc; + use core::ops::DerefMut; + use spin::Mutex; + + { + let mut mctp_transport_encap = MctpTransportEncap {}; + let mut transport_buffer = [100u8; config::SENDER_BUFFER_SIZE]; + let spdm_buffer = [100u8; config::MAX_SPDM_MSG_SIZE]; + + let status = executor::block_on(mctp_transport_encap.encap( + &spdm_buffer, + &mut transport_buffer, + false, + )) + .is_ok(); + assert!(status); + } + + { + let mut mctp_transport_encap = MctpTransportEncap {}; + let mut transport_buffer = [100u8; config::SENDER_BUFFER_SIZE]; + let spdm_buffer = [100u8; config::MAX_SPDM_MSG_SIZE]; + + let status = executor::block_on(mctp_transport_encap.encap( + &spdm_buffer, + &mut transport_buffer, + true, + )) + .is_ok(); + assert!(status); + } + + { + let mut mctp_transport_encap = MctpTransportEncap {}; + let mut transport_buffer = [100u8; config::SENDER_BUFFER_SIZE]; + let spdm_buffer = [100u8; config::SENDER_BUFFER_SIZE]; + + let status = executor::block_on(mctp_transport_encap.encap( + &spdm_buffer, + &mut transport_buffer, + true, + )) + .is_ok(); + assert!(status); + } + } + #[test] + fn test_case0_decap() { + let mut mctp_transport_encap = MctpTransportEncap {}; + + let mut spdm_buffer = [100u8; config::MAX_SPDM_MSG_SIZE]; + + let transport_buffer = &mut [0u8; 10]; + + let status = + executor::block_on(mctp_transport_encap.decap(transport_buffer, &mut spdm_buffer)) + .is_err(); + assert!(status); + + let mut writer = Writer::init(transport_buffer); + let value = MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypeSpdm, + }; + assert!(value.encode(&mut writer).is_ok()); + + let status = + executor::block_on(mctp_transport_encap.decap(transport_buffer, &mut spdm_buffer)) + .is_ok(); + assert!(status); + + let transport_buffer = &mut [0u8; 2]; + let mut writer = Writer::init(transport_buffer); + let value = MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypeSecuredMctp, + }; + assert!(value.encode(&mut writer).is_ok()); + + let status = + executor::block_on(mctp_transport_encap.decap(transport_buffer, &mut spdm_buffer)) + .is_ok(); + assert!(status); + } + #[test] + fn test_case0_encap_app() { + let mut mctp_transport_encap = MctpTransportEncap {}; + let mut app_buffer = [0u8; 100]; + let spdm_buffer = [0u8; 10]; + + let status = executor::block_on(mctp_transport_encap.encap_app( + &spdm_buffer, + &mut app_buffer, + false, + )) + .is_ok(); + assert!(status); + + let spdm_buffer = [100u8; config::MAX_SPDM_MSG_SIZE]; + + let status = executor::block_on(mctp_transport_encap.encap_app( + &spdm_buffer, + &mut app_buffer, + false, + )) + .is_err(); + assert!(status); + } + #[test] + fn test_case0_decap_app() { + let mut mctp_transport_encap = MctpTransportEncap {}; + + let mut spdm_buffer = [100u8; config::MAX_SPDM_MSG_SIZE]; + + let transport_buffer = &mut [0u8; 10]; + + let status = + executor::block_on(mctp_transport_encap.decap_app(transport_buffer, &mut spdm_buffer)) + .is_err(); + assert!(status); + + let mut writer = Writer::init(transport_buffer); + let value = MctpMessageHeader { + r#type: MctpMessageType::MctpMessageTypeSpdm, + }; + assert!(value.encode(&mut writer).is_ok()); + + let status = + executor::block_on(mctp_transport_encap.decap_app(transport_buffer, &mut spdm_buffer)) + .is_ok(); + assert!(status); + } + #[test] + fn test_case0_get_sequence_number_count() { + let mut mctp_transport_encap = MctpTransportEncap {}; + assert_eq!(mctp_transport_encap.get_sequence_number_count(), 2); + } + #[test] + fn test_case0_get_max_random_count() { + let mut mctp_transport_encap = MctpTransportEncap {}; + assert_eq!(mctp_transport_encap.get_max_random_count(), 32); + } +} diff --git a/mctp_transport/src/lib.rs b/mctp_transport/src/lib.rs new file mode 100644 index 0000000..0810cc4 --- /dev/null +++ b/mctp_transport/src/lib.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![no_std] + +mod header; +pub use header::*; + +extern crate codec; + +pub const MCTP_TRANSPORT_STACK_SIZE: usize = + core::mem::size_of::() + core::mem::size_of::() * 256; // for general stack case; diff --git a/pcidoe_transport/Cargo.toml b/pcidoe_transport/Cargo.toml new file mode 100644 index 0000000..373b2bc --- /dev/null +++ b/pcidoe_transport/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "pcidoe_transport" +version = "0.1.0" +authors = [ + "Xiaoyu Lu ", + "Jiewen Yao " + ] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +codec = {path= "../codec"} +spdmlib = { path = "../spdmlib", default-features = false} +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +spin = { version = "0.9.8" } +maybe-async = "0.2.7" + +[features] +is_sync = ["spdmlib/is_sync", "maybe-async/is_sync"] \ No newline at end of file diff --git a/pcidoe_transport/src/header.rs b/pcidoe_transport/src/header.rs new file mode 100644 index 0000000..f54fa2e --- /dev/null +++ b/pcidoe_transport/src/header.rs @@ -0,0 +1,287 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; +use core::ops::DerefMut; +use spdmlib::common::SpdmTransportEncap; +use spdmlib::error::{SpdmResult, SPDM_STATUS_DECAP_FAIL, SPDM_STATUS_ENCAP_FAIL}; +use spin::Mutex; + +enum_builder! { + @U16 + EnumName: PciDoeVendorId; + EnumVal{ + PciDoeVendorIdPciSig => 0x0001 + } +} +impl Default for PciDoeVendorId { + fn default() -> PciDoeVendorId { + PciDoeVendorId::Unknown(0) + } +} + +enum_builder! { + @U8 + EnumName: PciDoeDataObjectType; + EnumVal{ + PciDoeDataObjectTypeDoeDiscovery => 0x00, + PciDoeDataObjectTypeSpdm => 0x01, + PciDoeDataObjectTypeSecuredSpdm => 0x02 + } +} +impl Default for PciDoeDataObjectType { + fn default() -> PciDoeDataObjectType { + PciDoeDataObjectType::Unknown(0) + } +} + +#[derive(Debug, Copy, Clone, Default)] +pub struct PciDoeMessageHeader { + pub vendor_id: PciDoeVendorId, + pub data_object_type: PciDoeDataObjectType, + pub payload_length: u32, // in bytes +} + +impl Codec for PciDoeMessageHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.vendor_id.encode(bytes)?; + cnt += self.data_object_type.encode(bytes)?; + cnt += 0u8.encode(bytes)?; + let mut length = (self.payload_length + 8) >> 2; + if length > 0x40000 { + panic!(); + } + if length == 0x40000 { + length = 0; + } + cnt += length.encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let vendor_id = PciDoeVendorId::read(r)?; + let data_object_type = PciDoeDataObjectType::read(r)?; + u8::read(r)?; + let mut length = u32::read(r)?; + length &= 0x3ffff; + if length == 0 { + length = 0x40000; + } + if length < 2 { + return None; + } + let payload_length = (length << 2).checked_sub(8)?; + Some(PciDoeMessageHeader { + vendor_id, + data_object_type, + payload_length, + }) + } +} + +#[derive(Debug, Copy, Clone, Default)] +pub struct PciDoeTransportEncap {} + +#[maybe_async::maybe_async] +impl SpdmTransportEncap for PciDoeTransportEncap { + async fn encap( + &mut self, + spdm_buffer: Arc<&[u8]>, + transport_buffer: Arc>, + secured_message: bool, + ) -> SpdmResult { + let payload_len = spdm_buffer.len(); + let aligned_payload_len = (payload_len + 3) / 4 * 4; + let mut transport_buffer = transport_buffer.lock(); + let transport_buffer = transport_buffer.deref_mut(); + let mut writer = Writer::init(transport_buffer); + let pcidoe_header = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: if secured_message { + PciDoeDataObjectType::PciDoeDataObjectTypeSecuredSpdm + } else { + PciDoeDataObjectType::PciDoeDataObjectTypeSpdm + }, + payload_length: aligned_payload_len as u32, + }; + pcidoe_header + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_ENCAP_FAIL)?; + let header_size = writer.used(); + if transport_buffer.len() < header_size + aligned_payload_len { + return Err(SPDM_STATUS_ENCAP_FAIL); + } + transport_buffer[header_size..(header_size + payload_len)].copy_from_slice(&spdm_buffer); + Ok(header_size + aligned_payload_len) + } + + async fn decap( + &mut self, + transport_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let mut reader = Reader::init(&transport_buffer); + let pcidoe_header: PciDoeMessageHeader = + PciDoeMessageHeader::read(&mut reader).ok_or(SPDM_STATUS_DECAP_FAIL)?; + match pcidoe_header.vendor_id { + PciDoeVendorId::PciDoeVendorIdPciSig => {} + _ => return Err(SPDM_STATUS_DECAP_FAIL), + } + let secured_message = match pcidoe_header.data_object_type { + PciDoeDataObjectType::PciDoeDataObjectTypeSpdm => false, + PciDoeDataObjectType::PciDoeDataObjectTypeSecuredSpdm => true, + _ => return Err(SPDM_STATUS_DECAP_FAIL), + }; + let header_size = reader.used(); + let payload_size = pcidoe_header.payload_length as usize; + if transport_buffer.len() < header_size + payload_size { + return Err(SPDM_STATUS_DECAP_FAIL); + } + let mut spdm_buffer = spdm_buffer.lock(); + let spdm_buffer = spdm_buffer.deref_mut(); + if spdm_buffer.len() < payload_size { + return Err(SPDM_STATUS_DECAP_FAIL); + } + let payload = &transport_buffer[header_size..(header_size + payload_size)]; + spdm_buffer[..payload_size].copy_from_slice(payload); + Ok((payload_size, secured_message)) + } + + async fn encap_app( + &mut self, + spdm_buffer: Arc<&[u8]>, + app_buffer: Arc>, + _is_app_message: bool, + ) -> SpdmResult { + let mut app_buffer = app_buffer.lock(); + let app_buffer = app_buffer.deref_mut(); + app_buffer[0..spdm_buffer.len()].copy_from_slice(&spdm_buffer); + Ok(spdm_buffer.len()) + } + + async fn decap_app( + &mut self, + app_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let mut spdm_buffer = spdm_buffer.lock(); + let spdm_buffer = spdm_buffer.deref_mut(); + spdm_buffer[0..app_buffer.len()].copy_from_slice(&app_buffer); + Ok((app_buffer.len(), false)) + } + + fn get_sequence_number_count(&mut self) -> u8 { + 0 + } + fn get_max_random_count(&mut self) -> u16 { + 0 + } +} + +#[cfg(test)] +mod tests_header { + use super::*; + + #[test] + fn test_case0_mctpmessageheader() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 100, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + let pcidoemessageheader = PciDoeMessageHeader::read(&mut reader).unwrap(); + assert_eq!(0, reader.left()); + assert_eq!( + pcidoemessageheader.vendor_id, + PciDoeVendorId::PciDoeVendorIdPciSig + ); + assert_eq!( + pcidoemessageheader.data_object_type, + PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery + ); + assert_eq!(pcidoemessageheader.payload_length, 100); + } + #[test] + fn test_case1_mctpmessageheader() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 0xffff8, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + let pcidoemessageheader = PciDoeMessageHeader::read(&mut reader).unwrap(); + assert_eq!(pcidoemessageheader.payload_length, 0xffff8); + } + #[test] + fn test_case2_mctpmessageheader() { + let u8_slice = &mut [0u8; 10]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 0, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + let pcidoemessageheader = PciDoeMessageHeader::read(&mut reader).unwrap(); + assert_eq!(2, reader.left()); + assert_eq!(pcidoemessageheader.payload_length, 0); + } + #[test] + fn test_case3_mctpmessageheader() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 0x100, + }; + + assert!(value.encode(&mut writer).is_ok()); + assert_eq!(0, writer.left()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + let pcidoemessageheader = PciDoeMessageHeader::read(&mut reader); + assert_eq!(0, reader.left()); + assert_eq!(pcidoemessageheader.is_none(), true); + } + #[test] + #[should_panic] + fn test_case4_mctpmessageheader() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 0xffffffff, + }; + assert!(value.encode(&mut writer).is_ok()); + } + #[test] + #[should_panic] + fn test_case5_mctpmessageheader() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 0xf00000, + }; + assert!(value.encode(&mut writer).is_ok()); + } +} diff --git a/pcidoe_transport/src/lib.rs b/pcidoe_transport/src/lib.rs new file mode 100644 index 0000000..f1de0b4 --- /dev/null +++ b/pcidoe_transport/src/lib.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![no_std] + +mod header; +pub use header::*; + +extern crate codec; + +pub const PCIDOE_TRANSPORT_STACK_SIZE: usize = + core::mem::size_of::() + core::mem::size_of::() * 256; // for general stack case; diff --git a/rust-toolchain b/rust-toolchain new file mode 100644 index 0000000..5f169ab --- /dev/null +++ b/rust-toolchain @@ -0,0 +1 @@ +nightly-2023-08-28 diff --git a/sh_script/build.sh b/sh_script/build.sh new file mode 100644 index 0000000..bc42fd9 --- /dev/null +++ b/sh_script/build.sh @@ -0,0 +1,255 @@ +#!/bin/bash + +set -euo pipefail + +export RUST_MIN_STACK=10485760 + +usage() { + cat < int: + match = re.search(pattern, s, re.DOTALL) + assert match + value = match.group(1) + return int(value) + + +def run_exec(shell_cmd: str, result_queue) -> str: + r = subprocess.run(shell_cmd, shell=True, stdout=subprocess.PIPE, ) + out = r.stdout.decode().strip() + result_queue.put(out) + return out + + +def memory_usage(name, requester_cmd, responder_cmd) -> (str, int, int, int): + result_responder = queue.Queue() + result_requester = queue.Queue() + + responder = threading.Thread( + target=run_exec, args=(responder_cmd, result_responder)) + responder.start() + time.sleep(10) + requester = threading.Thread( + target=run_exec, args=(requester_cmd, result_requester)) + requester.start() + + requester.join() + responder.join() + + out_responder = result_responder.get() + out_requester = result_requester.get() + + max_stack_usage_responder = parse_number( + out_responder, r"max stack usage: (\d+)") + max_heap_usage_responder = parse_number( + out_responder, r"max heap usage: (\d+)") + max_stack_usage_requester = parse_number( + out_requester, r"max stack usage: (\d+)") + max_heap_usage_requester = parse_number( + out_requester, r"max heap usage: (\d+)") + + return (name, max_stack_usage_requester, max_heap_usage_requester, max_stack_usage_responder, max_heap_usage_responder) + + +def main(): + test_vector = [ + ( + "async-executor + release ", + "cargo run --release -p spdm-requester-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-executor,test_stack_size,test_heap_size", + "cargo run --release -p spdm-responder-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-executor,test_stack_size,test_heap_size" + ), + ( + "async-tokio + release ", + "cargo run --release -p spdm-requester-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-tokio,test_stack_size,test_heap_size", + "cargo run --release -p spdm-responder-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-tokio,test_stack_size,test_heap_size" + ), + ( + "async-executor + releas + raw transcript", + "cargo run --release -p spdm-requester-emu --no-default-features --features=spdm-ring,async-executor,test_stack_size,test_heap_size", + "cargo run --release -p spdm-responder-emu --no-default-features --features=spdm-ring,async-executor,test_stack_size,test_heap_size" + ), + ( + "sync + release ", + "cargo run --release -p spdm-requester-emu --no-default-features --features=spdm-ring,hashed-transcript-data,test_stack_size,test_heap_size,is_sync", + "cargo run --release -p spdm-responder-emu --no-default-features --features=spdm-ring,hashed-transcript-data,test_stack_size,test_heap_size,is_sync" + ), + ( + "sync + release + raw transcript ", + "cargo run --release -p spdm-requester-emu --no-default-features --features=spdm-ring,test_stack_size,test_heap_size,is_sync", + "cargo run --release -p spdm-responder-emu --no-default-features --features=spdm-ring,test_stack_size,test_heap_size,is_sync" + ), + + ( + "async-executor + debug ", + "cargo run -p spdm-requester-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-executor,test_stack_size,test_heap_size", + "cargo run -p spdm-responder-emu --no-default-features --features=spdm-ring,hashed-transcript-data,async-executor,test_stack_size,test_heap_size" + ), + + ( + "sync + debug ", + "cargo run -p spdm-requester-emu --no-default-features --features=spdm-ring,hashed-transcript-data,test_stack_size,test_heap_size,is_sync", + "cargo run -p spdm-responder-emu --no-default-features --features=spdm-ring,hashed-transcript-data,test_stack_size,test_heap_size,is_sync" + ), + + ] + results = [] + for t in test_vector: + result = memory_usage(*t) + results.append(result) + + print(""" +| | Requester | Responder | +| | stack | heap | stack | heap | +| -------------------------------------- |-----------|-----------|-----------|-----------|""") + for r in results: + print( + "|{}| {:10}| {:10}| {:10}| {:10}|".format(*r)) + + +if __name__ == "__main__": + main() diff --git a/sh_script/fuzz_run.sh b/sh_script/fuzz_run.sh new file mode 100644 index 0000000..cbca3c2 --- /dev/null +++ b/sh_script/fuzz_run.sh @@ -0,0 +1,229 @@ +#!/bin/bash + +# pkill screen + +set -eo pipefail + +usage() { + cat < Run specific fuzz + -h Show help info +EOM + exit 0 +} + +EACH_FUZZ_TIMEOUT=${EACH_FUZZ_TIMEOUT:-10} +FUZZ_HASH_TRANSCRIPT_DATA_FEATURE=${FUZZ_HASH_TRANSCRIPT_DATA_FEATURE:-true} +FUZZ_MUT_AUTH_FEATURE=${FUZZ_MUT_AUTH_FEATURE:-true} +coverage_type="" + +process_args() { + while getopts ":bc:n:h" option; do + case "${option}" in + c) coverage_type=${OPTARG} ;; + b) build_only="true" ;; + n) fuzz_target_name=${OPTARG} ;; + h) usage ;; + *) ;; + esac + done +} + +process_args "$@" + +if [[ ! $PWD =~ rust-spdm$ ]]; then + pushd .. +fi + +if [ ! -d "fuzz-target/out" ]; then + mkdir fuzz-target/out +else # add rm mkdir: + rm -rf fuzz-target/out + mkdir -p fuzz-target/out +fi + +for i in fuzz-target/out/*; do + + if [[ ! -f $i/default/crashes ]]; then + break + fi + + if [[ "$(ls -A "$i"/default/crashes)" != "" ]]; then + echo -e "\033[31m There are some crashes \033[0m" + echo -e "\033[31m Path in fuzz-target/out/$i/default/crashes \033[0m" + exit + fi +done + +if [ ! "${build_only}" ]; then + if [ "core" != "$(cat /proc/sys/kernel/core_pattern)" ]; then + if [ "$(id -u)" -ne 0 ]; then + sudo su - root </proc/sys/kernel/core_pattern; + pushd /sys/devices/system/cpu; + echo performance | tee cpu*/cpufreq/scaling_governor; + popd; + echo "root path is $PWD"; + exit; +EOF + else + echo core >/proc/sys/kernel/core_pattern + pushd /sys/devices/system/cpu + echo performance | tee cpu*/cpufreq/scaling_governor + popd + fi + fi +fi + +rm -rf fuzz-target/out/* +cmds=( + "version_rsp" + "capability_rsp" + "algorithm_rsp" + "digest_rsp" + "certificate_rsp" + "challenge_rsp" + "measurement_rsp" + "keyexchange_rsp" + "pskexchange_rsp" + "finish_rsp" + "psk_finish_rsp" + "heartbeat_rsp" + "key_update_rsp" + "end_session_rsp" + "vendor_rsp" + "version_req" + "capability_req" + "algorithm_req" + "digest_req" + "certificate_req" + "challenge_req" #remove cert_chain = RSP_CERT_CHAIN_BUFF >> OK + "measurement_req" + "key_exchange_req" #remove cert_chain = RSP_CERT_CHAIN_BUFF >> OK + "psk_exchange_req" #remove cert_chain = RSP_CERT_CHAIN_BUFF >> OK + "finish_req" #remove cert_chain = RSP_CERT_CHAIN_BUFF >> OK + "psk_finish_req" + "heartbeat_req" + "key_update_req" + "end_session_req" + "vendor_req" +) + +mut_auth_cmds=( + "deliver_encapsulated_response_digest_rsp" + "deliver_encapsulated_response_certificate_rsp" + "get_encapsulated_request_rsp" + "deliver_encapsulated_response_rsp" + "encapsulated_request_digest_req" + "encapsulated_request_certificate_req" + "encapsulated_request_req" +) + +buildpackage='' +for i in "${cmds[@]}"; do + buildpackage="-p $i $buildpackage" +done + +if [ "${FUZZ_MUT_AUTH_FEATURE}" == "true" ]; then + for i in "${mut_auth_cmds[@]}"; do + buildpackage="-p $i $buildpackage" + done +fi + +if [[ $coverage_type == "Scoverage" ]]; then + echo "$coverage_type" + export RUSTFLAGS="-C instrument-coverage" + export LLVM_PROFILE_FILE='fuzz_run-%p-%m.profraw' +fi + +if [[ $coverage_type == "Gcoverage" ]]; then + echo "$coverage_type" + export CARGO_INCREMENTAL=0 + export RUSTDOCFLAGS="-Cpanic=abort" + export RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Copt-level=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests -Cpanic=abort" +fi + +if [ "${FUZZ_HASH_TRANSCRIPT_DATA_FEATURE}" == "true" ]; then + FUZZ_NO_DEFAULT_FEATURES= +else + FUZZ_NO_DEFAULT_FEATURES="--no-default-features" +fi + +if [ "${FUZZ_MUT_AUTH_FEATURE}" == "true" ]; then + MUT_AUTH_FEATURE=mut-auth +else + MUT_AUTH_FEATURE= +fi + +if [[ $fuzz_target_name ]]; then + set -x + cargo afl build --features "fuzz ${MUT_AUTH_FEATURE}" ${FUZZ_NO_DEFAULT_FEATURES} -p "$fuzz_target_name" + set +x +else + set -x + cargo afl build --features "fuzz ${MUT_AUTH_FEATURE}" ${FUZZ_NO_DEFAULT_FEATURES} $buildpackage + set -x +fi + +run_fuzz_target() { + fuzz_target_name=$1 + fuzz_target_out_dir="${CARGO_TARGET_DIR:-target}"/fuzz-target/out/${fuzz_target_name} + mkdir -p "$fuzz_target_out_dir" + + set -x + cargo afl fuzz -V "${EACH_FUZZ_TIMEOUT}" -i fuzz-target/in/"${fuzz_target_name}" -o "$fuzz_target_out_dir" "${CARGO_TARGET_DIR:-target}"/debug/"${fuzz_target_name}" + set +x + + # Test for crash + if [ -z "$(ls -A "$fuzz_target_out_dir"/default/crashes)" ]; then + echo "fuzzing ${fuzz_target_name} test PASS in ${EACH_FUZZ_TIMEOUT} seconds..." + else + echo "fuzzing ${fuzz_target_name} test FAILED in ${EACH_FUZZ_TIMEOUT} seconds..." + for file in $(find $fuzz_target_out_dir/default/crashes -type f -name "id*" -print); do + echo "Crash file [encode_base64_string]: (between ========= and =========)" + echo "=========" + cat "$file" | base64 + echo "=========" + echo "Use echo -n "[encode_base64_string]" | base64 -d > seed.raw to decode, replace [encode_base64_string]" + cargo run -p ${fuzz_target_name} --no-default-features -- $file + done + exit 1 + fi +} + +if [ ! "${build_only}" ]; then + if [[ $fuzz_target_name ]]; then + run_fuzz_target "$fuzz_target_name" + else + for ((i = 0; i < ${#cmds[*]}; i++)); do + run_fuzz_target "${cmds[$i]}" + done + if [ "${FUZZ_MUT_AUTH_FEATURE}" == "true" ]; then + for ((i = 0; i < ${#mut_auth_cmds[*]}; i++)); do + run_fuzz_target "${mut_auth_cmds[$i]}" + done + fi + echo "All fuzzing tests PASS" + fi +fi + +if [[ $coverage_type == "Scoverage" || $coverage_type == "Gcoverage" ]]; then + set -x + rm -rf "${CARGO_TARGET_DIR:-target}"/debug/fuzz_coverage + grcov --branch --guess-directory-when-missing --ignore-not-existing --llvm \ + --output-type html \ + --binary-path "${CARGO_TARGET_DIR:-target}"/debug/ \ + --source-dir ./ \ + --output-path "${CARGO_TARGET_DIR:-target}"/debug/fuzz_coverage \ + "$(find . -name "*.profraw")" + set +x + unset RUSTFLAGS + unset LLVM_PROFILE_FILE + unset CARGO_INCREMENTAL + unset RUSTDOCFLAGS + unset RUSTFLAGS + echo "-------------------over--------------------------" +fi diff --git a/sh_script/pre-build.sh b/sh_script/pre-build.sh new file mode 100644 index 0000000..c820a8c --- /dev/null +++ b/sh_script/pre-build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +format-patch() { + # apply the patch set for ring + pushd external/ring + git reset --hard 464d367252354418a2c17feb806876d4d89a8508 + git clean -xdf + git apply ../patches/ring/0001-Support-x86_64-unknown-none-target.patch + popd + + # apply the patch set for webpki + pushd external/webpki + git reset --hard f84a538a5cd281ba1ffc0d54bbe5824cf5969703 + git clean -xdf + git apply ../patches/webpki/0001-Add-support-for-verifying-certificate-chain-with-EKU.patch + popd +} + +format-patch diff --git a/sh_script/rudra.sh b/sh_script/rudra.sh new file mode 100644 index 0000000..f42eb14 --- /dev/null +++ b/sh_script/rudra.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +type rudra + +if [[ $? != 0 ]]; then + echo -e "\033[31m Please install rudra \033[0m" + exit +fi + +if [[ ! $PWD =~ rust-spdm$ ]];then + pushd .. +fi + +orgin=`cat rust-toolchain` +echo "nightly-2021-08-20" > rust-toolchain +echo $orgin + +paths=( + "codec" + "spdmlib" + "mctp_transport" + "pcidoe_transport" + +) + +for i in ${paths[@]};do +echo $PWD/$i +pushd $PWD/$i +cargo rudra +popd +done + +echo $orgin > rust-toolchain \ No newline at end of file diff --git a/sh_script/switch_root_run_cmd.sh b/sh_script/switch_root_run_cmd.sh new file mode 100644 index 0000000..f9f8fb4 --- /dev/null +++ b/sh_script/switch_root_run_cmd.sh @@ -0,0 +1,10 @@ +#!/usr/bin/expect +spawn su root +expect "Password:" +send "1\r" # Change to you password +send "echo core >/proc/sys/kernel/core_pattern\r" +send "cd /sys/devices/system/cpu\r" +send "echo performance | tee cpu*/cpufreq/scaling_governor\r" + +expect eof +exit diff --git a/sh_script/test_spdm_coverage.sh b/sh_script/test_spdm_coverage.sh new file mode 100644 index 0000000..5fb735b --- /dev/null +++ b/sh_script/test_spdm_coverage.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [[ ! $PWD =~ rust-spdm$ ]];then + pushd .. +fi + +rm -rf ./target + +export RUSTFLAGS="-Zinstrument-coverage" +export LLVM_PROFILE_FILE="rust-spdm-%p%m.profraw" + +cargo build -p spdm-responder-emu -p spdm-requester-emu + +cargo run -p spdm-responder-emu & +cargo run -p spdm-requester-emu + +grcov . -s . --binary-path ./target/debug/ -t html --branch --ignore-not-existing -o ./target/debug/test_spdm_coverage/ \ No newline at end of file diff --git a/sh_script/test_spdm_unit_test_coverage.sh b/sh_script/test_spdm_unit_test_coverage.sh new file mode 100644 index 0000000..bce9bba --- /dev/null +++ b/sh_script/test_spdm_unit_test_coverage.sh @@ -0,0 +1,21 @@ +#!/bin/bash +cargo clean + +if [[ ! $PWD =~ rust-spdm$ ]];then + pushd .. +fi + +git clean -f + +rm -rf ./target *.prof* + +export RUSTFLAGS="-Zinstrument-coverage" +export LLVM_PROFILE_FILE="your_name-%p-%m.profraw" + +cargo build + +cargo test + +grcov . --binary-path ./target/debug/ -s . -t html --branch --ignore-not-existing -o ./target/debug/coverage/ + +grcov . --binary-path ./target/debug/ -s . -t lcov --branch --ignore-not-existing -o ./lcov.infoba \ No newline at end of file diff --git a/spdmlib/.gitignore b/spdmlib/.gitignore new file mode 100644 index 0000000..f0c26c5 --- /dev/null +++ b/spdmlib/.gitignore @@ -0,0 +1 @@ +src/config.rs diff --git a/spdmlib/Cargo.toml b/spdmlib/Cargo.toml new file mode 100644 index 0000000..b7d93ef --- /dev/null +++ b/spdmlib/Cargo.toml @@ -0,0 +1,51 @@ +[package] +name = "spdmlib" +version = "0.1.0" +authors = [ + "Jiewen Yao ", + "Xiaoyu Lu " + ] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +codec = {path= "../codec"} +bitflags = "1.2.1" +log = "0.4.13" +bytes = { version="1", default-features=false } +conquer-once = { version = "0.3.2", default-features = false } +lazy_static = { version = "1.0", features = ["spin_no_std"], optional = true } +ring = { version = "0.17.6", default-features = false, features = ["alloc", "less-safe-getrandom-custom-or-rdrand"], optional = true } +webpki = { version = "0.22.4", default-features = false, features = ["alloc"], optional = true} +untrusted = { version = "0.9.0", optional = true } +zeroize = { version = "1.5.0", features = ["zeroize_derive"]} +maybe-async = "0.2.7" +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +spin = "0" + +[target.'cfg(any(target_os = "uefi", target_os = "none"))'.dependencies] +sys_time = { path = "../sys_time" } + +[build-dependencies] +serde_json = "1.0" +serde = { version = "1.0", features = ["derive"] } +spin = { version = "0.9.8", optional = true } + +[dev-dependencies] +pcidoe_transport = { path = "../pcidoe_transport" } +byteorder = { version = "1.0", default-features = false } +bit_field = "0.10.1" +spin = { version = "0.9.8" } +env_logger = "*" + +[features] +default = ["spdm-ring", "std", "hashed-transcript-data"] +std = ["webpki/std"] +spdm-ring = ["ring", "webpki", "untrusted", "lazy_static", "spin"] +downcast = [] +hashed-transcript-data = [] +mut-auth = [] +mandatory-mut-auth = ["mut-auth"] +is_sync = ["maybe-async/is_sync"] \ No newline at end of file diff --git a/spdmlib/build.rs b/spdmlib/build.rs new file mode 100644 index 0000000..d819a76 --- /dev/null +++ b/spdmlib/build.rs @@ -0,0 +1,207 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use serde::Deserialize; +use std::assert; +use std::env; +use std::io::Write; +use std::path::Path; +use std::{fs, fs::File}; + +#[derive(Debug, PartialEq, Deserialize)] +struct SpdmConfig { + cert_config: SpdmCertConfig, + measurement_config: SpdmMeasurementConfig, + psk_config: SpdmPskConfig, + max_opaque_list_elements_count: usize, + max_session_count: usize, + transport_config: SpdmBufferConfig, + max_spdm_msg_size: usize, + heartbeat_period_value: u8, + max_root_cert_support: usize, +} + +impl SpdmConfig { + fn validate_content(&self) { + // All rust fixed-size arrays require non-negative compile-time constant sizes. + // This will be checked by the compiler thus no need to check again here. + + // We dont support chunking now. + assert!(self.max_spdm_msg_size >= 42); + + // Reserve some space for transport overhead. + // 24 is miniaml requirement: session_id (4) + len (2) + app_len (2) + mac (16) + assert!(self.transport_config.receiver_buffer_size > self.max_spdm_msg_size + 24); + assert!(self.transport_config.sender_buffer_size > self.max_spdm_msg_size + 24); + + assert!(self.cert_config.max_cert_chain_data_size <= 0xFFFF); + // no need to check max_cert_chain_data_size against max_spdm_msg_size + + assert!(self.measurement_config.max_measurement_record_size <= 0xFFFFFF); + assert!(self.measurement_config.max_measurement_val_len <= 0xFFFF - 7); + assert!( + self.measurement_config.max_measurement_record_size + >= 7 + self.measurement_config.max_measurement_val_len + ); + assert!(self.measurement_config.max_measurement_val_len >= 32); + assert!(self.measurement_config.max_measurement_record_size < self.max_spdm_msg_size); + + assert!(self.psk_config.max_psk_context_size >= 32); + assert!(self.psk_config.max_psk_context_size <= 0xFFFF); + assert!(self.psk_config.max_psk_hint_size <= 0xFFFF); + assert!( + self.psk_config.max_psk_context_size + self.psk_config.max_psk_hint_size + < self.max_spdm_msg_size + ); + + // TODO: add more sanity checks if needed. + } +} + +#[derive(Debug, PartialEq, Deserialize)] +struct SpdmCertConfig { + max_cert_chain_data_size: usize, +} + +#[derive(Debug, PartialEq, Deserialize)] +struct SpdmMeasurementConfig { + max_measurement_record_size: usize, + max_measurement_val_len: usize, +} + +#[derive(Debug, PartialEq, Deserialize)] +struct SpdmPskConfig { + max_psk_context_size: usize, + max_psk_hint_size: usize, +} + +#[derive(Debug, PartialEq, Deserialize)] +struct SpdmBufferConfig { + sender_buffer_size: usize, + receiver_buffer_size: usize, +} + +macro_rules! TEMPLATE { + () => { +"// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT +// +// Automatically generated by build scripts. +// It is not intended for manual editing. +// Please kindly configure via etc/config.json instead. + +/// This is used in SpdmCertChainData without SpdmCertChainHeader. +pub const MAX_SPDM_CERT_CHAIN_DATA_SIZE: usize = {cert_chain_data_sz}; // 0x1000; + +/// This is used in SpdmMeasurementsResponsePayload +pub const MAX_SPDM_MEASUREMENT_RECORD_SIZE: usize = {meas_rec_sz}; // 0x1000 + +/// This is used in SpdmDmtfMeasurementStructure <- SpdmMeasurementBlockStructure <- SpdmMeasurementsResponsePayload +/// It should be MAX (MAX MEASUREMENT_MANIFEST_LEN, MAX supported DIGEST SIZE) +pub const MAX_SPDM_MEASUREMENT_VALUE_LEN: usize = {meas_val_len}; // 0x400 + +/// This is used in SpdmPskExchangeRequestPayload / SpdmPskExchangeResponsePayload +/// It should be no smaller than negoatiated DIGEST SIZE. +pub const MAX_SPDM_PSK_CONTEXT_SIZE: usize = {psk_ctx_sz}; + +/// This is used in SpdmPskExchangeRequestPayload / SpdmPskExchangeResponsePayload +pub const MAX_SPDM_PSK_HINT_SIZE: usize = {psk_hint_sz}; + +/// This is used in Key exchange opaque data +pub const MAX_OPAQUE_LIST_ELEMENTS_COUNT: usize = {max_opaque_list_elements_cnt}; + +/// This is used in SpdmContext +pub const MAX_SPDM_SESSION_COUNT: usize = {session_cnt}; + +/// This is sender buffer for SPDM transport layer (e.g. MCTP or PCI_DOE) +/// It is MAX_SPDM_MSG_SIZE + transport overhead (plain text or cipher text, head and tail) +/// It is also used as app buffer (bigger than MAX_SPDM_MSG_SIZE) +pub const SENDER_BUFFER_SIZE: usize = {snd_buf_sz}; + +/// This is receiver buffer for transport layer (e.g. MCTP or PCI_DOE) +/// It is MAX_SPDM_MSG_SIZE + transport overhead (plain text or cipher text, head and tail) +/// It is also used as app buffer (bigger than MAX_SPDM_MSG_SIZE) +pub const RECEIVER_BUFFER_SIZE: usize = {rcv_buf_sz}; + +/// Required sender/receiver buffer for transport layer +/// +-------+--------+---------------------------+------+--+------+---+--------+-----+ +/// | TYPE |TransHdr| EncryptionHeader |AppHdr| |Random|MAC|AlignPad|FINAL| +/// | | |SessionId|SeqNum|Len|AppLen| | | | | | | +/// +-------+--------+---------------------------+------+ +------+---+--------+-----+ +/// | MCTP | 1 | 4 | 2 | 2 | 2 | 1 | | 32 | 16| 0 | 60 | +/// +-------+--------+---------------------------+------+--+------+---+--------+-----+ +/// +pub const MCTP_TRANSPORT_ADDITIONAL_SIZE: usize = 60; + +/// Required sender/receiver buffer for transport layer +/// +-------+--------+---------------------------+------+--+------+---+--------+-----+ +/// | TYPE |TransHdr| EncryptionHeader |AppHdr| |Random|MAC|AlignPad|FINAL| +/// | | |SessionId|SeqNum|Len|AppLen| | | | | | | +/// +-------+--------+---------------------------+------+ +------+---+--------+-----+ +/// |PCI_DOE| 8 | 4 | 0 | 2 | 2 | 0 | | 0 | 16| 3 | 35 | +/// +-------+--------+---------------------------+------+--+------+---+--------+-----+ +/// +pub const PCI_DOE_TRANSPORT_ADDITIONAL_SIZE: usize = 35; + +/// This is max individual SPDM message size defined in SPDM 1.2. +pub const MAX_SPDM_MSG_SIZE: usize = {max_spdm_mgs_sz}; + +/// This is used by responder to specify the heartbeat period +/// 0 represents either Heartbeat is not supported or +/// heartbeat is not desired on a session +pub const HEARTBEAT_PERIOD: u8 = {heartbeat_period}; + +/// This is used for SpdmProvisionInfo.peer_root_cert_data +pub const MAX_ROOT_CERT_SUPPORT: usize = {max_root_cert_supported}; +" +}; +} + +const SPDM_CONFIG_ENV: &str = "SPDM_CONFIG"; +const SPDM_CONFIG_JSON_DEFAULT_PATH: &str = "etc/config.json"; +const SPDM_CONFIG_RS_OUT_DIR: &str = "src"; +const SPDM_CONFIG_RS_OUT_FILE_NAME: &str = "config.rs"; + +fn main() { + // Read and parse the SPDM configuration file. + let spdm_config_json_file_path = + env::var(SPDM_CONFIG_ENV).unwrap_or_else(|_| SPDM_CONFIG_JSON_DEFAULT_PATH.to_string()); + let spdm_config_json_file = + File::open(spdm_config_json_file_path).expect("The SPDM configuration file does not exist"); + let spdm_config: SpdmConfig = serde_json::from_reader(spdm_config_json_file) + .expect("It is not a valid SPDM configuration file."); + + // Do sanity checks. + spdm_config.validate_content(); + + // Generate config .rs file from the template and JSON inputs, then write to fs. + let mut to_generate = Vec::new(); + write!( + &mut to_generate, + TEMPLATE!(), + cert_chain_data_sz = spdm_config.cert_config.max_cert_chain_data_size, + meas_rec_sz = spdm_config.measurement_config.max_measurement_record_size, + meas_val_len = spdm_config.measurement_config.max_measurement_val_len, + psk_ctx_sz = spdm_config.psk_config.max_psk_context_size, + psk_hint_sz = spdm_config.psk_config.max_psk_hint_size, + max_opaque_list_elements_cnt = spdm_config.max_opaque_list_elements_count, + session_cnt = spdm_config.max_session_count, + snd_buf_sz = spdm_config.transport_config.sender_buffer_size, + rcv_buf_sz = spdm_config.transport_config.receiver_buffer_size, + max_spdm_mgs_sz = spdm_config.max_spdm_msg_size, + heartbeat_period = spdm_config.heartbeat_period_value, + max_root_cert_supported = spdm_config.max_root_cert_support, + ) + .expect("Failed to generate configuration code from the template and JSON config"); + + let dest_path = Path::new(SPDM_CONFIG_RS_OUT_DIR).join(SPDM_CONFIG_RS_OUT_FILE_NAME); + fs::write(dest_path, to_generate).unwrap(); + + // Re-run the build script if the files at the given paths or envs have changed. + println!("cargo:rerun-if-changed=build.rs"); + println!("cargo:rerun-if-changed=../Cargo.lock"); + println!("cargo:rerun-if-changed={}", SPDM_CONFIG_JSON_DEFAULT_PATH); + println!("cargo:rerun-if-env-changed={}", SPDM_CONFIG_ENV); +} diff --git a/spdmlib/etc/config.json b/spdmlib/etc/config.json new file mode 100644 index 0000000..13dd08a --- /dev/null +++ b/spdmlib/etc/config.json @@ -0,0 +1,23 @@ +{ + "__usage": "This helps generate compile-time constant sizes for SPDM arrays. See src/config.rs generated for details.", + "cert_config": { + "max_cert_chain_data_size": 4096 + }, + "measurement_config": { + "max_measurement_record_size": 4000, + "max_measurement_val_len": 1024 + }, + "psk_config": { + "max_psk_context_size": 64, + "max_psk_hint_size": 32 + }, + "max_opaque_list_elements_count": 3, + "max_session_count": 4, + "transport_config": { + "sender_buffer_size": 4160, + "receiver_buffer_size": 4160 + }, + "max_spdm_msg_size": 4096, + "heartbeat_period_value": 0, + "max_root_cert_support": 10 +} diff --git a/spdmlib/fuzz/.gitignore b/spdmlib/fuzz/.gitignore new file mode 100644 index 0000000..1a45eee --- /dev/null +++ b/spdmlib/fuzz/.gitignore @@ -0,0 +1,4 @@ +target +corpus +artifacts +coverage diff --git a/spdmlib/fuzz/Cargo.toml b/spdmlib/fuzz/Cargo.toml new file mode 100644 index 0000000..c26368e --- /dev/null +++ b/spdmlib/fuzz/Cargo.toml @@ -0,0 +1,249 @@ +[package] +name = "spdmlib-fuzz" +version = "0.0.0" +publish = false +edition = "2018" + +[package.metadata] +cargo-fuzz = true + +[dependencies] +libfuzzer-sys = "0.4" +fuzzlib = { path = "../../fuzz-target/fuzzlib", default-features = false } + +[dependencies.spdmlib] +path = ".." + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[profile.release] +debug = 1 + +[features] +default = ["hashed-transcript-data", "use_libfuzzer"] +hashed-transcript-data = ["spdmlib/hashed-transcript-data"] +use_libfuzzer = [] + +[[bin]] +name = "version_rsp" +path = "fuzz_targets/version_rsp.rs" +test = false +doc = false + +[[bin]] +name = "capability_rsp" +path = "fuzz_targets/capability_rsp.rs" +test = false +doc = false + +[[bin]] +name = "algorithm_rsp" +path = "fuzz_targets/algorithm_rsp.rs" +test = false +doc = false + +[[bin]] +name = "digest_rsp" +path = "fuzz_targets/digest_rsp.rs" +test = false +doc = false + +[[bin]] +name = "certificate_rsp" +path = "fuzz_targets/certificate_rsp.rs" +test = false +doc = false + +[[bin]] +name = "challenge_rsp" +path = "fuzz_targets/challenge_rsp.rs" +test = false +doc = false + +[[bin]] +name = "measurement_rsp" +path = "fuzz_targets/measurement_rsp.rs" +test = false +doc = false + +[[bin]] +name = "keyexchange_rsp" +path = "fuzz_targets/keyexchange_rsp.rs" +test = false +doc = false + +[[bin]] +name = "pskexchange_rsp" +path = "fuzz_targets/pskexchange_rsp.rs" +test = false +doc = false + +[[bin]] +name = "finish_rsp" +path = "fuzz_targets/finish_rsp.rs" +test = false +doc = false + +[[bin]] +name = "psk_finish_rsp" +path = "fuzz_targets/psk_finish_rsp.rs" +test = false +doc = false + +[[bin]] +name = "heartbeat_rsp" +path = "fuzz_targets/heartbeat_rsp.rs" +test = false +doc = false + +[[bin]] +name = "key_update_rsp" +path = "fuzz_targets/key_update_rsp.rs" +test = false +doc = false + +[[bin]] +name = "end_session_rsp" +path = "fuzz_targets/end_session_rsp.rs" +test = false +doc = false + +[[bin]] +name = "vendor_rsp" +path = "fuzz_targets/vendor_rsp.rs" +test = false +doc = false + +[[bin]] +name = "deliver_encapsulated_response_digest_rsp" +path = "fuzz_targets/deliver_encapsulated_response_digest_rsp.rs" +test = false +doc = false + +[[bin]] +name = "deliver_encapsulated_response_certificate_rsp" +path = "fuzz_targets/deliver_encapsulated_response_certificate_rsp.rs" +test = false +doc = false + +[[bin]] +name = "get_encapsulated_request_rsp" +path = "fuzz_targets/get_encapsulated_request_rsp.rs" +test = false +doc = false + +[[bin]] +name = "deliver_encapsulated_response_rsp" +path = "fuzz_targets/deliver_encapsulated_response_rsp.rs" +test = false +doc = false + +[[bin]] +name = "version_req" +path = "fuzz_targets/version_req.rs" +test = false +doc = false + +[[bin]] +name = "capability_req" +path = "fuzz_targets/capability_req.rs" +test = false +doc = false + +[[bin]] +name = "algorithm_req" +path = "fuzz_targets/algorithm_req.rs" +test = false +doc = false + +[[bin]] +name = "digest_req" +path = "fuzz_targets/digest_req.rs" +test = false +doc = false + +[[bin]] +name = "certificate_req" +path = "fuzz_targets/certificate_req.rs" +test = false +doc = false + +[[bin]] +name = "challenge_req" +path = "fuzz_targets/challenge_req.rs" +test = false +doc = false + +[[bin]] +name = "measurement_req" +path = "fuzz_targets/measurement_req.rs" +test = false +doc = false + +[[bin]] +name = "key_exchange_req" +path = "fuzz_targets/key_exchange_req.rs" +test = false +doc = false + +[[bin]] +name = "psk_exchange_req" +path = "fuzz_targets/psk_exchange_req.rs" +test = false +doc = false + +[[bin]] +name = "finish_req" +path = "fuzz_targets/finish_req.rs" +test = false +doc = false + +[[bin]] +name = "psk_finish_req" +path = "fuzz_targets/psk_finish_req.rs" +test = false +doc = false + +[[bin]] +name = "heartbeat_req" +path = "fuzz_targets/heartbeat_req.rs" +test = false +doc = false + +[[bin]] +name = "key_update_req" +path = "fuzz_targets/key_update_req.rs" +test = false +doc = false + +[[bin]] +name = "end_session_req" +path = "fuzz_targets/end_session_req.rs" +test = false +doc = false + +[[bin]] +name = "vendor_req" +path = "fuzz_targets/vendor_req.rs" +test = false +doc = false + +[[bin]] +name = "encapsulated_request_digest_req" +path = "fuzz_targets/encapsulated_request_digest_req.rs" +test = false +doc = false + +[[bin]] +name = "encapsulated_request_certificate_req" +path = "fuzz_targets/encapsulated_request_certificate_req.rs" +test = false +doc = false + +[[bin]] +name = "encapsulated_request_req" +path = "fuzz_targets/encapsulated_request_req.rs" +test = false +doc = false \ No newline at end of file diff --git a/spdmlib/fuzz/fuzz_targets/algorithm_req.rs b/spdmlib/fuzz/fuzz_targets/algorithm_req.rs new file mode 100644 index 0000000..2e39217 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/algorithm_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/algorithm_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_algorithm(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/algorithm_rsp.rs b/spdmlib/fuzz/fuzz_targets/algorithm_rsp.rs new file mode 100644 index 0000000..c741568 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/algorithm_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/algorithm_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_algorithm(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/capability_req.rs b/spdmlib/fuzz/fuzz_targets/capability_req.rs new file mode 100644 index 0000000..8cb722d --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/capability_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/capability_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_capability(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/capability_rsp.rs b/spdmlib/fuzz/fuzz_targets/capability_rsp.rs new file mode 100644 index 0000000..7c748f0 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/capability_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/capability_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_capability(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/certificate_req.rs b/spdmlib/fuzz/fuzz_targets/certificate_req.rs new file mode 100644 index 0000000..a23f28a --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/certificate_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/certificate_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_certificate(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/certificate_rsp.rs b/spdmlib/fuzz/fuzz_targets/certificate_rsp.rs new file mode 100644 index 0000000..e3cddad --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/certificate_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/certificate_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_certificate(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/challenge_req.rs b/spdmlib/fuzz/fuzz_targets/challenge_req.rs new file mode 100644 index 0000000..2851b06 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/challenge_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/challenge_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_challenge(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/challenge_rsp.rs b/spdmlib/fuzz/fuzz_targets/challenge_rsp.rs new file mode 100644 index 0000000..746637c --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/challenge_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/challenge_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_challenge(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_certificate_rsp.rs b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_certificate_rsp.rs new file mode 100644 index 0000000..c33fee6 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_certificate_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/deliver_encapsulated_response_certificate_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_encap_response_certificate(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_digest_rsp.rs b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_digest_rsp.rs new file mode 100644 index 0000000..367d9d8 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_digest_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/deliver_encapsulated_response_digest_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_encap_response_digest(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_rsp.rs b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_rsp.rs new file mode 100644 index 0000000..8261ae9 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/deliver_encapsulated_response_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/deliver_encapsulated_response_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_deliver_encapsulated_reponse(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/digest_req.rs b/spdmlib/fuzz/fuzz_targets/digest_req.rs new file mode 100644 index 0000000..ed47a80 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/digest_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/digest_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_digest(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/digest_rsp.rs b/spdmlib/fuzz/fuzz_targets/digest_rsp.rs new file mode 100644 index 0000000..764786b --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/digest_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/digest_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_digest(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/encapsulated_request_certificate_req.rs b/spdmlib/fuzz/fuzz_targets/encapsulated_request_certificate_req.rs new file mode 100644 index 0000000..6204f5b --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/encapsulated_request_certificate_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/encapsulated_request_certificate_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_encap_handle_get_certificate(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/encapsulated_request_digest_req.rs b/spdmlib/fuzz/fuzz_targets/encapsulated_request_digest_req.rs new file mode 100644 index 0000000..a143122 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/encapsulated_request_digest_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/encapsulated_request_digest_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_encap_handle_get_digest(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/encapsulated_request_req.rs b/spdmlib/fuzz/fuzz_targets/encapsulated_request_req.rs new file mode 100644 index 0000000..fb164ab --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/encapsulated_request_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/encapsulated_request_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_session_based_mutual_authenticate(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/end_session_req.rs b/spdmlib/fuzz/fuzz_targets/end_session_req.rs new file mode 100644 index 0000000..99dbd89 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/end_session_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/end_session_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_end_session(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/end_session_rsp.rs b/spdmlib/fuzz/fuzz_targets/end_session_rsp.rs new file mode 100644 index 0000000..4852bbe --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/end_session_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/end_session_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_end_session(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/finish_req.rs b/spdmlib/fuzz/fuzz_targets/finish_req.rs new file mode 100644 index 0000000..4d51cbb --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/finish_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/finish_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_finish(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/finish_rsp.rs b/spdmlib/fuzz/fuzz_targets/finish_rsp.rs new file mode 100644 index 0000000..6ecb0fb --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/finish_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/finish_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_finish(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/get_encapsulated_request_rsp.rs b/spdmlib/fuzz/fuzz_targets/get_encapsulated_request_rsp.rs new file mode 100644 index 0000000..5aeaa0d --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/get_encapsulated_request_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/get_encapsulated_request_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_get_encapsulated_request(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/heartbeat_req.rs b/spdmlib/fuzz/fuzz_targets/heartbeat_req.rs new file mode 100644 index 0000000..51e4d65 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/heartbeat_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/heartbeat_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_heartbeat(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/heartbeat_rsp.rs b/spdmlib/fuzz/fuzz_targets/heartbeat_rsp.rs new file mode 100644 index 0000000..6f711f7 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/heartbeat_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/heartbeat_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_heartbeat(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/key_exchange_req.rs b/spdmlib/fuzz/fuzz_targets/key_exchange_req.rs new file mode 100644 index 0000000..7574abc --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/key_exchange_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/key_exchange_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_key_exchange(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/key_update_req.rs b/spdmlib/fuzz/fuzz_targets/key_update_req.rs new file mode 100644 index 0000000..b02c49c --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/key_update_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/key_update_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_key_update(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/key_update_rsp.rs b/spdmlib/fuzz/fuzz_targets/key_update_rsp.rs new file mode 100644 index 0000000..ea414a0 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/key_update_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/key_update_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_key_update(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/keyexchange_rsp.rs b/spdmlib/fuzz/fuzz_targets/keyexchange_rsp.rs new file mode 100644 index 0000000..25dbb2b --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/keyexchange_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/keyexchange_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_key_exchange(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/measurement_req.rs b/spdmlib/fuzz/fuzz_targets/measurement_req.rs new file mode 100644 index 0000000..e6e8a2f --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/measurement_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/measurement_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_measurement(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/measurement_rsp.rs b/spdmlib/fuzz/fuzz_targets/measurement_rsp.rs new file mode 100644 index 0000000..38eeb33 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/measurement_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/measurement_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_measurement(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/psk_exchange_req.rs b/spdmlib/fuzz/fuzz_targets/psk_exchange_req.rs new file mode 100644 index 0000000..e36fc74 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/psk_exchange_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/psk_exchange_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_psk_exchange(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/psk_finish_req.rs b/spdmlib/fuzz/fuzz_targets/psk_finish_req.rs new file mode 100644 index 0000000..a06ba6f --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/psk_finish_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/psk_finish_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_psk_finish(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/psk_finish_rsp.rs b/spdmlib/fuzz/fuzz_targets/psk_finish_rsp.rs new file mode 100644 index 0000000..adc494e --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/psk_finish_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/psk_finish_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_psk_finish(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/pskexchange_rsp.rs b/spdmlib/fuzz/fuzz_targets/pskexchange_rsp.rs new file mode 100644 index 0000000..17580be --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/pskexchange_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/pskexchange_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_psk_exchange(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/vendor_req.rs b/spdmlib/fuzz/fuzz_targets/vendor_req.rs new file mode 100644 index 0000000..321d5b8 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/vendor_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/vendor_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_spdm_vendor_defined_request(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/vendor_rsp.rs b/spdmlib/fuzz/fuzz_targets/vendor_rsp.rs new file mode 100644 index 0000000..3669acc --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/vendor_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/vendor_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_vendor_defined_request(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/version_req.rs b/spdmlib/fuzz/fuzz_targets/version_req.rs new file mode 100644 index 0000000..6617184 --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/version_req.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/requester/version_req/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_send_receive_spdm_version(data); +}); diff --git a/spdmlib/fuzz/fuzz_targets/version_rsp.rs b/spdmlib/fuzz/fuzz_targets/version_rsp.rs new file mode 100644 index 0000000..f1b2d0d --- /dev/null +++ b/spdmlib/fuzz/fuzz_targets/version_rsp.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_main] + +use libfuzzer_sys::fuzz_target; + +include!("../../../fuzz-target/responder/version_rsp/src/main.rs"); + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here + fuzz_handle_spdm_version(data); +}); diff --git a/spdmlib/src/common/key_schedule.rs b/spdmlib/src/common/key_schedule.rs new file mode 100644 index 0000000..98634de --- /dev/null +++ b/spdmlib/src/common/key_schedule.rs @@ -0,0 +1,450 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto; +use crate::protocol::*; +use codec::{Codec, Writer}; +extern crate alloc; +use crate::secret; +use alloc::boxed::Box; + +const MAX_BIN_CONCAT_BUF_SIZE: usize = 2 + 8 + 12 + SPDM_MAX_HASH_SIZE; +const SALT_0: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const BIN_STR0_LABEL: &[u8] = b"derived"; +const BIN_STR1_LABEL: &[u8] = b"req hs data"; +const BIN_STR2_LABEL: &[u8] = b"rsp hs data"; +const BIN_STR3_LABEL: &[u8] = b"req app data"; +const BIN_STR4_LABEL: &[u8] = b"rsp app data"; +const BIN_STR5_LABEL: &[u8] = b"key"; +const BIN_STR6_LABEL: &[u8] = b"iv"; +const BIN_STR7_LABEL: &[u8] = b"finished"; +const BIN_STR8_LABEL: &[u8] = b"exp master"; +const BIN_STR9_LABEL: &[u8] = b"traffic upd"; +const SPDM_VERSION_VALUE: &[u8; 8] = b"spdm . "; +const SPDM_VERSION_VALUE_MAJOR_INDEX: usize = 4; +const SPDM_VERSION_VALUE_MINOR_INDEX: usize = 6; + +#[derive(Clone, Debug)] +pub struct SpdmKeySchedule; + +impl Default for SpdmKeySchedule { + fn default() -> Self { + Self::new() + } +} + +impl SpdmKeySchedule { + pub fn new() -> Self { + SpdmKeySchedule {} + } + + pub fn derive_handshake_secret( + &self, + _spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: &SpdmDheFinalKeyStruct, + ) -> Option { + let prk = crypto::hkdf::hkdf_extract( + hash_algo, + &SALT_0[0..hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(key), + )?; + SpdmHandshakeSecretStruct::from_spdm_hkdf_prk(prk) + } + + pub fn derive_master_secret( + &self, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: &SpdmHandshakeSecretStruct, + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str0 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR0_LABEL, + None, + buffer, + )?; + let salt_1 = crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(key), + )?, + bin_str0, + hash_algo.get_size(), + )?; + debug!("salt_1 - {:02x?}", salt_1.as_ref()); + + let prk = crypto::hkdf::hkdf_extract( + hash_algo, + salt_1.as_ref(), + &SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(&SpdmZeroFilledStruct { + data_size: hash_algo.get_size(), + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }), + )?; + + SpdmMasterSecretStruct::from_spdm_hkdf_prk(prk) + } + + pub fn derive_request_handshake_secret( + &self, + use_psk: bool, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: Option<&SpdmHandshakeSecretStruct>, + psk_hint: Option<&SpdmPskHintStruct>, + th1: &[u8], + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str1 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR1_LABEL, + Some(th1), + buffer, + )?; + let okm = if !use_psk { + if let Some(k) = key { + crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(k), + )?, + bin_str1, + hash_algo.get_size(), + )? + } else { + return None; + } + } else { + secret::psk::handshake_secret_hkdf_expand( + spdm_version, + hash_algo, + psk_hint.unwrap(), + bin_str1, + )? + }; + + SpdmDirectionHandshakeSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_response_handshake_secret( + &self, + use_psk: bool, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: Option<&SpdmHandshakeSecretStruct>, + psk_hint: Option<&SpdmPskHintStruct>, + th1: &[u8], + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str2 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR2_LABEL, + Some(th1), + buffer, + )?; + let okm = if !use_psk { + if let Some(k) = key { + crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(k), + )?, + bin_str2, + hash_algo.get_size(), + )? + } else { + return None; + } + } else { + secret::psk::handshake_secret_hkdf_expand( + spdm_version, + hash_algo, + psk_hint.unwrap(), + bin_str2, + )? + }; + + SpdmDirectionHandshakeSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_finished_key( + &self, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: &SpdmDirectionHandshakeSecretStruct, + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str7 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR7_LABEL, + None, + buffer, + )?; + let okm = crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(key), + )?, + bin_str7, + hash_algo.get_size(), + )?; + + SpdmFinishedKeyStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_aead_key_iv( + &self, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + aead_algo: SpdmAeadAlgo, + key: &SpdmMajorSecret, + ) -> Option<(SpdmAeadKeyStruct, SpdmAeadIvStruct)> { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str5 = self.binconcat( + aead_algo.get_key_size(), + spdm_version, + BIN_STR5_LABEL, + None, + buffer, + )?; + let okm = match key { + SpdmMajorSecret::SpdmDirectionHandshakeSecret(k) => crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(k), + )?, + bin_str5, + SPDM_MAX_AEAD_KEY_SIZE as u16, + )?, + SpdmMajorSecret::SpdmDirectionDataSecret(k) => crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(k), + )?, + bin_str5, + SPDM_MAX_AEAD_KEY_SIZE as u16, + )?, + }; + let encrypt_key = SpdmAeadKeyStruct::from_spdm_hkdf_okm(okm)?; + + let bin_str6 = self.binconcat( + aead_algo.get_iv_size(), + spdm_version, + BIN_STR6_LABEL, + None, + buffer, + )?; + let okm = match key { + SpdmMajorSecret::SpdmDirectionHandshakeSecret(k) => crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(k), + )?, + bin_str6, + SPDM_MAX_AEAD_IV_SIZE as u16, + )?, + SpdmMajorSecret::SpdmDirectionDataSecret(k) => crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(k), + )?, + bin_str6, + SPDM_MAX_AEAD_IV_SIZE as u16, + )?, + }; + let iv = SpdmAeadIvStruct::from_spdm_hkdf_okm(okm)?; + + Some((encrypt_key, iv)) + } + + pub fn derive_request_data_secret( + &self, + use_psk: bool, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: Option<&SpdmMasterSecretStruct>, + psk_hint: Option<&SpdmPskHintStruct>, + th2: &[u8], + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str3 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR3_LABEL, + Some(th2), + buffer, + )?; + let okm = if !use_psk { + if let Some(k) = key { + crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(k), + )?, + bin_str3, + hash_algo.get_size(), + )? + } else { + return None; + } + } else { + secret::psk::master_secret_hkdf_expand( + spdm_version, + hash_algo, + psk_hint.unwrap(), + bin_str3, + )? + }; + + SpdmDirectionDataSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_response_data_secret( + &self, + use_psk: bool, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: Option<&SpdmMasterSecretStruct>, + psk_hint: Option<&SpdmPskHintStruct>, + th2: &[u8], + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str4 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR4_LABEL, + Some(th2), + buffer, + )?; + let okm = if !use_psk { + if let Some(k) = key { + crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(k), + )?, + bin_str4, + hash_algo.get_size(), + )? + } else { + return None; + } + } else { + secret::psk::master_secret_hkdf_expand( + spdm_version, + hash_algo, + psk_hint.unwrap(), + bin_str4, + )? + }; + + SpdmDirectionDataSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_export_master_secret( + &self, + use_psk: bool, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: Option<&SpdmMasterSecretStruct>, + psk_hint: Option<&SpdmPskHintStruct>, + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str8 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR8_LABEL, + None, + buffer, + )?; + let okm = if !use_psk { + if let Some(k) = key { + crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(k), + )?, + bin_str8, + hash_algo.get_size(), + )? + } else { + return None; + } + } else { + secret::psk::master_secret_hkdf_expand( + spdm_version, + hash_algo, + psk_hint.unwrap(), + bin_str8, + )? + }; + + SpdmExportMasterSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn derive_update_secret( + &self, + spdm_version: SpdmVersion, + hash_algo: SpdmBaseHashAlgo, + key: &SpdmDirectionDataSecretStruct, + ) -> Option { + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str9 = self.binconcat( + hash_algo.get_size(), + spdm_version, + BIN_STR9_LABEL, + None, + buffer, + )?; + let okm = crypto::hkdf::hkdf_expand( + hash_algo, + &SpdmHkdfPseudoRandomKey::from_input_keying_material( + &SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(key), + )?, + bin_str9, + hash_algo.get_size(), + )?; + + SpdmDirectionDataSecretStruct::from_spdm_hkdf_okm(okm) + } + + pub fn binconcat<'a>( + &self, + length: u16, + spdm_version: SpdmVersion, + label: &[u8], + context: Option<&[u8]>, + buffer: &'a mut [u8], + ) -> Option<&'a [u8]> { + let mut len = label.len(); + if let Some(context) = context { + len += context.len(); + } + if len > buffer.len() - 2 - 8 { + return None; + } + + let mut version = [0u8; 8]; + version.copy_from_slice(SPDM_VERSION_VALUE); + version[SPDM_VERSION_VALUE_MAJOR_INDEX] = (u8::from(spdm_version) >> 4) + b'0'; + version[SPDM_VERSION_VALUE_MINOR_INDEX] = (u8::from(spdm_version) & 0x0F) + b'0'; + + let mut writer = Writer::init(buffer); + length.encode(&mut writer).ok()?; + writer.extend_from_slice(&version[..]); + writer.extend_from_slice(label); + if let Some(context) = context { + writer.extend_from_slice(context); + } + + let len = writer.used(); + Some(&buffer[0..len]) + } +} diff --git a/spdmlib/src/common/mod.rs b/spdmlib/src/common/mod.rs new file mode 100644 index 0000000..760f94d --- /dev/null +++ b/spdmlib/src/common/mod.rs @@ -0,0 +1,1561 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub mod key_schedule; +pub mod opaque; +pub mod session; +pub mod spdm_codec; + +use crate::message::SpdmRequestResponseCode; +use crate::{crypto, protocol::*}; +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::ops::DerefMut; + +pub use opaque::*; +pub use spdm_codec::SpdmCodec; + +use crate::config::{self, MAX_ROOT_CERT_SUPPORT, MAX_SPDM_SESSION_COUNT}; +use crate::error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_DECAP_FAIL, + SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_INVALID_STATE_LOCAL, + SPDM_STATUS_SESSION_NUMBER_EXCEED, +}; + +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; +use session::*; + +enum_builder! { + @U8 + EnumName: SpdmConnectionState; + EnumVal{ + // Before GET_VERSION/VERSION + SpdmConnectionNotStarted => 0x0, + // After GET_VERSION/VERSION + SpdmConnectionAfterVersion => 0x1, + // After GET_CAPABILITIES/CAPABILITIES + SpdmConnectionAfterCapabilities => 0x2, + // After NEGOTIATE_ALGORITHMS/ALGORITHMS + SpdmConnectionNegotiated => 0x3, + // After GET_DIGESTS/DIGESTS + SpdmConnectionAfterDigest => 0x4, + // After GET_CERTIFICATE/CERTIFICATE + SpdmConnectionAfterCertificate => 0x5, + // After CHALLENGE/CHALLENGE_AUTH, + // and ENCAP CHALLENGE/CHALLENGE_AUTH if MUT_AUTH is enabled. + SpdmConnectionAuthenticated => 0x5 + } +} +impl Default for SpdmConnectionState { + fn default() -> SpdmConnectionState { + SpdmConnectionState::SpdmConnectionNotStarted + } +} + +#[cfg(feature = "hashed-transcript-data")] +pub use crate::crypto::SpdmHashCtx; + +#[cfg(feature = "downcast")] +use core::any::Any; + +/// The maximum amount of time the Responder has to provide a +/// response to requests that do not require cryptographic processing, such +/// as the GET_CAPABILITIES , GET_VERSION , or NEGOTIATE_ALGORITHMS +/// request messages. See SPDM spec. 1.1.0 Page 29 for more information: +/// https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.1.0.pdf +pub const ST1: usize = 1_000_000; + +/// used as parameter to be slot_id when use_psk is true +pub const INVALID_SLOT: u8 = 0xFF; + +/// used to as the first next_half_session_id +pub const INITIAL_SESSION_ID: u16 = 0xFFFD; +pub const INVALID_HALF_SESSION_ID: u16 = 0x0; +pub const INVALID_SESSION_ID: u32 = 0x0; + +#[maybe_async::maybe_async] +pub trait SpdmDeviceIo { + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult; + + async fn receive( + &mut self, + buffer: Arc>, + timeout: usize, + ) -> Result; + + async fn flush_all(&mut self) -> SpdmResult; + + #[cfg(feature = "downcast")] + fn as_any(&mut self) -> &mut dyn Any; +} + +use core::fmt::Debug; + +#[maybe_async::maybe_async] +pub trait SpdmTransportEncap { + async fn encap( + &mut self, + spdm_buffer: Arc<&[u8]>, + transport_buffer: Arc>, + secured_message: bool, + ) -> SpdmResult; + + async fn decap( + &mut self, + transport_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)>; + + async fn encap_app( + &mut self, + spdm_buffer: Arc<&[u8]>, + app_buffer: Arc>, + is_app_message: bool, + ) -> SpdmResult; + + async fn decap_app( + &mut self, + app_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)>; + + // for session + fn get_sequence_number_count(&mut self) -> u8; + fn get_max_random_count(&mut self) -> u16; +} + +pub struct SpdmContext { + pub device_io: Arc>, + pub transport_encap: Arc>, + + pub config_info: SpdmConfigInfo, + pub negotiate_info: SpdmNegotiateInfo, + pub runtime_info: SpdmRuntimeInfo, + + pub provision_info: SpdmProvisionInfo, + pub peer_info: SpdmPeerInfo, + + #[cfg(feature = "mut-auth")] + pub encap_context: SpdmEncapContext, + + #[cfg(feature = "mandatory-mut-auth")] + pub mut_auth_done: bool, + + pub session: [SpdmSession; config::MAX_SPDM_SESSION_COUNT], +} + +impl SpdmContext { + pub fn new( + device_io: Arc>, + transport_encap: Arc>, + config_info: SpdmConfigInfo, + provision_info: SpdmProvisionInfo, + ) -> Self { + SpdmContext { + device_io, + transport_encap, + config_info, + negotiate_info: SpdmNegotiateInfo::default(), + runtime_info: SpdmRuntimeInfo::default(), + provision_info, + peer_info: SpdmPeerInfo::default(), + #[cfg(feature = "mut-auth")] + encap_context: SpdmEncapContext::default(), + #[cfg(feature = "mandatory-mut-auth")] + mut_auth_done: false, + session: gen_array(config::MAX_SPDM_SESSION_COUNT), + } + } + + pub fn get_hash_size(&self) -> u16 { + self.negotiate_info.base_hash_sel.get_size() + } + pub fn get_asym_key_size(&self) -> u16 { + self.negotiate_info.base_asym_sel.get_size() + } + pub fn get_dhe_key_size(&self) -> u16 { + self.negotiate_info.dhe_sel.get_size() + } + + pub fn reset_runtime_info(&mut self) { + self.runtime_info = SpdmRuntimeInfo::default(); + } + + pub fn reset_negotiate_info(&mut self) { + self.negotiate_info = SpdmNegotiateInfo::default(); + } + + pub fn reset_peer_info(&mut self) { + self.peer_info = SpdmPeerInfo::default(); + } + + pub fn reset_context(&mut self) { + self.reset_runtime_info(); + self.reset_negotiate_info(); + self.reset_peer_info(); + + #[cfg(feature = "mut-auth")] + { + self.encap_context = SpdmEncapContext::default(); + } + + #[cfg(feature = "mandatory-mut-auth")] + { + self.mut_auth_done = false; + } + + for s in &mut self.session { + s.set_default(); + } + } + + pub fn get_immutable_session_via_id(&self, session_id: u32) -> Option<&SpdmSession> { + self.session + .iter() + .find(|&session| session.get_session_id() == session_id) + } + + pub fn get_session_via_id(&mut self, session_id: u32) -> Option<&mut SpdmSession> { + self.session + .iter_mut() + .find(|session| session.get_session_id() == session_id) + } + + pub fn get_next_avaiable_session(&mut self) -> Option<&mut SpdmSession> { + self.get_session_via_id(0) + } + + pub fn get_session_status(&self) -> [(u32, SpdmSessionState); config::MAX_SPDM_SESSION_COUNT] { + let mut status = + [(0u32, SpdmSessionState::SpdmSessionNotStarted); config::MAX_SPDM_SESSION_COUNT]; + for (i, it) in status + .iter_mut() + .enumerate() + .take(config::MAX_SPDM_SESSION_COUNT) + { + it.0 = self.session[i].get_session_id(); + it.1 = self.session[i].get_session_state(); + } + status + } + + pub fn get_next_half_session_id(&self, is_requester: bool) -> SpdmResult { + let shift = if is_requester { 0 } else { 16 }; + + for (index, s) in self.session.iter().enumerate().take(MAX_SPDM_SESSION_COUNT) { + if ((s.get_session_id() & (0xFFFF << shift)) >> shift) as u16 == INVALID_HALF_SESSION_ID + { + return Ok(INITIAL_SESSION_ID - index as u16); + } + } + + Err(SPDM_STATUS_SESSION_NUMBER_EXCEED) + } + + pub fn construct_my_cert_chain(&mut self) -> SpdmResult { + for slot_id in 0..SPDM_MAX_SLOT_NUMBER { + if self.provision_info.my_cert_chain[slot_id].is_none() + && self.provision_info.my_cert_chain_data[slot_id].is_some() + { + let cert_chain = self.provision_info.my_cert_chain_data[slot_id] + .as_ref() + .unwrap(); + let (root_cert_begin, root_cert_end) = + crypto::cert_operation::get_cert_from_cert_chain( + &cert_chain.data[..(cert_chain.data_size as usize)], + 0, + ) + .unwrap(); + let root_cert = &cert_chain.data[root_cert_begin..root_cert_end]; + if let Some(root_hash) = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, root_cert) + { + let data_size = 4 + root_hash.data_size + cert_chain.data_size; + let mut data = + [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE]; + data[0] = (data_size & 0xFF) as u8; + data[1] = (data_size >> 8) as u8; + data[4..(4 + root_hash.data_size as usize)] + .copy_from_slice(&root_hash.data[..(root_hash.data_size as usize)]); + data[(4 + root_hash.data_size as usize)..(data_size as usize)] + .copy_from_slice(&cert_chain.data[..(cert_chain.data_size as usize)]); + self.provision_info.my_cert_chain[slot_id] = + Some(SpdmCertChainBuffer { data_size, data }); + debug!("my_cert_chain - {:02x?}\n", &data[..(data_size as usize)]); + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + } + } + + Ok(()) + } + + pub fn append_message_a(&mut self, new_message: &[u8]) -> SpdmResult { + self.runtime_info + .message_a + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + Ok(()) + } + pub fn reset_message_a(&mut self) { + self.runtime_info.message_a.reset_message(); + } + + pub fn append_message_b(&mut self, new_message: &[u8]) -> SpdmResult { + #[cfg(not(feature = "hashed-transcript-data"))] + { + self.runtime_info + .message_b + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + #[cfg(feature = "hashed-transcript-data")] + { + if self.runtime_info.digest_context_m1m2.is_none() { + self.runtime_info.digest_context_m1m2 = + crypto::hash::hash_ctx_init(self.negotiate_info.base_hash_sel); + if self.runtime_info.digest_context_m1m2.is_none() { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_m1m2.as_mut().unwrap(), + self.runtime_info.message_a.as_ref(), + )?; + } + + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_m1m2.as_mut().unwrap(), + new_message, + )?; + } + + Ok(()) + } + pub fn reset_message_b(&mut self) { + #[cfg(not(feature = "hashed-transcript-data"))] + { + self.runtime_info.message_b.reset_message(); + } + + #[cfg(feature = "hashed-transcript-data")] + { + self.runtime_info.digest_context_m1m2 = None; + } + } + + pub fn append_message_c(&mut self, new_message: &[u8]) -> SpdmResult { + #[cfg(not(feature = "hashed-transcript-data"))] + { + self.runtime_info + .message_c + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + #[cfg(feature = "hashed-transcript-data")] + { + if self.runtime_info.digest_context_m1m2.is_none() { + self.runtime_info.digest_context_m1m2 = + crypto::hash::hash_ctx_init(self.negotiate_info.base_hash_sel); + if self.runtime_info.digest_context_m1m2.is_none() { + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_m1m2.as_mut().unwrap(), + self.runtime_info.message_a.as_ref(), + )?; + } + + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_m1m2.as_mut().unwrap(), + new_message, + )?; + } + + Ok(()) + } + pub fn reset_message_c(&mut self) { + #[cfg(not(feature = "hashed-transcript-data"))] + { + self.runtime_info.message_c.reset_message(); + } + + #[cfg(feature = "hashed-transcript-data")] + { + self.runtime_info.digest_context_m1m2 = None; + } + } + + pub fn append_message_m(&mut self, session_id: Option, new_message: &[u8]) -> SpdmResult { + #[cfg(not(feature = "hashed-transcript-data"))] + match session_id { + None => self + .runtime_info + .message_m + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?, + Some(session_id) => { + let session = if let Some(s) = self.get_session_via_id(session_id) { + s + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + }; + session + .runtime_info + .message_m + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)? + } + }; + + #[cfg(feature = "hashed-transcript-data")] + { + match session_id { + Some(session_id) => { + let base_hash_sel = self.negotiate_info.base_hash_sel; + let spdm_version_sel = self.negotiate_info.spdm_version_sel; + let message_a = self.runtime_info.message_a.clone(); + + let session = if let Some(s) = self.get_session_via_id(session_id) { + s + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + }; + if session.runtime_info.digest_context_l1l2.is_none() { + session.runtime_info.digest_context_l1l2 = + crypto::hash::hash_ctx_init(base_hash_sel); + if session.runtime_info.digest_context_l1l2.is_none() { + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + + if spdm_version_sel >= SpdmVersion::SpdmVersion12 { + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_l1l2.as_mut().unwrap(), + message_a.as_ref(), + )?; + } + } + + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_l1l2.as_mut().unwrap(), + new_message, + )?; + } + None => { + if self.runtime_info.digest_context_l1l2.is_none() { + self.runtime_info.digest_context_l1l2 = + crypto::hash::hash_ctx_init(self.negotiate_info.base_hash_sel); + if self.runtime_info.digest_context_l1l2.is_none() { + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + + if self.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_l1l2.as_mut().unwrap(), + self.runtime_info.message_a.as_ref(), + )?; + } + } + + crypto::hash::hash_ctx_update( + self.runtime_info.digest_context_l1l2.as_mut().unwrap(), + new_message, + )?; + } + } + } + + Ok(()) + } + pub fn reset_message_m(&mut self, session_id: Option) { + #[cfg(not(feature = "hashed-transcript-data"))] + match session_id { + None => self.runtime_info.message_m.reset_message(), + Some(session_id) => { + let session = if let Some(s) = self.get_session_via_id(session_id) { + s + } else { + return; + }; + session.runtime_info.message_m.reset_message(); + } + } + + #[cfg(feature = "hashed-transcript-data")] + { + match session_id { + Some(session_id) => { + let session = if let Some(s) = self.get_session_via_id(session_id) { + s + } else { + return; + }; + session.runtime_info.digest_context_l1l2 = None; + } + None => { + self.runtime_info.digest_context_l1l2 = None; + } + } + } + } + + pub fn append_message_k(&mut self, session_id: u32, new_message: &[u8]) -> SpdmResult { + let session = self.get_session_via_id(session_id).unwrap(); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + session + .runtime_info + .message_k + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + #[cfg(feature = "hashed-transcript-data")] + { + if session.runtime_info.digest_context_th.is_none() { + session.runtime_info.digest_context_th = + crypto::hash::hash_ctx_init(session.get_crypto_param().base_hash_algo); + if session.runtime_info.digest_context_th.is_none() { + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_th.as_mut().unwrap(), + session.runtime_info.message_a.as_ref(), + )?; + if session.runtime_info.rsp_cert_hash.is_some() { + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_th.as_mut().unwrap(), + session + .runtime_info + .rsp_cert_hash + .as_ref() + .unwrap() + .as_ref(), + )?; + } + } + + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_th.as_mut().unwrap(), + new_message, + )?; + } + + Ok(()) + } + pub fn reset_message_k(&mut self, session_id: u32) { + let session = self.get_session_via_id(session_id).unwrap(); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + session.runtime_info.message_f.reset_message(); + } + + #[cfg(feature = "hashed-transcript-data")] + { + session.runtime_info.digest_context_th = None; + } + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn append_message_f( + &mut self, + _is_requester: bool, + session_id: u32, + new_message: &[u8], + ) -> SpdmResult { + let session = self.get_session_via_id(session_id).unwrap(); + let _ = session + .runtime_info + .message_f + .append_message(new_message) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + Ok(()) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn append_message_f( + &mut self, + is_requester: bool, + session_id: u32, + new_message: &[u8], + ) -> SpdmResult { + let session = self.get_immutable_session_via_id(session_id).unwrap(); + if session.runtime_info.digest_context_th.is_none() { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + if !session.runtime_info.message_f_initialized { + let mut_cert_digest = if !session.get_use_psk() + && !session.get_mut_auth_requested().is_empty() + { + if is_requester { + let slot_id = self.runtime_info.get_local_used_cert_chain_slot_id(); + if let Some(cert_chain) = &self.provision_info.my_cert_chain[slot_id as usize] { + Some( + crypto::hash::hash_all( + self.negotiate_info.base_hash_sel, + &cert_chain.data[..cert_chain.data_size as usize], + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?, + ) + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + } else { + let slot_id = self.runtime_info.get_peer_used_cert_chain_slot_id(); + if let Some(cert_chain) = &self.peer_info.peer_cert_chain[slot_id as usize] { + Some( + crypto::hash::hash_all( + self.negotiate_info.base_hash_sel, + cert_chain.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?, + ) + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + } + } else { + None + }; + + if let Some(mut_cert_digest) = mut_cert_digest { + let session = self.get_session_via_id(session_id).unwrap(); + + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_th.as_mut().unwrap(), + &mut_cert_digest.data[..mut_cert_digest.data_size as usize], + )?; + } + let session = self.get_session_via_id(session_id).unwrap(); + session.runtime_info.message_f_initialized = true; + } + + let session = self.get_session_via_id(session_id).unwrap(); + crypto::hash::hash_ctx_update( + session.runtime_info.digest_context_th.as_mut().unwrap(), + new_message, + ) + } + + pub fn reset_message_f(&mut self, session_id: u32) { + let session = self.get_session_via_id(session_id).unwrap(); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + session.runtime_info.message_f.reset_message(); + } + + #[cfg(feature = "hashed-transcript-data")] + { + session.runtime_info.digest_context_th = None; + } + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn calc_req_transcript_data( + &self, + use_psk: bool, + slot_id: u8, + is_mut_auth: bool, + message_k: &ManagedBufferK, + message_f: Option<&ManagedBufferF>, + ) -> SpdmResult { + let mut message = ManagedBufferTH::default(); + message + .append_message(self.runtime_info.message_a.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_a - {:02x?}", self.runtime_info.message_a.as_ref()); + + if !use_psk { + if self.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[..(self.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + message + .append_message(cert_chain_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("cert_chain_data - {:02x?}", cert_chain_data); + } + message + .append_message(message_k.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_k - {:02x?}", message_k.as_ref()); + + if !use_psk && is_mut_auth { + let slot_id = self.runtime_info.get_local_used_cert_chain_slot_id(); + if self.provision_info.my_cert_chain[slot_id as usize].is_none() { + error!("mut cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.provision_info.my_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[..(self.provision_info.my_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + message + .append_message(cert_chain_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("my_cert_chain_data - {:02x?}", cert_chain_data); + } + + if let Some(message_f) = message_f { + message + .append_message(message_f.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_f - {:02x?}", message_f.as_ref()); + } + + Ok(message) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn calc_rsp_transcript_data( + &self, + use_psk: bool, + slot_id: u8, + is_mut_auth: bool, + message_k: &ManagedBufferK, + message_f: Option<&ManagedBufferF>, + ) -> SpdmResult { + let mut message = ManagedBufferTH::default(); + message + .append_message(self.runtime_info.message_a.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_a - {:02x?}", self.runtime_info.message_a.as_ref()); + if !use_psk { + if self.provision_info.my_cert_chain[slot_id as usize].is_none() { + error!("my_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + let my_cert_chain_data = self.provision_info.my_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + let cert_chain_data = my_cert_chain_data.as_ref(); + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + message + .append_message(cert_chain_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("cert_chain_data - {:02x?}", cert_chain_data); + } + message + .append_message(message_k.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_k - {:02x?}", message_k.as_ref()); + + if !use_psk && is_mut_auth { + let slot_id = self.runtime_info.get_peer_used_cert_chain_slot_id(); + if self.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .as_ref(); + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + message + .append_message(cert_chain_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("peer_cert_chain_data - {:02x?}", cert_chain_data); + } + + if let Some(message_f) = message_f { + message + .append_message(message_f.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + debug!("message_f - {:02x?}", message_f.as_ref()); + } + + Ok(message) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn calc_req_transcript_hash( + &self, + use_psk: bool, + slot_id: u8, + is_mut_auth: bool, + session: &SpdmSession, + ) -> SpdmResult { + let message_k = &session.runtime_info.message_k; + let message_f = Some(&session.runtime_info.message_f); + let message = + self.calc_req_transcript_data(use_psk, slot_id, is_mut_auth, message_k, message_f)?; + + let transcript_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, message.as_ref()) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + Ok(transcript_hash) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn calc_rsp_transcript_hash( + &self, + use_psk: bool, + slot_id: u8, + is_mut_auth: bool, + session: &SpdmSession, + ) -> SpdmResult { + let message_k = &session.runtime_info.message_k; + let message_f = Some(&session.runtime_info.message_f); + let message = + self.calc_rsp_transcript_data(use_psk, slot_id, is_mut_auth, message_k, message_f)?; + + let transcript_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, message.as_ref()) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + Ok(transcript_hash) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn calc_req_transcript_hash( + &self, + _use_psk: bool, + _slot_id: u8, + _is_mut_auth: bool, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_hash = crypto::hash::hash_ctx_finalize( + session + .runtime_info + .digest_context_th + .as_ref() + .cloned() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?, + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + Ok(transcript_hash) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn calc_rsp_transcript_hash( + &self, + _use_psk: bool, + _slot_id: u8, + _is_mut_auth: bool, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_hash = crypto::hash::hash_ctx_finalize( + session + .runtime_info + .digest_context_th + .as_ref() + .cloned() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?, + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + Ok(transcript_hash) + } + + pub fn get_certchain_hash_local( + &self, + use_psk: bool, + slot_id: usize, + ) -> Option { + if !use_psk { + if self.provision_info.my_cert_chain[slot_id].is_none() { + error!("my_cert_chain is not populated!\n"); + return None; + } + + let my_cert_chain_data = self.provision_info.my_cert_chain[slot_id].as_ref()?; + let cert_chain_data = my_cert_chain_data.as_ref(); + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(None::); + if let Ok(hash) = cert_chain_hash { + Some(SpdmDigestStruct::from(hash.as_ref())) + } else { + None + } + } else { + None + } + } + + pub fn get_certchain_hash_peer( + &self, + use_psk: bool, + slot_id: usize, + ) -> Option { + if !use_psk { + if self.peer_info.peer_cert_chain[slot_id].is_none() { + error!("peer_cert_chain is not populated!\n"); + return None; + } + + let cert_chain_data = &self.peer_info.peer_cert_chain[slot_id].as_ref()?.data + [..(self.peer_info.peer_cert_chain[slot_id].as_ref()?.data_size as usize)]; + let cert_chain_hash = + crypto::hash::hash_all(self.negotiate_info.base_hash_sel, cert_chain_data) + .ok_or(None::); + + if let Ok(hash) = cert_chain_hash { + Some(SpdmDigestStruct::from(hash.as_ref())) + } else { + None + } + } else { + None + } + } + + pub fn reset_buffer_via_request_code( + &mut self, + opcode: SpdmRequestResponseCode, + session_id: Option, + ) { + if opcode != SpdmRequestResponseCode::SpdmRequestGetMeasurements { + self.reset_message_m(session_id) + } + match opcode { + SpdmRequestResponseCode::SpdmRequestGetMeasurements + | SpdmRequestResponseCode::SpdmRequestKeyExchange + | SpdmRequestResponseCode::SpdmRequestFinish + | SpdmRequestResponseCode::SpdmRequestPskExchange + | SpdmRequestResponseCode::SpdmRequestPskFinish + | SpdmRequestResponseCode::SpdmRequestKeyUpdate + | SpdmRequestResponseCode::SpdmRequestHeartbeat + | SpdmRequestResponseCode::SpdmRequestEndSession => { + if self.runtime_info.connection_state.get_u8() + < SpdmConnectionState::SpdmConnectionAuthenticated.get_u8() + { + self.reset_message_b(); + self.reset_message_c(); + } + } + SpdmRequestResponseCode::SpdmRequestGetDigests => { + self.reset_message_b(); + } + _ => {} + } + } + + #[maybe_async::maybe_async] + pub async fn encap( + &mut self, + send_buffer: &[u8], + transport_buffer: &mut [u8], + ) -> SpdmResult { + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + let send_buffer = Arc::new(send_buffer); + let transport_buffer = Mutex::new(transport_buffer); + let transport_buffer = Arc::new(transport_buffer); + transport_encap + .encap(send_buffer, transport_buffer, false) + .await + } + + #[maybe_async::maybe_async] + pub async fn encode_secured_message( + &mut self, + session_id: u32, + send_buffer: &[u8], + transport_buffer: &mut [u8], + is_requester: bool, + is_app_message: bool, + ) -> SpdmResult { + let mut app_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + let used = { + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + let send_buffer = Arc::new(send_buffer); + let app_buffer = Mutex::new(&mut app_buffer[..]); + let app_buffer = Arc::new(app_buffer); + transport_encap + .encap_app(send_buffer, app_buffer, is_app_message) + .await? + }; + + let spdm_session = self + .get_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + + let mut encoded_send_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + let encode_size = spdm_session.encode_spdm_secured_message( + &app_buffer[0..used], + &mut encoded_send_buffer, + is_requester, + )?; + + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap + .encap( + Arc::new(&encoded_send_buffer[..encode_size]), + Arc::new(Mutex::new(transport_buffer)), + true, + ) + .await + } + + #[maybe_async::maybe_async] + pub async fn decap( + &mut self, + transport_buffer: &[u8], + receive_buffer: &mut [u8], + ) -> SpdmResult { + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + + let (used, secured_message) = transport_encap + .decap( + Arc::new(transport_buffer), + Arc::new(Mutex::new(receive_buffer)), + ) + .await?; + + if secured_message { + return Err(SPDM_STATUS_DECAP_FAIL); //need check + } + + Ok(used) + } + + #[maybe_async::maybe_async] + pub async fn decode_secured_message( + &mut self, + session_id: u32, + transport_buffer: &[u8], + receive_buffer: &mut [u8], + ) -> SpdmResult { + let mut encoded_receive_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + let (used, secured_message) = { + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + + transport_encap + .decap( + Arc::new(transport_buffer), + Arc::new(Mutex::new(&mut encoded_receive_buffer)), + ) + .await? + }; + + if !secured_message { + return Err(SPDM_STATUS_DECAP_FAIL); + } + + let spdm_session = self + .get_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + + let mut app_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + let decode_size = spdm_session.decode_spdm_secured_message( + &encoded_receive_buffer[..used], + &mut app_buffer, + false, + )?; + + let mut transport_encap = self.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + + let used = transport_encap + .decap_app( + Arc::new(&app_buffer[0..decode_size]), + Arc::new(Mutex::new(receive_buffer)), + ) + .await?; + + Ok(used.0) + } +} + +#[derive(Debug, Default)] +pub struct SpdmConfigInfo { + pub spdm_version: [Option; MAX_SPDM_VERSION_COUNT], + pub req_capabilities: SpdmRequestCapabilityFlags, + pub rsp_capabilities: SpdmResponseCapabilityFlags, + pub req_ct_exponent: u8, + pub rsp_ct_exponent: u8, + pub measurement_specification: SpdmMeasurementSpecification, + pub measurement_hash_algo: SpdmMeasurementHashAlgo, + pub base_hash_algo: SpdmBaseHashAlgo, + pub base_asym_algo: SpdmBaseAsymAlgo, + pub dhe_algo: SpdmDheAlgo, + pub aead_algo: SpdmAeadAlgo, + pub req_asym_algo: SpdmReqAsymAlgo, + pub key_schedule_algo: SpdmKeyScheduleAlgo, + pub opaque_support: SpdmOpaqueSupport, + pub session_policy: u8, + pub runtime_content_change_support: bool, + pub data_transfer_size: u32, + pub max_spdm_msg_size: u32, + pub heartbeat_period: u8, // used by responder only + pub secure_spdm_version: [Option; MAX_SECURE_SPDM_VERSION_COUNT], +} + +#[derive(Debug, Default)] +pub struct SpdmNegotiateInfo { + pub spdm_version_sel: SpdmVersion, + pub req_capabilities_sel: SpdmRequestCapabilityFlags, + pub rsp_capabilities_sel: SpdmResponseCapabilityFlags, + pub req_ct_exponent_sel: u8, + pub rsp_ct_exponent_sel: u8, + pub measurement_specification_sel: SpdmMeasurementSpecification, + pub measurement_hash_sel: SpdmMeasurementHashAlgo, + pub base_hash_sel: SpdmBaseHashAlgo, + pub base_asym_sel: SpdmBaseAsymAlgo, + pub dhe_sel: SpdmDheAlgo, + pub aead_sel: SpdmAeadAlgo, + pub req_asym_sel: SpdmReqAsymAlgo, + pub key_schedule_sel: SpdmKeyScheduleAlgo, + pub opaque_data_support: SpdmOpaqueSupport, + pub termination_policy_set: bool, // used by responder to take action when code or configuration changed. + pub req_data_transfer_size_sel: u32, // spdm 1.2 + pub req_max_spdm_msg_size_sel: u32, // spdm 1.2 + pub rsp_data_transfer_size_sel: u32, // spdm 1.2 + pub rsp_max_spdm_msg_size_sel: u32, // spdm 1.2 +} + +pub const MAX_MANAGED_BUFFER_A_SIZE: usize = 150 + 2 * MAX_SPDM_VERSION_COUNT; +pub const MAX_MANAGED_BUFFER_B_SIZE: usize = + 24 + SPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_NUMBER + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE; +pub const MAX_MANAGED_BUFFER_C_SIZE: usize = + 78 + SPDM_MAX_HASH_SIZE * 2 + SPDM_MAX_ASYM_KEY_SIZE + MAX_SPDM_OPAQUE_SIZE; +pub const MAX_MANAGED_BUFFER_M_SIZE: usize = 47 + + SPDM_NONCE_SIZE + + config::MAX_SPDM_MEASUREMENT_RECORD_SIZE + + SPDM_MAX_ASYM_KEY_SIZE + + MAX_SPDM_OPAQUE_SIZE; +pub const MAX_MANAGED_BUFFER_K_SIZE: usize = 84 + + SPDM_MAX_DHE_KEY_SIZE * 2 + + SPDM_MAX_HASH_SIZE * 2 + + SPDM_MAX_ASYM_KEY_SIZE + + MAX_SPDM_OPAQUE_SIZE * 2; +pub const MAX_MANAGED_BUFFER_F_SIZE: usize = 8 + SPDM_MAX_HASH_SIZE * 2 + SPDM_MAX_ASYM_KEY_SIZE; +pub const MAX_MANAGED_BUFFER_M1M2_SIZE: usize = + MAX_MANAGED_BUFFER_A_SIZE + MAX_MANAGED_BUFFER_B_SIZE + MAX_MANAGED_BUFFER_C_SIZE; +pub const MAX_MANAGED_BUFFER_L1L2_SIZE: usize = + MAX_MANAGED_BUFFER_A_SIZE + MAX_MANAGED_BUFFER_M_SIZE; +pub const MAX_MANAGED_BUFFER_TH_SIZE: usize = MAX_MANAGED_BUFFER_A_SIZE + + SPDM_MAX_HASH_SIZE + + MAX_MANAGED_BUFFER_K_SIZE + + SPDM_MAX_HASH_SIZE + + MAX_MANAGED_BUFFER_F_SIZE; + +pub const SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE: usize = 64; +pub const SPDM_VERSION_1_2_SIGN_CONTEXT_SIZE: usize = 36; +pub const MAX_MANAGED_BUFFER_12SIGN_SIZE: usize = SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE + + SPDM_VERSION_1_2_SIGN_CONTEXT_SIZE + + SPDM_MAX_HASH_SIZE; + +#[derive(Debug, Clone)] +pub struct ManagedBufferA(usize, [u8; MAX_MANAGED_BUFFER_A_SIZE]); + +impl ManagedBufferA { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferA { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferA { + fn default() -> Self { + ManagedBufferA(0usize, [0u8; MAX_MANAGED_BUFFER_A_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferB(usize, [u8; MAX_MANAGED_BUFFER_B_SIZE]); + +impl ManagedBufferB { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferB { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferB { + fn default() -> Self { + ManagedBufferB(0usize, [0u8; MAX_MANAGED_BUFFER_B_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferC(usize, [u8; MAX_MANAGED_BUFFER_C_SIZE]); + +impl ManagedBufferC { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferC { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferC { + fn default() -> Self { + ManagedBufferC(0usize, [0u8; MAX_MANAGED_BUFFER_C_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferM(usize, [u8; MAX_MANAGED_BUFFER_M_SIZE]); + +impl ManagedBufferM { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferM { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferM { + fn default() -> Self { + ManagedBufferM(0usize, [0u8; MAX_MANAGED_BUFFER_M_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferK(usize, [u8; MAX_MANAGED_BUFFER_K_SIZE]); + +impl ManagedBufferK { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferK { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferK { + fn default() -> Self { + ManagedBufferK(0usize, [0u8; MAX_MANAGED_BUFFER_K_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferF(usize, [u8; MAX_MANAGED_BUFFER_F_SIZE]); + +impl ManagedBufferF { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferF { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferF { + fn default() -> Self { + ManagedBufferF(0usize, [0u8; MAX_MANAGED_BUFFER_F_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferM1M2(usize, [u8; MAX_MANAGED_BUFFER_M1M2_SIZE]); + +impl ManagedBufferM1M2 { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferM1M2 { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferM1M2 { + fn default() -> Self { + ManagedBufferM1M2(0usize, [0u8; MAX_MANAGED_BUFFER_M1M2_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferL1L2(usize, [u8; MAX_MANAGED_BUFFER_L1L2_SIZE]); + +impl ManagedBufferL1L2 { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferL1L2 { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferL1L2 { + fn default() -> Self { + ManagedBufferL1L2(0usize, [0u8; MAX_MANAGED_BUFFER_L1L2_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBufferTH(usize, [u8; MAX_MANAGED_BUFFER_TH_SIZE]); + +impl ManagedBufferTH { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBufferTH { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBufferTH { + fn default() -> Self { + ManagedBufferTH(0usize, [0u8; MAX_MANAGED_BUFFER_TH_SIZE]) + } +} + +#[derive(Debug, Clone)] +pub struct ManagedBuffer12Sign(usize, [u8; MAX_MANAGED_BUFFER_12SIGN_SIZE]); + +impl ManagedBuffer12Sign { + pub fn append_message(&mut self, bytes: &[u8]) -> Option { + let used = self.0; + let mut writer = Writer::init(&mut self.1[used..]); + let write_len = writer.extend_from_slice(bytes)?; + self.0 = used + write_len; + Some(writer.used()) + } + pub fn reset_message(&mut self) { + self.0 = 0; + } +} + +impl AsRef<[u8]> for ManagedBuffer12Sign { + fn as_ref(&self) -> &[u8] { + &self.1[0..self.0] + } +} + +impl Default for ManagedBuffer12Sign { + fn default() -> Self { + ManagedBuffer12Sign(0usize, [0u8; MAX_MANAGED_BUFFER_12SIGN_SIZE]) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmMeasurementContentChanged: u8 { + const NOT_SUPPORTED = 0b0000_0000; + const DETECTED_CHANGE = 0b0001_0000; + const NO_CHANGE = 0b0010_0000; + } +} + +#[derive(Debug, Clone, Default)] +#[cfg(not(feature = "hashed-transcript-data"))] +pub struct SpdmRuntimeInfo { + connection_state: SpdmConnectionState, + last_session_id: Option, + local_used_cert_chain_slot_id: u8, + peer_used_cert_chain_slot_id: u8, + pub need_measurement_summary_hash: bool, + pub need_measurement_signature: bool, + pub message_a: ManagedBufferA, + pub message_b: ManagedBufferB, + pub message_c: ManagedBufferC, + pub message_m: ManagedBufferM, + pub content_changed: SpdmMeasurementContentChanged, // used by responder, set when content changed and spdm version is 1.2. + // used by requester, consume when measurement response report content changed. +} + +#[derive(Clone, Default)] +#[cfg(feature = "hashed-transcript-data")] +pub struct SpdmRuntimeInfo { + connection_state: SpdmConnectionState, + last_session_id: Option, + local_used_cert_chain_slot_id: u8, + peer_used_cert_chain_slot_id: u8, + pub need_measurement_summary_hash: bool, + pub need_measurement_signature: bool, + pub message_a: ManagedBufferA, + pub digest_context_m1m2: Option, // for M1/M2 + pub digest_context_l1l2: Option, // for out of session get measurement/measurement + pub content_changed: SpdmMeasurementContentChanged, // used by responder, set when content changed and spdm version is 1.2. + // used by requester, consume when measurement response report content changed. +} + +impl SpdmRuntimeInfo { + pub fn set_connection_state(&mut self, connection_state: SpdmConnectionState) { + self.connection_state = connection_state; + } + + pub fn get_connection_state(&self) -> SpdmConnectionState { + self.connection_state + } + + pub fn set_last_session_id(&mut self, last_session_id: Option) { + self.last_session_id = last_session_id; + } + + pub fn get_last_session_id(&self) -> Option { + self.last_session_id + } + + pub fn set_peer_used_cert_chain_slot_id(&mut self, slot_id: u8) { + self.peer_used_cert_chain_slot_id = slot_id; + } + + pub fn get_peer_used_cert_chain_slot_id(&self) -> u8 { + self.peer_used_cert_chain_slot_id + } + + pub fn set_local_used_cert_chain_slot_id(&mut self, slot_id: u8) { + self.local_used_cert_chain_slot_id = slot_id; + } + + pub fn get_local_used_cert_chain_slot_id(&self) -> u8 { + self.local_used_cert_chain_slot_id + } +} + +#[derive(Default, Clone)] +pub struct SpdmProvisionInfo { + pub my_cert_chain_data: [Option; SPDM_MAX_SLOT_NUMBER], + pub my_cert_chain: [Option; SPDM_MAX_SLOT_NUMBER], + pub peer_root_cert_data: [Option; MAX_ROOT_CERT_SUPPORT], +} + +#[derive(Default)] +pub struct SpdmPeerInfo { + pub peer_cert_chain: [Option; SPDM_MAX_SLOT_NUMBER], + pub peer_cert_chain_temp: Option, +} + +#[cfg(feature = "mut-auth")] +#[derive(Default)] +pub struct SpdmEncapContext { + pub req_slot_id: u8, + pub request_id: u8, + pub encap_cert_size: u16, +} diff --git a/spdmlib/src/common/opaque.rs b/spdmlib/src/common/opaque.rs new file mode 100644 index 0000000..ee56565 --- /dev/null +++ b/spdmlib/src/common/opaque.rs @@ -0,0 +1,634 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::spdm_codec::SpdmCodec; +use super::*; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_UNSUPPORTED_CAP}; +use codec::{u24, Codec, Reader, Writer}; +use core::convert::TryFrom; + +/// This is used in SpdmOpaqueStruct <- SpdmChallengeAuthResponsePayload / SpdmMeasurementsResponsePayload +/// It should be 1024 according to SPDM spec. +pub const MAX_SPDM_OPAQUE_SIZE: usize = 1024; + +pub const MAX_SECURE_SPDM_VERSION_COUNT: usize = 0x02; + +pub const DMTF_SPEC_ID: u32 = 0x444D5446; +pub const DMTF_OPAQUE_VERSION: u8 = 0x01; +pub const SM_DATA_VERSION: u8 = 0x01; +pub const DMTF_ID: u8 = 0x00; +pub const DMTF_VENDOR_LEN: u8 = 0x00; +pub const OPAQUE_LIST_TOTAL_ELEMENTS: u8 = 0x01; +pub const VERSION_SELECTION_SM_DATA_ID: u8 = 0x00; +pub const SUPPORTED_VERSION_LIST_SM_DATA_ID: u8 = 0x01; + +pub const DMTF_SECURE_SPDM_VERSION_10: u8 = 0x10; +pub const DMTF_SECURE_SPDM_VERSION_11: u8 = 0x11; + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub struct GeneralOpaqueDataHeader; + +impl Codec for GeneralOpaqueDataHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0; + + cnt += DMTF_SPEC_ID.encode(bytes)?; + cnt += DMTF_OPAQUE_VERSION.encode(bytes)?; + cnt += OPAQUE_LIST_TOTAL_ELEMENTS.encode(bytes)?; + cnt += 0u16.encode(bytes)?; // reserved + + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let spec_id = u32::read(r)?; + let opaque_version = u8::read(r)?; + let opaque_list_total_elements = u8::read(r)?; + u16::read(r)?; // reserved + + if spec_id != DMTF_SPEC_ID + || opaque_version != DMTF_OPAQUE_VERSION + || opaque_list_total_elements != OPAQUE_LIST_TOTAL_ELEMENTS + { + None + } else { + Some(Self) + } + } +} + +impl SpdmCodec for GeneralOpaqueDataHeader { + fn spdm_encode(&self, _context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult { + self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL) + } + + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + GeneralOpaqueDataHeader::read(r) + } +} + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub struct FM1OpaqueDataHeader; + +impl Codec for FM1OpaqueDataHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0; + + cnt += OPAQUE_LIST_TOTAL_ELEMENTS.encode(bytes)?; + cnt += u24::new(0).encode(bytes)?; // reserved + + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let opaque_list_total_elements = u8::read(r)?; + u24::read(r)?; // reserved + + if opaque_list_total_elements != OPAQUE_LIST_TOTAL_ELEMENTS { + None + } else { + Some(Self) + } + } +} + +impl SpdmCodec for FM1OpaqueDataHeader { + fn spdm_encode(&self, _context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult { + self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL) + } + + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + FM1OpaqueDataHeader::read(r) + } +} + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub enum SMDataId { + VersionSelectionSmDataId, + SupportedVersionList, +} + +impl From for u8 { + fn from(id: SMDataId) -> Self { + match id { + SMDataId::VersionSelectionSmDataId => 0, + SMDataId::SupportedVersionList => 1, + } + } +} + +impl From<&SMDataId> for u8 { + fn from(id: &SMDataId) -> Self { + u8::from(*id) + } +} + +impl TryFrom for SMDataId { + type Error = (); + fn try_from(untrusted: u8) -> Result>::Error> { + match untrusted { + 0 => Ok(Self::VersionSelectionSmDataId), + 1 => Ok(Self::SupportedVersionList), + _ => Err(()), + } + } +} + +impl Codec for SMDataId { + fn encode(&self, bytes: &mut Writer) -> Result { + u8::from(self).encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let id = u8::read(r)?; + Self::try_from(id).ok() + } +} + +#[derive(Clone, Copy, Debug, Eq)] +pub struct SecuredMessageVersion { + pub major_version: u8, + pub minor_version: u8, + pub update_version_number: u8, + pub alpha: u8, +} + +impl Default for SecuredMessageVersion { + fn default() -> Self { + Self { + major_version: 0x1, + minor_version: 0x1, + update_version_number: 0x0, + alpha: 0x0, + } + } +} + +impl Codec for SecuredMessageVersion { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += ((self.update_version_number << 4) + self.alpha).encode(bytes)?; + cnt += ((self.major_version << 4) + self.minor_version).encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let update_version_number_alpha = u8::read(r)?; + let major_version_minor_version = u8::read(r)?; + let update_version_number = update_version_number_alpha >> 4; + let alpha = update_version_number_alpha & 0x0F; + let major_version = major_version_minor_version >> 4; + let minor_version = major_version_minor_version & 0x0F; + + Some(SecuredMessageVersion { + major_version, + minor_version, + update_version_number, + alpha, + }) + } +} + +impl SpdmCodec for SecuredMessageVersion { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL) + } + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + SecuredMessageVersion::read(r) + } +} + +impl From for u8 { + fn from(smv: opaque::SecuredMessageVersion) -> Self { + (smv.major_version << 4) + smv.minor_version + } +} + +impl From<&SecuredMessageVersion> for u8 { + fn from(smv: &opaque::SecuredMessageVersion) -> Self { + u8::from(*smv) + } +} + +impl From for u16 { + fn from(smv: opaque::SecuredMessageVersion) -> Self { + (((smv.major_version << 4) as u16 + smv.minor_version as u16) << 8) + + (smv.update_version_number << 4) as u16 + + smv.alpha as u16 + } +} + +impl From<&SecuredMessageVersion> for u16 { + fn from(smv: &opaque::SecuredMessageVersion) -> Self { + u16::from(*smv) + } +} + +impl TryFrom for SecuredMessageVersion { + type Error = (); + fn try_from(untrusted_smv: u8) -> Result>::Error> { + let major_version = untrusted_smv >> 4; + let minor_version = untrusted_smv & 0x0F; + Ok(Self { + major_version, + minor_version, + update_version_number: 0, + alpha: 0, + }) + } +} + +impl TryFrom for SecuredMessageVersion { + type Error = (); + fn try_from(untrusted_smv: u16) -> Result>::Error> { + let major_minor = (untrusted_smv >> 8) as u8; + let major_version = major_minor >> 4; + let minor_version = major_minor & 0x0F; + + let update_alpha = (untrusted_smv & 0xFF) as u8; + let update_version_number = update_alpha >> 4; + let alpha = update_alpha & 0x0F; + + Ok(Self { + major_version, + minor_version, + update_version_number, + alpha, + }) + } +} + +impl PartialEq for SecuredMessageVersion { + fn eq(&self, smv: &SecuredMessageVersion) -> bool { + self.major_version == smv.major_version && self.minor_version == smv.minor_version + } +} + +#[derive(Clone, Copy, Debug, Default)] +pub struct SecuredMessageVersionList { + pub version_count: u8, + pub versions_list: [SecuredMessageVersion; MAX_SECURE_SPDM_VERSION_COUNT], +} + +impl Codec for SecuredMessageVersionList { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.version_count.encode(bytes)?; + for index in 0..self.version_count as usize { + cnt += self.versions_list[index].encode(bytes)?; + } + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let version_count = u8::read(r)?; + if version_count as usize > MAX_SECURE_SPDM_VERSION_COUNT { + return None; + } + let mut versions_list = [SecuredMessageVersion::default(); MAX_SECURE_SPDM_VERSION_COUNT]; + for d in versions_list.iter_mut().take(version_count as usize) { + *d = SecuredMessageVersion::read(r)?; + } + + Some(SecuredMessageVersionList { + version_count, + versions_list, + }) + } +} + +impl SpdmCodec for SecuredMessageVersionList { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL) + } + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + SecuredMessageVersionList::read(r) + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq, Default)] +pub struct SMVersionSelOpaque { + pub secured_message_version: SecuredMessageVersion, +} + +impl Codec for SMVersionSelOpaque { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0; + + cnt += DMTF_ID.encode(bytes)?; + cnt += DMTF_VENDOR_LEN.encode(bytes)?; + cnt += 4u16.encode(bytes)?; // OpaqueElementDataLen, Shall be four. + cnt += SM_DATA_VERSION.encode(bytes)?; + cnt += SMDataId::VersionSelectionSmDataId.encode(bytes)?; + cnt += self.secured_message_version.encode(bytes)?; + // no padding + + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let dmtf_id = u8::read(r)?; + let dmtf_vendor_len = u8::read(r)?; + let opaque_element_data_len = u16::read(r)?; + let sm_data_version = u8::read(r)?; + let version_selection_sm_data_id = u8::read(r)?; + let version_selection_sm_data_id = SMDataId::try_from(version_selection_sm_data_id).ok()?; + let secured_message_version = SecuredMessageVersion::read(r)?; + if dmtf_id != DMTF_ID + || dmtf_vendor_len != DMTF_VENDOR_LEN + || opaque_element_data_len != 4 + || sm_data_version != SM_DATA_VERSION + || version_selection_sm_data_id != SMDataId::VersionSelectionSmDataId + { + None + } else { + Some(Self { + secured_message_version, + }) + } + } +} + +impl SpdmCodec for SMVersionSelOpaque { + fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult { + let mut cnt = 0; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 { + cnt += FM1OpaqueDataHeader + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + return Err(SPDM_STATUS_UNSUPPORTED_CAP); + } + } else { + cnt += GeneralOpaqueDataHeader + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + cnt += self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + Ok(cnt) + } + + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 { + FM1OpaqueDataHeader::read(r)?; + } else { + return None; + } + } else { + GeneralOpaqueDataHeader::read(r)?; + } + SMVersionSelOpaque::read(r) + } +} + +#[derive(Debug, Copy, Clone, Default)] +pub struct SMSupportedVerListOpaque { + pub secured_message_version_list: SecuredMessageVersionList, +} + +impl Codec for SMSupportedVerListOpaque { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0; + + cnt += DMTF_ID.encode(bytes)?; + cnt += DMTF_VENDOR_LEN.encode(bytes)?; + cnt += (3 + 2 * self.secured_message_version_list.version_count as u16).encode(bytes)?; // OpaqueElementDataLen + cnt += SM_DATA_VERSION.encode(bytes)?; + cnt += SMDataId::SupportedVersionList.encode(bytes)?; + cnt += self.secured_message_version_list.encode(bytes)?; + + // padding + if cnt & 3 != 0 { + let padding_cnt = 4 - (cnt & 3); + for _ in 0..padding_cnt { + cnt += 0u8.encode(bytes)?; + } + } + + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let dmtf_id = u8::read(r)?; + let dmtf_vendor_len = u8::read(r)?; + let opaque_element_data_len = u16::read(r)?; + let sm_data_version = u8::read(r)?; + let supported_version_list_sm_data_id = u8::read(r)?; + let supported_version_list_sm_data_id = + SMDataId::try_from(supported_version_list_sm_data_id).ok()?; + let secured_message_version_list = SecuredMessageVersionList::read(r)?; + if dmtf_id != DMTF_ID + || dmtf_vendor_len != DMTF_VENDOR_LEN + || opaque_element_data_len + != (3 + 2 * secured_message_version_list.version_count as u16) + || sm_data_version != SM_DATA_VERSION + || supported_version_list_sm_data_id != SMDataId::SupportedVersionList + { + None + } else { + // padding + let cnt = 7 + 2 * secured_message_version_list.version_count; + if cnt & 3 != 0 { + let padding_cnt = 4 - (cnt & 3); + for _ in 0..padding_cnt { + u8::read(r)?; + } + } + + Some(Self { + secured_message_version_list, + }) + } + } +} + +impl SpdmCodec for SMSupportedVerListOpaque { + fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult { + let mut cnt = 0; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 { + cnt += FM1OpaqueDataHeader + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + return Err(SPDM_STATUS_UNSUPPORTED_CAP); + } + } else { + cnt += GeneralOpaqueDataHeader + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + cnt += self.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + Ok(cnt) + } + + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 { + FM1OpaqueDataHeader::read(r)?; + } else { + return None; + } + } else { + GeneralOpaqueDataHeader::read(r)?; + } + SMSupportedVerListOpaque::read(r) + } +} + +#[derive(Debug, Clone, Copy)] +pub struct SpdmOpaqueStruct { + pub data_size: u16, + pub data: [u8; MAX_SPDM_OPAQUE_SIZE], +} +impl Default for SpdmOpaqueStruct { + fn default() -> SpdmOpaqueStruct { + SpdmOpaqueStruct { + data_size: 0, + data: [0u8; MAX_SPDM_OPAQUE_SIZE], + } + } +} + +impl SpdmCodec for SpdmOpaqueStruct { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + for d in self.data.iter().take(self.data_size as usize) { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + let data_size = u16::read(r)?; + if data_size > MAX_SPDM_OPAQUE_SIZE as u16 { + return None; + } + let mut data = [0u8; MAX_SPDM_OPAQUE_SIZE]; + for d in data.iter_mut().take(data_size as usize) { + *d = u8::read(r)?; + } + + Some(SpdmOpaqueStruct { data_size, data }) + } +} + +impl SpdmOpaqueStruct { + pub fn from_sm_version_sel_opaque( + context: &mut SpdmContext, + sm_version_sel_opaque: &SMVersionSelOpaque, + ) -> SpdmResult { + let mut opaque = SpdmOpaqueStruct { + data_size: 0, + data: [0u8; MAX_SPDM_OPAQUE_SIZE], + }; + let bytes = &mut Writer::init(&mut opaque.data); + + opaque.data_size = sm_version_sel_opaque.spdm_encode(context, bytes)? as u16; + + Ok(opaque) + } + + pub fn to_sm_version_sel_opaque( + &self, + context: &mut SpdmContext, + ) -> SpdmResult { + SMVersionSelOpaque::spdm_read_bytes(context, &self.data[..self.data_size as usize]) + .ok_or(SPDM_STATUS_INVALID_PARAMETER) + } + + pub fn from_sm_supported_ver_list_opaque( + context: &mut SpdmContext, + sm_supported_ver_list_opaque: &SMSupportedVerListOpaque, + ) -> SpdmResult { + let mut opaque = SpdmOpaqueStruct { + data_size: 0, + data: [0u8; MAX_SPDM_OPAQUE_SIZE], + }; + let bytes = &mut Writer::init(&mut opaque.data); + + opaque.data_size = sm_supported_ver_list_opaque.spdm_encode(context, bytes)? as u16; + + Ok(opaque) + } + + pub fn to_sm_supported_ver_list_opaque( + &self, + context: &mut SpdmContext, + ) -> SpdmResult { + SMSupportedVerListOpaque::spdm_read_bytes(context, &self.data[..self.data_size as usize]) + .ok_or(SPDM_STATUS_INVALID_PARAMETER) + } + + pub fn rsp_get_dmtf_supported_secure_spdm_version_list( + &self, + context: &mut SpdmContext, + ) -> Option { + let smsupported_ver_list_opaque = self.to_sm_supported_ver_list_opaque(context).ok()?; + Some(smsupported_ver_list_opaque.secured_message_version_list) + } + + pub fn req_get_dmtf_secure_spdm_version_selection( + &self, + context: &mut SpdmContext, + ) -> Option { + let smversion_sel_opaque = self.to_sm_version_sel_opaque(context).ok()?; + Some(smversion_sel_opaque.secured_message_version) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmOpaqueSupport: u8 { + const OPAQUE_DATA_FMT1 = 0b0000_0010; + const VALID_MASK = Self::OPAQUE_DATA_FMT1.bits; + } +} + +impl Codec for SpdmOpaqueSupport { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + + SpdmOpaqueSupport::from_bits(bits) + } +} + +impl SpdmOpaqueSupport { + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} diff --git a/spdmlib/src/common/session.rs b/spdmlib/src/common/session.rs new file mode 100644 index 0000000..b5e18d2 --- /dev/null +++ b/spdmlib/src/common/session.rs @@ -0,0 +1,1504 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::key_schedule::SpdmKeySchedule; +use crate::config; +use crate::crypto; +use crate::error::SpdmResult; +use crate::error::StatusCodeCrypto; +use crate::error::SPDM_STATUS_BUFFER_TOO_SMALL; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_DECODE_AEAD_FAIL; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW; +use crate::message::SpdmKeyExchangeMutAuthAttributes; + +use zeroize::{Zeroize, ZeroizeOnDrop}; + +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; + +use super::*; + +enum_builder! { + @U8 + EnumName: SpdmSessionState; + EnumVal{ + // Before send KEY_EXCHANGE/PSK_EXCHANGE + // or after END_SESSION + SpdmSessionNotStarted => 0x0, + // After send KEY_EXHCNAGE, before send FINISH + SpdmSessionHandshaking => 0x1, + // After send FINISH, before END_SESSION + SpdmSessionEstablished => 0x2 + } +} +impl Default for SpdmSessionState { + fn default() -> SpdmSessionState { + SpdmSessionState::SpdmSessionNotStarted + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmSessionCryptoParam { + pub base_hash_algo: SpdmBaseHashAlgo, + pub dhe_algo: SpdmDheAlgo, + pub aead_algo: SpdmAeadAlgo, + pub key_schedule_algo: SpdmKeyScheduleAlgo, +} + +#[derive(Debug, Clone, Default, Zeroize, ZeroizeOnDrop)] +pub struct SpdmSessionDheSecretRoot { + pub dhe_secret: SpdmDheFinalKeyStruct, + pub handshake_secret: SpdmHandshakeSecretStruct, + pub master_secret: SpdmMasterSecretStruct, +} + +#[derive(Debug, Clone, Default, Zeroize, ZeroizeOnDrop)] +pub struct SpdmSessionSecretParam { + pub encryption_key: SpdmAeadKeyStruct, + pub salt: SpdmAeadIvStruct, + pub sequence_number: u64, +} + +#[derive(Debug, Clone, Default, Zeroize, ZeroizeOnDrop)] +pub struct SpdmSessionHandshakeSecret { + pub request_handshake_secret: SpdmDirectionHandshakeSecretStruct, + pub response_handshake_secret: SpdmDirectionHandshakeSecretStruct, + pub request_finished_key: SpdmFinishedKeyStruct, + pub response_finished_key: SpdmFinishedKeyStruct, + pub request_direction: SpdmSessionSecretParam, + pub response_direction: SpdmSessionSecretParam, +} + +#[derive(Debug, Clone, Default, Zeroize, ZeroizeOnDrop)] +pub struct SpdmSessionAppliationSecret { + pub request_data_secret: SpdmDirectionDataSecretStruct, + pub response_data_secret: SpdmDirectionDataSecretStruct, + pub request_direction: SpdmSessionSecretParam, + pub response_direction: SpdmSessionSecretParam, + pub export_master_secret: SpdmExportMasterSecretStruct, +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmSessionTransportParam { + pub sequence_number_count: u8, + pub max_random_count: u16, +} + +#[derive(Debug, Clone, Default)] +#[cfg(not(feature = "hashed-transcript-data"))] +pub struct SpdmSessionRuntimeInfo { + pub psk_hint: Option, + pub message_a: ManagedBufferA, + pub rsp_cert_hash: Option, + pub req_cert_hash: Option, + pub message_k: ManagedBufferK, + pub message_f: ManagedBufferF, + pub message_m: ManagedBufferM, +} + +#[derive(Clone, Default)] +#[cfg(feature = "hashed-transcript-data")] +pub struct SpdmSessionRuntimeInfo { + pub psk_hint: Option, + pub message_a: ManagedBufferA, + pub message_f_initialized: bool, + pub rsp_cert_hash: Option, + pub req_cert_hash: Option, + pub digest_context_th: Option, + pub digest_context_l1l2: Option, +} + +#[derive(Clone)] +pub struct SpdmSession { + session_id: u32, + use_psk: bool, + mut_auth_requested: SpdmKeyExchangeMutAuthAttributes, + session_state: SpdmSessionState, + crypto_param: SpdmSessionCryptoParam, + dhe_secret_root: SpdmSessionDheSecretRoot, + handshake_secret: SpdmSessionHandshakeSecret, + application_secret: SpdmSessionAppliationSecret, + application_secret_backup: SpdmSessionAppliationSecret, + transport_param: SpdmSessionTransportParam, + pub runtime_info: SpdmSessionRuntimeInfo, + key_schedule: SpdmKeySchedule, + slot_id: u8, + pub heartbeat_period: u8, // valid only when HEARTBEAT cap set + pub secure_spdm_version_sel: SecuredMessageVersion, +} + +impl Default for SpdmSession { + fn default() -> Self { + Self::new() + } +} + +impl SpdmSession { + pub fn new() -> Self { + SpdmSession { + session_id: INVALID_SESSION_ID, + use_psk: false, + session_state: SpdmSessionState::default(), + crypto_param: SpdmSessionCryptoParam::default(), + dhe_secret_root: SpdmSessionDheSecretRoot::default(), + handshake_secret: SpdmSessionHandshakeSecret::default(), + application_secret: SpdmSessionAppliationSecret::default(), + application_secret_backup: SpdmSessionAppliationSecret::default(), + transport_param: SpdmSessionTransportParam::default(), + runtime_info: SpdmSessionRuntimeInfo::default(), + key_schedule: SpdmKeySchedule::new(), + slot_id: 0, + heartbeat_period: 0, + secure_spdm_version_sel: SecuredMessageVersion::default(), + mut_auth_requested: SpdmKeyExchangeMutAuthAttributes::default(), + } + } + + pub fn set_request_direction_sequence_number(&mut self, seq: u64) { + self.application_secret.request_direction.sequence_number = seq; + } + + pub fn get_request_direction_sequence_number(&self) -> u64 { + self.application_secret.request_direction.sequence_number + } + + pub fn set_response_direction_sequence_number(&mut self, seq: u64) { + self.application_secret.response_direction.sequence_number = seq; + } + + pub fn get_response_direction_sequence_number(&self) -> u64 { + self.application_secret.response_direction.sequence_number + } + + pub fn get_application_secret(&self) -> SpdmSessionAppliationSecret { + self.application_secret.clone() + } + + pub fn set_application_secret(&mut self, application_secret: SpdmSessionAppliationSecret) { + self.application_secret = application_secret; + } + + pub fn set_default(&mut self) { + self.session_id = INVALID_SESSION_ID; + self.use_psk = false; + self.session_state = SpdmSessionState::default(); + self.crypto_param = SpdmSessionCryptoParam::default(); + self.dhe_secret_root = SpdmSessionDheSecretRoot::default(); + self.handshake_secret = SpdmSessionHandshakeSecret::default(); + self.application_secret = SpdmSessionAppliationSecret::default(); + self.application_secret_backup = SpdmSessionAppliationSecret::default(); + self.transport_param = SpdmSessionTransportParam::default(); + self.runtime_info = SpdmSessionRuntimeInfo::default(); + self.key_schedule = SpdmKeySchedule; + self.heartbeat_period = 0; + self.secure_spdm_version_sel = SecuredMessageVersion::default(); + self.mut_auth_requested = SpdmKeyExchangeMutAuthAttributes::empty(); + } + + pub fn get_session_id(&self) -> u32 { + self.session_id + } + + pub fn set_session_id(&mut self, session_id: u32) { + self.session_id = session_id; + } + + pub fn setup(&mut self, session_id: u32) -> SpdmResult { + if self.session_id == INVALID_SESSION_ID { + self.set_default(); + self.session_id = session_id; + Ok(()) + } else { + panic!("setup session occupied!"); + } + } + + pub fn teardown(&mut self) { + self.set_default() + } + + pub fn set_use_psk(&mut self, use_psk: bool) { + self.use_psk = use_psk; + } + + pub fn get_use_psk(&self) -> bool { + self.use_psk + } + + pub fn set_slot_id(&mut self, slot_id: u8) { + self.slot_id = slot_id; + } + + pub fn get_slot_id(&self) -> u8 { + self.slot_id + } + + pub fn set_dhe_secret( + &mut self, + spdm_version: SpdmVersion, + dhe_secret: SpdmDheFinalKeyStruct, + ) -> SpdmResult { + self.dhe_secret_root.dhe_secret = dhe_secret; // take the ownership here! + + // generate dhe_secret_root.handshake_secret and dhe_secret_root.master_secret + let handshake_secret = if let Some(hs) = self.key_schedule.derive_handshake_secret( + spdm_version, + self.crypto_param.base_hash_algo, + &self.dhe_secret_root.dhe_secret, + ) { + hs + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + + let master_secret = if let Some(ms) = self.key_schedule.derive_master_secret( + spdm_version, + self.crypto_param.base_hash_algo, + &handshake_secret, + ) { + ms + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + + self.dhe_secret_root.handshake_secret = handshake_secret; + self.dhe_secret_root.master_secret = master_secret; + + debug!( + "!!! handshake_secret !!!: {:02x?}\n", + self.dhe_secret_root.handshake_secret.as_ref() + ); + debug!( + "!!! master_secret !!!: {:02x?}\n", + self.dhe_secret_root.master_secret.as_ref() + ); + + Ok(()) + } + + pub fn get_crypto_param(&self) -> SpdmSessionCryptoParam { + self.crypto_param.clone() + } + + pub fn set_crypto_param( + &mut self, + base_hash_algo: SpdmBaseHashAlgo, + dhe_algo: SpdmDheAlgo, + aead_algo: SpdmAeadAlgo, + key_schedule_algo: SpdmKeyScheduleAlgo, + ) { + self.crypto_param.base_hash_algo = base_hash_algo; + self.crypto_param.dhe_algo = dhe_algo; + self.crypto_param.aead_algo = aead_algo; + self.crypto_param.key_schedule_algo = key_schedule_algo; + } + + pub fn set_transport_param(&mut self, sequence_number_count: u8, max_random_count: u16) { + self.transport_param.sequence_number_count = sequence_number_count; + self.transport_param.max_random_count = max_random_count; + } + + pub fn set_session_state(&mut self, session_state: SpdmSessionState) { + self.session_state = session_state; + } + + pub fn get_session_state(&self) -> SpdmSessionState { + self.session_state + } + + pub fn set_mut_auth_requested(&mut self, mut_auth_requested: SpdmKeyExchangeMutAuthAttributes) { + self.mut_auth_requested = mut_auth_requested; + } + + pub fn get_mut_auth_requested(&self) -> SpdmKeyExchangeMutAuthAttributes { + self.mut_auth_requested + } + + pub fn generate_handshake_secret( + &mut self, + spdm_version: SpdmVersion, + th1: &SpdmDigestStruct, + ) -> SpdmResult { + // generate key + info!("!!! generate_handshake_secret !!!:\n"); + let hash_algo = self.crypto_param.base_hash_algo; + let aead_algo = self.crypto_param.aead_algo; + + self.handshake_secret.request_handshake_secret = if let Some(rhs) = + self.key_schedule.derive_request_handshake_secret( + self.use_psk, + spdm_version, + hash_algo, + if self.use_psk { + None + } else { + Some(&self.dhe_secret_root.handshake_secret) + }, + self.runtime_info.psk_hint.as_ref(), + th1.as_ref(), + ) { + rhs + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! request_handshake_secret !!!: {:02x?}\n", + self.handshake_secret.request_handshake_secret.as_ref() + ); + self.handshake_secret.response_handshake_secret = if let Some(rhs) = + self.key_schedule.derive_response_handshake_secret( + self.use_psk, + spdm_version, + hash_algo, + if self.use_psk { + None + } else { + Some(&self.dhe_secret_root.handshake_secret) + }, + self.runtime_info.psk_hint.as_ref(), + th1.as_ref(), + ) { + rhs + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! response_handshake_secret !!!: {:02x?}\n", + self.handshake_secret.response_handshake_secret.as_ref() + ); + self.handshake_secret.request_finished_key = if let Some(rfk) = + self.key_schedule.derive_finished_key( + spdm_version, + hash_algo, + &self.handshake_secret.request_handshake_secret, + ) { + rfk + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! request_finished_key !!!: {:02x?}\n", + self.handshake_secret.request_finished_key.as_ref() + ); + self.handshake_secret.response_finished_key = if let Some(rfk) = + self.key_schedule.derive_finished_key( + spdm_version, + hash_algo, + &self.handshake_secret.response_handshake_secret, + ) { + rfk + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! response_finished_key !!!: {:02x?}\n", + self.handshake_secret.response_finished_key.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionHandshakeSecret( + &self.handshake_secret.request_handshake_secret, + ), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + + self.handshake_secret.request_direction.encryption_key = res.0; + self.handshake_secret.request_direction.salt = res.1; + debug!( + "!!! request_direction.encryption_key !!!: {:02x?}\n", + self.handshake_secret + .request_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! request_direction.salt !!!: {:02x?}\n", + self.handshake_secret.request_direction.salt.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionHandshakeSecret( + &self.handshake_secret.response_handshake_secret, + ), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.handshake_secret.response_direction.encryption_key = res.0; + self.handshake_secret.response_direction.salt = res.1; + debug!( + "!!! response_direction.encryption_key !!!: {:02x?}\n", + self.handshake_secret + .response_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! response_direction.salt !!!: {:02x?}\n", + self.handshake_secret.response_direction.salt.as_ref() + ); + + Ok(()) + } + + pub fn generate_data_secret( + &mut self, + spdm_version: SpdmVersion, + th2: &SpdmDigestStruct, + ) -> SpdmResult { + // generate key + info!("!!! generate_data_secret !!!:\n"); + let hash_algo = self.crypto_param.base_hash_algo; + let aead_algo = self.crypto_param.aead_algo; + + self.application_secret.request_data_secret = if let Some(rds) = + self.key_schedule.derive_request_data_secret( + self.use_psk, + spdm_version, + hash_algo, + if self.use_psk { + None + } else { + Some(&self.dhe_secret_root.master_secret) + }, + self.runtime_info.psk_hint.as_ref(), + th2.as_ref(), + ) { + rds + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.application_secret.response_data_secret = if let Some(rds) = + self.key_schedule.derive_response_data_secret( + self.use_psk, + spdm_version, + hash_algo, + if self.use_psk { + None + } else { + Some(&self.dhe_secret_root.master_secret) + }, + self.runtime_info.psk_hint.as_ref(), + th2.as_ref(), + ) { + rds + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! request_data_secret !!!: {:02x?}\n", + self.application_secret.request_data_secret.as_ref() + ); + debug!( + "!!! response_data_secret !!!: {:02x?}\n", + self.application_secret.response_data_secret.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionDataSecret(&self.application_secret.request_data_secret), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.application_secret.request_direction.encryption_key = res.0; + self.application_secret.request_direction.salt = res.1; + debug!( + "!!! request_direction.encryption_key !!!: {:02x?}\n", + self.application_secret + .request_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! request_direction.salt !!!: {:02x?}\n", + self.application_secret.request_direction.salt.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionDataSecret( + &self.application_secret.response_data_secret, + ), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.application_secret.response_direction.encryption_key = res.0; + self.application_secret.response_direction.salt = res.1; + debug!( + "!!! response_direction.encryption_key !!!: {:02x?}\n", + self.application_secret + .response_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! response_direction.salt !!!: {:02x?}\n", + self.application_secret.response_direction.salt.as_ref() + ); + + self.application_secret.export_master_secret = if let Some(ems) = + self.key_schedule.derive_export_master_secret( + self.use_psk, + spdm_version, + hash_algo, + if self.use_psk { + None + } else { + Some(&self.dhe_secret_root.master_secret) + }, + self.runtime_info.psk_hint.as_ref(), + ) { + ems + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + + Ok(()) + } + + pub fn create_data_secret_update( + &mut self, + spdm_version: SpdmVersion, + update_requester: bool, + update_responder: bool, + ) -> SpdmResult { + info!( + "!!! create_data_secret_update {:?} {:?} !!!:\n", + update_requester, update_responder + ); + let hash_algo = self.crypto_param.base_hash_algo; + let aead_algo = self.crypto_param.aead_algo; + + if update_requester { + self.application_secret_backup.request_data_secret = + self.application_secret.request_data_secret.clone(); + self.application_secret_backup.request_direction = + self.application_secret.request_direction.clone(); + + self.application_secret.request_data_secret = if let Some(us) = + self.key_schedule.derive_update_secret( + spdm_version, + hash_algo, + &self.application_secret.request_data_secret, + ) { + us + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! request_data_secret !!!: {:02x?}\n", + self.application_secret.request_data_secret.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionDataSecret( + &self.application_secret.request_data_secret, + ), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.application_secret.request_direction.encryption_key = res.0; + self.application_secret.request_direction.salt = res.1; + debug!( + "!!! request_direction.encryption_key !!!: {:02x?}\n", + self.application_secret + .request_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! request_direction.salt !!!: {:02x?}\n", + self.application_secret.request_direction.salt.as_ref() + ); + self.application_secret.request_direction.sequence_number = 0; + } + + if update_responder { + self.application_secret_backup.response_data_secret = + self.application_secret.response_data_secret.clone(); + self.application_secret_backup.response_direction = + self.application_secret.response_direction.clone(); + + self.application_secret.response_data_secret = if let Some(us) = + self.key_schedule.derive_update_secret( + spdm_version, + hash_algo, + &self.application_secret.response_data_secret, + ) { + us + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + debug!( + "!!! response_data_secret !!!: {:02x?}\n", + self.application_secret.response_data_secret.as_ref() + ); + + let res = if let Some(aki) = self.key_schedule.derive_aead_key_iv( + spdm_version, + hash_algo, + aead_algo, + &SpdmMajorSecret::SpdmDirectionDataSecret( + &self.application_secret.response_data_secret, + ), + ) { + aki + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + self.application_secret.response_direction.encryption_key = res.0; + self.application_secret.response_direction.salt = res.1; + debug!( + "!!! response_direction.encryption_key !!!: {:02x?}\n", + self.application_secret + .response_direction + .encryption_key + .as_ref() + ); + debug!( + "!!! response_direction.salt !!!: {:02x?}\n", + self.application_secret.response_direction.salt.as_ref() + ); + self.application_secret.response_direction.sequence_number = 0; + } + Ok(()) + } + + pub fn activate_data_secret_update( + &mut self, + _spdm_version: SpdmVersion, + update_requester: bool, + update_responder: bool, + use_new_key: bool, + ) -> SpdmResult { + if !use_new_key { + if update_requester { + self.application_secret.request_data_secret = + self.application_secret_backup.request_data_secret.clone(); + self.application_secret.request_direction = + self.application_secret_backup.request_direction.clone(); + } + if update_responder { + self.application_secret.response_data_secret = + self.application_secret_backup.response_data_secret.clone(); + self.application_secret.response_direction = + self.application_secret_backup.response_direction.clone(); + } + } else { + if update_requester { + self.application_secret_backup.request_data_secret = + SpdmDirectionDataSecretStruct::default(); + self.application_secret_backup.request_direction = + SpdmSessionSecretParam::default(); + } + if update_responder { + self.application_secret_backup.response_data_secret = + SpdmDirectionDataSecretStruct::default(); + self.application_secret_backup.response_direction = + SpdmSessionSecretParam::default(); + } + } + Ok(()) + } + + pub fn generate_hmac_with_response_finished_key( + &self, + message_hash: &[u8], + ) -> SpdmResult { + crypto::hmac::hmac( + self.crypto_param.base_hash_algo, + self.handshake_secret.response_finished_key.as_ref(), + message_hash, + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + pub fn generate_hmac_with_request_finished_key( + &self, + message_hash: &[u8], + ) -> SpdmResult { + crypto::hmac::hmac( + self.crypto_param.base_hash_algo, + self.handshake_secret.request_finished_key.as_ref(), + message_hash, + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + pub fn verify_hmac_with_response_finished_key( + &self, + message_hash: &[u8], + hmac: &SpdmDigestStruct, + ) -> SpdmResult { + crypto::hmac::hmac_verify( + self.crypto_param.base_hash_algo, + self.handshake_secret.response_finished_key.as_ref(), + message_hash, + hmac, + ) + } + + pub fn verify_hmac_with_request_finished_key( + &self, + message_hash: &[u8], + hmac: &SpdmDigestStruct, + ) -> SpdmResult { + crypto::hmac::hmac_verify( + self.crypto_param.base_hash_algo, + self.handshake_secret.request_finished_key.as_ref(), + message_hash, + hmac, + ) + } + + pub fn export_keys(&mut self) -> (SpdmSessionSecretParam, SpdmSessionSecretParam) { + ( + SpdmSessionSecretParam { + encryption_key: self + .application_secret + .request_direction + .encryption_key + .clone(), + salt: self.application_secret.request_direction.salt.clone(), + sequence_number: self.application_secret.request_direction.sequence_number, + }, + SpdmSessionSecretParam { + encryption_key: self + .application_secret + .response_direction + .encryption_key + .clone(), + salt: self.application_secret.response_direction.salt.clone(), + sequence_number: self.application_secret.response_direction.sequence_number, + }, + ) + } + + pub fn encode_spdm_secured_message( + &mut self, + app_buffer: &[u8], + secured_buffer: &mut [u8], + is_requester: bool, + ) -> SpdmResult { + let r = match self.session_state { + SpdmSessionState::SpdmSessionNotStarted => Err(SPDM_STATUS_INVALID_STATE_LOCAL), + SpdmSessionState::SpdmSessionHandshaking => { + if is_requester { + let r = self.encode_msg( + app_buffer, + secured_buffer, + &self.handshake_secret.request_direction, + ); + if r.is_ok() { + self.handshake_secret.request_direction.sequence_number += 1 + }; + r + } else { + let r = self.encode_msg( + app_buffer, + secured_buffer, + &self.handshake_secret.response_direction, + ); + if r.is_ok() { + self.handshake_secret.response_direction.sequence_number += 1 + }; + r + } + } + SpdmSessionState::SpdmSessionEstablished => { + if is_requester { + let r = self.encode_msg( + app_buffer, + secured_buffer, + &self.application_secret.request_direction, + ); + if r.is_ok() { + self.application_secret.request_direction.sequence_number += 1 + }; + r + } else { + let r = self.encode_msg( + app_buffer, + secured_buffer, + &self.application_secret.response_direction, + ); + if r.is_ok() { + self.application_secret.response_direction.sequence_number += 1 + }; + r + } + } + _ => panic!("unknown session state"), + }; + + if let Err(err) = r { + if err.status_code + == crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + { + self.set_default(); + } + } + + r + } + + pub fn decode_spdm_secured_message( + &mut self, + secured_buffer: &[u8], + app_buffer: &mut [u8], + is_requester: bool, + ) -> SpdmResult { + let r = match self.session_state { + SpdmSessionState::SpdmSessionNotStarted => Err(SPDM_STATUS_INVALID_STATE_LOCAL), + SpdmSessionState::SpdmSessionHandshaking => { + if is_requester { + let r = self.decode_msg( + secured_buffer, + app_buffer, + &self.handshake_secret.request_direction, + ); + if r != Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW) { + self.handshake_secret.request_direction.sequence_number += 1; + } + r + } else { + let r = self.decode_msg( + secured_buffer, + app_buffer, + &self.handshake_secret.response_direction, + ); + if r != Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW) { + self.handshake_secret.response_direction.sequence_number += 1; + } + r + } + } + SpdmSessionState::SpdmSessionEstablished => { + if is_requester { + let r = self.decode_msg( + secured_buffer, + app_buffer, + &self.application_secret.request_direction, + ); + if r != Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW) { + self.application_secret.request_direction.sequence_number += 1; + } + r + } else { + let r = self.decode_msg( + secured_buffer, + app_buffer, + &self.application_secret.response_direction, + ); + if r != Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW) { + self.application_secret.response_direction.sequence_number += 1; + } + r + } + } + _ => Err(SPDM_STATUS_INVALID_STATE_LOCAL), + }; + + if let Err(err) = r { + if err.status_code + == crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + { + self.set_default(); + } + } + + r + } + + fn encode_msg( + &self, + app_buffer: &[u8], + secured_buffer: &mut [u8], + secret_param: &SpdmSessionSecretParam, + ) -> SpdmResult { + let session_id = self.session_id; + let aead_algo = self.crypto_param.aead_algo; + let transport_param = &self.transport_param; + + let cipher_text_size = app_buffer.len() + 2; + let tag_size = aead_algo.get_tag_size() as usize; + + let mut aad_buffer = [0u8; 6 + 8]; + let mut writer = Writer::init(&mut aad_buffer); + let app_length = app_buffer.len() as u16; + let length = cipher_text_size as u16 + tag_size as u16; + + if secret_param.sequence_number == 0xFFFFFFFFFFFFFFFFu64 { + return Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW); + } + + session_id + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_TOO_SMALL)?; + if transport_param.sequence_number_count != 0 { + let sequence_number = secret_param.sequence_number; + for i in 0..transport_param.sequence_number_count { + let s = ((sequence_number >> (8 * i)) & 0xFF) as u8; + s.encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_TOO_SMALL)?; + } + } + length + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_TOO_SMALL)?; + let aad_size = writer.used(); + assert_eq!(aad_size, 6 + transport_param.sequence_number_count as usize); + + let mut plain_text_buf = [0; config::SENDER_BUFFER_SIZE]; + let mut writer = Writer::init(&mut plain_text_buf); + app_length + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_TOO_SMALL)?; + let head_size = writer.used(); + assert_eq!(head_size, 2); + plain_text_buf[head_size..(head_size + app_buffer.len())].copy_from_slice(app_buffer); + + let mut tag_buffer = [0u8; 16]; + + let mut salt = secret_param.salt.clone(); + let sequence_number = secret_param.sequence_number; + salt.data[0] ^= (sequence_number & 0xFF) as u8; + salt.data[1] ^= ((sequence_number >> 8) & 0xFF) as u8; + salt.data[2] ^= ((sequence_number >> 16) & 0xFF) as u8; + salt.data[3] ^= ((sequence_number >> 24) & 0xFF) as u8; + salt.data[4] ^= ((sequence_number >> 32) & 0xFF) as u8; + salt.data[5] ^= ((sequence_number >> 40) & 0xFF) as u8; + salt.data[6] ^= ((sequence_number >> 48) & 0xFF) as u8; + salt.data[7] ^= ((sequence_number >> 56) & 0xFF) as u8; + + let (ret_cipher_text_size, ret_tag_size) = crypto::aead::encrypt( + aead_algo, + &secret_param.encryption_key, + &salt, + &aad_buffer[..aad_size], + &plain_text_buf[0..cipher_text_size], + &mut tag_buffer[0..tag_size], + &mut secured_buffer[aad_size..(aad_size + cipher_text_size)], + )?; + assert_eq!(ret_tag_size, tag_size); + assert_eq!(ret_cipher_text_size, cipher_text_size); + + secured_buffer[..aad_size].copy_from_slice(&aad_buffer[..aad_size]); + secured_buffer[(aad_size + cipher_text_size)..(aad_size + cipher_text_size + tag_size)] + .copy_from_slice(&tag_buffer); + + Ok(aad_size + cipher_text_size + tag_size) + } + + fn decode_msg( + &self, + secured_buffer: &[u8], + app_buffer: &mut [u8], + secret_param: &SpdmSessionSecretParam, + ) -> SpdmResult { + let session_id = self.session_id; + let aead_algo = self.crypto_param.aead_algo; + let transport_param = &self.transport_param; + let tag_size = aead_algo.get_tag_size() as usize; + + if secret_param.sequence_number == 0xFFFFFFFFFFFFFFFFu64 { + return Err(SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW); + } + + let mut reader = Reader::init(secured_buffer); + let read_session_id = u32::read(&mut reader).ok_or(SPDM_STATUS_DECODE_AEAD_FAIL)?; + if read_session_id != session_id { + error!("session_id mismatch!\n"); + return Err(SPDM_STATUS_DECODE_AEAD_FAIL); + } + if transport_param.sequence_number_count != 0 { + let sequence_number = secret_param.sequence_number; + for i in 0..transport_param.sequence_number_count { + let s = u8::read(&mut reader).ok_or(SPDM_STATUS_DECODE_AEAD_FAIL)?; + if s != ((sequence_number >> (8 * i)) & 0xFF) as u8 { + info!("sequence_num mismatch!\n"); + return Err(SPDM_STATUS_DECODE_AEAD_FAIL); + } + } + } + let length = u16::read(&mut reader).ok_or(SPDM_STATUS_DECODE_AEAD_FAIL)?; + let aad_size = reader.used(); + assert_eq!(aad_size, 6 + transport_param.sequence_number_count as usize); + + // secure buffer might be bigger for alignment + if secured_buffer.len() < length as usize + aad_size { + return Err(SPDM_STATUS_DECODE_AEAD_FAIL); + } + + if (length as usize) < tag_size { + return Err(SPDM_STATUS_DECODE_AEAD_FAIL); + } + + let cipher_text_size = length as usize - tag_size; + + let mut plain_text_buf = [0; config::RECEIVER_BUFFER_SIZE]; + + let mut salt = secret_param.salt.clone(); + let sequence_number = secret_param.sequence_number; + salt.data[0] ^= (sequence_number & 0xFF) as u8; + salt.data[1] ^= ((sequence_number >> 8) & 0xFF) as u8; + salt.data[2] ^= ((sequence_number >> 16) & 0xFF) as u8; + salt.data[3] ^= ((sequence_number >> 24) & 0xFF) as u8; + salt.data[4] ^= ((sequence_number >> 32) & 0xFF) as u8; + salt.data[5] ^= ((sequence_number >> 40) & 0xFF) as u8; + salt.data[6] ^= ((sequence_number >> 48) & 0xFF) as u8; + salt.data[7] ^= ((sequence_number >> 56) & 0xFF) as u8; + + let ret_plain_text_size = crypto::aead::decrypt( + aead_algo, + &secret_param.encryption_key, + &salt, + &secured_buffer[..aad_size], + &secured_buffer[aad_size..(aad_size + cipher_text_size)], + &secured_buffer + [(aad_size + cipher_text_size)..(aad_size + cipher_text_size + tag_size)], + &mut plain_text_buf[..cipher_text_size], + )?; + + let mut reader = Reader::init(&plain_text_buf); + let app_length = u16::read(&mut reader).ok_or(SPDM_STATUS_DECODE_AEAD_FAIL)? as usize; + if ret_plain_text_size < app_length + 2 { + return Err(SPDM_STATUS_DECODE_AEAD_FAIL); + } + + app_buffer[..app_length].copy_from_slice(&plain_text_buf[2..(app_length + 2)]); + Ok(app_length) + } +} + +#[cfg(test)] +mod tests_session { + use super::*; + + #[test] + fn test_case0_sequence_number_overflow() { + let mut session = SpdmSession::default(); + let session_id = 0xFFFFFFFDu32; + let send_buffer = [100u8; config::SENDER_BUFFER_SIZE - 0x40]; + let mut encoded_send_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + println!("session.session_id::{:?}", session.session_id); + assert!(session + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(session + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + assert!(session + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([101u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionEstablished); + + assert_eq!(session.get_session_id(), 0xFFFFFFFD); + session.set_request_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + session.set_response_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + + let r = session.encode_spdm_secured_message(&send_buffer, &mut encoded_send_buffer, true); + assert_eq!(session.get_session_id(), INVALID_SESSION_ID); + assert_eq!( + session.get_session_state(), + crate::common::session::SpdmSessionState::SpdmSessionNotStarted + ); + assert!(r.is_err()); + + if let Err(status) = r { + assert_eq!( + status.status_code, + crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + ) + } + } + + #[test] + fn test_case1_sequence_number_overflow() { + let mut session = SpdmSession::default(); + let session_id = 0xFFFFFFFDu32; + let send_buffer = [100u8; config::SENDER_BUFFER_SIZE - 0x40]; + let mut encoded_send_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + println!("session.session_id::{:?}", session.session_id); + assert!(session + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(session + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + assert!(session + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([101u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionEstablished); + + assert_eq!(session.get_session_id(), 0xFFFFFFFD); + session.set_request_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + session.set_response_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + + let r = session.encode_spdm_secured_message(&send_buffer, &mut encoded_send_buffer, false); + assert_eq!(session.get_session_id(), INVALID_SESSION_ID); + assert_eq!( + session.get_session_state(), + crate::common::session::SpdmSessionState::SpdmSessionNotStarted + ); + assert!(r.is_err()); + + if let Err(status) = r { + assert_eq!( + status.status_code, + crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + ) + } + } + + #[test] + fn test_case2_sequence_number_overflow() { + let mut session = SpdmSession::default(); + let session_id = 0xFFFFFFFDu32; + let receive_buffer = [100u8; config::RECEIVER_BUFFER_SIZE]; + let mut decoded_receive_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + println!("session.session_id::{:?}", session.session_id); + assert!(session + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(session + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + assert!(session + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([101u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionEstablished); + + assert_eq!(session.get_session_id(), 0xFFFFFFFD); + session.set_request_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + session.set_response_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + + let r = + session.decode_spdm_secured_message(&receive_buffer, &mut decoded_receive_buffer, true); + assert_eq!(session.get_session_id(), INVALID_SESSION_ID); + assert_eq!( + session.get_session_state(), + crate::common::session::SpdmSessionState::SpdmSessionNotStarted + ); + assert!(r.is_err()); + + if let Err(status) = r { + assert_eq!( + status.status_code, + crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + ) + } + } + + #[test] + fn test_case3_sequence_number_overflow() { + let mut session = SpdmSession::default(); + let session_id = 0xFFFFFFFDu32; + let receive_buffer = [100u8; config::RECEIVER_BUFFER_SIZE]; + let mut decoded_receive_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + println!("session.session_id::{:?}", session.session_id); + assert!(session + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(session + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + assert!(session + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([101u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionEstablished); + + assert_eq!(session.get_session_id(), 0xFFFFFFFD); + session.set_request_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + session.set_response_direction_sequence_number(0xFFFFFFFFFFFFFFFFu64); + + let r = session.decode_spdm_secured_message( + &receive_buffer, + &mut decoded_receive_buffer, + false, + ); + assert_eq!(session.get_session_id(), INVALID_SESSION_ID); + assert_eq!( + session.get_session_state(), + crate::common::session::SpdmSessionState::SpdmSessionNotStarted + ); + assert!(r.is_err()); + + if let Err(status) = r { + assert_eq!( + status.status_code, + crate::error::StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) + ) + } + } + + #[test] + fn test_case0_activate_data_secret_update() { + let mut session = SpdmSession::default(); + let status = session + .activate_data_secret_update(SpdmVersion::SpdmVersion12, true, true, false) + .is_ok(); + assert!(status); + + let status = session + .activate_data_secret_update(SpdmVersion::SpdmVersion12, true, false, false) + .is_ok(); + assert!(status); + + let status = session + .activate_data_secret_update(SpdmVersion::SpdmVersion12, false, false, false) + .is_ok(); + assert!(status); + } + #[test] + fn test_case0_decode_msg() { + let mut session = SpdmSession::default(); + let session_id = 4294901758u32; + let mut receive_buffer = [100u8; config::RECEIVER_BUFFER_SIZE]; + let mut decoded_receive_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + + session.handshake_secret.request_direction = SpdmSessionSecretParam { + encryption_key: SpdmAeadKeyStruct { + data_size: 50, + data: Box::new([10u8; SPDM_MAX_AEAD_KEY_SIZE]), + }, + salt: SpdmAeadIvStruct { + data_size: 50, + data: Box::new([10u8; SPDM_MAX_AEAD_IV_SIZE]), + }, + sequence_number: 100u64, + }; + session.transport_param.sequence_number_count = 1; + + let status = session + .decode_msg( + &receive_buffer, + &mut decoded_receive_buffer, + &session.handshake_secret.request_direction, + ) + .is_ok(); + assert!(!status); + + let mut witer = Writer::init(&mut receive_buffer); + assert!(session_id.encode(&mut witer).is_ok()); + let status = session + .decode_msg( + &receive_buffer[0..100], + &mut decoded_receive_buffer, + &session.handshake_secret.request_direction, + ) + .is_ok(); + assert!(!status); + } + #[test] + fn test_case0_encode_msg() { + let mut session = SpdmSession::default(); + let session_id = 4294901758u32; + let send_buffer = [100u8; config::SENDER_BUFFER_SIZE - 0x40]; + let mut encoded_send_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + + session.setup(session_id).unwrap(); + session.set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + session.transport_param.sequence_number_count = 1; + println!("session.session_id::{:?}", session.session_id); + assert!(session + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(session + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + + let status = session + .encode_msg( + &send_buffer, + &mut encoded_send_buffer, + &session.handshake_secret.request_direction, + ) + .is_ok(); + assert!(status); + } + #[test] + #[should_panic] + fn test_case0_setup() { + let mut session = SpdmSession::default(); + session.session_id = 0xffffu32; + let session_id = 4294901758u32; + let _ = session.setup(session_id).is_err(); + } + #[test] + fn test_case0_teardown() { + let mut session = SpdmSession::default(); + session.session_id = 0x0f0f0f0fu32; + session.teardown(); + assert!(session.session_id != 0x0f0f0f0fu32); + } +} diff --git a/spdmlib/src/common/spdm_codec.rs b/spdmlib/src/common/spdm_codec.rs new file mode 100644 index 0000000..1ebc963 --- /dev/null +++ b/spdmlib/src/common/spdm_codec.rs @@ -0,0 +1,320 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmContext; +use crate::config; +use crate::error::{SpdmResult, SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{ + SpdmDheExchangeStruct, SpdmDigestStruct, SpdmDmtfMeasurementRepresentation, + SpdmDmtfMeasurementStructure, SpdmDmtfMeasurementType, SpdmMeasurementBlockStructure, + SpdmMeasurementHashAlgo, SpdmMeasurementRecordStructure, SpdmMeasurementSpecification, + SpdmSignatureStruct, SPDM_MAX_ASYM_KEY_SIZE, SPDM_MAX_DHE_KEY_SIZE, SPDM_MAX_HASH_SIZE, +}; +use codec::{u24, Codec, Reader, Writer}; +use core::fmt::Debug; +extern crate alloc; +use alloc::boxed::Box; + +pub trait SpdmCodec: Debug + Sized { + /// Encode yourself by appending onto `bytes`. + /// return Ok(usize) or Err(SpdmStatus) + fn spdm_encode(&self, _context: &mut SpdmContext, _bytes: &mut Writer) -> SpdmResult; + + /// Decode yourself by fiddling with the `Reader`. + /// Return Some if it worked, None if not. + fn spdm_read(_context: &mut SpdmContext, _: &mut Reader) -> Option; + + /// Read one of these from the front of `bytes` and + /// return it. + fn spdm_read_bytes(context: &mut SpdmContext, bytes: &[u8]) -> Option { + let mut rd = Reader::init(bytes); + Self::spdm_read(context, &mut rd) + } +} + +impl SpdmCodec for SpdmDigestStruct { + fn spdm_encode( + &self, + context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + assert_eq!(self.data_size, context.get_hash_size()); + for d in self.data.iter().take(self.data_size as usize) { + d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(self.data_size as usize) + } + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + let data_size = context.get_hash_size(); + let mut data = Box::new([0u8; SPDM_MAX_HASH_SIZE]); + for d in data.iter_mut().take(data_size as usize) { + *d = u8::read(r)?; + } + Some(SpdmDigestStruct { data_size, data }) + } +} + +impl SpdmCodec for SpdmSignatureStruct { + fn spdm_encode( + &self, + context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + assert_eq!(self.data_size, context.get_asym_key_size()); + for d in self.data.iter().take(self.data_size as usize) { + d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(self.data_size as usize) + } + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + let data_size = context.get_asym_key_size(); + let mut data = [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + for d in data.iter_mut().take(data_size as usize) { + *d = u8::read(r)?; + } + Some(SpdmSignatureStruct { data_size, data }) + } +} + +impl SpdmMeasurementRecordStructure { + fn verify_measurement_record(&self, context: &mut SpdmContext) -> bool { + let measurement_record_length = self.measurement_record_length.get() as usize; + let mut reader = Reader::init(&self.measurement_record_data[..measurement_record_length]); + + let mut cur_index = 0u8; + for _ in 0..self.number_of_blocks as usize { + let measurement_block = SpdmMeasurementBlockStructure::spdm_read(context, &mut reader); + if measurement_block.is_none() { + return false; + } + let measurement_block = measurement_block.unwrap(); + if measurement_block.index <= cur_index { + return false; + } + cur_index = measurement_block.index; + } + if reader.any_left() { + return false; + } + true + } +} + +impl SpdmCodec for SpdmMeasurementRecordStructure { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .number_of_blocks + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .measurement_record_length + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + for d in self + .measurement_record_data + .iter() + .take(self.measurement_record_length.get() as usize) + { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut SpdmContext, + r: &mut Reader, + ) -> Option { + let number_of_blocks = u8::read(r)?; + let measurement_record_length = u24::read(r)?; + if measurement_record_length.get() as usize > config::MAX_SPDM_MEASUREMENT_RECORD_SIZE { + return None; + } + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + for d in measurement_record_data + .iter_mut() + .take(measurement_record_length.get() as usize) + { + *d = u8::read(r)?; + } + + let spdm_measurement_record = SpdmMeasurementRecordStructure { + number_of_blocks, + measurement_record_length, + measurement_record_data, + }; + if !spdm_measurement_record.verify_measurement_record(context) { + return None; + } + + Some(spdm_measurement_record) + } +} + +impl SpdmCodec for SpdmDheExchangeStruct { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + for d in self.data.iter().take(self.data_size as usize) { + d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(self.data_size as usize) + } + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + let data_size = context.get_dhe_key_size(); + let mut data = [0u8; SPDM_MAX_DHE_KEY_SIZE]; + for d in data.iter_mut().take(data_size as usize) { + *d = u8::read(r)?; + } + Some(SpdmDheExchangeStruct { data_size, data }) + } +} + +impl SpdmCodec for SpdmDmtfMeasurementStructure { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + let type_value = self.r#type.get_u8(); + let representation_value = self.representation.get_u8(); + let final_value = type_value + representation_value; + cnt += final_value + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + // TBD: Check measurement_hash + + cnt += self + .value_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + for v in self.value.iter().take(self.value_size as usize) { + cnt += v.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + fn spdm_read( + context: &mut SpdmContext, + r: &mut Reader, + ) -> Option { + let final_value = u8::read(r)?; + let type_value = final_value & 0x7f; + let representation_value = final_value & 0x80; + let representation = match representation_value { + 0 => SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + 0x80 => SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit, + _ => return None, + }; + let r#type = match type_value { + 0 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + 1 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + 2 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementHardwareConfig, + 3 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmwareConfig, + 4 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementManifest, + 5 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementStructuredRepresentationMode + } + _ => return None, + }, + 6 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementMutableFirmwareVersionNumber + } + _ => return None, + }, + 7 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementMutableFirmwareSecurityVersionNumber + } + _ => return None, + }, + val => SpdmDmtfMeasurementType::Unknown(val), + }; + + let value_size = u16::read(r)?; + if value_size as usize > config::MAX_SPDM_MEASUREMENT_VALUE_LEN { + return None; + } + + let measurement_hash_algo = context.negotiate_info.measurement_hash_sel; + if representation == SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest + && (value_size != measurement_hash_algo.get_size() + || measurement_hash_algo == SpdmMeasurementHashAlgo::RAW_BIT_STREAM) + { + return None; + } + + let mut value = [0u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + for v in value.iter_mut().take(value_size as usize) { + *v = u8::read(r)?; + } + Some(SpdmDmtfMeasurementStructure { + r#type, + representation, + value_size, + value, + }) + } +} + +impl SpdmCodec for SpdmMeasurementBlockStructure { + fn spdm_encode( + &self, + context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .index + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .measurement_specification + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .measurement_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .measurement + .spdm_encode(context, bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + fn spdm_read( + context: &mut SpdmContext, + r: &mut Reader, + ) -> Option { + let index = u8::read(r)?; + let measurement_specification = SpdmMeasurementSpecification::read(r)?; + if measurement_specification != SpdmMeasurementSpecification::DMTF { + return None; + } + let measurement_size = u16::read(r)?; + if measurement_size as usize > 3 + config::MAX_SPDM_MEASUREMENT_VALUE_LEN { + return None; + } + let measurement = SpdmDmtfMeasurementStructure::spdm_read(context, r)?; + if measurement_size != 3 + measurement.value_size { + return None; + } + Some(SpdmMeasurementBlockStructure { + index, + measurement_specification, + measurement_size, + measurement, + }) + } +} diff --git a/spdmlib/src/crypto/bytes_mut_scrubbed.rs b/spdmlib/src/crypto/bytes_mut_scrubbed.rs new file mode 100644 index 0000000..c68b71e --- /dev/null +++ b/spdmlib/src/crypto/bytes_mut_scrubbed.rs @@ -0,0 +1,262 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use bytes::{buf::IntoIter, Buf, BufMut, Bytes, BytesMut}; +use core::{ + borrow::{Borrow, BorrowMut}, + cmp, hash, + iter::FromIterator, + ops::{Deref, DerefMut}, +}; +use zeroize::Zeroize; + +#[derive(Default)] +pub struct BytesMutStrubbed { + bytes_mut: BytesMut, +} + +impl BytesMutStrubbed { + #[inline] + pub fn with_capacity(capacity: usize) -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: BytesMut::with_capacity(capacity), + } + } + + #[inline] + pub fn new() -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: BytesMut::new(), + } + } + + #[inline] + pub fn len(&self) -> usize { + self.bytes_mut.len() + } + + #[inline] + pub fn is_empty(&self) -> bool { + self.bytes_mut.is_empty() + } + + #[inline] + pub fn capacity(&self) -> usize { + self.bytes_mut.capacity() + } + + pub fn extend_from_slice(&mut self, extend: &[u8]) { + self.bytes_mut.extend_from_slice(extend) + } + + #[inline] + pub fn reserve(&mut self, additional: usize) { + self.bytes_mut.reserve(additional) + } + + pub fn resize(&mut self, new_len: usize, value: u8) { + self.bytes_mut.resize(new_len, value) + } + + pub fn clear(&mut self) { + self.bytes_mut.clear() + } + + pub fn truncate(&mut self, len: usize) { + self.bytes_mut.truncate(len) + } + + pub fn zeroed(len: usize) -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: BytesMut::zeroed(len), + } + } + + pub fn put_u8(&mut self, n: u8) { + self.bytes_mut.put_u8(n) + } +} + +impl Drop for BytesMutStrubbed { + fn drop(&mut self) { + self.bytes_mut[..].zeroize() + } +} + +impl Buf for BytesMutStrubbed { + #[inline] + fn remaining(&self) -> usize { + self.bytes_mut.remaining() + } + + #[inline] + fn chunk(&self) -> &[u8] { + self.bytes_mut.chunk() + } + + #[inline] + fn advance(&mut self, cnt: usize) { + self.bytes_mut.advance(cnt) + } + + fn copy_to_bytes(&mut self, len: usize) -> Bytes { + self.bytes_mut.copy_to_bytes(len) + } +} + +impl AsRef<[u8]> for BytesMutStrubbed { + #[inline] + fn as_ref(&self) -> &[u8] { + self.bytes_mut.as_ref() + } +} + +impl Deref for BytesMutStrubbed { + type Target = [u8]; + + #[inline] + fn deref(&self) -> &[u8] { + self.bytes_mut.deref() + } +} + +impl AsMut<[u8]> for BytesMutStrubbed { + #[inline] + fn as_mut(&mut self) -> &mut [u8] { + self.bytes_mut.as_mut() + } +} + +impl DerefMut for BytesMutStrubbed { + #[inline] + fn deref_mut(&mut self) -> &mut [u8] { + self.bytes_mut.deref_mut() + } +} + +impl<'a> From<&'a [u8]> for BytesMutStrubbed { + fn from(src: &'a [u8]) -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: BytesMut::from(src), + } + } +} + +impl<'a> From<&'a str> for BytesMutStrubbed { + fn from(src: &'a str) -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: BytesMut::from(src), + } + } +} + +impl PartialEq for BytesMutStrubbed { + fn eq(&self, other: &BytesMutStrubbed) -> bool { + self.bytes_mut.eq(&other.bytes_mut) + } +} + +impl PartialOrd for BytesMutStrubbed { + fn partial_cmp(&self, other: &BytesMutStrubbed) -> Option { + Some(self.cmp(other)) + } +} + +impl Ord for BytesMutStrubbed { + fn cmp(&self, other: &BytesMutStrubbed) -> cmp::Ordering { + self.bytes_mut.cmp(&other.bytes_mut) + } +} + +impl Eq for BytesMutStrubbed {} + +impl hash::Hash for BytesMutStrubbed { + fn hash(&self, state: &mut H) + where + H: hash::Hasher, + { + self.bytes_mut.hash(state) + } +} + +impl Borrow<[u8]> for BytesMutStrubbed { + fn borrow(&self) -> &[u8] { + self.bytes_mut.borrow() + } +} + +impl BorrowMut<[u8]> for BytesMutStrubbed { + fn borrow_mut(&mut self) -> &mut [u8] { + self.bytes_mut.borrow_mut() + } +} + +impl Clone for BytesMutStrubbed { + fn clone(&self) -> BytesMutStrubbed { + BytesMutStrubbed { + bytes_mut: self.bytes_mut.clone(), + } + } +} + +impl IntoIterator for BytesMutStrubbed { + type Item = u8; + type IntoIter = IntoIter; + + fn into_iter(self) -> Self::IntoIter { + IntoIter::new(self) + } +} + +impl<'a> IntoIterator for &'a BytesMutStrubbed { + type Item = &'a u8; + type IntoIter = core::slice::Iter<'a, u8>; + + fn into_iter(self) -> Self::IntoIter { + self.as_ref().iter() + } +} + +impl Extend for BytesMutStrubbed { + fn extend(&mut self, iter: T) + where + T: IntoIterator, + { + self.bytes_mut.extend(iter) + } +} + +impl<'a> Extend<&'a u8> for BytesMutStrubbed { + fn extend(&mut self, iter: T) + where + T: IntoIterator, + { + self.bytes_mut.extend(iter) + } +} + +impl Extend for BytesMutStrubbed { + fn extend(&mut self, iter: T) + where + T: IntoIterator, + { + self.bytes_mut.extend(iter) + } +} + +impl FromIterator for BytesMutStrubbed { + fn from_iter>(into_iter: T) -> Self { + BytesMutStrubbed { + bytes_mut: BytesMut::from_iter(into_iter), + } + } +} + +impl<'a> FromIterator<&'a u8> for BytesMutStrubbed { + fn from_iter>(into_iter: T) -> Self { + BytesMutStrubbed { + bytes_mut: BytesMut::from_iter(into_iter), + } + } +} diff --git a/spdmlib/src/crypto/crypto_callbacks.rs b/spdmlib/src/crypto/crypto_callbacks.rs new file mode 100644 index 0000000..e1ef857 --- /dev/null +++ b/spdmlib/src/crypto/crypto_callbacks.rs @@ -0,0 +1,127 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::SpdmResult; + +extern crate alloc; +use alloc::boxed::Box; + +use crate::protocol::{ + SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct, SpdmBaseAsymAlgo, SpdmBaseHashAlgo, + SpdmDheAlgo, SpdmDheExchangeStruct, SpdmDheFinalKeyStruct, SpdmDigestStruct, + SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, SpdmHkdfPseudoRandomKey, + SpdmSignatureStruct, +}; + +#[cfg(not(feature = "hashed-transcript-data"))] +#[derive(Clone)] +pub struct SpdmHash { + pub hash_all_cb: fn(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option, +} + +#[cfg(feature = "hashed-transcript-data")] +#[derive(Clone)] +pub struct SpdmHash { + pub hash_all_cb: fn(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option, + pub hash_ctx_init_cb: fn(base_hash_algo: SpdmBaseHashAlgo) -> Option, + pub hash_ctx_update_cb: fn(ctx: usize, data: &[u8]) -> SpdmResult, + pub hash_ctx_finalize_cb: fn(ctx: usize) -> Option, + pub hash_ctx_dup_cb: fn(ctx: usize) -> Option, +} + +#[derive(Clone)] +pub struct SpdmHmac { + pub hmac_cb: + fn(base_hash_algo: SpdmBaseHashAlgo, key: &[u8], data: &[u8]) -> Option, + + pub hmac_verify_cb: fn( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + hmac: &SpdmDigestStruct, + ) -> SpdmResult, +} + +type EncryptCb = fn( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)>; + +type DecryptCb = fn( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + cipher_text: &[u8], + tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult; + +#[derive(Clone)] +pub struct SpdmAead { + pub encrypt_cb: EncryptCb, + + pub decrypt_cb: DecryptCb, +} + +#[derive(Clone)] +pub struct SpdmAsymVerify { + pub verify_cb: fn( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + public_cert_der: &[u8], + data: &[u8], + signature: &SpdmSignatureStruct, + ) -> SpdmResult, +} + +#[derive(Clone)] +pub struct SpdmHkdf { + pub hkdf_extract_cb: fn( + hash_algo: SpdmBaseHashAlgo, + salt: &[u8], + ikm: &SpdmHkdfInputKeyingMaterial, + ) -> Option, + pub hkdf_expand_cb: fn( + hash_algo: SpdmBaseHashAlgo, + prk: &SpdmHkdfPseudoRandomKey, + info: &[u8], + out_size: u16, + ) -> Option, +} + +type GetCertFromCertChainCb = fn(cert_chain: &[u8], index: isize) -> SpdmResult<(usize, usize)>; + +#[derive(Clone)] +pub struct SpdmCertOperation { + pub get_cert_from_cert_chain_cb: GetCertFromCertChainCb, + + pub verify_cert_chain_cb: fn(cert_chain: &[u8]) -> SpdmResult, +} + +type GenerateKeyPairCb = fn( + dhe_algo: SpdmDheAlgo, +) -> Option<(SpdmDheExchangeStruct, Box)>; + +#[derive(Clone)] +pub struct SpdmDhe { + pub generate_key_pair_cb: GenerateKeyPairCb, +} + +pub trait SpdmDheKeyExchange { + fn compute_final_key( + self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option; +} + +#[derive(Clone)] +pub struct SpdmCryptoRandom { + pub get_random_cb: fn(data: &mut [u8]) -> SpdmResult, +} diff --git a/spdmlib/src/crypto/crypto_tests.rs b/spdmlib/src/crypto/crypto_tests.rs new file mode 100644 index 0000000..85c19d7 --- /dev/null +++ b/spdmlib/src/crypto/crypto_tests.rs @@ -0,0 +1,221 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::aead::{decrypt, encrypt}; +#[cfg(feature = "hashed-transcript-data")] +use super::hash; +#[cfg(feature = "hashed-transcript-data")] +use crate::protocol::SpdmBaseHashAlgo; +use crate::{ + protocol::SpdmAeadAlgo, + protocol::{ + SpdmAeadIvStruct, SpdmAeadKeyStruct, SPDM_MAX_AEAD_IV_SIZE, SPDM_MAX_AEAD_KEY_SIZE, + }, +}; + +#[cfg(feature = "hashed-transcript-data")] +#[test] +fn test_case_hash() { + // Len = 8 + // Msg = d3 + // MD = 28969cdfa74a12c82f3bad960b0b000aca2ac329deea5c2328ebc6f2ba9802c1 + let mut ctx = hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_256).unwrap(); + let data = &from_hex("d3").unwrap(); + let md = &from_hex("28969cdfa74a12c82f3bad960b0b000aca2ac329deea5c2328ebc6f2ba9802c1").unwrap(); + hash::hash_ctx_update(&mut ctx, data).unwrap(); + let res = hash::hash_ctx_finalize(ctx).unwrap(); + assert_eq!(res.as_ref(), md); + + // Len = 512 + // Msg = 5a86b737eaea8ee976a0a24da63e7ed7eefad18a101c1211e2b3650c5187c2a8a650547208251f6d4237e661c7bf4c77f335390394c37fa1a9f9be836ac28509 + // MD = 42e61e174fbb3897d6dd6cef3dd2802fe67b331953b06114a65c772859dfc1aa + let mut ctx2 = hash::hash_ctx_init(SpdmBaseHashAlgo::TPM_ALG_SHA_256).unwrap(); + let data = &from_hex("5a86b737eaea8ee976a0a24da63e7ed7eefad18a101c1211e2b3650c5187c2a8a650547208251f6d4237e661c7bf4c77f335390394c37fa1a9f9be836ac28509").unwrap(); + let md = &from_hex("42e61e174fbb3897d6dd6cef3dd2802fe67b331953b06114a65c772859dfc1aa").unwrap(); + hash::hash_ctx_update(&mut ctx2, &data.as_slice()[0..10]).unwrap(); + let mut ctx3 = ctx2.clone(); + hash::hash_ctx_update(&mut ctx2, &data[10..]).unwrap(); + hash::hash_ctx_update(&mut ctx3, &data[10..]).unwrap(); + let res = hash::hash_ctx_finalize(ctx2).unwrap(); + let res3 = hash::hash_ctx_finalize(ctx3).unwrap(); + assert_eq!(res.as_ref(), md); + assert_eq!(res3.as_ref(), md); +} + +#[test] +fn test_case_gcm256() { + // Test vector from GCM Test Vectors (SP 800-38D) + // [Keylen = 256] + // [IVlen = 96] + // [PTlen = 128] + // [AADlen = 128] + // [Taglen = 128] + + // Count = 0 + // Key = 92e11dcdaa866f5ce790fd24501f92509aacf4cb8b1339d50c9c1240935dd08b + // IV = ac93a1a6145299bde902f21a + // PT = 2d71bcfa914e4ac045b2aa60955fad24 + // AAD = 1e0889016f67601c8ebea4943bc23ad6 + // CT = 8995ae2e6df3dbf96fac7b7137bae67f + // Tag = eca5aa77d51d4a0a14d9c51e1da474ab + let aead_algo = SpdmAeadAlgo::AES_256_GCM; + let key = + &from_hex_to_aead_key("92e11dcdaa866f5ce790fd24501f92509aacf4cb8b1339d50c9c1240935dd08b") + .unwrap(); + let iv = &from_hex_to_aead_iv("ac93a1a6145299bde902f21a").unwrap(); + let plain_text = &from_hex("2d71bcfa914e4ac045b2aa60955fad24").unwrap()[..]; + let tag = &from_hex("eca5aa77d51d4a0a14d9c51e1da474ab").unwrap()[..]; + let aad = &from_hex("1e0889016f67601c8ebea4943bc23ad6").unwrap()[..]; + let cipher = &from_hex("8995ae2e6df3dbf96fac7b7137bae67f").unwrap()[..]; + let out_tag = &mut [0u8; 16][..]; + let out_cipher = &mut [0u8; 16][..]; + let out_plain_text = &mut [0u8; 16][..]; + let (out_cipher_len, out_tag_len) = + encrypt(aead_algo, key, iv, aad, plain_text, out_tag, out_cipher).unwrap(); + assert_eq!(tag, &out_tag[0..out_tag_len]); + assert_eq!(cipher, &out_cipher[0..out_cipher_len]); + + let out_plain_text_len = + decrypt(aead_algo, key, iv, aad, out_cipher, out_tag, out_plain_text).unwrap(); + assert_eq!(out_plain_text, plain_text); + assert_eq!(out_plain_text_len, plain_text.len()); +} + +#[test] +fn test_case_gcm128() { + // Test vector from GCM Test Vectors (SP 800-38D) + // [Keylen = 128] + // [IVlen = 96] + // [PTlen = 128] + // [AADlen = 128] + // [Taglen = 128] + + // Count = 0 + // Key = c939cc13397c1d37de6ae0e1cb7c423c + // IV = b3d8cc017cbb89b39e0f67e2 + // PT = c3b3c41f113a31b73d9a5cd432103069 + // AAD = 24825602bd12a984e0092d3e448eda5f + // CT = 93fe7d9e9bfd10348a5606e5cafa7354 + // Tag = 0032a1dc85f1c9786925a2e71d8272dd + + let aead_algo = SpdmAeadAlgo::AES_128_GCM; + let key = &from_hex_to_aead_key("c939cc13397c1d37de6ae0e1cb7c423c").unwrap(); + let iv = &from_hex_to_aead_iv("b3d8cc017cbb89b39e0f67e2").unwrap(); + let plain_text = &from_hex("c3b3c41f113a31b73d9a5cd432103069").unwrap()[..]; + let tag = &from_hex("0032a1dc85f1c9786925a2e71d8272dd").unwrap()[..]; + let aad = &from_hex("24825602bd12a984e0092d3e448eda5f").unwrap()[..]; + let cipher = &from_hex("93fe7d9e9bfd10348a5606e5cafa7354").unwrap()[..]; + let out_tag = &mut [0u8; 16][..]; + let out_cipher = &mut [0u8; 16][..]; + let out_plain_text = &mut [0u8; 16][..]; + let (out_cipher_len, out_tag_len) = + encrypt(aead_algo, key, iv, aad, plain_text, out_tag, out_cipher).unwrap(); + assert_eq!(tag, &out_tag[0..out_tag_len]); + assert_eq!(cipher, &out_cipher[0..out_cipher_len]); + + let out_plain_text_len = + decrypt(aead_algo, key, iv, aad, out_cipher, out_tag, out_plain_text).unwrap(); + assert_eq!(out_plain_text, plain_text); + assert_eq!(out_plain_text_len, plain_text.len()); +} + +#[test] +fn test_case_chacha20_poly1305() { + // Test vector from RFC8439#section-2.8.2 + // KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f + // NONCE: 070000004041424344454647 + // IN: "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it." + // ADD: 50515253c0c1c2c3c4c5c6c7 + // CT: d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116 + // TAG: 1ae10b594f09e26a7e902ecbd0600691 + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = + &from_hex_to_aead_key("808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f") + .unwrap(); + let iv = &from_hex_to_aead_iv("070000004041424344454647").unwrap(); + let plain_text = &b"Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."[..]; + let cipher = &from_hex("d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116") + .unwrap()[..]; + let tag = &from_hex("1ae10b594f09e26a7e902ecbd0600691").unwrap()[..]; + let aad = &from_hex("50515253c0c1c2c3c4c5c6c7").unwrap()[..]; + let out_cipher = &mut [0u8; 114][..]; + let out_tag = &mut [0u8; 0x10][..]; + let out_plain_text = &mut [0u8; 114][..]; + let (out_cipher_len, out_tag_len) = + encrypt(aead_algo, key, iv, aad, plain_text, out_tag, out_cipher).unwrap(); + assert_eq!(tag, &out_tag[0..out_tag_len]); + assert_eq!(cipher, &out_cipher[0..out_cipher_len]); + + let out_plain_text_len = + decrypt(aead_algo, key, iv, aad, out_cipher, out_tag, out_plain_text).unwrap(); + assert_eq!(out_plain_text, plain_text); + assert_eq!(out_plain_text_len, plain_text.len()); +} + +fn from_hex(hex_str: &str) -> Result, String> { + if hex_str.len() % 2 != 0 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = Vec::with_capacity(hex_str.len() / 2); + for digits in hex_str.as_bytes().chunks(2) { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.push((hi * 0x10) | lo); + } + Ok(result) +} + +fn from_hex_to_aead_key(hex_str: &str) -> Result { + if hex_str.len() % 2 != 0 || hex_str.len() > SPDM_MAX_AEAD_KEY_SIZE * 2 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = SpdmAeadKeyStruct { + data_size: hex_str.len() as u16 / 2, + data: Box::new([0u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + for (i, digits) in hex_str.as_bytes().chunks(2).enumerate() { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.data[i] = (hi * 0x10) | lo; + } + Ok(result) +} + +fn from_hex_to_aead_iv(hex_str: &str) -> Result { + if hex_str.len() % 2 != 0 || hex_str.len() > SPDM_MAX_AEAD_IV_SIZE * 2 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = SpdmAeadIvStruct { + data_size: hex_str.len() as u16 / 2, + data: Box::new([0u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + for (i, digits) in hex_str.as_bytes().chunks(2).enumerate() { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.data[i] = (hi * 0x10) | lo; + } + Ok(result) +} + +fn from_hex_digit(d: u8) -> Result { + use core::ops::RangeInclusive; + const DECIMAL: (u8, RangeInclusive) = (0, b'0'..=b'9'); + const HEX_LOWER: (u8, RangeInclusive) = (10, b'a'..=b'f'); + const HEX_UPPER: (u8, RangeInclusive) = (10, b'A'..=b'F'); + for (offset, range) in &[DECIMAL, HEX_LOWER, HEX_UPPER] { + if range.contains(&d) { + return Ok(d - range.start() + offset); + } + } + Err(format!("Invalid hex digit '{}'", d as char)) +} diff --git a/spdmlib/src/crypto/mod.rs b/spdmlib/src/crypto/mod.rs new file mode 100644 index 0000000..ccc368e --- /dev/null +++ b/spdmlib/src/crypto/mod.rs @@ -0,0 +1,450 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub mod bytes_mut_scrubbed; +mod crypto_callbacks; +mod x509v3; +pub use x509v3::*; + +#[cfg(feature = "spdm-ring")] +mod spdm_ring; + +pub use crypto_callbacks::{ + SpdmAead, SpdmAsymVerify, SpdmCertOperation, SpdmCryptoRandom, SpdmDhe, SpdmDheKeyExchange, + SpdmHash, SpdmHkdf, SpdmHmac, +}; + +#[cfg(feature = "hashed-transcript-data")] +pub use self::hash::SpdmHashCtx; + +use conquer_once::spin::OnceCell; + +static CRYPTO_HASH: OnceCell = OnceCell::uninit(); +static CRYPTO_HMAC: OnceCell = OnceCell::uninit(); +static CRYPTO_AEAD: OnceCell = OnceCell::uninit(); +static CRYPTO_ASYM_VERIFY: OnceCell = OnceCell::uninit(); +static CRYPTO_DHE: OnceCell = OnceCell::uninit(); +static CRYPTO_CERT_OPERATION: OnceCell = OnceCell::uninit(); +static CRYPTO_HKDF: OnceCell = OnceCell::uninit(); +static CRYPTO_RAND: OnceCell = OnceCell::uninit(); + +pub mod hash { + use super::CRYPTO_HASH; + use crate::crypto::SpdmHash; + use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + + // -ring -transcript + #[cfg(all( + not(any(feature = "spdm-ring")), + not(feature = "hashed-transcript-data") + ))] + static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _data: &[u8]| + -> Option { unimplemented!() }, + }; + // +ring -transcript + #[cfg(all(feature = "spdm-ring", not(feature = "hashed-transcript-data")))] + use super::spdm_ring::hash_impl::DEFAULT; + + // +-ring +transcript + #[cfg(feature = "hashed-transcript-data")] + pub use hash_ext::DEFAULT; + + pub fn register(context: SpdmHash) -> bool { + CRYPTO_HASH.try_init_once(|| context).is_ok() + } + + pub fn hash_all(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option { + (CRYPTO_HASH + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hash_all_cb)(base_hash_algo, data) + } + + #[cfg(feature = "hashed-transcript-data")] + mod hash_ext { + use super::{SpdmBaseHashAlgo, SpdmDigestStruct, CRYPTO_HASH}; + use crate::error::SpdmResult; + #[derive(Ord, PartialEq, PartialOrd, Eq, Debug, Default)] + pub struct SpdmHashCtx(usize); + + impl Clone for SpdmHashCtx { + fn clone(&self) -> Self { + hash_ctx_dup(self).expect("Out of resource") + } + } + + impl Drop for SpdmHashCtx { + fn drop(&mut self) { + if self.0 != 0 { + hash_ctx_finalize(SpdmHashCtx(self.0)); + } + } + } + + pub fn hash_ctx_init(base_hash_algo: SpdmBaseHashAlgo) -> Option { + let ret = (CRYPTO_HASH + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hash_ctx_init_cb)(base_hash_algo)?; + Some(SpdmHashCtx(ret)) + } + + pub fn hash_ctx_update(ctx: &SpdmHashCtx, data: &[u8]) -> SpdmResult { + use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; + + (CRYPTO_HASH + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .hash_ctx_update_cb)(ctx.0, data) + } + + pub fn hash_ctx_finalize(mut ctx: SpdmHashCtx) -> Option { + let handle = ctx.0; + ctx.0 = 0; + (CRYPTO_HASH + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hash_ctx_finalize_cb)(handle) + } + + pub fn hash_ctx_dup(ctx: &SpdmHashCtx) -> Option { + let ret = (CRYPTO_HASH + .try_get_or_init(|| DEFAULT.clone()) + .expect("Functions should be registered before using") + .hash_ctx_dup_cb)(ctx.0)?; + Some(SpdmHashCtx(ret)) + } + + // - ring +transcript + #[cfg(not(feature = "spdm-ring"))] + use super::SpdmHash; + #[cfg(not(feature = "spdm-ring"))] + pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _data: &[u8]| + -> Option { unimplemented!() }, + hash_ctx_init_cb: |_base_hash_algo: SpdmBaseHashAlgo| -> Option { + unimplemented!() + }, + hash_ctx_update_cb: |_handle: usize, _data: &[u8]| -> SpdmResult { unimplemented!() }, + hash_ctx_finalize_cb: |_handle: usize| -> Option { unimplemented!() }, + hash_ctx_dup_cb: |_handle: usize| -> Option { unimplemented!() }, + }; + + // + ring +transcript + #[cfg(feature = "spdm-ring")] + pub use crate::crypto::spdm_ring::hash_impl::DEFAULT; + } + + #[cfg(feature = "hashed-transcript-data")] + pub use self::hash_ext::{ + hash_ctx_dup, hash_ctx_finalize, hash_ctx_init, hash_ctx_update, SpdmHashCtx, + }; +} + +pub mod hmac { + use super::CRYPTO_HMAC; + use crate::crypto::SpdmHmac; + use crate::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL}; + use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmHmac = SpdmHmac { + hmac_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _key: &[u8], + _data: &[u8]| + -> Option { unimplemented!() }, + hmac_verify_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _key: &[u8], + _data: &[u8], + _hmac: &SpdmDigestStruct| + -> SpdmResult { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::hmac_impl::DEFAULT; + + pub fn register(context: SpdmHmac) -> bool { + CRYPTO_HMAC.try_init_once(|| context).is_ok() + } + + pub fn hmac( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + ) -> Option { + (CRYPTO_HMAC + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hmac_cb)(base_hash_algo, key, data) + } + + pub fn hmac_verify( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + hmac: &SpdmDigestStruct, + ) -> SpdmResult { + (CRYPTO_HMAC + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_VERIF_FAIL)? + .hmac_verify_cb)(base_hash_algo, key, data, hmac) + } +} + +pub mod asym_verify { + use super::CRYPTO_ASYM_VERIFY; + use crate::crypto::SpdmAsymVerify; + use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; + use crate::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmAsymVerify = SpdmAsymVerify { + verify_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _base_asym_algo: SpdmBaseAsymAlgo, + _public_cert_der: &[u8], + _data: &[u8], + _signature: &SpdmSignatureStruct| + -> SpdmResult { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::asym_verify_impl::DEFAULT; + + pub fn register(context: SpdmAsymVerify) -> bool { + CRYPTO_ASYM_VERIFY.try_get_or_init(|| context).is_ok() + } + + pub fn verify( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + public_cert_der: &[u8], + data: &[u8], + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + (CRYPTO_ASYM_VERIFY + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .verify_cb)( + base_hash_algo, + base_asym_algo, + public_cert_der, + data, + signature, + ) + } +} + +pub mod dhe { + extern crate alloc; + use alloc::boxed::Box; + + use super::CRYPTO_DHE; + use crate::crypto::{SpdmDhe, SpdmDheKeyExchange}; + use crate::protocol::{SpdmDheAlgo, SpdmDheExchangeStruct}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmDhe = SpdmDhe { + generate_key_pair_cb: |_dhe_algo: SpdmDheAlgo| -> Option<( + SpdmDheExchangeStruct, + Box, + )> { unimplemented!() }, + }; + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::dhe_impl::DEFAULT; + + pub fn register(context: SpdmDhe) -> bool { + CRYPTO_DHE.try_init_once(|| context).is_ok() + } + + pub fn generate_key_pair( + dhe_algo: SpdmDheAlgo, + ) -> Option<(SpdmDheExchangeStruct, Box)> { + (CRYPTO_DHE + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .generate_key_pair_cb)(dhe_algo) + } +} + +pub mod cert_operation { + use super::CRYPTO_CERT_OPERATION; + use crate::crypto::SpdmCertOperation; + use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmCertOperation = SpdmCertOperation { + get_cert_from_cert_chain_cb: |_cert_chain: &[u8], + _index: isize| + -> SpdmResult<(usize, usize)> { unimplemented!() }, + verify_cert_chain_cb: |_cert_chain: &[u8]| -> SpdmResult { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::cert_operation_impl::DEFAULT; + + pub fn register(context: SpdmCertOperation) -> bool { + CRYPTO_CERT_OPERATION.try_init_once(|| context).is_ok() + } + + pub fn get_cert_from_cert_chain(cert_chain: &[u8], index: isize) -> SpdmResult<(usize, usize)> { + (CRYPTO_CERT_OPERATION + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .get_cert_from_cert_chain_cb)(cert_chain, index) + } + + pub fn verify_cert_chain(cert_chain: &[u8]) -> SpdmResult { + (CRYPTO_CERT_OPERATION + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .verify_cert_chain_cb)(cert_chain) + } +} + +pub mod hkdf { + use super::CRYPTO_HKDF; + use crate::crypto::SpdmHkdf; + use crate::protocol::{ + SpdmBaseHashAlgo, SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, + SpdmHkdfPseudoRandomKey, + }; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: |_hash_algo: SpdmBaseHashAlgo, + _salt: &[u8], + _ikm: &SpdmHkdfInputKeyingMaterial| + -> Option { unimplemented!() }, + hkdf_expand_cb: |_hash_algo: SpdmBaseHashAlgo, + _prk: &SpdmHkdfPseudoRandomKey, + _info: &[u8], + _out_size: u16| + -> Option { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::hkdf_impl::DEFAULT; + + pub fn register(context: SpdmHkdf) -> bool { + CRYPTO_HKDF.try_init_once(|| context).is_ok() + } + + pub fn hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + salt: &[u8], + ikm: &SpdmHkdfInputKeyingMaterial, + ) -> Option { + (CRYPTO_HKDF + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hkdf_extract_cb)(hash_algo, salt, ikm) + } + + pub fn hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + prk: &SpdmHkdfPseudoRandomKey, + info: &[u8], + out_size: u16, + ) -> Option { + (CRYPTO_HKDF + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .hkdf_expand_cb)(hash_algo, prk, info, out_size) + } +} + +pub mod aead { + use super::CRYPTO_AEAD; + use crate::crypto::SpdmAead; + use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; + use crate::protocol::{SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmAead = SpdmAead { + encrypt_cb: |_aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + _plain_text: &[u8], + _tag: &mut [u8], + _cipher_text: &mut [u8]| + -> SpdmResult<(usize, usize)> { unimplemented!() }, + decrypt_cb: |_aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + _cipher_text: &[u8], + _tag: &[u8], + _plain_text: &mut [u8]| + -> SpdmResult { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::aead_impl::DEFAULT; + + pub fn register(context: SpdmAead) -> bool { + CRYPTO_AEAD.try_init_once(|| context).is_ok() + } + + pub fn encrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], + ) -> SpdmResult<(usize, usize)> { + (CRYPTO_AEAD + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .encrypt_cb)(aead_algo, key, iv, aad, plain_text, tag, cipher_text) + } + + pub fn decrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + cipher_text: &[u8], + tag: &[u8], + plain_text: &mut [u8], + ) -> SpdmResult { + (CRYPTO_AEAD + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .decrypt_cb)(aead_algo, key, iv, aad, cipher_text, tag, plain_text) + } +} + +pub mod rand { + use super::CRYPTO_RAND; + use crate::crypto::SpdmCryptoRandom; + use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; + + #[cfg(not(any(feature = "spdm-ring")))] + static DEFAULT: SpdmCryptoRandom = SpdmCryptoRandom { + get_random_cb: |_data: &mut [u8]| -> SpdmResult { unimplemented!() }, + }; + + #[cfg(feature = "spdm-ring")] + use super::spdm_ring::rand_impl::DEFAULT; + + pub fn register(context: SpdmCryptoRandom) -> bool { + CRYPTO_RAND.try_init_once(|| context).is_ok() + } + + pub fn get_random(data: &mut [u8]) -> SpdmResult { + (CRYPTO_RAND + .try_get_or_init(|| DEFAULT.clone()) + .map_err(|_| SPDM_STATUS_INVALID_STATE_LOCAL)? + .get_random_cb)(data) + } +} + +#[cfg(test)] +mod crypto_tests; diff --git a/spdmlib/src/crypto/spdm_ring/aead_impl.rs b/spdmlib/src/crypto/spdm_ring/aead_impl.rs new file mode 100644 index 0000000..da04cab --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/aead_impl.rs @@ -0,0 +1,321 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::bytes_mut_scrubbed::BytesMutStrubbed; +use crate::crypto::SpdmAead; +use crate::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; + +use crate::protocol::{SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct}; + +pub static DEFAULT: SpdmAead = SpdmAead { + encrypt_cb: encrypt, + decrypt_cb: decrypt, +}; + +fn encrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)> { + if key.data_size != aead_algo.get_key_size() { + error!("key len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + if iv.data_size != aead_algo.get_iv_size() { + error!("iv len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + let tag_size = tag.len(); + if tag_size != aead_algo.get_tag_size() as usize { + error!("tag len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + let plain_text_size = plain_text.len(); + + if cipher_text.len() != plain_text_size { + error!("cipher_text len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + + let mut d = [0u8; ring::aead::NONCE_LEN]; + d.copy_from_slice(&iv.data[..ring::aead::NONCE_LEN]); + let nonce = ring::aead::Nonce::assume_unique_for_key(d); + + cipher_text.copy_from_slice(plain_text); + + let mut s_key: ring::aead::SealingKey = + if let Ok(k) = make_key(aead_algo, key, nonce) { + k + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + + match s_key.seal_in_place_separate_tag(ring::aead::Aad::from(aad), cipher_text) { + Ok(t) => { + tag.copy_from_slice(t.as_ref()); + Ok((plain_text_size, tag_size)) + } + Err(_) => Err(SPDM_STATUS_CRYPTO_ERROR), + } +} + +fn decrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + cipher_text: &[u8], + tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult { + if key.data_size != aead_algo.get_key_size() { + error!("key len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + if iv.data_size != aead_algo.get_iv_size() { + error!("iv len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + let tag_size = tag.len(); + if tag_size != aead_algo.get_tag_size() as usize { + error!("tag len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + let cipher_text_size = cipher_text.len(); + + if plain_text.len() != cipher_text_size { + error!("plain_text len invalid"); + return Err(SPDM_STATUS_CRYPTO_ERROR); + } + + let mut d = [0u8; ring::aead::NONCE_LEN]; + d.copy_from_slice(&iv.data[..ring::aead::NONCE_LEN]); + let nonce = ring::aead::Nonce::assume_unique_for_key(d); + + let mut in_out = BytesMutStrubbed::new(); + in_out.extend_from_slice(cipher_text); + in_out.extend_from_slice(tag); + + let mut o_key: ring::aead::OpeningKey = + if let Ok(k) = make_key(aead_algo, key, nonce) { + k + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + match o_key.open_in_place(ring::aead::Aad::from(aad), &mut in_out) { + Ok(in_out_result) => { + plain_text.copy_from_slice(&in_out_result[..cipher_text_size]); + Ok(cipher_text_size) + } + Err(_) => Err(SPDM_STATUS_CRYPTO_ERROR), + } +} + +struct OneNonceSequence(Option); + +impl OneNonceSequence { + /// Constructs the sequence allowing `advance()` to be called + /// `allowed_invocations` times. + fn new(nonce: ring::aead::Nonce) -> Self { + Self(Some(nonce)) + } +} + +impl ring::aead::NonceSequence for OneNonceSequence { + fn advance(&mut self) -> Result { + self.0.take().ok_or(ring::error::Unspecified) + } +} + +fn make_key>( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + nonce: ring::aead::Nonce, +) -> SpdmResult { + let algorithm = match aead_algo { + SpdmAeadAlgo::AES_128_GCM => &ring::aead::AES_128_GCM, + SpdmAeadAlgo::AES_256_GCM => &ring::aead::AES_256_GCM, + SpdmAeadAlgo::CHACHA20_POLY1305 => &ring::aead::CHACHA20_POLY1305, + _ => { + panic!(); + } + }; + + let key = if let Ok(k) = ring::aead::UnboundKey::new(algorithm, key.as_ref()) { + k + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + let nonce_sequence = OneNonceSequence::new(nonce); + Ok(K::new(key, nonce_sequence)) +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::protocol::*; + + #[test] + fn test_case0_encrypt() { + let aead_algo = SpdmAeadAlgo::AES_128_GCM; + let key = &SpdmAeadKeyStruct { + data_size: 16, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [0u8; 16]; + let tag = &mut [100u8; 16]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 16]; + + let status = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text).is_ok(); + assert!(status); + } + #[test] + fn test_case1_encrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [0u8; 16]; + + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 16]; + + let status = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text).is_ok(); + assert!(status); + } + #[test] + #[should_panic] + fn test_case2_encrypt() { + let aead_algo = SpdmAeadAlgo::empty(); + let key = &SpdmAeadKeyStruct { + data_size: 1, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [100u8; 16]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 16]; + let ret_tag_size = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text); + println!("ret_tag_size{:?}", ret_tag_size); + } + #[test] + fn test_case3_encrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 1, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [100u8; 16]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 16]; + let ret_tag_size = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text); + println!("ret_tag_size{:?}", ret_tag_size); + } + #[test] + fn test_case4_encrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 1, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [100u8; 32]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 16]; + let ret_tag_size = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text); + println!("ret_tag_size{:?}", ret_tag_size); + } + #[test] + fn test_case5_encrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [100u8; 16]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 1]; + let ret_tag_size = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text); + println!("ret_tag_size{:?}", ret_tag_size); + } + #[test] + fn test_case6_encrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let plain_text = &mut [100u8; 16]; + let tag = &mut [100u8; 32]; + let aad = &mut [100u8; 16]; + let cipher_text = &mut [100u8; 1]; + let ret_tag_size = encrypt(aead_algo, key, iv, aad, plain_text, tag, cipher_text); + println!("ret_tag_size{:?}", ret_tag_size); + } + #[test] + #[should_panic] + fn test_case0_decrypt() { + let aead_algo = SpdmAeadAlgo::CHACHA20_POLY1305; + let key = &SpdmAeadKeyStruct { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + let iv = &SpdmAeadIvStruct { + data_size: 12, + data: Box::new([100u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + let cipher_text = &mut [100u8; 16]; + let tag = &mut [100u8; 16]; + let aad = &mut [100u8; 12]; + let plain_text = &mut [100u8; 16]; + + let ret_tag_size = decrypt(aead_algo, key, iv, aad, cipher_text, tag, plain_text); + + match ret_tag_size { + Ok(16) => { + assert!(true) + } + _ => { + panic!() + } + } + } +} diff --git a/spdmlib/src/crypto/spdm_ring/asym_verify_impl.rs b/spdmlib/src/crypto/spdm_ring/asym_verify_impl.rs new file mode 100644 index 0000000..3eedeca --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/asym_verify_impl.rs @@ -0,0 +1,343 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::{x509v3, SpdmAsymVerify}; +use crate::error::{SpdmResult, SPDM_STATUS_INVALID_CERT, SPDM_STATUS_VERIF_FAIL}; +use crate::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; +use core::convert::TryFrom; + +pub static DEFAULT: SpdmAsymVerify = SpdmAsymVerify { + verify_cb: asym_verify, +}; + +fn asym_verify( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + public_cert_der: &[u8], + data: &[u8], + signature: &SpdmSignatureStruct, +) -> SpdmResult { + if signature.data_size != base_asym_algo.get_size() { + return Err(SPDM_STATUS_VERIF_FAIL); + } + + let algorithm = match (base_hash_algo, base_asym_algo) { + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256) => { + &webpki::ECDSA_P256_SHA256 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384) => { + &webpki::ECDSA_P384_SHA256 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256) => { + &webpki::ECDSA_P256_SHA384 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384) => { + &webpki::ECDSA_P384_SHA384 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + &webpki::RSA_PKCS1_2048_8192_SHA256 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + &webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + &webpki::RSA_PKCS1_2048_8192_SHA384 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + &webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + &webpki::RSA_PKCS1_2048_8192_SHA512 + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + &webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY + } + _ => { + panic!(); + } + }; + + x509v3::check_cert_chain_format(public_cert_der, base_asym_algo)?; + + let (leaf_begin, leaf_end) = + (super::cert_operation_impl::DEFAULT.get_cert_from_cert_chain_cb)(public_cert_der, -1)?; + let leaf_cert_der = &public_cert_der[leaf_begin..leaf_end]; + + let res = webpki::EndEntityCert::try_from(leaf_cert_der); + match res { + Ok(cert) => { + // + // Need translate from ECDSA_P384_SHA384_FIXED_SIGNING to ECDSA_P384_SHA384_ASN1 + // webpki only support ASN1 format ECDSA signature + // + match base_asym_algo { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 + | SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 => { + // DER has this format: 0x30 size 0x02 r_size 0x00 [r_size] 0x02 s_size 0x00 [s_size] + let mut der_signature = + [0u8; crate::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE + 8]; + let der_sign_size = + ecc_signature_bin_to_der(signature.as_ref(), &mut der_signature)?; + + match cert.verify_signature(algorithm, data, &der_signature[..(der_sign_size)]) + { + Ok(()) => Ok(()), + Err(_) => Err(SPDM_STATUS_VERIF_FAIL), + } + } + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048 + | SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072 + | SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096 => { + // RSASSA or RSAPSS + match cert.verify_signature(algorithm, data, signature.as_ref()) { + Ok(()) => Ok(()), + Err(_) => Err(SPDM_STATUS_VERIF_FAIL), + } + } + _ => Err(SPDM_STATUS_VERIF_FAIL), + } + } + Err(_e) => Err(SPDM_STATUS_INVALID_CERT), + } +} + +// add ASN.1 for the ECDSA binary signature +fn ecc_signature_bin_to_der(signature: &[u8], der_signature: &mut [u8]) -> SpdmResult { + let sign_size = signature.len(); + assert!( + // prevent API misuse + sign_size == crate::protocol::ECDSA_ECC_NIST_P256_KEY_SIZE + || sign_size == crate::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE + ); + let half_size = sign_size / 2; + + let mut r_index = half_size; + for (i, item) in signature.iter().enumerate().take(half_size) { + if *item != 0 { + r_index = i; + break; + } + } + let r_size = half_size - r_index; + let r = &signature[r_index..half_size]; + + let mut s_index = half_size; + for i in 0..half_size { + if signature[i + half_size] != 0 { + s_index = i; + break; + } + } + let s_size = half_size - s_index; + let s = &signature[half_size + s_index..sign_size]; + if r_size == 0 || s_size == 0 { + return Ok(0); + } + + let der_r_size = if r[0] < 0x80 { r_size } else { r_size + 1 }; + let der_s_size = if s[0] < 0x80 { s_size } else { s_size + 1 }; + // der_sign_size includes: 0x30 _ 0x02 _ [der_r_size] 0x02 _ [der_s_size] + let der_sign_size = der_r_size + der_s_size + 6; + + if der_signature.len() < der_sign_size { + error!("der_signature too small"); + return Err(SPDM_STATUS_VERIF_FAIL); + } + + if der_r_size > u8::MAX as usize + || der_s_size > u8::MAX as usize + || der_sign_size > u8::MAX as usize + { + error!("size check fails!"); + return Err(SPDM_STATUS_VERIF_FAIL); + } + + der_signature[0] = 0x30u8; + der_signature[1] = (der_sign_size - 2) as u8; + der_signature[2] = 0x02u8; + der_signature[3] = der_r_size as u8; + if r[0] < 0x80 { + der_signature[4..(4 + r_size)].copy_from_slice(r); + } else { + der_signature[4] = 0u8; + der_signature[5..(5 + r_size)].copy_from_slice(r); + } + der_signature[4 + der_r_size] = 0x02u8; + der_signature[5 + der_r_size] = der_s_size as u8; + + if s[0] < 0x80 { + der_signature[(6 + der_r_size)..(6 + der_r_size + s_size)].copy_from_slice(s); + } else { + der_signature[6 + der_r_size] = 0u8; + der_signature[(7 + der_r_size)..(7 + der_r_size + s_size)].copy_from_slice(s); + } + + Ok(der_sign_size) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_ecc_signature_bin_to_der() { + let signature = &mut [0x00u8; 64]; + for i in 10..signature.len() { + signature[i] = 0x10; + } + + let der_signature = &mut [0u8; 64]; + + let der_sign_size = ecc_signature_bin_to_der(signature, der_signature).unwrap(); + assert_eq!(der_sign_size, 60); + } + #[test] + fn test_case1_ecc_signature_bin_to_der() { + let signature = &mut [0x00u8; 64]; + for i in 10..signature.len() { + signature[i] = 0xff; + } + + let der_signature = &mut [0u8; 64]; + + let der_sign_size = ecc_signature_bin_to_der(signature, der_signature).unwrap(); + assert_eq!(der_sign_size, 62); + } + #[test] + fn test_case2_ecc_signature_bin_to_der() { + let signature = &mut [0x0u8; 64]; + let der_signature = &mut [0u8; 64]; + signature[63] = 0xff; + ecc_signature_bin_to_der(signature, der_signature).unwrap(); + } + #[test] + #[should_panic] + fn test_case3_ecc_signature_bin_to_der() { + let signature = &mut [0xffu8; 64]; + let der_signature = &mut [0u8; 64]; + ecc_signature_bin_to_der(signature, der_signature).unwrap(); + } + #[test] + fn test_case0_asym_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let base_asym_algo = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + let mut signature = SpdmSignatureStruct { + data_size: 512, + data: [0x00u8; crate::protocol::SPDM_MAX_ASYM_KEY_SIZE], + }; + signature.data[250] = 0x10; + signature.data[510] = 0x10; + + let public_cert_der = &include_bytes!("public_cert.der")[..]; + let data = &mut [0x10u8; 4096]; + + let asym_verify = asym_verify( + base_hash_algo, + base_asym_algo, + public_cert_der, + data, + &signature, + ); + assert!(asym_verify.is_err()); + } + #[test] + fn test_case1_asym_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let base_asym_algo = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + let mut signature = SpdmSignatureStruct { + data_size: 512, + data: [0x00u8; crate::protocol::SPDM_MAX_ASYM_KEY_SIZE], + }; + signature.data[250] = 0x10; + signature.data[510] = 0x10; + + let public_cert_der = &include_bytes!("public_cert.der")[..]; + let data = &mut [0x10u8; 4096]; + + let asym_verify = asym_verify( + base_hash_algo, + base_asym_algo, + public_cert_der, + data, + &signature, + ); + assert!(asym_verify.is_err()); + } + #[test] + fn test_case2_asym_verify() { + let base_hash_algo = [ + SpdmBaseHashAlgo::TPM_ALG_SHA_256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512, + ]; + let base_asym_algo = [ + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096, + ]; + let mut signature = SpdmSignatureStruct { + data_size: 512, + data: [0x00u8; crate::protocol::SPDM_MAX_ASYM_KEY_SIZE], + }; + signature.data[250] = 0x10; + signature.data[510] = 0x10; + + let public_cert_der = &include_bytes!("public_cert.der")[..]; + let data = &mut [0x10u8; 4096]; + + for base_hash_algo in base_hash_algo.iter() { + for base_asym_algo in base_asym_algo.iter() { + let asym_verify = asym_verify( + *base_hash_algo, + *base_asym_algo, + public_cert_der, + data, + &signature, + ); + assert!(asym_verify.is_err()); + } + } + } + #[test] + fn test_case3_asym_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let base_asym_algo = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + let mut signature = SpdmSignatureStruct { + data_size: 512, + data: [0x00u8; crate::protocol::SPDM_MAX_ASYM_KEY_SIZE], + }; + signature.data[250] = 0x10; + signature.data[510] = 0x10; + + let public_cert_der = &include_bytes!("public_cert.der")[..]; + let data = &mut [0x10u8; 4096]; + + let asym_verify = asym_verify( + base_hash_algo, + base_asym_algo, + public_cert_der, + data, + &signature, + ); + assert!(asym_verify.is_err()); + } +} diff --git a/spdmlib/src/crypto/spdm_ring/cert_operation_impl.rs b/spdmlib/src/crypto/spdm_ring/cert_operation_impl.rs new file mode 100644 index 0000000..ff669a5 --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/cert_operation_impl.rs @@ -0,0 +1,274 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::vec; +use alloc::vec::Vec; +use core::convert::TryFrom; + +use crate::crypto::SpdmCertOperation; +use crate::error::{SpdmResult, SPDM_STATUS_INVALID_CERT, SPDM_STATUS_INVALID_STATE_LOCAL}; +use ring::io::der; + +pub static DEFAULT: SpdmCertOperation = SpdmCertOperation { + get_cert_from_cert_chain_cb: get_cert_from_cert_chain, + verify_cert_chain_cb: verify_cert_chain, +}; + +fn get_cert_from_cert_chain(cert_chain: &[u8], index: isize) -> SpdmResult<(usize, usize)> { + let mut offset = 0usize; + let mut this_index = 0isize; + let cert_chain_size = cert_chain.len(); + loop { + if cert_chain[offset..].len() < 4 || offset > cert_chain.len() { + return Err(SPDM_STATUS_INVALID_CERT); + } + if cert_chain[offset] != 0x30 || cert_chain[offset + 1] != 0x82 { + return Err(SPDM_STATUS_INVALID_CERT); + } + let this_cert_len = + ((cert_chain[offset + 2] as usize) << 8) + (cert_chain[offset + 3] as usize) + 4; + if this_cert_len > cert_chain_size - offset { + return Err(SPDM_STATUS_INVALID_CERT); + } + if this_index == index { + // return the this one + return Ok((offset, offset + this_cert_len)); + } + this_index += 1; + if (offset + this_cert_len == cert_chain_size) && (index == -1) { + // return the last one + return Ok((offset, offset + this_cert_len)); + } + offset += this_cert_len; + } +} + +fn verify_cert_chain(cert_chain: &[u8]) -> SpdmResult { + static EKU_SPDM_RESPONDER_AUTH: &[u8] = &[40 + 3, 6, 1, 5, 5, 7, 3, 1]; + + static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[ + &webpki::RSA_PKCS1_2048_8192_SHA256, + &webpki::RSA_PKCS1_2048_8192_SHA384, + &webpki::RSA_PKCS1_2048_8192_SHA512, + &webpki::ECDSA_P256_SHA256, + &webpki::ECDSA_P256_SHA384, + &webpki::ECDSA_P384_SHA256, + &webpki::ECDSA_P384_SHA384, + ]; + + let mut certs = Vec::new(); + let mut certs_walker = 0; + let cert_chain_len = cert_chain.len(); + loop { + let start = if certs_walker < cert_chain_len { + certs_walker + } else { + break; + }; + + let tag = cert_chain[certs_walker]; + if usize::from(der::Tag::Sequence) != tag as usize { + break; + } + + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + // If the high order bit of the first byte is set to zero then the length + // is encoded in the seven remaining bits of that byte. Otherwise, those + // seven bits represent the number of bytes used to encode the length. + let length_byte0 = cert_chain[certs_walker]; + + let length = match length_byte0 { + n if (n & 0x80) == 0 => n as usize, + 0x81 => { + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + let second_byte = cert_chain[certs_walker]; + if second_byte < 128 { + break; // Not the canonical encoding. + } + + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + second_byte as usize + } + 0x82 => { + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + let second_byte = cert_chain[certs_walker] as usize; + + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + let third_byte = cert_chain[certs_walker] as usize; + + certs_walker += 1; + if certs_walker >= cert_chain_len { + break; + } + + let combined = (second_byte << 8) | third_byte; + if combined < 256 { + break; // Not the canonical encoding. + } + combined + } + _ => { + break; // We don't support longer lengths. + } + }; + + certs_walker += length; + if certs_walker > cert_chain_len { + break; + } + + certs.push(&cert_chain[start..certs_walker]); + } + let certs_len = certs.len(); + + let (ca, inters, ee): (&[u8], &[&[u8]], &[u8]) = match certs_len { + 0 => return Err(SPDM_STATUS_INVALID_CERT), + 1 => (certs[0], &[], certs[0]), + 2 => (certs[0], &[], certs[1]), + n => (certs[0], &certs[1..(n - 1)], certs[n - 1]), + }; + + let anchors = if let Ok(ta) = webpki::TrustAnchor::try_from_cert_der(ca) { + vec![ta] + } else { + return Err(SPDM_STATUS_INVALID_CERT); + }; + + #[cfg(any(target_os = "uefi", target_os = "none"))] + let timestamp = { + if let Some(ts) = sys_time::get_sys_time() { + ts as u64 + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + }; + #[cfg(not(any(target_os = "uefi", target_os = "none")))] + let timestamp = { + extern crate std; + if let Ok(ds) = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH) { + ds.as_secs() + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + }; + let time = webpki::Time::from_seconds_since_unix_epoch(timestamp); + + let cert = if let Ok(eec) = webpki::EndEntityCert::try_from(ee) { + eec + } else { + return Err(SPDM_STATUS_INVALID_CERT); + }; + + // we cannot call verify_is_valid_tls_server_cert because it will check verify_cert::EKU_SERVER_AUTH. + if cert + .verify_cert_chain_with_eku(EKU_SPDM_RESPONDER_AUTH, ALL_SIGALGS, &anchors, inters, time) + .is_ok() + { + info!("Cert verification Pass\n"); + Ok(()) + } else { + error!("Cert verification Fail\n"); + Err(SPDM_STATUS_INVALID_CERT) + } +} +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_cert_from_cert_chain() { + let cert_chain = &include_bytes!("public_cert.der")[..]; + let status = get_cert_from_cert_chain(cert_chain, -1).is_ok(); + assert!(status); + } + + #[test] + fn test_case1_cert_from_cert_chain() { + let cert_chain = &include_bytes!("public_cert.der")[..]; + let status = get_cert_from_cert_chain(cert_chain, 0).is_ok(); + assert!(status); + } + #[test] + fn test_case2_cert_from_cert_chain() { + let cert_chain = &include_bytes!("public_cert.der")[..]; + let status = get_cert_from_cert_chain(cert_chain, 1).is_ok(); + assert!(status); + } + #[test] + fn test_case3_cert_from_cert_chain() { + let cert_chain = &mut [0x1u8; 4096]; + cert_chain[0] = 0x00; + cert_chain[1] = 0x00; + let status = get_cert_from_cert_chain(cert_chain, 0).is_err(); + assert!(status); + } + #[test] + fn test_case4_cert_from_cert_chain() { + let cert_chain = &mut [0x11u8; 3]; + let status = get_cert_from_cert_chain(cert_chain, 0).is_err(); + assert!(status); + } + #[test] + fn test_case5_cert_from_cert_chain() { + let cert_chain = &include_bytes!("public_cert.der")[..]; + let status = get_cert_from_cert_chain(cert_chain, -1).is_ok(); + assert!(status); + + let status = verify_cert_chain(cert_chain).is_ok(); + assert!(status); + } + + /// verfiy cert chain + #[test] + fn test_verify_cert_chain_case1() { + let bundle_certs_der = + &include_bytes!("../../../../test_key/crypto_chains/ca_selfsigned.crt.der")[..]; + assert!(verify_cert_chain(bundle_certs_der).is_ok()); + + let bundle_certs_der = + &include_bytes!("../../../../test_key/crypto_chains/bundle_two_level_cert.der")[..]; + assert!(verify_cert_chain(bundle_certs_der).is_ok()); + + let bundle_certs_der = + &include_bytes!("../../../../test_key/ecp384/bundle_requester.certchain.der")[..]; + assert!(verify_cert_chain(bundle_certs_der).is_ok()); + + let bundle_certs_der = + &include_bytes!("../../../../test_key/crypto_chains/bundle_cert.der")[..]; + assert!(verify_cert_chain(bundle_certs_der).is_ok()); + + // Flipping bits to test signature hash is invalid. + let mut cert_chain = bundle_certs_der.to_vec(); + // offset 3140 is in signature range. + cert_chain[3140] ^= 0xFE; + assert!(verify_cert_chain(&cert_chain).is_err()); + + // Invalid Intermediate cert + let mut cert_chain = bundle_certs_der.to_vec(); + // Change intermediate cert data + cert_chain[1380] = 0xFF; + assert!(verify_cert_chain(&cert_chain).is_err()); + } +} diff --git a/spdmlib/src/crypto/spdm_ring/dhe_impl.rs b/spdmlib/src/crypto/spdm_ring/dhe_impl.rs new file mode 100644 index 0000000..b5263c9 --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/dhe_impl.rs @@ -0,0 +1,125 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::boxed::Box; + +use crate::crypto::bytes_mut_scrubbed::BytesMutStrubbed; +use crate::crypto::{SpdmDhe, SpdmDheKeyExchange}; +use crate::protocol::{SpdmDheAlgo, SpdmDheExchangeStruct, SpdmDheFinalKeyStruct}; +use bytes::{BufMut, BytesMut}; + +pub static DEFAULT: SpdmDhe = SpdmDhe { + generate_key_pair_cb: generate_key_pair, +}; + +fn generate_key_pair( + dhe_algo: SpdmDheAlgo, +) -> Option<(SpdmDheExchangeStruct, Box)> { + match dhe_algo { + SpdmDheAlgo::SECP_256_R1 => SpdmDheKeyExchangeP256::generate_key_pair(), + SpdmDheAlgo::SECP_384_R1 => SpdmDheKeyExchangeP384::generate_key_pair(), + _ => None, + } +} + +struct SpdmDheKeyExchangeP256(ring::agreement::EphemeralPrivateKey); + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP256 { + fn compute_final_key( + self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + let mut pubkey = BytesMutStrubbed::new(); + pubkey.put_u8(0x4u8); + pubkey.extend_from_slice(peer_pub_key.as_ref()); + + let peer_public_key = + ring::agreement::UnparsedPublicKey::new(&ring::agreement::ECDH_P256, pubkey.as_ref()); + let mut final_key = BytesMutStrubbed::new(); + match ring::agreement::agree_ephemeral(self.0, &peer_public_key, |key_material| { + final_key.extend_from_slice(key_material); + }) { + Ok(()) => Some(SpdmDheFinalKeyStruct::from(final_key)), + Err(_) => None, + } + } +} + +impl SpdmDheKeyExchangeP256 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + let rng = ring::rand::SystemRandom::new(); + let private_key = + ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::ECDH_P256, &rng) + .ok()?; + let public_key_old = private_key.compute_public_key().ok()?; + let public_key = BytesMut::from(&public_key_old.as_ref()[1..]); + + let res: Box = Box::new(Self(private_key)); + + Some((SpdmDheExchangeStruct::from(public_key), res)) + } +} + +struct SpdmDheKeyExchangeP384(ring::agreement::EphemeralPrivateKey); + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP384 { + fn compute_final_key( + self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + let mut pubkey = BytesMut::new(); + pubkey.put_u8(0x4u8); + pubkey.extend_from_slice(peer_pub_key.as_ref()); + + let peer_public_key = + ring::agreement::UnparsedPublicKey::new(&ring::agreement::ECDH_P384, pubkey.as_ref()); + let mut final_key = BytesMutStrubbed::new(); + match ring::agreement::agree_ephemeral(self.0, &peer_public_key, |key_material| { + final_key.extend_from_slice(key_material); + }) { + Ok(()) => Some(SpdmDheFinalKeyStruct::from(final_key)), + Err(_) => None, + } + } +} + +impl SpdmDheKeyExchangeP384 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + let rng = ring::rand::SystemRandom::new(); + let private_key = + ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::ECDH_P384, &rng) + .ok()?; + let public_key_old = private_key.compute_public_key().ok()?; + let public_key = BytesMut::from(&public_key_old.as_ref()[1..]); + + let res: Box = Box::new(Self(private_key)); + + Some((SpdmDheExchangeStruct::from(public_key), res)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_dhe() { + for dhe_algo in [SpdmDheAlgo::SECP_256_R1, SpdmDheAlgo::SECP_384_R1].iter() { + let (exchange1, private1) = generate_key_pair(*dhe_algo).unwrap(); + let (exchange2, private2) = generate_key_pair(*dhe_algo).unwrap(); + + let peer1 = private1.compute_final_key(&exchange2).unwrap(); + let peer2 = private2.compute_final_key(&exchange1).unwrap(); + + assert_eq!(peer1.as_ref(), peer2.as_ref()); + } + } + #[test] + fn test_case1_dhe() { + for dhe_algo in [SpdmDheAlgo::empty()].iter() { + assert_eq!(generate_key_pair(*dhe_algo).is_none(), true); + } + } +} diff --git a/spdmlib/src/crypto/spdm_ring/hash_impl.rs b/spdmlib/src/crypto/spdm_ring/hash_impl.rs new file mode 100644 index 0000000..171c1b1 --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/hash_impl.rs @@ -0,0 +1,138 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; + +use crate::crypto::SpdmHash; + +use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +#[cfg(not(feature = "hashed-transcript-data"))] +pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, +}; +#[cfg(feature = "hashed-transcript-data")] +pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, + hash_ctx_init_cb: hash_ext::hash_ctx_init, + hash_ctx_update_cb: hash_ext::hash_ctx_update, + hash_ctx_finalize_cb: hash_ext::hash_ctx_finalize, + hash_ctx_dup_cb: hash_ext::hash_ctx_dup, +}; + +fn hash_all(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option { + let algorithm = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => &ring::digest::SHA256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => &ring::digest::SHA384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => &ring::digest::SHA512, + _ => return None, + }; + let digest_value = ring::digest::digest(algorithm, data); + Some(SpdmDigestStruct::from(digest_value.as_ref())) +} + +#[cfg(feature = "hashed-transcript-data")] +mod hash_ext { + use super::*; + use alloc::boxed::Box; + use alloc::collections::BTreeMap; + use lazy_static::lazy_static; + use spin::Mutex; + + pub type HashCtxConcrete = ring::digest::Context; + + lazy_static! { + static ref HASH_CTX_TABLE: Mutex>> = + Mutex::new(BTreeMap::new()); + } + use crate::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; + + pub fn hash_ctx_update(handle: usize, data: &[u8]) -> SpdmResult { + let mut table = HASH_CTX_TABLE.lock(); + let ctx = table.get_mut(&handle).ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + ctx.update(data); + Ok(()) + } + + pub fn hash_ctx_finalize(handle: usize) -> Option { + let ctx = HASH_CTX_TABLE.lock().remove(&handle)?; + let digest_value = ctx.finish(); + Some(SpdmDigestStruct::from(digest_value.as_ref())) + } + + pub fn hash_ctx_dup(handle: usize) -> Option { + let ctx_new = { + let table = HASH_CTX_TABLE.lock(); + let ctx = table.get(&handle)?; + ctx.clone() + }; + let new_handle = insert_to_table(ctx_new); + Some(new_handle) + } + + pub fn hash_ctx_init(base_hash_algo: SpdmBaseHashAlgo) -> Option { + let algorithm = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => &ring::digest::SHA256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => &ring::digest::SHA384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => &ring::digest::SHA512, + _ => return None, + }; + let ctx = Box::new(HashCtxConcrete::new(algorithm)); + Some(insert_to_table(ctx)) + } + + fn insert_to_table(value: Box) -> usize { + let handle_ptr: *const HashCtxConcrete = &*value; + let handle = handle_ptr as usize; + HASH_CTX_TABLE.lock().insert(handle, value); + handle + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_hash_all() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let data = &mut [0u8; 64]; + + let hash_all = hash_all(base_hash_algo, data).unwrap(); + assert_eq!(hash_all.data_size, 64); + } + #[test] + fn test_case1_hash_all() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let data = &mut [0u8; 32]; + + let hash_all = hash_all(base_hash_algo, data).unwrap(); + assert_eq!(hash_all.data_size, 32); + } + #[test] + fn test_case2_hash_all() { + let base_hash_algo = SpdmBaseHashAlgo::empty(); + let data = &mut [0u8; 64]; + + let hash_all = hash_all(base_hash_algo, data); + assert_eq!(hash_all.is_none(), true); + } + #[test] + fn test_case0_hash_update() { + let helloworld = ring::digest::digest(&ring::digest::SHA384, b"hello, world"); + let hellobuddy = ring::digest::digest(&ring::digest::SHA384, b"hello, buddy"); + let mut ctx = ring::digest::Context::new(&ring::digest::SHA384); + ctx.update(b"hello"); + ctx.update(b", "); + let mut ctx_d = ctx.clone(); + ctx_d.update(b"buddy"); + ctx.update(b"world"); + let multi_part_helloworld = ctx.finish(); + let multi_part_hellobuddy = ctx_d.clone().finish(); + let multi_part_hellobuddy_twice = ctx_d.finish(); + assert_eq!(&helloworld.as_ref(), &multi_part_helloworld.as_ref()); + assert_eq!(&hellobuddy.as_ref(), &multi_part_hellobuddy.as_ref()); + assert_eq!(&hellobuddy.as_ref(), &multi_part_hellobuddy_twice.as_ref()); + } +} diff --git a/spdmlib/src/crypto/spdm_ring/hkdf_impl.rs b/spdmlib/src/crypto/spdm_ring/hkdf_impl.rs new file mode 100644 index 0000000..2812691 --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/hkdf_impl.rs @@ -0,0 +1,142 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmHkdf; +use crate::protocol::{ + SpdmBaseHashAlgo, SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, + SpdmHkdfPseudoRandomKey, SPDM_MAX_HKDF_OKM_SIZE, +}; + +pub static DEFAULT: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: hkdf_extract, + hkdf_expand_cb: hkdf_expand, +}; + +fn hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + salt: &[u8], + ikm: &SpdmHkdfInputKeyingMaterial, +) -> Option { + let algorithm = match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => ring::hmac::HMAC_SHA256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => ring::hmac::HMAC_SHA384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => ring::hmac::HMAC_SHA512, + _ => { + panic!(); + } + }; + + let s_key = ring::hmac::Key::new(algorithm, salt); + let tag = ring::hmac::sign(&s_key, ikm.as_ref()); + let tag = tag.as_ref(); + Some(SpdmHkdfPseudoRandomKey::from(tag)) +} + +fn hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + prk: &SpdmHkdfPseudoRandomKey, + info: &[u8], + out_size: u16, +) -> Option { + if out_size as usize > SPDM_MAX_HKDF_OKM_SIZE { + return None; + } + + let algo = match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(ring::hkdf::HKDF_SHA256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(ring::hkdf::HKDF_SHA384), + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => Some(ring::hkdf::HKDF_SHA512), + _ => return None, + }?; + + if prk.data_size as usize != algo.hmac_algorithm().digest_algorithm().output_len() { + return None; + } + + let prk = ring::hkdf::Prk::new_less_safe(algo, prk.as_ref()); + + let mut ret = SpdmHkdfOutputKeyingMaterial::default(); + let res = prk + .expand(&[info], SpdmCryptoHkdfKeyLen::new(out_size)) + .and_then(|okm| { + let len = out_size; + ret.data_size = len; + okm.fill(&mut ret.data[..len as usize]) + }); + match res { + Ok(_) => Some(ret), + Err(_) => None, + } +} + +struct SpdmCryptoHkdfKeyLen { + out_size: usize, +} +impl SpdmCryptoHkdfKeyLen { + pub fn new(len: u16) -> Self { + SpdmCryptoHkdfKeyLen { + out_size: len as usize, + } + } +} + +impl ring::hkdf::KeyType for SpdmCryptoHkdfKeyLen { + fn len(&self) -> usize { + self.out_size + } +} + +#[cfg(test)] +mod tests { + use crate::protocol::SPDM_MAX_HASH_SIZE; + + use super::*; + + #[test] + fn test_case0_hkdf_expand() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + // according to https://www.rfc-editor.org/rfc/rfc5869 + // prk.len should be hashlen + let prk = SpdmHkdfPseudoRandomKey { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let info = &mut [100u8; 64]; + let out_size = 64; + let hkdf_expand = hkdf_expand(base_hash_algo, &prk, info, out_size); + + match hkdf_expand { + Some(_) => { + assert!(true) + } + None => { + assert!(false) + } + } + } + #[test] + fn test_case1_hkdf_expand() { + // remove should panic + // hkdf_expand is a library call. It's better to return failure/success instead of panic. + let base_hash_algo = SpdmBaseHashAlgo::empty(); + let prk = SpdmHkdfPseudoRandomKey { + data_size: 64, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let info = &mut [100u8; 64]; + let out_size = 64; + let hkdf_expand = hkdf_expand(base_hash_algo, &prk, info, out_size); + + match hkdf_expand { + Some(_) => { + // when bash_hash_algo is empty + // hkdf_expand will failed and return None. + assert!(false) + } + None => { + assert!(true) + } + } + } +} diff --git a/spdmlib/src/crypto/spdm_ring/hmac_impl.rs b/spdmlib/src/crypto/spdm_ring/hmac_impl.rs new file mode 100644 index 0000000..e1a20f6 --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/hmac_impl.rs @@ -0,0 +1,120 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmHmac; +use crate::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL}; +use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +pub static DEFAULT: SpdmHmac = SpdmHmac { + hmac_cb: hmac, + hmac_verify_cb: hmac_verify, +}; + +fn hmac(base_hash_algo: SpdmBaseHashAlgo, key: &[u8], data: &[u8]) -> Option { + let algorithm = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => ring::hmac::HMAC_SHA256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => ring::hmac::HMAC_SHA384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => ring::hmac::HMAC_SHA512, + _ => { + panic!(); + } + }; + + let s_key = ring::hmac::Key::new(algorithm, key); + let tag = ring::hmac::sign(&s_key, data); + let tag = tag.as_ref(); + Some(SpdmDigestStruct::from(tag)) +} + +fn hmac_verify( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + hmac: &SpdmDigestStruct, +) -> SpdmResult { + let algorithm = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => ring::hmac::HMAC_SHA256, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => ring::hmac::HMAC_SHA384, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => ring::hmac::HMAC_SHA512, + _ => { + panic!(); + } + }; + + let v_key = ring::hmac::Key::new(algorithm, key); + match ring::hmac::verify(&v_key, data, &hmac.data[..(hmac.data_size as usize)]) { + Ok(()) => Ok(()), + Err(_) => Err(SPDM_STATUS_VERIF_FAIL), + } +} + +#[cfg(test)] +mod tests { + use crate::protocol::{SpdmFinishedKeyStruct, SPDM_MAX_HASH_SIZE}; + + use super::*; + + #[test] + fn test_case0_hmac_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let key = &SpdmFinishedKeyStruct { + data_size: 64, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let data = &mut [100u8; 64]; + let spdm_digest = hmac(base_hash_algo, key.as_ref(), data).unwrap(); + let spdm_digest_struct = hmac_verify(base_hash_algo, key.as_ref(), data, &spdm_digest); + + match spdm_digest_struct { + Ok(()) => { + assert!(true) + } + _ => { + panic!() + } + } + } + #[test] + fn test_case1_hmac_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let key = &SpdmFinishedKeyStruct { + data_size: 64, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let data = &mut [10u8; 128]; + let spdm_digest = hmac(base_hash_algo, key.as_ref(), data).unwrap(); + let spdm_digest_struct = hmac_verify(base_hash_algo, key.as_ref(), data, &spdm_digest); + + match spdm_digest_struct { + Ok(()) => { + assert!(true) + } + _ => { + panic!() + } + } + } + #[test] + #[should_panic] + fn test_case2_hmac_verify() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let key = &SpdmFinishedKeyStruct { + data_size: 128, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let data = &mut [10u8; 128]; + let spdm_digest = hmac(base_hash_algo, key.as_ref(), data).unwrap(); + let data = &mut [100u8; 128]; + let spdm_digest_struct = hmac_verify(base_hash_algo, key.as_ref(), data, &spdm_digest); + + match spdm_digest_struct { + Ok(()) => { + assert!(true) + } + _ => { + panic!() + } + } + } +} diff --git a/spdmlib/src/crypto/spdm_ring/mod.rs b/spdmlib/src/crypto/spdm_ring/mod.rs new file mode 100644 index 0000000..36530ef --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/mod.rs @@ -0,0 +1,12 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub mod aead_impl; +pub mod asym_verify_impl; +pub mod cert_operation_impl; +pub mod dhe_impl; +pub mod hash_impl; +pub mod hkdf_impl; +pub mod hmac_impl; +pub mod rand_impl; diff --git a/spdmlib/src/crypto/spdm_ring/public_cert.der b/spdmlib/src/crypto/spdm_ring/public_cert.der new file mode 100644 index 0000000..6125135 Binary files /dev/null and b/spdmlib/src/crypto/spdm_ring/public_cert.der differ diff --git a/spdmlib/src/crypto/spdm_ring/rand_impl.rs b/spdmlib/src/crypto/spdm_ring/rand_impl.rs new file mode 100644 index 0000000..ba804ed --- /dev/null +++ b/spdmlib/src/crypto/spdm_ring/rand_impl.rs @@ -0,0 +1,67 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmCryptoRandom; +use crate::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; + +pub static DEFAULT: SpdmCryptoRandom = SpdmCryptoRandom { + get_random_cb: get_random, +}; + +fn get_random(data: &mut [u8]) -> SpdmResult { + let rng = ring::rand::SystemRandom::new(); + + let mut len = data.len(); + let mut offset = 0usize; + while len > 0 { + let rand_data: [u8; 64] = if let Ok(rd) = ring::rand::generate(&rng) { + rd.expose() + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + if len > 64 { + data[offset..(offset + 64)].copy_from_slice(&rand_data); + len -= 64; + offset += 64; + } else { + data[offset..(offset + len)].copy_from_slice(&rand_data[0..len]); + break; + } + } + + Ok(data.len()) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_get_random() { + let data = &mut [100u8; 16]; + let data_len = get_random(data); + + match data_len { + Ok(16) => { + assert!(true) + } + _ => { + panic!() + } + } + } + #[test] + fn test_case1_get_random() { + let data = &mut [100u8; 80]; + let data_len = get_random(data); + match data_len { + Ok(80) => { + assert!(true) + } + _ => { + panic!() + } + } + } +} diff --git a/spdmlib/src/crypto/x509v3.rs b/spdmlib/src/crypto/x509v3.rs new file mode 100644 index 0000000..042c544 --- /dev/null +++ b/spdmlib/src/crypto/x509v3.rs @@ -0,0 +1,1137 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL}; +use crate::protocol::SpdmBaseAsymAlgo; + +// Key Usage: Digital Signature Bit; +const RFC_5280_KEY_USAGE_DIGITAL_SIGNATURE_BIT: u8 = 0x80; +// reference: https://www.itu.int/rec/T-REC-X.690/en +// TAG +const ASN1_TAG_CLASS_UNIVERSAL_MASK: u8 = 0x0; +const ASN1_TAG_CLASS_CONTEXT_SPECIFIC_MASK: u8 = 0x80; + +const ASN1_FORM_CONSTRUCTED_MASK: u8 = 0x20; + +const ASN1_TAG_NUMBER_INTEGER: u8 = 0x2; +const ASN1_TAG_BIT_STRING: u8 = 0x3; +const ASN1_TAG_NUMBER_OBJECT_IDENTIFIER: u8 = 0x6; +const ASN1_TAG_NUMBER_SEQUENCE: u8 = 0x10; + +const ASN1_TAG_SEQUENCE: u8 = + ASN1_TAG_CLASS_UNIVERSAL_MASK | ASN1_FORM_CONSTRUCTED_MASK | ASN1_TAG_NUMBER_SEQUENCE; +const ASN1_TAG_EXPLICIT_EXTENSION: u8 = 0xA3; +const ASN1_TAG_EXTN_VALUE: u8 = 0x04; +const ASN1_LENGTH_MULTI_OCTET_MASK: u8 = 0x80; + +const X509V3_VERSION: u8 = 2; +const OID_RSA_SHA256RSA: &[u8] = &[0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0bu8]; +const OID_RSA_SHA384RSA: &[u8] = &[0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0cu8]; +const OID_RSA_SHA512RSA: &[u8] = &[0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0du8]; +const OID_ECDSA_SHA256: &[u8] = &[0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02u8]; +const OID_ECDSA_SHA384: &[u8] = &[0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03u8]; +const OID_DMTF_SPDM_DEVICE_INFO: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01]; +const OID_DMTF_SPDM_HARDWARE_IDENTITY: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02]; +const OID_DMTF_SPDM_EKU_RESPONDER_AUTH: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03]; +const OID_DMTF_SPDM_EKU_REQUESTER_AUTH: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04]; +const OID_DMTF_MUTABLE_CERTIFICATE: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x05]; +const OID_DMTF_SPDM_EXTENSION: &[u8] = + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06]; +const OID_KEY_USAGE: &[u8] = &[0x55, 0x1D, 0x0F]; +const OID_SUBJECT_ALTERNATIVE_NAME: &[u8] = &[0x55, 0x1D, 0x11]; +const OID_EXT_KEY_USAGE: &[u8] = &[0x55, 0x1D, 0x25]; + +// reference: https://www.rfc-editor.org/rfc/rfc5280.txt +// IN DER encoded certificate chain slice +// OUT Ok certificate count +// OUT Error Mulformed certificate found +// checked: +// 1. version should be x509v3. +// 2. the algorithm is match for leaf certificate +// 3. no more or less bytes found +pub fn check_cert_chain_format( + cert_chain: &[u8], + base_asym_algo: SpdmBaseAsymAlgo, +) -> SpdmResult { + let mut cc_walker = 0usize; + let mut cert_count = 0usize; + let cert_chain_size = cert_chain.len(); + + while cc_walker < cert_chain_size { + cc_walker = cc_walker + check_cert_format(&cert_chain[cc_walker..], base_asym_algo)?; + cert_count += 1; + } + + if cc_walker == cert_chain_size { + Ok(cert_count) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } +} + +// IN DER encoded certificate slice +// OUT Ok cert size +// OUT Error Mulformed certificate found +fn check_cert_format(cert: &[u8], base_asym_algo: SpdmBaseAsymAlgo) -> SpdmResult { + let mut c_walker = 0usize; + let len = cert.len(); + + check_tag_is_sequence(cert)?; + c_walker += 1; + + let (body_size, bytes_consumed) = check_length(&cert[c_walker..])?; + c_walker += bytes_consumed; + + if len == c_walker + body_size { + c_walker += check_tbs_certificate(&cert[c_walker..], base_asym_algo, true)?; + c_walker += check_signature_algorithm(&cert[c_walker..], base_asym_algo, true)?; + } else { + c_walker += check_tbs_certificate(&cert[c_walker..], base_asym_algo, false)?; + c_walker += check_signature_algorithm(&cert[c_walker..], base_asym_algo, false)?; + } + + c_walker += check_signature_value(&cert[c_walker..], base_asym_algo)?; + + if c_walker == 1 + bytes_consumed + body_size { + Ok(c_walker) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } +} + +fn check_tbs_certificate( + data: &[u8], + base_asym_algo: SpdmBaseAsymAlgo, + is_leaf_cert: bool, +) -> SpdmResult { + let mut t_walker = 0usize; + let len = data.len(); + + check_tag_is_sequence(data)?; + t_walker += 1; + + let (tbs_length, bytes_consumed) = check_length(&data[t_walker..])?; + t_walker += bytes_consumed; + + let length_before_tbs = t_walker; + + if len < t_walker + tbs_length { + return Err(SPDM_STATUS_VERIF_FAIL); + } + + // version [0] EXPLICIT Version DEFAULT v1, + let bytes_consumed = check_version(&data[t_walker..])?; + t_walker += bytes_consumed; + + // serialNumber CertificateSerialNumber, + let bytes_consumed = check_and_skip_common_tag(&data[t_walker..])?; + t_walker += bytes_consumed; + + // signature AlgorithmIdentifier, + check_tag_is_sequence(&data[t_walker..])?; + t_walker += 1; + let (signature_id_length, bytes_consumed) = check_length(&data[t_walker..])?; + t_walker += bytes_consumed; + + if is_leaf_cert { + check_object_identifier(&data[t_walker..], get_oid_by_base_asym_algo(base_asym_algo))?; + } else { + check_object_identifier(&data[t_walker..], None)?; + } + t_walker += signature_id_length; + // issuer Name, + let bytes_consumed = check_name(&data[t_walker..])?; + t_walker += bytes_consumed; + + // validity Validity, + let bytes_consumed = check_validity(&data[t_walker..])?; + t_walker += bytes_consumed; + + // subject Name, + let bytes_consumed = check_name(&data[t_walker..])?; + t_walker += bytes_consumed; + + // subjectPublicKeyInfo SubjectPublicKeyInfo, + let bytes_consumed = check_public_key_info(&data[t_walker..])?; + t_walker += bytes_consumed; + + // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + // extensions [3] EXPLICIT Extensions OPTIONAL + + // key_usage EXTENSIONS, + let (find_key_usage, key_usage_value) = get_key_usage_value(&data[t_walker..])?; + // The digitalSignature bit SHOULD asserted when subject public key is used for verifying digital signatures + // in an entity authentication service, a data origin authentication service, and/or an integrity service. + let check_extensions_success = !(find_key_usage + && (RFC_5280_KEY_USAGE_DIGITAL_SIGNATURE_BIT & key_usage_value + != RFC_5280_KEY_USAGE_DIGITAL_SIGNATURE_BIT)); + // when key usage digitalSignature bit unset, it SHOULD return false. + + //extensions EXTENSIONS, + let (bytes_consumed, extension_data) = check_and_get_extensions(&data[t_walker..])?; + let check_extn_spdm_success = check_extensions_spdm_oid(extension_data, is_leaf_cert)?; + t_walker += bytes_consumed; + + if (t_walker == length_before_tbs + tbs_length) + && check_extensions_success + && check_extn_spdm_success + { + Ok(length_before_tbs + tbs_length) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } +} + +fn check_signature_algorithm( + data: &[u8], + base_asym_algo: SpdmBaseAsymAlgo, + is_leaf_cert: bool, +) -> SpdmResult { + let mut s_walker = 0usize; + // signature AlgorithmIdentifier, + check_tag_is_sequence(&data[s_walker..])?; + s_walker += 1; + let (signature_id_length, bytes_consumed) = check_length(&data[s_walker..])?; + s_walker += bytes_consumed; + + if is_leaf_cert { + check_object_identifier(&data[s_walker..], get_oid_by_base_asym_algo(base_asym_algo))?; + } else { + check_object_identifier(&data[s_walker..], None)?; + } + + Ok(s_walker + signature_id_length) +} + +fn check_signature_value(data: &[u8], _base_asym_algo: SpdmBaseAsymAlgo) -> SpdmResult { + check_and_skip_common_tag(data) +} + +fn check_tag_is_sequence(data: &[u8]) -> SpdmResult { + if data.is_empty() { + Err(SPDM_STATUS_VERIF_FAIL) + } else if data[0] == ASN1_TAG_SEQUENCE { + Ok(()) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } +} + +// IN bytes slice +// OUT Ok (length, bytes consumed) +// OUT Error Mulformed certificate found +fn check_length(data: &[u8]) -> SpdmResult<(usize, usize)> { + let len = data.len(); + if len < 1 { + Err(SPDM_STATUS_VERIF_FAIL) + } else if data[0] & ASN1_LENGTH_MULTI_OCTET_MASK == 0 { + Ok((data[0] as usize, 1)) + } else { + let length_count = data[0] - ASN1_LENGTH_MULTI_OCTET_MASK; + if len < (length_count as usize + 1) || length_count == 0 || length_count > 8 { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let mut length = [0u8; 8]; + for (i, b) in data[1..length_count as usize + 1].iter().rev().enumerate() { + length[i] = *b; + } + Ok((usize::from_le_bytes(length), length_count as usize + 1)) + } + } +} + +fn check_version(data: &[u8]) -> SpdmResult { + let len = data.len(); + if len < 5 + || data[0] != (ASN1_TAG_CLASS_CONTEXT_SPECIFIC_MASK | ASN1_FORM_CONSTRUCTED_MASK) + || data[1] != 3 + || data[2] != ASN1_TAG_NUMBER_INTEGER + || data[3] != 1 + { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let version = data[4]; + if version == X509V3_VERSION { + Ok(5) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } + } +} + +fn check_object_identifier(data: &[u8], oid: Option<&'static [u8]>) -> SpdmResult { + let len = data.len(); + if len < 2 || data[0] != ASN1_TAG_NUMBER_OBJECT_IDENTIFIER { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let oid_length = data[1]; + if len < oid_length as usize + 2 || oid_length >= 0x80 { + Err(SPDM_STATUS_VERIF_FAIL) + } else if let Some(oid) = oid { + if object_identifiers_are_same(&data[2..2 + oid_length as usize], oid) { + Ok(oid_length as usize + 2) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } + } else { + Ok(oid_length as usize + 2) + } + } +} + +fn check_name(data: &[u8]) -> SpdmResult { + check_and_skip_common_sequence(data) +} + +fn check_validity(data: &[u8]) -> SpdmResult { + check_and_skip_common_sequence(data) +} + +fn check_public_key_info(data: &[u8]) -> SpdmResult { + check_and_skip_common_sequence(data) +} + +fn check_and_get_extensions(data: &[u8]) -> SpdmResult<(usize, &[u8])> { + let len = data.len(); + if len < 1 || data[0] != ASN1_TAG_EXPLICIT_EXTENSION { + Ok((len, &data[0..])) + } else { + let (payload_length, bytes_consumed) = check_length(&data[1..])?; + if len < 1 + bytes_consumed + payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + Ok(( + 1 + bytes_consumed + payload_length, + &data[1 + bytes_consumed..1 + bytes_consumed + payload_length], + )) + } + } +} + +fn get_key_usage_value(data: &[u8]) -> SpdmResult<(bool, u8)> { + let mut find_key_usage = false; + let len = data.len(); + let key_usage_oid_len = OID_KEY_USAGE.len(); + let (data_length, bytes_consumed) = check_length(&data[1..])?; + if len < 1 + data_length + bytes_consumed { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let mut index = 1 + bytes_consumed; + while index < data_length { + let (payload_length, bytes_consumed) = check_length(&data[index + 1..])?; + if data[index] == ASN1_TAG_SEQUENCE { + index += 1 + payload_length; + continue; + } else if data[index] == ASN1_TAG_NUMBER_OBJECT_IDENTIFIER + && payload_length == key_usage_oid_len + && object_identifiers_are_same( + &data[index + 1 + bytes_consumed..index + 1 + bytes_consumed + payload_length], + OID_KEY_USAGE, + ) + { + index += 1 + bytes_consumed + payload_length; + if data[index] == ASN1_TAG_EXTN_VALUE { + let (_, extnvalue_consumed) = check_length(&data[index + 1..])?; + index += 1 + extnvalue_consumed; + if data[index] == ASN1_TAG_BIT_STRING { + let (string_length, string_consumed) = check_length(&data[index + 1..])?; + index += string_consumed + string_length; + find_key_usage = true; + } else { + find_key_usage = false; + } + break; + } else { + index += 1 + bytes_consumed + payload_length; + continue; + } + } else { + index += 1 + bytes_consumed + payload_length; + continue; + } + } + if find_key_usage { + Ok((true, data[index])) + } else { + Ok((false, 0x00)) + } + } +} + +fn check_extensions_spdm_oid(extensions: &[u8], is_leaf_cert: bool) -> SpdmResult { + let mut responder_auth_oid_find_success = false; + let mut requester_auth_oid_find_success = false; + let len = extensions.len(); + if len < 1 || extensions[0] != ASN1_TAG_SEQUENCE { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (payload_length, sequences_bytes_consumed) = check_length(&extensions[1..])?; + let extn_sequences = &extensions[1 + sequences_bytes_consumed..]; + let sequences_len = extn_sequences.len(); + if sequences_len < payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let mut index = 0; + while index < payload_length { + let (extnid, extn_sequence_len) = check_and_get_extn_id(&extn_sequences[index..])?; + // find the first level extension identifiy from extensions sequence + if object_identifiers_are_same(extnid, OID_SUBJECT_ALTERNATIVE_NAME) { + if find_target_object_identifiers( + &extn_sequences[index..index + extn_sequence_len], + OID_DMTF_SPDM_DEVICE_INFO, + )? { + info!("find id-DMTF-device-info OID\n"); + } + index += extn_sequence_len; + continue; + } else if object_identifiers_are_same(extnid, OID_EXT_KEY_USAGE) { + if find_target_object_identifiers( + &extn_sequences[index..index + extn_sequence_len], + OID_DMTF_SPDM_EKU_RESPONDER_AUTH, + )? { + responder_auth_oid_find_success = true; + info!("find id-DMTF-eku-responder-auth OID\n"); + } else if find_target_object_identifiers( + &extn_sequences[index..index + extn_sequence_len], + OID_DMTF_SPDM_EKU_REQUESTER_AUTH, + )? { + requester_auth_oid_find_success = true; + info!("find id-DMTF-eku-requester-auth OID\n"); + } + index += extn_sequence_len; + continue; + } else if object_identifiers_are_same(extnid, OID_DMTF_SPDM_EXTENSION) { + if find_target_object_identifiers( + &extn_sequences[index..index + extn_sequence_len], + OID_DMTF_MUTABLE_CERTIFICATE, + )? { + info!("find id-DMTF-mutable-certificate OID\n"); + } else if find_target_object_identifiers( + &extn_sequences[index..index + extn_sequence_len], + OID_DMTF_SPDM_HARDWARE_IDENTITY, + )? { + info!("find id-DMTF-hardware-identity OID\n"); + } + index += extn_sequence_len; + continue; + } else { + index += extn_sequence_len; + continue; + } + } + // if not the leaf certificate, reuester/responder auth OIDs SHOULD not be presented. + Ok(!(!is_leaf_cert + && (responder_auth_oid_find_success || requester_auth_oid_find_success))) + } + } +} + +// IN (sequences slice, target oid) +// OUT true when find target oid +// OUT false when not find target oid +fn find_target_object_identifiers(data: &[u8], target_oid: &[u8]) -> SpdmResult { + let mut target_oid_find_success = false; + let len = data.len(); + let target_oid_len = target_oid.len(); + if len < target_oid_len { + target_oid_find_success = false; + } else { + let mut index = 0; + while index < len - target_oid_len { + let (payload_length, bytes_consumed) = check_length(&data[index + 1..])?; + if data[index] == ASN1_TAG_NUMBER_OBJECT_IDENTIFIER { + if object_identifiers_are_same( + &data[index + 1 + bytes_consumed..index + 1 + bytes_consumed + payload_length], + target_oid, + ) && payload_length == target_oid_len + { + target_oid_find_success = true; + break; + } else { + index += 1 + bytes_consumed + payload_length; + continue; + } + } else if data[index] == ASN1_TAG_SEQUENCE || data[index] == ASN1_TAG_EXTN_VALUE { + index += 1 + bytes_consumed; + continue; + } else { + index += 1 + bytes_consumed + payload_length; + continue; + } + } + } + Ok(target_oid_find_success) +} + +// IN extension sequence slice +// OUT Ok (extnID, extn sequence length) +// OUT Error not found extnID, verify fail +fn check_and_get_extn_id(extn_sequences: &[u8]) -> SpdmResult<(&[u8], usize)> { + let len = extn_sequences.len(); + if len < 1 || extn_sequences[0] != ASN1_TAG_SEQUENCE { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (extn_payload_length, extn_bytes_consumed) = check_length(&extn_sequences[1..])?; + if len < 1 + extn_bytes_consumed + extn_payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + // extnID is the first item in the extension sequence and the tag is Object identifier + let extn_id = &extn_sequences[1 + extn_bytes_consumed..]; + if extn_id[0] != ASN1_TAG_NUMBER_OBJECT_IDENTIFIER { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (extn_id_length, extn_id_bytes_consumed) = check_length(&extn_id[1..])?; + Ok(( + &extn_id + [1 + extn_id_bytes_consumed..1 + extn_id_bytes_consumed + extn_id_length], + 1 + extn_bytes_consumed + extn_payload_length, + )) + } + } + } +} + +fn check_and_skip_common_sequence(data: &[u8]) -> SpdmResult { + let len = data.len(); + if len < 1 || data[0] != ASN1_TAG_SEQUENCE { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (payload_length, bytes_consumed) = check_length(&data[1..])?; + if len < 1 + bytes_consumed + payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + Ok(1 + bytes_consumed + payload_length) + } + } +} + +fn check_and_skip_common_tag(data: &[u8]) -> SpdmResult { + let len = data.len(); + if len < 1 { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (payload_length, bytes_consumed) = check_length(&data[1..])?; + if len < 1 + bytes_consumed + payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + Ok(1 + bytes_consumed + payload_length) + } + } +} + +fn check_and_get_common_tag(data: &[u8]) -> SpdmResult<(usize, &[u8])> { + let len = data.len(); + if len < 1 { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + let (payload_length, bytes_consumed) = check_length(&data[1..])?; + if len < 1 + bytes_consumed + payload_length { + Err(SPDM_STATUS_VERIF_FAIL) + } else { + Ok(( + 1 + bytes_consumed + payload_length, + &data[1 + bytes_consumed..1 + bytes_consumed + payload_length], + )) + } + } +} + +fn get_oid_by_base_asym_algo(base_asym_algo: SpdmBaseAsymAlgo) -> Option<&'static [u8]> { + match base_asym_algo { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 => Some(OID_RSA_SHA256RSA), + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048 => Some(OID_RSA_SHA256RSA), + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 => Some(OID_RSA_SHA384RSA), + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072 => Some(OID_RSA_SHA384RSA), + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 => Some(OID_ECDSA_SHA256), + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096 => Some(OID_RSA_SHA512RSA), + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096 => Some(OID_RSA_SHA512RSA), + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 => Some(OID_ECDSA_SHA384), + _ => None, + } +} + +fn object_identifiers_are_same(a: &[u8], b: &[u8]) -> bool { + if a.len() != b.len() { + false + } else { + for (ai, bi) in a.iter().zip(b.iter()) { + match ai.cmp(bi) { + core::cmp::Ordering::Equal => continue, + _ => return false, + } + } + true + } +} + +// test root cert by checking issuer name == subject name +pub fn is_root_certificate(cert: &[u8]) -> SpdmResult { + let mut c_walker = 0usize; + + check_tag_is_sequence(cert)?; + c_walker += 1; + + let (_, bytes_consumed) = check_length(&cert[c_walker..])?; + c_walker += bytes_consumed; + + // tbs + let data = &cert[c_walker..]; + let mut t_walker = 0usize; + let len = data.len(); + + check_tag_is_sequence(data)?; + t_walker += 1; + + let (tbs_length, bytes_consumed) = check_length(&data[t_walker..])?; + t_walker += bytes_consumed; + + if len < t_walker + tbs_length { + return Err(SPDM_STATUS_VERIF_FAIL); + } + + // version [0] EXPLICIT Version DEFAULT v1, + let bytes_consumed = check_version(&data[t_walker..])?; + t_walker += bytes_consumed; + + // serialNumber CertificateSerialNumber, + let bytes_consumed = check_and_skip_common_tag(&data[t_walker..])?; + t_walker += bytes_consumed; + + // signature AlgorithmIdentifier, + check_tag_is_sequence(&data[t_walker..])?; + t_walker += 1; + let (signature_id_length, bytes_consumed) = check_length(&data[t_walker..])?; + t_walker += bytes_consumed; + + check_object_identifier(&data[t_walker..], None)?; + + t_walker += signature_id_length; + // issuer Name, + let (bytes_consumed, issuer) = check_and_get_common_tag(&data[t_walker..])?; + t_walker += bytes_consumed; + + // validity Validity, + let bytes_consumed = check_validity(&data[t_walker..])?; + t_walker += bytes_consumed; + + // subject Name, + let (_, subject) = check_and_get_common_tag(&data[t_walker..])?; + + if subject == issuer { + Ok(()) + } else { + Err(SPDM_STATUS_VERIF_FAIL) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_object_identifiers_are_same() { + let lt = [0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0bu8]; + let lt_wrong1 = [0x2b, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0bu8]; + let lt_wrong2 = [0x2b, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0xb0u8]; + let lt_empty: [u8; 0] = []; + assert!(object_identifiers_are_same(<, OID_RSA_SHA256RSA)); + assert!(!object_identifiers_are_same(<, OID_RSA_SHA384RSA)); + assert!(!object_identifiers_are_same(<_wrong1, OID_RSA_SHA256RSA)); + assert!(!object_identifiers_are_same(<_wrong2, OID_RSA_SHA256RSA)); + assert!(!object_identifiers_are_same(<_empty, OID_RSA_SHA384RSA)); + } + + #[test] + fn test_case0_get_oid_by_base_asym_algo() { + assert_eq!( + get_oid_by_base_asym_algo(SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048), + Some(OID_RSA_SHA256RSA) + ); + assert_eq!( + get_oid_by_base_asym_algo(SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256), + Some(OID_ECDSA_SHA256) + ); + } + + #[test] + fn test_case0_check_and_skip_common_tag() { + let sq1 = [ + 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xD7, 0x9C, 0x7F, 0x26, 0x91, 0x34, + 0xA5, 0x2B, 0x79, 0xEA, 0x66, 0x15, 0x00, 0x88, 0x0A, 0x4D, 0xE7, 0xAD, 0x71, 0xC6, + 0x2E, 0xE4, 0x7E, 0x37, 0xE1, 0x86, 0xEB, 0xE8, 0x55, 0xB0, 0x2F, 0xC5, 0xF3, 0xA9, + 0xE0, 0x90, 0xF9, 0x0B, 0x82, 0xC5, 0xDF, 0x4A, 0x35, 0x9A, 0x0D, 0x35, 0x38, 0x4B, + 0x02, 0x30, 0x40, 0xA7, 0xFE, 0x70, 0x39, 0x7B, 0x4B, 0xD7, 0xC2, 0x28, 0x72, 0x93, + 0x93, 0x0C, 0x62, 0x12, 0x14, 0xF0, 0x70, 0x74, 0x0F, 0xFC, 0xB1, 0x21, 0x60, 0x40, + 0x6D, 0x13, 0xA3, 0x59, 0x0E, 0x27, 0x06, 0xC1, 0x73, 0x4E, 0xCA, 0x40, 0x4C, 0x2D, + 0xF5, 0x96, 0x48, 0x66, 0x05, 0xB1, 0xA6, 0x08, + ]; + let sq2 = [0xA0, 0x03, 0x02, 0x01, 0x02]; + let sq3 = [0x01, 0x01, 0xFF]; + let sq4 = [0x01, 0x01, 0xFF, 0xAA]; + let sq1_wrong = [0x01, 0x02, 0xFF]; + assert_eq!(check_and_skip_common_tag(&sq1), Ok(106)); + assert_eq!(check_and_skip_common_tag(&sq2), Ok(5)); + assert_eq!(check_and_skip_common_tag(&sq3), Ok(3)); + assert_eq!(check_and_skip_common_tag(&sq4), Ok(3)); + assert_eq!( + check_and_skip_common_tag(&sq1_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_object_identifier() { + let oid1 = [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03]; + let oid2 = [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02]; + let oid3 = [ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + ]; + let oid1_wrong = [ + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, + ]; + let oid2_wrong = [0x06, 0x08, 0x2A, 0x86]; + let oid3_wrong: [u8; 0] = []; + assert_eq!( + check_object_identifier(&oid1, Some(OID_ECDSA_SHA384)), + Ok(10) + ); + assert_eq!( + check_object_identifier(&oid2, Some(OID_ECDSA_SHA256)), + Ok(10) + ); + assert_eq!( + check_object_identifier(&oid3, Some(OID_RSA_SHA256RSA)), + Ok(11) + ); + assert_eq!( + check_object_identifier(&oid1_wrong, Some(OID_ECDSA_SHA384)), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_object_identifier(&oid2_wrong, Some(OID_ECDSA_SHA384)), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_object_identifier(&oid3_wrong, Some(OID_ECDSA_SHA384)), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_version() { + let v1 = [0xA0, 0x03, 0x02, 0x01, 0x02]; + let v1_wrong = [0xA0, 0x03, 0x02, 0x01, 0x01]; + let v2_wrong = [0x30, 0x03, 0x02, 0x01, 0x02]; + let v3_wrong = [0xA0, 0x03, 0x02, 0x01]; + assert_eq!(check_version(&v1), Ok(5)); + assert_eq!(check_version(&v1_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + assert_eq!(check_version(&v2_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + assert_eq!(check_version(&v3_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + } + + #[test] + fn test_case0_check_length() { + let l1 = [0x03]; + let l2 = [0x81, 0x12]; + let l3 = [0x82, 0x01, 0xD7]; + let l1_wrong = [0x80]; + let l2_wrong = [0x81]; + let l3_wrong = [0x82, 0x01]; + assert_eq!(check_length(&l1), Ok((3, 1))); + assert_eq!(check_length(&l2), Ok((0x12, 2))); + assert_eq!(check_length(&l3), Ok((0x1D7, 3))); + assert_eq!(check_length(&l1_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + assert_eq!(check_length(&l2_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + assert_eq!(check_length(&l3_wrong), Err(SPDM_STATUS_VERIF_FAIL)); + } + + #[test] + fn test_case0_check_tag_is_sequence() { + let l1 = [0x30]; + let l1_wrong = [0x80]; + let l2_wrong = [0x81]; + let l3_wrong = [0x82, 0x01]; + assert_eq!(check_tag_is_sequence(&l1), Ok(())); + assert_eq!( + check_tag_is_sequence(&l1_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_tag_is_sequence(&l2_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_tag_is_sequence(&l3_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_signature_algorithm() { + let s1 = [ + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, + ]; + let s1_wrong = [ + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, + ]; + let s2_wrong = [0x06, 0x08, 0x2A, 0x86]; + let s3_wrong: [u8; 0] = []; + assert_eq!( + check_signature_algorithm(&s1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, true), + Ok(12) + ); + assert_eq!( + check_signature_algorithm(&s1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, false), + Ok(12) + ); + assert_eq!( + check_signature_algorithm(&s1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, false), + Ok(12) + ); + assert_eq!( + check_signature_algorithm(&s1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, true), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_signature_algorithm( + &s1_wrong, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_signature_algorithm( + &s2_wrong, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_signature_algorithm( + &s3_wrong, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_tbs_certificate() { + let t1 = std::fs::read("../test_key/ecp384/ca.cert.der").expect("unable to read ca cert!"); + let t2 = + std::fs::read("../test_key/ecp384/inter.cert.der").expect("unable to read inter cert!"); + let t3 = std::fs::read("../test_key/ecp384/end_responder.cert.der") + .expect("unable to read leaf cert!"); + + let t1_wrong = [0x30, 0x82, 0x01, 0xA8, 0xA0]; + + assert_eq!( + check_tbs_certificate( + &t1[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Ok(350) + ); + assert_eq!( + check_tbs_certificate( + &t2[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Ok(357) + ); + assert_eq!( + check_tbs_certificate( + &t3[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Ok(460) + ); + assert_eq!( + check_tbs_certificate( + &t3[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + false + ), + Ok(460) + ); + assert_eq!( + check_tbs_certificate( + &t3[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + true + ), + Ok(460) + ); + assert_eq!( + check_tbs_certificate( + &t3[4..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + true + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_tbs_certificate( + &t1_wrong, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + false + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_tbs_certificate( + &t1_wrong, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + true + ), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case1_check_tbs_certificate() { + let t1 = std::fs::read("../test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert.der") + .expect("unable to read leaf cert!"); + let t2 = std::fs::read("../test_key/rsa2048/end_responder_with_spdm_req_eku.cert.der") + .expect("unable to read leaf cert!"); + + assert_eq!( + check_tbs_certificate(&t1[4..], SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, true), + Ok(562) + ); + assert_eq!( + check_tbs_certificate(&t1[4..], SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, false), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_tbs_certificate(&t2[4..], SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, true), + Ok(562) + ); + assert_eq!( + check_tbs_certificate(&t2[4..], SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, false), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_cert_format() { + let c1 = std::fs::read("../test_key/ecp384/ca.cert.der").expect("unable to read ca cert!"); + let c2 = + std::fs::read("../test_key/ecp384/inter.cert.der").expect("unable to read inter cert!"); + let c3 = std::fs::read("../test_key/ecp384/end_responder.cert.der") + .expect("unable to read leaf cert!"); + + let c1_wrong = [0x30u8, 0x82, 0x01, 0xA8, 0xA0]; + + assert_eq!( + check_cert_format(&c1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Ok(472) + ); + assert_eq!( + check_cert_format(&c2, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Ok(480) + ); + assert_eq!( + check_cert_format(&c3, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Ok(583) + ); + assert_eq!( + check_cert_format(&c3, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_cert_format(&c1_wrong, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_cert_chain_format() { + let ct1 = std::fs::read("../test_key/ecp256/bundle_responder.certchain.der") + .expect("unable to read ca cert!"); + let ct2 = std::fs::read("../test_key/ecp384/bundle_responder.certchain.der") + .expect("unable to read ca cert!"); + let ct3 = std::fs::read("../test_key/rsa2048/bundle_responder.certchain.der") + .expect("unable to read ca cert!"); + let ct4 = std::fs::read("../test_key/rsa3072/bundle_responder.certchain.der") + .expect("unable to read ca cert!"); + let ct5 = std::fs::read("../test_key/rsa4096/bundle_responder.certchain.der") + .expect("unable to read ca cert!"); + + let ct1_wrong = [0x30, 0x82, 0x01, 0xA8, 0xA0]; + + assert_eq!( + check_cert_chain_format(&ct1, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256), + Ok(3) + ); + assert_eq!( + check_cert_chain_format(&ct2, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Ok(3) + ); + assert_eq!( + check_cert_chain_format(&ct3, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048), + Ok(3) + ); + assert_eq!( + check_cert_chain_format(&ct4, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072), + Ok(3) + ); + assert_eq!( + check_cert_chain_format(&ct5, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096), + Ok(3) + ); + assert_eq!( + check_cert_chain_format(&ct3, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_cert_chain_format(&ct1_wrong, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_is_root_certificate() { + let ca1 = std::fs::read("../test_key/ecp256/ca.cert.der").expect("unable to read ca cert!"); + let ca2 = + std::fs::read("../test_key/ecp256/ca1.cert.der").expect("unable to read ca1 cert!"); + let inter1 = + std::fs::read("../test_key/ecp256/inter.cert.der").expect("unable to read inter cert!"); + let end1 = std::fs::read("../test_key/ecp256/end_requester1.cert.der") + .expect("unable to read end cert!"); + let end2 = std::fs::read("../test_key/ecp256/end_responder1.cert.der") + .expect("unable to read end cert!"); + + let ct1_wrong = [0x30, 0x82, 0x01, 0xA8, 0xA0]; + + assert!(is_root_certificate(&ca1).is_ok()); + assert!(is_root_certificate(&ca2).is_ok()); + + assert!(is_root_certificate(&inter1).is_err()); + assert!(is_root_certificate(&end1).is_err()); + assert!(is_root_certificate(&end2).is_err()); + assert!(is_root_certificate(&ct1_wrong).is_err()); + } + + #[test] + fn test_case0_get_key_usage_value() { + let key_usage1 = &[ + 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x05, 0xE0, + ]; + let key_usage2_wrong = &[ + 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x04, 0x03, 0x02, 0x05, 0xE0, + ]; + let key_usage3_wrong = &[0x30, 0x0B]; + let key_usage4_wrong = &[ + 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x05, + ]; + assert_eq!(get_key_usage_value(key_usage1), Ok((true, 0xE0))); + assert_eq!(get_key_usage_value(key_usage2_wrong), Ok((false, 0x00))); + assert_eq!( + get_key_usage_value(key_usage3_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + get_key_usage_value(key_usage4_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_check_extensions_spdm_oid() { + let e1 = std::fs::read("../test_key/ecp384/end_responder.cert.der") + .expect("unable to read leaf cert!"); + let e2 = std::fs::read("../test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert.der") + .expect("unable to read leaf cert!"); + let e3 = std::fs::read("../test_key/rsa2048/end_responder_with_spdm_req_eku.cert.der") + .expect("unable to read leaf cert!"); + assert_eq!(check_extensions_spdm_oid(&e1[280..], false), Ok(true)); + assert_eq!(check_extensions_spdm_oid(&e1[280..], true), Ok(true)); + assert_eq!(check_extensions_spdm_oid(&e2[450..], true), Ok(true)); + assert_eq!(check_extensions_spdm_oid(&e2[450..], false), Ok(false)); + assert_eq!(check_extensions_spdm_oid(&e3[450..], true), Ok(true)); + assert_eq!(check_extensions_spdm_oid(&e3[450..], false), Ok(false)); + } + + #[test] + fn test_case0_check_and_get_extn_id() { + let extension_s1 = &[ + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + let extension_s2 = &[ + 0x30, 0x2A, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x01, 0x01, 0xFF, 0x04, 0x20, 0x30, 0x1E, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x09, + ]; + let extension_s3_wrong = &[ + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + let extension_sa4_wrong = &[ + 0x30, 0x0C, 0x05, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + let oid1: &[u8] = &[0x55, 0x1D, 0x13]; + let oid2: &[u8] = &[0x55, 0x1D, 0x25]; + assert_eq!(check_and_get_extn_id(extension_s1), Ok((oid1, 14))); + assert_eq!(check_and_get_extn_id(extension_s2), Ok((oid2, 44))); + assert_eq!( + check_and_get_extn_id(extension_s3_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + assert_eq!( + check_and_get_extn_id(extension_sa4_wrong), + Err(SPDM_STATUS_VERIF_FAIL) + ); + } + + #[test] + fn test_case0_find_target_object_identifiers() { + let extension_s1 = &[ + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + let extension_s2 = &[ + 0x04, 0x2C, 0x30, 0x2A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, + 0x1C, 0x82, 0x12, 0x04, + ]; + let extension_s3_wrong = &[ + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + let extension_sa4_wrong = &[ + 0x30, 0x0C, 0x05, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, + ]; + assert_eq!( + find_target_object_identifiers(extension_s1, &[0x55, 0x1D, 0x13]), + Ok(true) + ); + assert_eq!( + find_target_object_identifiers( + extension_s2, + &[0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04] + ), + Ok(true) + ); + assert_eq!( + find_target_object_identifiers(extension_s3_wrong, &[0x55, 0x1D, 0x14]), + Ok(false) + ); + assert_eq!( + find_target_object_identifiers(extension_sa4_wrong, &[0x55, 0x1D, 0x13]), + Ok(false) + ); + } +} diff --git a/spdmlib/src/error.rs b/spdmlib/src/error.rs new file mode 100644 index 0000000..99f53a2 --- /dev/null +++ b/spdmlib/src/error.rs @@ -0,0 +1,618 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use core::{ + convert::{TryFrom, TryInto}, + fmt::{self, Debug}, + ops::{ControlFlow, FromResidual, Try}, +}; + +/// Reference: https://github.com/DMTF/libspdm/blob/main/include/library/spdm_return_status.h + +#[repr(u8)] +#[allow(dead_code)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusSeverity { + SUCCESS = 0, + ERROR = 8, +} + +impl Default for StatusSeverity { + fn default() -> Self { + Self::ERROR + } +} + +impl TryFrom for StatusSeverity { + type Error = (); + + fn try_from(value: u8) -> core::result::Result { + match value { + 0 => Ok(Self::SUCCESS), + 8 => Ok(Self::ERROR), + _ => Err(()), + } + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeCore { + SUCCESS = 0, + INVALID_PARAMETER = 1, + UNSUPPORTED_CAP = 2, + INVALID_STATE_LOCAL = 3, + INVALID_STATE_PEER = 4, + INVALID_MSG_FIELD = 5, + INVALID_MSG_SIZE = 6, + NEGOTIATION_FAIL = 7, + BUSY_PEER = 8, + NOT_READY_PEER = 9, + ERROR_PEER = 10, + RESYNCH_PEER = 11, + BUFFER_FULL = 12, + BUFFER_TOO_SMALL = 13, + SESSION_NUMBER_EXCEED = 14, + SESSION_MSG_ERROR = 15, + ACQUIRE_FAIL = 16, + SESSION_TRY_DISCARD_KEY_UPDATE = 17, + + // only in Rust-SPDM + DECODE_AEAD_FAIL = 0xFE, +} + +impl TryFrom for StatusCodeCore { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::SUCCESS), + 1 => Ok(Self::INVALID_PARAMETER), + 2 => Ok(Self::UNSUPPORTED_CAP), + 3 => Ok(Self::INVALID_STATE_LOCAL), + 4 => Ok(Self::INVALID_STATE_PEER), + 5 => Ok(Self::INVALID_MSG_FIELD), + 6 => Ok(Self::INVALID_MSG_SIZE), + 7 => Ok(Self::NEGOTIATION_FAIL), + 8 => Ok(Self::BUSY_PEER), + 9 => Ok(Self::NOT_READY_PEER), + 10 => Ok(Self::ERROR_PEER), + 11 => Ok(Self::RESYNCH_PEER), + 12 => Ok(Self::BUFFER_FULL), + 13 => Ok(Self::BUFFER_TOO_SMALL), + 14 => Ok(Self::SESSION_NUMBER_EXCEED), + 15 => Ok(Self::SESSION_MSG_ERROR), + 16 => Ok(Self::ACQUIRE_FAIL), + 17 => Ok(Self::SESSION_TRY_DISCARD_KEY_UPDATE), + 0xFE => Ok(Self::DECODE_AEAD_FAIL), + _ => Err(()), + } + } +} + +impl Default for StatusCodeCore { + fn default() -> Self { + Self::INVALID_PARAMETER + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeCrypto { + CRYPTO_ERROR = 0, + VERIF_FAIL = 1, + SEQUENCE_NUMBER_OVERFLOW = 2, + VERIF_NO_AUTHORITY = 3, +} + +impl TryFrom for StatusCodeCrypto { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::CRYPTO_ERROR), + 1 => Ok(Self::VERIF_FAIL), + 2 => Ok(Self::SEQUENCE_NUMBER_OVERFLOW), + 3 => Ok(Self::VERIF_NO_AUTHORITY), + _ => Err(()), + } + } +} + +impl Default for StatusCodeCrypto { + fn default() -> Self { + Self::CRYPTO_ERROR + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeCertParse { + INVALID_CERT = 0, +} + +impl TryFrom for StatusCodeCertParse { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::INVALID_CERT), + _ => Err(()), + } + } +} + +impl Default for StatusCodeCertParse { + fn default() -> Self { + Self::INVALID_CERT + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeTransport { + SEND_FAIL = 0, + RECEIVE_FAIL = 1, + + // only in Rust-SPDM + DECAP_FAIL = 0xFE, + DECAP_APP_FAIL = 0xFD, + ENCAP_FAIL = 0xFC, + ENCAP_APP_FAIL = 0xFB, +} + +impl TryFrom for StatusCodeTransport { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::SEND_FAIL), + 1 => Ok(Self::RECEIVE_FAIL), + 0xFE => Ok(Self::DECAP_FAIL), + 0xFD => Ok(Self::DECAP_APP_FAIL), + 0xFC => Ok(Self::ENCAP_FAIL), + 0xFB => Ok(Self::ENCAP_APP_FAIL), + _ => Err(()), + } + } +} + +impl Default for StatusCodeTransport { + fn default() -> Self { + Self::SEND_FAIL + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeMeasCollect { + MEAS_INVALID_INDEX = 0, + MEAS_INTERNAL_ERROR = 1, +} + +impl TryFrom for StatusCodeMeasCollect { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::MEAS_INVALID_INDEX), + 1 => Ok(Self::MEAS_INTERNAL_ERROR), + _ => Err(()), + } + } +} + +impl Default for StatusCodeMeasCollect { + fn default() -> Self { + Self::MEAS_INTERNAL_ERROR + } +} + +#[repr(u16)] +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCodeRNG { + LOW_ENTROPY = 0, +} + +impl TryFrom for StatusCodeRNG { + type Error = (); + + fn try_from(value: u16) -> core::result::Result { + match value { + 0 => Ok(Self::LOW_ENTROPY), + _ => Err(()), + } + } +} + +impl Default for StatusCodeRNG { + fn default() -> Self { + Self::LOW_ENTROPY + } +} + +#[allow(dead_code)] +#[allow(non_camel_case_types)] +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord)] +pub enum StatusCode { + SUCCESS, + CORE(StatusCodeCore), + CRYPTO(StatusCodeCrypto), + CERT_PARSE(StatusCodeCertParse), + TRANSPORT(StatusCodeTransport), + MEAS_COLLECT(StatusCodeMeasCollect), + RNG(StatusCodeRNG), +} + +impl Default for StatusCode { + fn default() -> Self { + Self::CORE(StatusCodeCore::default()) + } +} + +impl TryFrom for StatusCode { + type Error = (); + + fn try_from(value: u24) -> core::result::Result { + let source: u8 = ((value.get() & 0xFF_00_00) >> 16) as u8; + let code: u16 = (value.get() & 0x00_00_FF_FF) as u16; + match source { + 0 => Ok(StatusCode::SUCCESS), + 1 => Ok(StatusCode::CORE(StatusCodeCore::try_from(code)?)), + 2 => Ok(StatusCode::CRYPTO(StatusCodeCrypto::try_from(code)?)), + 3 => Ok(StatusCode::CERT_PARSE(StatusCodeCertParse::try_from(code)?)), + 4 => Ok(StatusCode::TRANSPORT(StatusCodeTransport::try_from(code)?)), + 5 => Ok(StatusCode::MEAS_COLLECT(StatusCodeMeasCollect::try_from( + code, + )?)), + 6 => Ok(StatusCode::RNG(StatusCodeRNG::try_from(code)?)), + _ => Err(()), + } + } +} + +impl TryInto for StatusCode { + type Error = (); + + fn try_into(self) -> Result { + match self { + StatusCode::SUCCESS => Ok(u24::new(0)), + StatusCode::CORE(c) => Ok(u24::new((1 << 16) as u32 + (c as u16) as u32)), + StatusCode::CRYPTO(c) => Ok(u24::new((2 << 16) as u32 + (c as u16) as u32)), + StatusCode::CERT_PARSE(c) => Ok(u24::new((3 << 16) as u32 + (c as u16) as u32)), + StatusCode::TRANSPORT(t) => Ok(u24::new((4 << 16) as u32 + (t as u16) as u32)), + StatusCode::MEAS_COLLECT(m) => Ok(u24::new((5 << 16) as u32 + (m as u16) as u32)), + StatusCode::RNG(r) => Ok(u24::new((6 << 16) as u32 + (r as u16) as u32)), + } + } +} + +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Default)] +pub struct SpdmStatus { + pub severity: StatusSeverity, + pub status_code: StatusCode, +} + +impl Codec for SpdmStatus { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut sc = 0u32; + sc += (((self.severity as u8) & 0x0F) as u32) << 28; + sc += >::try_into(self.status_code) + .unwrap() //due to the design of encode, panic is allowed + .get(); + sc.encode(bytes)?; + Ok(4) + } + + fn read(r: &mut codec::Reader) -> Option { + let sc = u32::read(r)?; + let severity = ((sc & 0xF0_00_00_00) >> 28) as u8; + let severity = StatusSeverity::try_from(severity).ok()?; + if (sc & 0x0F_00_00_00) != 0 { + return None; //the reserve field + } + let status_code = u24::new(sc & 0x00_FF_FF_FF); + let status_code = StatusCode::try_from(status_code).ok()?; + + Some(Self { + severity, + status_code, + }) + } +} + +impl SpdmStatus { + /// return the u32 encoding + pub fn get_u32(&self) -> u32 { + let mut r = [0u8; 4]; + let _ = self.encode(&mut Writer::init(&mut r)); + u32::from_le_bytes(r) + } + + /// get SpdmStatus structure from u32 value + pub fn from_u32(status: u32) -> Option { + Self::read_bytes(&status.to_le_bytes()) + } + + /// Returns true if severity is StatusSeverity::SUCCESS else it returns false. + pub fn spdm_status_is_success(&self) -> bool { + self.severity == StatusSeverity::SUCCESS + } + + /// Returns true if severity is StatusSeverity::ERROR else it returns false. + pub fn spdm_status_is_error(&self) -> bool { + self.severity == StatusSeverity::ERROR + } +} + +impl fmt::Display for SpdmStatus { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "Severity: {:?}, Status: {:?}, Code: {})", + self.severity, + self.status_code, + self.get_u32() + ) + } +} + +impl FromResidual for SpdmStatus { + fn from_residual(residual: SpdmStatus) -> Self { + residual + } +} + +impl Try for SpdmStatus { + type Output = (); + + type Residual = Self; + + fn from_output(_output: Self::Output) -> Self { + SPDM_STATUS_SUCCESS + } + + fn branch(self) -> core::ops::ControlFlow { + if self == SPDM_STATUS_SUCCESS { + ControlFlow::Continue(()) + } else { + ControlFlow::Break(self) + } + } +} + +#[macro_export] +macro_rules! spdm_return_status { + ($severity:expr, $status_code:expr) => { + SpdmStatus { + severity: $severity, + status_code: $status_code, + } + }; +} + +use codec::{u24, Codec, Writer}; +pub use spdm_return_status; + +pub const SPDM_STATUS_SUCCESS: SpdmStatus = + spdm_return_status!(StatusSeverity::SUCCESS, StatusCode::SUCCESS); + +/* - Core Errors - */ + +/* The function input parameter is invalid. */ +pub const SPDM_STATUS_INVALID_PARAMETER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::INVALID_STATE_LOCAL) +); + +/* Unable to complete operation due to unsupported capabilities by either the caller, the peer, + * or both. */ +pub const SPDM_STATUS_UNSUPPORTED_CAP: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::UNSUPPORTED_CAP) +); + +/* Unable to complete operation due to caller's state. */ +pub const SPDM_STATUS_INVALID_STATE_LOCAL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::INVALID_STATE_LOCAL) +); + +/* Unable to complete operation due to peer's state. */ +pub const SPDM_STATUS_INVALID_STATE_PEER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::INVALID_STATE_PEER) +); + +/* The received message contains one or more invalid message fields. */ +pub const SPDM_STATUS_INVALID_MSG_FIELD: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::INVALID_MSG_FIELD) +); + +/* The received message's size is invalid. */ +pub const SPDM_STATUS_INVALID_MSG_SIZE: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::INVALID_MSG_SIZE) +); + +/* Unable to derive a common set of versions, algorithms, etc. */ +pub const SPDM_STATUS_NEGOTIATION_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::NEGOTIATION_FAIL) +); + +/* Received a Busy error message. */ +pub const SPDM_STATUS_BUSY_PEER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::BUSY_PEER) +); + +/* Received a NotReady error message. */ +pub const SPDM_STATUS_NOT_READY_PEER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::NOT_READY_PEER) +); + +/* Received an unexpected error message. */ +pub const SPDM_STATUS_ERROR_PEER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::ERROR_PEER) +); + +/* Received a RequestResynch error message. */ +pub const SPDM_STATUS_RESYNCH_PEER: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::RESYNCH_PEER) +); + +/* Unable to append new data to buffer due to resource exhaustion. */ +pub const SPDM_STATUS_BUFFER_FULL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::BUFFER_FULL) +); + +/* Unable to return data because caller does not provide big enough buffer. */ +pub const SPDM_STATUS_BUFFER_TOO_SMALL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::BUFFER_TOO_SMALL) +); + +/* Unable to allocate more session. */ +pub const SPDM_STATUS_SESSION_NUMBER_EXCEED: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::SESSION_NUMBER_EXCEED) +); + +/* Decrypt error from peer. */ +pub const SPDM_STATUS_SESSION_MSG_ERROR: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::SESSION_MSG_ERROR) +); + +/* Unable to acquire resource. */ +pub const SPDM_STATUS_ACQUIRE_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::ACQUIRE_FAIL) +); + +/* Re-triable decrypt error from peer - must rollback to backup keys. */ +pub const SPDM_STATUS_SESSION_TRY_DISCARD_KEY_UPDATE: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::SESSION_TRY_DISCARD_KEY_UPDATE) +); + +/* Failed to decode AEAD. */ +pub const SPDM_STATUS_DECODE_AEAD_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CORE(StatusCodeCore::DECODE_AEAD_FAIL) +); + +/* - Cryptography Errors - */ + +/* Generic failure originating from the cryptography module. */ +pub const SPDM_STATUS_CRYPTO_ERROR: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CRYPTO(StatusCodeCrypto::CRYPTO_ERROR) +); + +/* Verification of the provided signature digest, signature, or AEAD tag failed. */ +pub const SPDM_STATUS_VERIF_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CRYPTO(StatusCodeCrypto::VERIF_FAIL) +); + +/* AEAD sequence number overflow. */ +pub const SPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CRYPTO(StatusCodeCrypto::SEQUENCE_NUMBER_OVERFLOW) +); + +/* Provided cert is valid but is not authoritative(mismatch the root cert). */ +pub const SPDM_STATUS_VERIF_NO_AUTHORITY: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CRYPTO(StatusCodeCrypto::VERIF_NO_AUTHORITY) +); + +/* - Certificate Parsing Errors - */ + +/* Certificate is malformed or does not comply to x.509 standard. */ +pub const SPDM_STATUS_INVALID_CERT: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::CERT_PARSE(StatusCodeCertParse::INVALID_CERT) +); + +/* - Transport Errors - */ + +/* Unable to send message to peer. */ +pub const SPDM_STATUS_SEND_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::SEND_FAIL) +); + +/* Unable to receive message from peer. */ +pub const SPDM_STATUS_RECEIVE_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::RECEIVE_FAIL) +); + +/* Unable to decap transport buffer. */ +pub const SPDM_STATUS_DECAP_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::DECAP_FAIL) +); + +/* Unable to decap app buffer. */ +pub const SPDM_STATUS_DECAP_APP_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::DECAP_APP_FAIL) +); + +/* Unable to encap transport buffer. */ +pub const SPDM_STATUS_ENCAP_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::ENCAP_FAIL) +); + +/* Unable to encap app buffer. */ +pub const SPDM_STATUS_ENCAP_APP_FAIL: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::TRANSPORT(StatusCodeTransport::ENCAP_APP_FAIL) +); + +/* - Measurement Collection Errors - */ + +/* Unable to collect measurement because of invalid index. */ +pub const SPDM_STATUS_MEAS_INVALID_INDEX: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::MEAS_COLLECT(StatusCodeMeasCollect::MEAS_INVALID_INDEX) +); + +/* Unable to collect measurement because of internal error. */ +pub const SPDM_STATUS_MEAS_INTERNAL_ERROR: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::MEAS_COLLECT(StatusCodeMeasCollect::MEAS_INTERNAL_ERROR) +); + +/* - Random Number Generation Errors - */ + +/* Unable to produce random number due to lack of entropy. */ +pub const SPDM_STATUS_LOW_ENTROPY: SpdmStatus = spdm_return_status!( + StatusSeverity::ERROR, + StatusCode::RNG(StatusCodeRNG::LOW_ENTROPY) +); + +pub type SpdmResult = core::result::Result; diff --git a/spdmlib/src/lib.rs b/spdmlib/src/lib.rs new file mode 100644 index 0000000..e8d2bae --- /dev/null +++ b/spdmlib/src/lib.rs @@ -0,0 +1,42 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![cfg_attr(not(feature = "std"), no_std)] +#![feature(stmt_expr_attributes)] +#![feature(try_trait_v2)] +#![feature(async_fn_in_trait)] + +#[macro_use] +extern crate log; + +#[macro_use] +extern crate bitflags; + +extern crate codec; + +pub mod protocol; +#[macro_use] +pub mod error; +pub mod common; +pub mod crypto; +pub mod message; +pub mod requester; +pub mod responder; +pub mod secret; +pub mod time; +pub mod watchdog; + +pub mod config; + +use core::mem::size_of; +pub const SPDM_STACK_SIZE: usize = size_of::() + + size_of::() * (crate::protocol::SPDM_MAX_SLOT_NUMBER + 1) + size_of::() * crate::protocol::SPDM_MAX_SLOT_NUMBER + // SpdmProvisionInfo + size_of::() * (crate::protocol::SPDM_MAX_SLOT_NUMBER + 1) + // SpdmPeerInfo + (crate::config::MAX_SPDM_MSG_SIZE + crate::config::SENDER_BUFFER_SIZE + crate::config::RECEIVER_BUFFER_SIZE) * 5 + // send/receive + encode/decode + crate::config::MAX_SPDM_CERT_CHAIN_DATA_SIZE * 8 + // worst case: 8 slots + (crate::config::MAX_SPDM_MEASUREMENT_RECORD_SIZE + crate::config::MAX_SPDM_MEASUREMENT_VALUE_LEN) * 255 + // worst case: 255 index + crate::config::MAX_SPDM_PSK_CONTEXT_SIZE + // for PSK + crate::config::MAX_SPDM_PSK_HINT_SIZE + // for PSK + size_of::() * 256; // for general stack case diff --git a/spdmlib/src/message/algorithm.rs b/spdmlib/src/message/algorithm.rs new file mode 100644 index 0000000..e6335b4 --- /dev/null +++ b/spdmlib/src/message/algorithm.rs @@ -0,0 +1,926 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::*; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::protocol::*; +use crate::{common, error::SpdmStatus}; + +use codec::{Codec, Reader, Writer}; + +use self::common::SpdmOpaqueSupport; + +pub const MAX_SUPPORTED_ALG_STRUCTURE_COUNT: usize = 4; + +#[derive(Debug, Clone, Default)] +pub struct SpdmNegotiateAlgorithmsRequestPayload { + pub measurement_specification: SpdmMeasurementSpecification, + pub other_params_support: SpdmOpaqueSupport, + pub base_asym_algo: SpdmBaseAsymAlgo, + pub base_hash_algo: SpdmBaseHashAlgo, + pub alg_struct_count: u8, + pub alg_struct: [SpdmAlgStruct; MAX_SUPPORTED_ALG_STRUCTURE_COUNT], +} + +impl SpdmCodec for SpdmNegotiateAlgorithmsRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + cnt += self + .alg_struct_count + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + } + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + let mut length: u16 = 32; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let alg_fixed_count = 2u8; + length += ((2 + alg_fixed_count) * self.alg_struct_count) as u16; + } + cnt += length.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + cnt += self + .measurement_specification + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .other_params_support + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; //OtherParamsSupport + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + + cnt += self + .base_asym_algo + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .base_hash_algo + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + for _i in 0..12 { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved2 + } + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // ext_asym_count + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // ext_hash_count + + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved3 + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + for algo in self.alg_struct.iter().take(self.alg_struct_count as usize) { + cnt += algo.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let mut alg_struct_count = 0; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + alg_struct_count = u8::read(r)?; // param1 + if alg_struct_count > 4 { + return None; + } + } else { + u8::read(r)?; // param1 + } + u8::read(r)?; // param2 + + let length = u16::read(r)?; + let measurement_specification = SpdmMeasurementSpecification::read(r)?; + + let other_params_support = + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + SpdmOpaqueSupport::read(r)? + } else { + u8::read(r)?; + SpdmOpaqueSupport::default() + }; + + let base_asym_algo = SpdmBaseAsymAlgo::read(r)?; + let base_hash_algo = SpdmBaseHashAlgo::read(r)?; + + for _i in 0..12 { + u8::read(r)?; // reserved2 + } + + let ext_asym_count = u8::read(r)?; + if ext_asym_count != 0 { + return None; + } + + let ext_hash_count = u8::read(r)?; + if ext_hash_count != 0 { + return None; + } + + u16::read(r)?; // reserved3 + + let mut alg_struct = gen_array_clone(SpdmAlgStruct::default(), 4); + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let mut dhe_present = false; + let mut aead_present = false; + let mut req_asym_present = false; + let mut key_schedule_present = false; + let mut current_type = SpdmAlgType::Unknown(0); + for algo in alg_struct.iter_mut().take(alg_struct_count as usize) { + let alg = SpdmAlgStruct::read(r)?; + if current_type.get_u8() >= alg.alg_type.get_u8() { + return None; + } + current_type = alg.alg_type; + match alg.alg_supported { + SpdmAlg::SpdmAlgoDhe(_) => { + if dhe_present { + return None; + } + dhe_present = true; + } + SpdmAlg::SpdmAlgoAead(_) => { + if aead_present { + return None; + } + aead_present = true; + } + SpdmAlg::SpdmAlgoReqAsym(_) => { + if req_asym_present { + return None; + } + req_asym_present = true; + } + SpdmAlg::SpdmAlgoKeySchedule(_) => { + if key_schedule_present { + return None; + } + key_schedule_present = true; + } + SpdmAlg::SpdmAlgoUnknown(_) => { + return None; + } + } + *algo = alg; + } + } + + // + // check length + // + let mut calc_length: u16 = 32; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let alg_fixed_count = 2u8; + calc_length += ((2 + alg_fixed_count) * alg_struct_count) as u16; + } + + if length != calc_length { + return None; + } + + Some(SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification, + other_params_support, + base_asym_algo, + base_hash_algo, + alg_struct_count, + alg_struct, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmAlgorithmsResponsePayload { + pub measurement_specification_sel: SpdmMeasurementSpecification, + pub other_params_selection: SpdmOpaqueSupport, + pub measurement_hash_algo: SpdmMeasurementHashAlgo, + pub base_asym_sel: SpdmBaseAsymAlgo, + pub base_hash_sel: SpdmBaseHashAlgo, + pub alg_struct_count: u8, + pub alg_struct: [SpdmAlgStruct; 4], +} + +impl SpdmCodec for SpdmAlgorithmsResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + cnt += self + .alg_struct_count + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + } + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + let mut length: u16 = 36; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let alg_fixed_count = 2u8; + length += ((2 + alg_fixed_count) * self.alg_struct_count) as u16; + } + cnt += length.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + cnt += self + .measurement_specification_sel + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .other_params_selection + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + + cnt += self + .measurement_hash_algo + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .base_asym_sel + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .base_hash_sel + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + for _i in 0..12 { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved2 + } + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // ext_asym_count + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // ext_hash_count + + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved3 + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + for algo in self.alg_struct.iter().take(self.alg_struct_count as usize) { + cnt += algo.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let mut alg_struct_count = 0; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + alg_struct_count = u8::read(r)?; // param1 + if alg_struct_count > 4 { + return None; + } + } else { + u8::read(r)?; // param1 + } + u8::read(r)?; // param2 + + let length = u16::read(r)?; + + let measurement_specification_sel = SpdmMeasurementSpecification::read(r)?; + if !measurement_specification_sel.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG)) + && !measurement_specification_sel.is_valid_one_select() + { + return None; + } + + let other_params_selection = + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + SpdmOpaqueSupport::read(r)? + } else { + u8::read(r)?; + SpdmOpaqueSupport::default() + }; + if !other_params_selection.is_no_more_than_one_selected() { + return None; + } + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 + && (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT)) + && !other_params_selection.is_valid_one_select() + { + return None; + } + + let measurement_hash_algo = SpdmMeasurementHashAlgo::read(r)?; + if !measurement_hash_algo.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG)) + && !measurement_hash_algo.is_valid_one_select() + { + return None; + } + + let base_asym_sel = SpdmBaseAsymAlgo::read(r)?; + if !base_asym_sel.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::CERT_CAP) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::CHAL_CAP) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + || (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::KEY_EX_CAP))) + && !base_asym_sel.is_valid_one_select() + { + return None; + } + + let base_hash_sel = SpdmBaseHashAlgo::read(r)?; + if !base_hash_sel.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::CERT_CAP) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::CHAL_CAP) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + || (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::KEY_EX_CAP)) + || ((context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT)) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::PSK_CAP))) + && !base_hash_sel.is_valid_one_select() + { + return None; + } + + for _i in 0..12 { + u8::read(r)?; // reserved2 + } + + let ext_asym_count = u8::read(r)?; + if ext_asym_count != 0 { + return None; + } + + let ext_hash_count = u8::read(r)?; + if ext_hash_count != 0 { + return None; + } + + u16::read(r)?; // reserved3 + + let mut alg_struct = gen_array_clone(SpdmAlgStruct::default(), 4); + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let mut dhe_present = false; + let mut aead_present = false; + let mut req_asym_present = false; + let mut key_schedule_present = false; + let mut current_type = SpdmAlgType::Unknown(0); + for algo in alg_struct.iter_mut().take(alg_struct_count as usize) { + let alg = SpdmAlgStruct::read(r)?; + if current_type.get_u8() >= alg.alg_type.get_u8() { + return None; + } + current_type = alg.alg_type; + match alg.alg_supported { + SpdmAlg::SpdmAlgoDhe(v) => { + if dhe_present { + return None; + } + dhe_present = true; + let dhe_sel = v; + if !dhe_sel.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::KEY_EX_CAP)) + && !dhe_sel.is_valid_one_select() + { + return None; + } + } + SpdmAlg::SpdmAlgoAead(v) => { + if aead_present { + return None; + } + aead_present = true; + let aead_sel = v; + if !aead_sel.is_no_more_than_one_selected() { + return None; + } + if ((context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::ENCRYPT_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::ENCRYPT_CAP)) + || (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MAC_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::MAC_CAP))) + && !aead_sel.is_valid_one_select() + { + return None; + } + } + SpdmAlg::SpdmAlgoReqAsym(v) => { + if req_asym_present { + return None; + } + req_asym_present = true; + let req_asym_sel = v; + if !req_asym_sel.is_no_more_than_one_selected() { + return None; + } + if (context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MUT_AUTH_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP)) + && !req_asym_sel.is_valid_one_select() + { + return None; + } + } + SpdmAlg::SpdmAlgoKeySchedule(v) => { + if key_schedule_present { + return None; + } + key_schedule_present = true; + let key_schedule_sel = v; + if !key_schedule_sel.is_no_more_than_one_selected() { + return None; + } + if ((context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::KEY_EX_CAP)) + || ((context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + || context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT)) + && context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::PSK_CAP))) + && !key_schedule_sel.is_valid_one_select() + { + return None; + } + } + SpdmAlg::SpdmAlgoUnknown(_v) => { + return None; + } + } + *algo = alg; + } + } + + let mut calc_length: u16 = 36; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + let alg_fixed_count = 2u8; + calc_length += ((2 + alg_fixed_count) * alg_struct_count) as u16; + } + + if length != calc_length { + return None; + } + + Some(SpdmAlgorithmsResponsePayload { + measurement_specification_sel, + other_params_selection, + measurement_hash_algo, + base_asym_sel, + base_hash_sel, + alg_struct_count, + alg_struct, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_negotiate_algorithms_request_payload() { + let u8_slice = &mut [0u8; 48]; + let mut writer = Writer::init(u8_slice); + let value = SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: SpdmMeasurementSpecification::DMTF, + other_params_support: SpdmOpaqueSupport::empty(), + base_asym_algo: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ), + }, + ], + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(48, reader.left()); + let spdm_sturct_data = + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_sturct_data.measurement_specification, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + spdm_sturct_data.base_asym_algo, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + ); + assert_eq!( + spdm_sturct_data.base_hash_algo, + SpdmBaseHashAlgo::TPM_ALG_SHA_256 + ); + assert_eq!(spdm_sturct_data.alg_struct_count, 4); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_type, + SpdmAlgType::SpdmAlgTypeDHE + ); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_type, + SpdmAlgType::SpdmAlgTypeAEAD + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM) + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256,) + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,) + ); + assert_eq!(2, reader.left()); + } + + #[test] + fn test_case1_spdm_negotiate_algorithms_request_payload() { + let u8_slice = &mut [0u8; 48]; + let mut writer = Writer::init(u8_slice); + let value = SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: SpdmMeasurementSpecification::empty(), + other_params_support: SpdmOpaqueSupport::empty(), + base_asym_algo: SpdmBaseAsymAlgo::empty(), + base_hash_algo: SpdmBaseHashAlgo::empty(), + alg_struct_count: 0, + alg_struct: gen_array_clone(SpdmAlgStruct::default(), 4), + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(48, reader.left()); + let spdm_sturct_data = + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_sturct_data.measurement_specification, + SpdmMeasurementSpecification::empty() + ); + assert_eq!(spdm_sturct_data.base_asym_algo, SpdmBaseAsymAlgo::empty()); + assert_eq!(spdm_sturct_data.base_hash_algo, SpdmBaseHashAlgo::empty()); + assert_eq!(spdm_sturct_data.alg_struct_count, 0); + assert_eq!(18, reader.left()); + } + #[test] + fn test_case2_spdm_negotiate_algorithms_request_payload() { + let u8_slice = &mut [0u8; 48]; + let mut writer = Writer::init(u8_slice); + let value = SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: SpdmMeasurementSpecification::DMTF, + other_params_support: SpdmOpaqueSupport::empty(), + base_asym_algo: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 0, + alg_struct: gen_array_clone(SpdmAlgStruct::default(), 4), + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + u8_slice[26] = 1; + u8_slice[31] = 1; + let mut reader = Reader::init(u8_slice); + assert_eq!(48, reader.left()); + let spdm_negotiate_algorithms_request_payload = + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(&mut context, &mut reader); + assert_eq!(spdm_negotiate_algorithms_request_payload.is_none(), true); + } + #[test] + fn test_case0_spdm_algorithms_response_payload() { + let u8_slice = &mut [0u8; 50]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAlgorithmsResponsePayload { + measurement_specification_sel: SpdmMeasurementSpecification::DMTF, + other_params_selection: SpdmOpaqueSupport::empty(), + measurement_hash_algo: SpdmMeasurementHashAlgo::RAW_BIT_STREAM, + base_asym_sel: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_sel: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ), + }, + ], + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + context.config_info.measurement_specification = SpdmMeasurementSpecification::DMTF; + context.config_info.measurement_hash_algo = SpdmMeasurementHashAlgo::RAW_BIT_STREAM; + context.config_info.base_asym_algo = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048; + context.config_info.base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(50, reader.left()); + let spdm_sturct_data = + SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_sturct_data.measurement_specification_sel, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + spdm_sturct_data.measurement_hash_algo, + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + ); + assert_eq!( + spdm_sturct_data.base_asym_sel, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + ); + assert_eq!( + spdm_sturct_data.base_hash_sel, + SpdmBaseHashAlgo::TPM_ALG_SHA_256 + ); + assert_eq!(spdm_sturct_data.alg_struct_count, 4); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_type, + SpdmAlgType::SpdmAlgTypeDHE + ); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_type, + SpdmAlgType::SpdmAlgTypeAEAD + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM) + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256,) + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,) + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_algorithms_response_payload() { + let u8_slice = &mut [0u8; 48]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAlgorithmsResponsePayload { + measurement_specification_sel: SpdmMeasurementSpecification::DMTF, + other_params_selection: SpdmOpaqueSupport::empty(), + measurement_hash_algo: SpdmMeasurementHashAlgo::RAW_BIT_STREAM, + base_asym_sel: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_sel: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 0, + alg_struct: gen_array_clone(SpdmAlgStruct::default(), 4), + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + + u8_slice[30] = 1; + u8_slice[35] = 1; + + let mut reader = Reader::init(u8_slice); + assert_eq!(48, reader.left()); + let spdm_algorithms_response_payload = + SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader); + assert_eq!(spdm_algorithms_response_payload.is_none(), true); + } + #[test] + fn test_case2_spdm_algorithms_response_payload() { + let u8_slice = &mut [0u8; 50]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAlgorithmsResponsePayload { + measurement_specification_sel: SpdmMeasurementSpecification::empty(), + other_params_selection: SpdmOpaqueSupport::empty(), + measurement_hash_algo: SpdmMeasurementHashAlgo::empty(), + base_asym_sel: SpdmBaseAsymAlgo::empty(), + base_hash_sel: SpdmBaseHashAlgo::empty(), + alg_struct_count: 0, + alg_struct: gen_array_clone(SpdmAlgStruct::default(), 4), + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(50, reader.left()); + let spdm_sturct_data = + SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_sturct_data.measurement_specification_sel, + SpdmMeasurementSpecification::empty() + ); + assert_eq!( + spdm_sturct_data.measurement_hash_algo, + SpdmMeasurementHashAlgo::empty() + ); + assert_eq!(spdm_sturct_data.base_asym_sel, SpdmBaseAsymAlgo::empty()); + assert_eq!(spdm_sturct_data.base_hash_sel, SpdmBaseHashAlgo::empty()); + assert_eq!(spdm_sturct_data.alg_struct_count, 0); + assert_eq!(16, reader.left()); + } +} + +#[cfg(test)] +#[path = "algorithm_test.rs"] +mod algorithm_test; diff --git a/spdmlib/src/message/algorithm_test.rs b/spdmlib/src/message/algorithm_test.rs new file mode 100644 index 0000000..5a3e351 --- /dev/null +++ b/spdmlib/src/message/algorithm_test.rs @@ -0,0 +1,195 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use bit_field::BitField; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_negotiate_struct() { + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + // 0. [Positive] test + let u8_slice = &mut [0u8; 256]; + u8_slice[2] = 4; + LittleEndian::write_u16(&mut u8_slice[4..6], 52); + u8_slice[6] = SpdmMeasurementSpecification::DMTF.bits(); + u8_slice[7] = 0; + LittleEndian::write_u32( + &mut u8_slice[8..], + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[12..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[16..], + SpdmBaseHashAlgo::TPM_ALG_SHA_256.bits(), + ); + + // ExtAsymSelCount + u8_slice[32] = 0; + // ExtHashSelCount + u8_slice[33] = 0; + + // Response Table 23 DHE structure + u8_slice[36] = 2; //DHE + u8_slice[37].set_bits(4..=7, 2); + u8_slice[37].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[38..40], SpdmDheAlgo::SECP_256_R1.bits()); + + // Response Table 24 AEAD structure + u8_slice[40] = 3; // AEAD + u8_slice[41].set_bits(4..=7, 2); + u8_slice[41].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[42..44], SpdmAeadAlgo::AES_128_GCM.bits()); + + // Response Table 25 ReqBaseAsymAlg structure + u8_slice[44] = 4; // ReqBaseAsymAlg + u8_slice[45].set_bits(4..=7, 2); + u8_slice[45].set_bits(0..=3, 0); + LittleEndian::write_u16( + &mut u8_slice[46..48], + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + + // Response Table 26 KeySchedule structure + u8_slice[48] = 5; // KeySchedule structure + u8_slice[49].set_bits(4..=7, 2); + u8_slice[49].set_bits(0..=3, 0); + LittleEndian::write_u16( + &mut u8_slice[50..52], + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE.bits(), + ); + + let mut reader = Reader::init(&u8_slice[2..]); + let res = SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_some()); + + // 1. [Negative] validate ALGORITHMS response Length beyond the maximum allowed size. expectation fail. + let u8_slice = &mut [0u8; 256]; + u8_slice[2] = 4; + LittleEndian::write_u16(&mut u8_slice[4..6], 0xfffe); + u8_slice[6] = SpdmMeasurementSpecification::DMTF.bits(); + u8_slice[7] = 0; + LittleEndian::write_u32( + &mut u8_slice[8..], + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[12..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[16..], + SpdmBaseHashAlgo::TPM_ALG_SHA_256.bits(), + ); + + // ExtAsymSelCount + u8_slice[32] = 0; + // ExtHashSelCount + u8_slice[33] = 0; + + // Response Table 23 DHE structure + u8_slice[36] = 2; //DHE + u8_slice[37].set_bits(4..=7, 2); + u8_slice[37].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[38..40], SpdmDheAlgo::SECP_256_R1.bits()); + + // Response Table 24 AEAD structure + u8_slice[40] = 3; // AEAD + u8_slice[41].set_bits(4..=7, 2); + u8_slice[41].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[42..44], SpdmAeadAlgo::AES_128_GCM.bits()); + + // Response Table 25 ReqBaseAsymAlg structure + u8_slice[44] = 4; // ReqBaseAsymAlg + u8_slice[45].set_bits(4..=7, 2); + u8_slice[45].set_bits(0..=3, 0); + LittleEndian::write_u16( + &mut u8_slice[46..48], + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + + // Response Table 26 KeySchedule structure + u8_slice[48] = 5; // KeySchedule structure + u8_slice[49].set_bits(4..=7, 2); + u8_slice[49].set_bits(0..=3, 0); + LittleEndian::write_u16( + &mut u8_slice[50..52], + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE.bits(), + ); + + let mut reader = Reader::init(&u8_slice[2..]); + let res = SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()); +} + +#[ignore = "Test Fail"] +#[test] +fn test_negotiate_struct_response_negative_ext_alg_count_2() { + create_spdm_context!(context); + // 2. [Negative] validate ALGORITHMS response ExtAlgCount5 = 2 + let u8_slice = &mut [0u8; 256]; + u8_slice[2] = 4; + LittleEndian::write_u16(&mut u8_slice[4..6], 60); + u8_slice[6] = SpdmMeasurementSpecification::DMTF.bits(); + u8_slice[7] = 0; + LittleEndian::write_u32( + &mut u8_slice[8..], + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[12..], + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + LittleEndian::write_u32( + &mut u8_slice[16..], + SpdmBaseHashAlgo::TPM_ALG_SHA_256.bits(), + ); + + // ExtAsymSelCount + u8_slice[32] = 0; + // ExtHashSelCount + u8_slice[33] = 0; + + // Response Table 23 DHE structure + u8_slice[36] = 2; //DHE + u8_slice[37].set_bits(4..=7, 2); + u8_slice[37].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[38..40], SpdmDheAlgo::SECP_256_R1.bits()); + + // Response Table 24 AEAD structure + u8_slice[40] = 3; // AEAD + u8_slice[41].set_bits(4..=7, 2); + u8_slice[41].set_bits(0..=3, 0); + LittleEndian::write_u16(&mut u8_slice[42..44], SpdmAeadAlgo::AES_128_GCM.bits()); + + // Response Table 25 ReqBaseAsymAlg structure + u8_slice[44] = 4; // ReqBaseAsymAlg + u8_slice[45].set_bits(4..=7, 2); + u8_slice[45].set_bits(0..=3, 0); + LittleEndian::write_u16( + &mut u8_slice[46..48], + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256.bits(), + ); + + // Response Table 26 KeySchedule structure + u8_slice[48] = 5; // KeySchedule structure + u8_slice[49].set_bits(4..=7, 2); + u8_slice[49].set_bits(0..=3, 2); + LittleEndian::write_u16( + &mut u8_slice[50..52], + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE.bits(), + ); + + let mut reader = Reader::init(&u8_slice[2..]); + let res = SpdmAlgorithmsResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()); +} diff --git a/spdmlib/src/message/capability.rs b/spdmlib/src/message/capability.rs new file mode 100644 index 0000000..09cee1e --- /dev/null +++ b/spdmlib/src/message/capability.rs @@ -0,0 +1,590 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::message::*; +use crate::{common, error::SpdmStatus}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetCapabilitiesRequestPayload { + pub ct_exponent: u8, + pub flags: SpdmRequestCapabilityFlags, + // New fields from SpdmVersion12 + pub data_transfer_size: u32, + pub max_spdm_msg_size: u32, +} + +impl SpdmCodec for SpdmGetCapabilitiesRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + cnt += self + .ct_exponent + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved2 + cnt += self + .flags + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .data_transfer_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .max_spdm_msg_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + let mut ct_exponent = 0; + let mut flags = SpdmRequestCapabilityFlags::default(); + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + u8::read(r)?; // reserved + ct_exponent = u8::read(r)?; + u16::read(r)?; // reserved2 + flags = SpdmRequestCapabilityFlags::read(r)?; + + // check req_capability + if flags.contains(SpdmRequestCapabilityFlags::PSK_RSVD) { + return None; + } + if flags.contains(SpdmRequestCapabilityFlags::KEY_EX_CAP) + || flags.contains(SpdmRequestCapabilityFlags::PSK_CAP) + { + if !flags.contains(SpdmRequestCapabilityFlags::MAC_CAP) { + return None; + } + } else if flags.contains(SpdmRequestCapabilityFlags::MAC_CAP) + || flags.contains(SpdmRequestCapabilityFlags::ENCRYPT_CAP) + || flags.contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + || flags.contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + || flags.contains(SpdmRequestCapabilityFlags::KEY_UPD_CAP) + { + return None; + } + if !flags.contains(SpdmRequestCapabilityFlags::KEY_EX_CAP) + && flags.contains(SpdmRequestCapabilityFlags::PSK_CAP) + && flags.contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + { + return None; + } + if flags.contains(SpdmRequestCapabilityFlags::CERT_CAP) + || flags.contains(SpdmRequestCapabilityFlags::PUB_KEY_ID_CAP) + { + if flags.contains(SpdmRequestCapabilityFlags::CERT_CAP) + && flags.contains(SpdmRequestCapabilityFlags::PUB_KEY_ID_CAP) + { + return None; + } + if !flags.contains(SpdmRequestCapabilityFlags::CHAL_CAP) + && !flags.contains(SpdmRequestCapabilityFlags::KEY_EX_CAP) + { + return None; + } + } else if flags.contains(SpdmRequestCapabilityFlags::CHAL_CAP) + || flags.contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP) + { + return None; + } + + if context.negotiate_info.spdm_version_sel == SpdmVersion::SpdmVersion11 + && flags.contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP) + && !flags.contains(SpdmRequestCapabilityFlags::ENCAP_CAP) + { + return None; + } + } + + let mut data_transfer_size = 0; + let mut max_spdm_msg_size = 0; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + data_transfer_size = u32::read(r)?; + max_spdm_msg_size = u32::read(r)?; + if data_transfer_size < 42 || max_spdm_msg_size < data_transfer_size { + log::error!( + "responder: data_transfer_size < 42 or max_spdm_msg_size < data_transfer_size" + ); + return None; + } + } + + Some(SpdmGetCapabilitiesRequestPayload { + ct_exponent, + flags, + data_transfer_size, + max_spdm_msg_size, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmCapabilitiesResponsePayload { + pub ct_exponent: u8, + pub flags: SpdmResponseCapabilityFlags, + pub data_transfer_size: u32, + pub max_spdm_msg_size: u32, +} + +impl SpdmCodec for SpdmCapabilitiesResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + cnt += self + .ct_exponent + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved2 + cnt += self + .flags + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .data_transfer_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .max_spdm_msg_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + u8::read(r)?; // reserved + let ct_exponent = u8::read(r)?; + u16::read(r)?; // reserved2 + let flags = SpdmResponseCapabilityFlags::read(r)?; + + // check rsp_capability + if flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + && flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + { + return None; + } + if (!flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + && !flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG)) + && flags.contains(SpdmResponseCapabilityFlags::MEAS_FRESH_CAP) + { + return None; + } + if context.negotiate_info.spdm_version_sel < SpdmVersion::SpdmVersion11 { + if !flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) { + if flags.contains(SpdmResponseCapabilityFlags::CERT_CAP) + != flags.contains(SpdmResponseCapabilityFlags::CHAL_CAP) + { + return None; + } + } else if !flags.contains(SpdmResponseCapabilityFlags::CERT_CAP) { + return None; + } + } else { + if flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + && flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT) + { + return None; + } + if flags.contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + || flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + || flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT) + { + if !flags.contains(SpdmResponseCapabilityFlags::MAC_CAP) { + return None; + } + } else if flags.contains(SpdmResponseCapabilityFlags::MAC_CAP) + || flags.contains(SpdmResponseCapabilityFlags::ENCRYPT_CAP) + || flags.contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + || flags.contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + || flags.contains(SpdmResponseCapabilityFlags::KEY_UPD_CAP) + { + return None; + } + if !flags.contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && (flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT) + || flags.contains(SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT)) + && flags.contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + { + return None; + } + if flags.contains(SpdmResponseCapabilityFlags::CERT_CAP) + || flags.contains(SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP) + { + if flags.contains(SpdmResponseCapabilityFlags::CERT_CAP) + && flags.contains(SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP) + { + return None; + } + if !flags.contains(SpdmResponseCapabilityFlags::CHAL_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + { + return None; + } + } else if flags.contains(SpdmResponseCapabilityFlags::CHAL_CAP) + || flags.contains(SpdmResponseCapabilityFlags::KEY_EX_CAP) + || flags.contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + || flags.contains(SpdmResponseCapabilityFlags::MUT_AUTH_CAP) + { + return None; + } + } + if context.negotiate_info.spdm_version_sel == SpdmVersion::SpdmVersion11 + && flags.contains(SpdmResponseCapabilityFlags::MUT_AUTH_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::ENCAP_CAP) + { + return None; + } + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + if !flags.contains(SpdmResponseCapabilityFlags::CERT_CAP) + && (flags.contains(SpdmResponseCapabilityFlags::ALIAS_CERT_CAP) + || flags.contains(SpdmResponseCapabilityFlags::SET_CERT_CAP)) + { + return None; + } + if flags.contains(SpdmResponseCapabilityFlags::CSR_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::SET_CERT_CAP) + { + return None; + } + if flags.contains(SpdmResponseCapabilityFlags::CERT_INSTALL_RESET_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::CSR_CAP) + && !flags.contains(SpdmResponseCapabilityFlags::SET_CERT_CAP) + { + return None; + } + } + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + let data_transfer_size = u32::read(r)?; + let max_spdm_msg_size = u32::read(r)?; + if data_transfer_size < 42 || max_spdm_msg_size < data_transfer_size { + log::error!( + "requester: data_transfer_size < 42 or max_spdm_msg_size < data_transfer_size" + ); + return None; + } + Some(SpdmCapabilitiesResponsePayload { + ct_exponent, + flags, + data_transfer_size, + max_spdm_msg_size, + }) + } else { + Some(SpdmCapabilitiesResponsePayload { + ct_exponent, + flags, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }) + } + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_response_capability_flags() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmResponseCapabilityFlags::all(); + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmResponseCapabilityFlags::read(&mut reader).unwrap(), + SpdmResponseCapabilityFlags::all() + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_response_capability_flags() { + let value = SpdmResponseCapabilityFlags::CACHE_CAP; + new_spdm_response_capability_flags(value); + let value = SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP; + new_spdm_response_capability_flags(value); + let value = SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + new_spdm_response_capability_flags(value); + let value = SpdmResponseCapabilityFlags::KEY_UPD_CAP; + new_spdm_response_capability_flags(value); + let value = SpdmResponseCapabilityFlags::HBEAT_CAP; + new_spdm_response_capability_flags(value); + } + #[test] + fn test_case2_spdm_response_capability_flags() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmResponseCapabilityFlags::empty(); + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmResponseCapabilityFlags::read(&mut reader).unwrap(), + SpdmResponseCapabilityFlags::empty() + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_request_capability_flags() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmRequestCapabilityFlags::all(); + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmRequestCapabilityFlags::read(&mut reader).unwrap(), + SpdmRequestCapabilityFlags::all() + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_request_capability_flags() { + let value = SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + new_spdm_request_capability_flags(value); + let value = SpdmRequestCapabilityFlags::CERT_CAP; + new_spdm_request_capability_flags(value); + let value = SpdmRequestCapabilityFlags::CHAL_CAP; + new_spdm_request_capability_flags(value); + let value = SpdmRequestCapabilityFlags::ENCRYPT_CAP; + new_spdm_request_capability_flags(value); + let value = SpdmRequestCapabilityFlags::MAC_CAP; + new_spdm_request_capability_flags(value); + let value = SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + new_spdm_request_capability_flags(value); + } + #[test] + fn test_case3_spdm_request_capability_flags() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmRequestCapabilityFlags::empty(); + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmRequestCapabilityFlags::read(&mut reader).unwrap(), + SpdmRequestCapabilityFlags::empty() + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_get_capabilities_request_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetCapabilitiesRequestPayload { + ct_exponent: 7, + flags: SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_get_capabilities_request_payload = + SpdmGetCapabilitiesRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_get_capabilities_request_payload.ct_exponent, 7); + assert_eq!( + spdm_get_capabilities_request_payload.flags, + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case1_spdm_get_capabilities_request_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetCapabilitiesRequestPayload { + ct_exponent: 0, + flags: SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_get_capabilities_request_payload = + SpdmGetCapabilitiesRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_get_capabilities_request_payload.ct_exponent, 0); + assert_eq!( + spdm_get_capabilities_request_payload.flags, + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case2_spdm_get_capabilities_request_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetCapabilitiesRequestPayload::default(); + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + SpdmGetCapabilitiesRequestPayload::spdm_read(&mut context, &mut reader); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case0_spdm_capabilities_response_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmCapabilitiesResponsePayload { + ct_exponent: 7, + flags: SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_capabilities_response_payload = + SpdmCapabilitiesResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_capabilities_response_payload.ct_exponent, 7); + assert_eq!( + spdm_capabilities_response_payload.flags, + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::CHAL_CAP + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case1_spdm_capabilities_response_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmCapabilitiesResponsePayload { + ct_exponent: 0, + flags: SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_capabilities_response_payload = + SpdmCapabilitiesResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_capabilities_response_payload.ct_exponent, 0); + assert_eq!( + spdm_capabilities_response_payload.flags, + SpdmResponseCapabilityFlags::CERT_CAP | SpdmResponseCapabilityFlags::CHAL_CAP + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case2_spdm_capabilities_response_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmCapabilitiesResponsePayload::default(); + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_capabilities_response_payload = + SpdmCapabilitiesResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_capabilities_response_payload.ct_exponent, 0); + assert_eq!( + spdm_capabilities_response_payload.flags, + SpdmResponseCapabilityFlags::empty() + ); + assert_eq!(2, reader.left()); + } + + fn new_spdm_response_capability_flags(value: SpdmResponseCapabilityFlags) { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmResponseCapabilityFlags::read(&mut reader).unwrap(), + value + ); + assert_eq!(0, reader.left()) + } + + fn new_spdm_request_capability_flags(value: SpdmRequestCapabilityFlags) { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmRequestCapabilityFlags::read(&mut reader).unwrap(), + value + ); + assert_eq!(0, reader.left()) + } +} + +#[cfg(test)] +#[path = "capability_test.rs"] +mod capability_test; diff --git a/spdmlib/src/message/capability_test.rs b/spdmlib/src/message/capability_test.rs new file mode 100644 index 0000000..320a5ba --- /dev/null +++ b/spdmlib/src/message/capability_test.rs @@ -0,0 +1,45 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[ignore = "Test Fail"] +#[test] +fn test_capability_struct() { + // 1. Validate Negative DataTransferSize < MinDataTransferSize. Expectation failed. + let u8_slice = &mut [0u8; 100]; + create_spdm_context!(context); + + u8_slice[5] = 10; + let flags = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG; + LittleEndian::write_u32(&mut u8_slice[8..12], flags.bits()); + LittleEndian::write_u32(&mut u8_slice[12..16], 1); + LittleEndian::write_u32(&mut u8_slice[16..20], 1); + + let mut reader = Reader::init(&u8_slice[2..]); + let res = SpdmCapabilitiesResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()); + + // 2. Validate DataTransferSize > MaxSPDMmsgSize. Expectation failed. + let u8_slice = &mut [0u8; 100]; + create_spdm_context!(context); + + u8_slice[5] = 10; + let flags = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG; + LittleEndian::write_u32(&mut u8_slice[8..12], flags.bits()); + LittleEndian::write_u32(&mut u8_slice[12..16], 4096); + LittleEndian::write_u32(&mut u8_slice[16..20], 1024); + + let mut reader = Reader::init(&u8_slice[2..]); + let res = SpdmCapabilitiesResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()); +} diff --git a/spdmlib/src/message/certificate.rs b/spdmlib/src/message/certificate.rs new file mode 100644 index 0000000..ff3bfc2 --- /dev/null +++ b/spdmlib/src/message/certificate.rs @@ -0,0 +1,189 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::{common, error::SpdmStatus}; +use codec::{Codec, Reader, Writer}; + +pub(crate) const MAX_SPDM_CERT_PORTION_LEN: usize = 512; + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetCertificateRequestPayload { + pub slot_id: u8, + pub offset: u16, + pub length: u16, +} + +impl SpdmCodec for SpdmGetCertificateRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .offset + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .length + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let slot_id = u8::read(r)?; // param1 + u8::read(r)?; // param2 + let offset = u16::read(r)?; + let length = u16::read(r)?; + + Some(SpdmGetCertificateRequestPayload { + slot_id, + offset, + length, + }) + } +} + +#[derive(Debug, Clone)] +pub struct SpdmCertificateResponsePayload { + pub slot_id: u8, + pub portion_length: u16, + pub remainder_length: u16, + pub cert_chain: [u8; MAX_SPDM_CERT_PORTION_LEN], +} +impl Default for SpdmCertificateResponsePayload { + fn default() -> SpdmCertificateResponsePayload { + SpdmCertificateResponsePayload { + slot_id: 0, + portion_length: 0, + remainder_length: 0, + cert_chain: [0u8; MAX_SPDM_CERT_PORTION_LEN], + } + } +} + +impl SpdmCodec for SpdmCertificateResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .portion_length + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .remainder_length + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + for d in self.cert_chain.iter().take(self.portion_length as usize) { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let slot_id = u8::read(r)?; // param1 + u8::read(r)?; // param2 + let portion_length = u16::read(r)?; + let remainder_length = u16::read(r)?; + let mut response = SpdmCertificateResponsePayload { + slot_id, + portion_length, + remainder_length, + ..Default::default() + }; + + for data in response.cert_chain.iter_mut().take(portion_length as usize) { + *data = u8::read(r)?; + } + Some(response) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_get_certificate_request_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let mut value = SpdmGetCertificateRequestPayload::default(); + value.slot_id = 100; + value.offset = 100; + value.length = 100; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_get_certificate_request_payload = + SpdmGetCertificateRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_get_certificate_request_payload.slot_id, 100); + assert_eq!(spdm_get_certificate_request_payload.offset, 100); + assert_eq!(spdm_get_certificate_request_payload.length, 100); + assert_eq!(6, reader.left()); + } + #[test] + fn test_case0_spdm_certificate_response_payload() { + let u8_slice = &mut [0u8; 6 + MAX_SPDM_CERT_PORTION_LEN]; + let mut writer = Writer::init(u8_slice); + let mut value = SpdmCertificateResponsePayload::default(); + value.slot_id = 100; + value.portion_length = MAX_SPDM_CERT_PORTION_LEN as u16; + value.remainder_length = 100; + value.cert_chain = [100u8; MAX_SPDM_CERT_PORTION_LEN]; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(6 + MAX_SPDM_CERT_PORTION_LEN, reader.left()); + let spdm_get_certificate_request_payload = + SpdmCertificateResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_get_certificate_request_payload.slot_id, 100); + assert_eq!( + spdm_get_certificate_request_payload.portion_length, + MAX_SPDM_CERT_PORTION_LEN as u16 + ); + assert_eq!(spdm_get_certificate_request_payload.remainder_length, 100); + for i in 0..MAX_SPDM_CERT_PORTION_LEN { + assert_eq!(spdm_get_certificate_request_payload.cert_chain[i], 100u8); + } + } +} + +#[cfg(test)] +#[path = "certificate_test.rs"] +mod certificate_test; diff --git a/spdmlib/src/message/certificate_test.rs b/spdmlib/src/message/certificate_test.rs new file mode 100644 index 0000000..352b077 --- /dev/null +++ b/spdmlib/src/message/certificate_test.rs @@ -0,0 +1,54 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_certificate_struct() { + create_spdm_context!(context); + let context = &mut context; + let u8_slice = &mut [0u8; 10]; + + let writer = &mut Writer::init(u8_slice); + let request = SpdmGetCertificateRequestPayload { + slot_id: 3, + offset: 0, + length: 1024, + }; + assert!(request.spdm_encode(context, writer).is_ok()); + assert_eq!(writer.used(), 6); + + let u8_slice = &mut [0u8; 1024]; + + u8_slice[2] = 1; + LittleEndian::write_u16(&mut u8_slice[4..6], 512); + LittleEndian::write_u16(&mut u8_slice[6..8], 0); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmCertificateResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.used(), 8 + 512 - 2); +} + +#[ignore = "Extended unit test"] +#[test] +fn test_certificate_struct_negative() { + create_spdm_context!(context); + let context = &mut context; + let u8_slice = &mut [0u8; 1024]; + + // Verify SlotID < 8 + // SlotID >= 8 + u8_slice[2] = 8; + LittleEndian::write_u16(&mut u8_slice[4..6], 512); + LittleEndian::write_u16(&mut u8_slice[6..8], 0); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmCertificateResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); +} diff --git a/spdmlib/src/message/challenge.rs b/spdmlib/src/message/challenge.rs new file mode 100644 index 0000000..7786084 --- /dev/null +++ b/spdmlib/src/message/challenge.rs @@ -0,0 +1,361 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::opaque::SpdmOpaqueStruct; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{ + SpdmDigestStruct, SpdmMeasurementSummaryHashType, SpdmNonceStruct, SpdmResponseCapabilityFlags, + SpdmSignatureStruct, +}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmChallengeRequestPayload { + pub slot_id: u8, + pub measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + pub nonce: SpdmNonceStruct, +} + +impl SpdmCodec for SpdmChallengeRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .measurement_summary_hash_type + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .nonce + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let slot_id = u8::read(r)?; + let measurement_summary_hash_type = SpdmMeasurementSummaryHashType::read(r)?; + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => {} + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll + | SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + if !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + && !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + { + return None; + } + } + SpdmMeasurementSummaryHashType::Unknown(_) => return None, + } + let nonce = SpdmNonceStruct::read(r)?; + + Some(SpdmChallengeRequestPayload { + slot_id, + measurement_summary_hash_type, + nonce, + }) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmChallengeAuthAttribute: u8 { + const BASIC_MUT_AUTH_REQ = 0b10000000; + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmChallengeAuthResponsePayload { + pub slot_id: u8, + pub slot_mask: u8, + pub challenge_auth_attribute: SpdmChallengeAuthAttribute, + pub cert_chain_hash: SpdmDigestStruct, + pub nonce: SpdmNonceStruct, + pub measurement_summary_hash: SpdmDigestStruct, + pub opaque: SpdmOpaqueStruct, + pub signature: SpdmSignatureStruct, +} + +impl SpdmCodec for SpdmChallengeAuthResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + let param1 = self.slot_id + self.challenge_auth_attribute.bits(); + cnt += param1.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .slot_mask + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self.cert_chain_hash.spdm_encode(context, bytes)?; + cnt += self + .nonce + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + if context.runtime_info.need_measurement_summary_hash { + cnt += self.measurement_summary_hash.spdm_encode(context, bytes)?; + } + cnt += self.opaque.spdm_encode(context, bytes)?; + cnt += self.signature.spdm_encode(context, bytes)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let param1 = u8::read(r)?; + let slot_id = param1 & 0xF; + let challenge_auth_attribute = SpdmChallengeAuthAttribute::from_bits(param1 & 0xF0)?; + let slot_mask = u8::read(r)?; // param2 + let cert_chain_hash = SpdmDigestStruct::spdm_read(context, r)?; + let nonce = SpdmNonceStruct::read(r)?; + let measurement_summary_hash = if context.runtime_info.need_measurement_summary_hash { + SpdmDigestStruct::spdm_read(context, r)? + } else { + SpdmDigestStruct::default() + }; + let opaque = SpdmOpaqueStruct::spdm_read(context, r)?; + let signature = SpdmSignatureStruct::spdm_read(context, r)?; + Some(SpdmChallengeAuthResponsePayload { + slot_id, + slot_mask, + challenge_auth_attribute, + cert_chain_hash, + nonce, + measurement_summary_hash, + opaque, + signature, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::opaque::MAX_SPDM_OPAQUE_SIZE; + use crate::common::SpdmOpaqueSupport; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_challenge_request_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_NONCE_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmChallengeRequestPayload { + slot_id: 100, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(34, reader.left()); + let spdm_challenge_request_payload = + SpdmChallengeRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_challenge_request_payload.slot_id, 100); + assert_eq!( + spdm_challenge_request_payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(spdm_challenge_request_payload.nonce.data[i], 100u8); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_challenge_auth_response_payload() { + let u8_slice = &mut [0u8; 2 + + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + SPDM_MAX_HASH_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmChallengeAuthResponsePayload { + slot_id: 0x0f, + slot_mask: 100, + challenge_auth_attribute: SpdmChallengeAuthAttribute::BASIC_MUT_AUTH_REQ, + cert_chain_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0xAAu8; SPDM_MAX_HASH_SIZE]), + }, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x55u8; SPDM_MAX_HASH_SIZE]), + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [0xAAu8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0x55u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + }; + + create_spdm_context!(context); + + context.runtime_info.need_measurement_summary_hash = true; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + + assert_eq!( + 2 + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + SPDM_MAX_HASH_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE, + reader.left() + ); + let spdm_read_data = + SpdmChallengeAuthResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(0, reader.left()); + assert_eq!(spdm_read_data.slot_id, 0x0f); + assert_eq!(spdm_read_data.slot_mask, 100); + assert_eq!( + spdm_read_data.challenge_auth_attribute, + SpdmChallengeAuthAttribute::BASIC_MUT_AUTH_REQ + ); + + assert_eq!( + spdm_read_data.cert_chain_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + spdm_read_data.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!(spdm_read_data.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + assert_eq!( + spdm_read_data.signature.data_size, + RSASSA_4096_KEY_SIZE as u16 + ); + + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_read_data.cert_chain_hash.data[i], 0xAAu8); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(spdm_read_data.opaque.data[i], 0xAAu8); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_read_data.measurement_summary_hash.data[i], 0x55u8); + } + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(spdm_read_data.nonce.data[i], 100u8); + } + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(spdm_read_data.signature.data[i], 0x55u8); + } + } + #[test] + fn test_case1_spdm_challenge_auth_response_payload() { + let u8_slice = &mut [0u8; 2 + + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmChallengeAuthResponsePayload { + slot_id: 0x0f, + slot_mask: 100, + challenge_auth_attribute: SpdmChallengeAuthAttribute::BASIC_MUT_AUTH_REQ, + cert_chain_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0xAAu8; SPDM_MAX_HASH_SIZE]), + }, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + measurement_summary_hash: SpdmDigestStruct::default(), + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [0xAAu8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0x55u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + }; + + create_spdm_context!(context); + + context.runtime_info.need_measurement_summary_hash = false; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + assert_eq!( + 2 + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE, + writer.left() + ); + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + assert_eq!(0, writer.left()); + + let mut reader = Reader::init(u8_slice); + + assert_eq!( + 2 + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE, + reader.left() + ); + let spdm_read_data = + SpdmChallengeAuthResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(0, reader.left()); + assert_eq!(spdm_read_data.measurement_summary_hash.data_size, 0); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_read_data.measurement_summary_hash.data[i], 0); + } + } +} + +#[cfg(test)] +#[path = "challenge_test.rs"] +mod challenge_test; diff --git a/spdmlib/src/message/challenge_test.rs b/spdmlib/src/message/challenge_test.rs new file mode 100644 index 0000000..d51ca99 --- /dev/null +++ b/spdmlib/src/message/challenge_test.rs @@ -0,0 +1,75 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SHA256_DIGEST_SIZE}, +}; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_challenge_struct() { + create_spdm_context!(context); + let context = &mut context; + + // Validate request payload size is 36 - 2 = 34 + let u8_slice = &mut [0u8; 36]; + let writer = &mut Writer::init(u8_slice); + let request = SpdmChallengeRequestPayload { + slot_id: 0xff, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + nonce: SpdmNonceStruct::default(), + }; + assert!(request.spdm_encode(context, writer).is_ok()); + assert_eq!(writer.used(), 34); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + context.runtime_info.need_measurement_summary_hash = true; + + // Validate OpaqueDataLength is invalid. Expectation, pass + const INVALID_OPAQUE_DATA_LENGTH: u16 = 1025u16; + let u8_slice = &mut [0u8; 38 + + 2 * SHA256_DIGEST_SIZE + + INVALID_OPAQUE_DATA_LENGTH as usize + + SHA256_DIGEST_SIZE * 2]; + LittleEndian::write_u16( + &mut u8_slice[(36 + 2 * SHA256_DIGEST_SIZE as usize)..], + INVALID_OPAQUE_DATA_LENGTH, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmChallengeAuthResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); +} + +#[ignore = "Extend unit tests"] +#[test] +fn test_challenge_struct_opaque_data_length_negative() { + create_spdm_context!(context); + let context = &mut context; + + // Validate support max OpaqueDataLength is 1024. Expectation, pass + // Validate response payload size is 38 + 2H + OpaqueDataLength + SigLen + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + context.runtime_info.need_measurement_summary_hash = true; + + let u8_slice = &mut [0u8; 38 + + 2 * SHA256_DIGEST_SIZE + + OPAQUE_DATA_LENGTH as usize + + SHA256_DIGEST_SIZE * 2]; + const OPAQUE_DATA_LENGTH: u16 = 1024u16; + LittleEndian::write_u16( + &mut u8_slice[(36 + 2 * SHA256_DIGEST_SIZE as usize)..], + OPAQUE_DATA_LENGTH, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmChallengeAuthResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} diff --git a/spdmlib/src/message/digest.rs b/spdmlib/src/message/digest.rs new file mode 100644 index 0000000..4fb987e --- /dev/null +++ b/spdmlib/src/message/digest.rs @@ -0,0 +1,188 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{gen_array_clone, SpdmDigestStruct, SPDM_MAX_SLOT_NUMBER}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetDigestsRequestPayload {} + +impl SpdmCodec for SpdmGetDigestsRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmGetDigestsRequestPayload {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmDigestsResponsePayload { + pub slot_mask: u8, + pub digests: [SpdmDigestStruct; SPDM_MAX_SLOT_NUMBER], +} + +impl SpdmCodec for SpdmDigestsResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .slot_mask + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + let mut count = 0u8; + for i in 0..8 { + if (self.slot_mask & (1 << i)) != 0 { + count += 1; + } + } + + for digest in self.digests.iter().take(count as usize) { + cnt += digest.spdm_encode(context, bytes)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + let slot_mask = u8::read(r)?; // param2 + + let mut slot_count = 0u8; + for i in 0..8 { + if (slot_mask & (1 << i)) != 0 { + slot_count += 1; + } + } + + let mut digests = gen_array_clone(SpdmDigestStruct::default(), SPDM_MAX_SLOT_NUMBER); + for digest in digests.iter_mut().take(slot_count as usize) { + *digest = SpdmDigestStruct::spdm_read(context, r)?; + } + Some(SpdmDigestsResponsePayload { slot_mask, digests }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_digests_response_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_MAX_SLOT_NUMBER * SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + + let mut value = SpdmDigestsResponsePayload { + slot_mask: 0b11111111, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }; + for i in 0..SPDM_MAX_SLOT_NUMBER { + for j in 0..SPDM_MAX_HASH_SIZE { + value.digests[i].data[j] = (i * j) as u8; + } + } + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + SPDM_MAX_SLOT_NUMBER * SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_digests_response_payload = + SpdmDigestsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_digests_response_payload.slot_mask, 0b11111111); + for i in 0..SPDM_MAX_SLOT_NUMBER { + for j in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_digests_response_payload.digests[i].data_size, 64u16); + assert_eq!( + spdm_digests_response_payload.digests[i].data[j], + (i * j) as u8 + ); + } + } + assert_eq!(0, reader.left()); + } + #[test] + #[should_panic] + fn test_case1_spdm_digests_response_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let mut value = SpdmDigestsResponsePayload::default(); + value.slot_mask = 0b00000000; + value.digests = gen_array_clone(SpdmDigestStruct::default(), SPDM_MAX_SLOT_NUMBER); + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmDigestsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let mut value = SpdmDigestsResponsePayload::default(); + value.slot_mask = 0b00011111; + value.digests = gen_array_clone(SpdmDigestStruct::default(), SPDM_MAX_SLOT_NUMBER); + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + } + #[test] + fn test_case0_spdm_get_digests_request_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetDigestsRequestPayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmGetDigestsRequestPayload::spdm_read(&mut context, &mut reader); + } +} + +#[cfg(test)] +#[path = "digest_test.rs"] +mod digest_test; diff --git a/spdmlib/src/message/digest_test.rs b/spdmlib/src/message/digest_test.rs new file mode 100644 index 0000000..8f78a57 --- /dev/null +++ b/spdmlib/src/message/digest_test.rs @@ -0,0 +1,49 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + protocol::SpdmBaseHashAlgo, +}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_digest_struct() { + use crate::protocol::SHA256_DIGEST_SIZE; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + + // 1. [Negative] Param2 equal 0b11111111 total length less than 4 +(H * 8). Expectation: None + let u8_slice = &mut [0u8; 4 + SHA256_DIGEST_SIZE * 7]; + + u8_slice[3] = 0xff; + let mut reader = Reader::init(&u8_slice[2..]); + let ret = SpdmDigestsResponsePayload::spdm_read(&mut context, &mut reader); + assert!(ret.is_none()); +} + +#[test] +fn test_digest_struct_case2() { + use crate::protocol::SHA384_DIGEST_SIZE; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + // 2. [Negative] Param2 equal 0b11001111 total read length equal 4 +(H * 6). Expectation: true + let u8_slice = &mut [0u8; 4 + SHA384_DIGEST_SIZE * 9]; + + u8_slice[3] = 0xcf; + let mut reader = Reader::init(&u8_slice[2..]); + let ret = SpdmDigestsResponsePayload::spdm_read(&mut context, &mut reader); + assert_eq!( + reader.used() + 2, + 4 + context.negotiate_info.base_hash_sel.get_size() as usize * 6 + ); + assert!(ret.is_some()); +} diff --git a/spdmlib/src/message/encapsulated.rs b/spdmlib/src/message/encapsulated.rs new file mode 100644 index 0000000..f6e229f --- /dev/null +++ b/spdmlib/src/message/encapsulated.rs @@ -0,0 +1,179 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::SpdmVersion; +use codec::{enum_builder, u24, Codec, Reader, Writer}; + +pub const ENCAPSULATED_RESPONSE_ACK_HEADER_SIZE: usize = 8; + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetEncapsulatedRequestPayload {} + +impl SpdmCodec for SpdmGetEncapsulatedRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmGetEncapsulatedRequestPayload {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmEncapsulatedRequestPayload { + pub request_id: u8, +} + +impl SpdmCodec for SpdmEncapsulatedRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .request_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let request_id = u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmEncapsulatedRequestPayload { request_id }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmDeliverEncapsulatedResponsePayload { + pub request_id: u8, +} + +impl SpdmCodec for SpdmDeliverEncapsulatedResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .request_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let request_id = u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmDeliverEncapsulatedResponsePayload { request_id }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmEncapsulatedResponseAckPayload { + pub request_id: u8, + pub payload_type: SpdmEncapsulatedResponseAckPayloadType, + pub ack_request_id: u8, +} + +impl SpdmCodec for SpdmEncapsulatedResponseAckPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .request_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .payload_type + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .ack_request_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += u24::new(0) + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + } + + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let request_id = u8::read(r)?; // param1 + let payload_type = SpdmEncapsulatedResponseAckPayloadType::read(r)?; // param2 + let mut ack_request_id = 0; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + ack_request_id = u8::read(r)?; + let _ = u24::read(r)?; // reserved + } + + Some(SpdmEncapsulatedResponseAckPayload { + request_id, + payload_type, + ack_request_id, + }) + } +} + +enum_builder! { + @U8 + EnumName: SpdmEncapsulatedResponseAckPayloadType; + EnumVal{ + Absent => 0, + Present => 1, + ReqSlotNumber => 2 + } +} +impl Default for SpdmEncapsulatedResponseAckPayloadType { + fn default() -> SpdmEncapsulatedResponseAckPayloadType { + SpdmEncapsulatedResponseAckPayloadType::Absent + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +#[path = "encapsulated_test.rs"] +mod encapsulated_test; diff --git a/spdmlib/src/message/encapsulated_test.rs b/spdmlib/src/message/encapsulated_test.rs new file mode 100644 index 0000000..d99f43c --- /dev/null +++ b/spdmlib/src/message/encapsulated_test.rs @@ -0,0 +1,114 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_get_encapsulated_request_payload() { + create_spdm_context!(context); + + let get_encap_req = SpdmGetEncapsulatedRequestPayload {}; + let mut buffer = [0u8; 16]; + + let mut writer = Writer::init(&mut buffer); + let size = get_encap_req + .spdm_encode(&mut context, &mut writer) + .unwrap(); + assert_eq!(size, 2); + + let mut reader = Reader::init(&mut buffer); + let ret = SpdmGetEncapsulatedRequestPayload::spdm_read(&mut context, &mut reader); + assert!(ret.is_some()); +} + +#[test] +fn test_encapsulated_request_payload() { + create_spdm_context!(context); + + let encap_req = SpdmEncapsulatedRequestPayload { request_id: 0xa }; + let mut buffer = [0u8; 16]; + + let mut writer = Writer::init(&mut buffer); + let size = encap_req.spdm_encode(&mut context, &mut writer).unwrap(); + assert_eq!(size, 2); + + let mut reader = Reader::init(&mut buffer); + let encap_req = SpdmEncapsulatedRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(encap_req.request_id, 0xa); +} + +#[test] +fn test_deliver_encapsulated_response_payload() { + create_spdm_context!(context); + + let deliver_encap_rsp = SpdmDeliverEncapsulatedResponsePayload { request_id: 0xa }; + let mut buffer = [0u8; 16]; + + let mut writer = Writer::init(&mut buffer); + let size = deliver_encap_rsp + .spdm_encode(&mut context, &mut writer) + .unwrap(); + assert_eq!(size, 2); + + let mut reader = Reader::init(&mut buffer); + let deliver_encap_rsp = + SpdmDeliverEncapsulatedResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(deliver_encap_rsp.request_id, 0xa); +} + +#[test] +fn test_encapsulated_response_ack_payload() { + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let encap_rsp_ack = SpdmEncapsulatedResponseAckPayload { + request_id: 0xa, + payload_type: SpdmEncapsulatedResponseAckPayloadType::Present, + ack_request_id: 0x1, + }; + let mut buffer = [0u8; 16]; + + let mut writer = Writer::init(&mut buffer); + let size = encap_rsp_ack + .spdm_encode(&mut context, &mut writer) + .unwrap(); + assert_eq!(size, 6); + + let mut reader = Reader::init(&mut buffer); + let encap_rsp_ack = + SpdmEncapsulatedResponseAckPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(encap_rsp_ack.request_id, 0xa); + assert_eq!( + encap_rsp_ack.payload_type, + SpdmEncapsulatedResponseAckPayloadType::Present + ); + assert_eq!(encap_rsp_ack.ack_request_id, 0x1); +} + +#[test] +fn test_encapsulated_response_ack_payload_ver11() { + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let encap_rsp_ack = SpdmEncapsulatedResponseAckPayload { + request_id: 0xa, + payload_type: SpdmEncapsulatedResponseAckPayloadType::Present, + ack_request_id: 0x1, + }; + let mut buffer = [0u8; 16]; + + let mut writer = Writer::init(&mut buffer); + let size = encap_rsp_ack + .spdm_encode(&mut context, &mut writer) + .unwrap(); + assert_eq!(size, 2); + + let mut reader = Reader::init(&mut buffer); + let encap_rsp_ack = + SpdmEncapsulatedResponseAckPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(encap_rsp_ack.request_id, 0xa); +} diff --git a/spdmlib/src/message/end_session.rs b/spdmlib/src/message/end_session.rs new file mode 100644 index 0000000..0fc6209 --- /dev/null +++ b/spdmlib/src/message/end_session.rs @@ -0,0 +1,150 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::{common, error::SpdmStatus}; +use codec::{Codec, Reader, Writer}; + +bitflags! { + #[derive(Default)] + pub struct SpdmEndSessionRequestAttributes: u8 { + const PRESERVE_NEGOTIATED_STATE = 0b00000001; + } +} + +impl Codec for SpdmEndSessionRequestAttributes { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + + SpdmEndSessionRequestAttributes::from_bits(bits) + } +} + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +pub struct SpdmEndSessionRequestPayload { + pub end_session_request_attributes: SpdmEndSessionRequestAttributes, +} + +impl SpdmCodec for SpdmEndSessionRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .end_session_request_attributes + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let end_session_request_attributes = SpdmEndSessionRequestAttributes::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmEndSessionRequestPayload { + end_session_request_attributes, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmEndSessionResponsePayload {} + +impl SpdmCodec for SpdmEndSessionResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmEndSessionResponsePayload {}) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_end_session_request_attributes() { + let u8_slice = &mut [0u8; 1]; + let mut writer = Writer::init(u8_slice); + let value = SpdmEndSessionRequestAttributes::all(); + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!( + SpdmEndSessionRequestAttributes::read(&mut reader).unwrap(), + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_end_session_request_payload() { + let u8_slice = &mut [0u8; 12]; + let mut writer = Writer::init(u8_slice); + let value = SpdmEndSessionRequestPayload { + end_session_request_attributes: + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(12, reader.left()); + let spdm_end_session_request_payload = + SpdmEndSessionRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_end_session_request_payload.end_session_request_attributes, + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE + ); + assert_eq!(10, reader.left()); + } + #[test] + fn test_case0_spdm_end_session_response_payload() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmEndSessionResponsePayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmEndSessionResponsePayload::spdm_read(&mut context, &mut reader); + } +} + +#[cfg(test)] +#[path = "end_session_test.rs"] +mod end_session_test; diff --git a/spdmlib/src/message/end_session_test.rs b/spdmlib/src/message/end_session_test.rs new file mode 100644 index 0000000..b3354ca --- /dev/null +++ b/spdmlib/src/message/end_session_test.rs @@ -0,0 +1,28 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_end_session_struct() { + create_spdm_context!(context); + let context = &mut context; + + // 1. Validate END_SESSION request length is 4. + let u8_slice = &mut [0u8; 4]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmEndSessionRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 2. Validate END_SESSION_ACK response length is 4. + let u8_slice = &mut [0u8; 4]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmEndSessionResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} diff --git a/spdmlib/src/message/error.rs b/spdmlib/src/message/error.rs new file mode 100644 index 0000000..ce4a4ec --- /dev/null +++ b/spdmlib/src/message/error.rs @@ -0,0 +1,422 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; + +enum_builder! { + @U8 + EnumName: SpdmErrorCode; + EnumVal{ + SpdmErrorInvalidRequest => 0x1, + SpdmErrorBusy => 0x3, + SpdmErrorUnexpectedRequest => 0x4, + SpdmErrorUnspecified => 0x5, + SpdmErrorDecryptError => 0x6, + SpdmErrorUnsupportedRequest => 0x7, + SpdmErrorRequestInFlight => 0x8, + SpdmErrorInvalidResponseCode => 0x9, + SpdmErrorSessionLimitExceeded => 0xA, + SpdmErrorSessionRequired => 0xB, + SpdmErrorResetRequired => 0xC, + SpdmErrorResponseTooLarge => 0xD, + SpdmErrorRequestTooLarge => 0xE, + SpdmErrorLargeResponse => 0xF, + SpdmErrorMessageLost => 0x10, + SpdmErrorVersionMismatch => 0x41, + SpdmErrorResponseNotReady => 0x42, + SpdmErrorRequestResynch => 0x43, + SpdmErrorVendorDefined => 0xFF + } +} +impl Default for SpdmErrorCode { + fn default() -> SpdmErrorCode { + SpdmErrorCode::Unknown(0) + } +} + +pub const SPDM_ERROR_VENDOR_EXT_DATA_SIZE: usize = 32; + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +pub struct SpdmErrorResponseNoneExtData {} + +impl SpdmCodec for SpdmErrorResponseNoneExtData { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + _bytes: &mut Writer, + ) -> Result { + Ok(0) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + _r: &mut Reader, + ) -> Option { + Some(SpdmErrorResponseNoneExtData {}) + } +} + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +pub struct SpdmErrorResponseNotReadyExtData { + pub rdt_exponent: u8, + pub request_code: u8, + pub token: u8, + pub rdtm: u8, +} + +impl Codec for SpdmErrorResponseNotReadyExtData { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.rdt_exponent.encode(bytes)?; + cnt += self.request_code.encode(bytes)?; + cnt += self.token.encode(bytes)?; + cnt += self.rdtm.encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let rdt_exponent = u8::read(r)?; + let request_code = u8::read(r)?; + let token = u8::read(r)?; + let rdtm = u8::read(r)?; + Some(SpdmErrorResponseNotReadyExtData { + rdt_exponent, + request_code, + token, + rdtm, + }) + } +} + +impl SpdmCodec for SpdmErrorResponseNotReadyExtData { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .rdt_exponent + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .request_code + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .token + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .rdtm + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let rdt_exponent = u8::read(r)?; + let request_code = u8::read(r)?; + let token = u8::read(r)?; + let rdtm = u8::read(r)?; + + Some(SpdmErrorResponseNotReadyExtData { + rdt_exponent, + request_code, + token, + rdtm, + }) + } +} + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +pub struct SpdmErrorResponseVendorExtData { + pub data_size: u8, + pub data: [u8; 32], +} + +impl SpdmCodec for SpdmErrorResponseVendorExtData { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + for d in self.data.iter().take(self.data_size as usize) { + d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(self.data_size as usize) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let mut data_size = 0; + let mut data = [0u8; 32]; + + for d in &mut data { + let result = u8::read(r); + match result { + Some(v) => { + *d = v; + data_size += 1; + } + None => { + break; + } + } + } + + Some(SpdmErrorResponseVendorExtData { data_size, data }) + } +} + +#[derive(Debug, Clone, PartialEq, Eq)] +pub enum SpdmErrorResponseExtData { + SpdmErrorExtDataNone(SpdmErrorResponseNoneExtData), + SpdmErrorExtDataNotReady(SpdmErrorResponseNotReadyExtData), + SpdmErrorExtDataVendorDefined(SpdmErrorResponseVendorExtData), +} +impl Default for SpdmErrorResponseExtData { + fn default() -> SpdmErrorResponseExtData { + SpdmErrorResponseExtData::SpdmErrorExtDataNone(SpdmErrorResponseNoneExtData {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmErrorResponsePayload { + pub error_code: SpdmErrorCode, + pub error_data: u8, + pub extended_data: SpdmErrorResponseExtData, +} + +impl SpdmCodec for SpdmErrorResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .error_code + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .error_data + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + match &self.extended_data { + SpdmErrorResponseExtData::SpdmErrorExtDataNotReady(extended_data) => { + cnt += extended_data.spdm_encode(context, bytes)?; + } + SpdmErrorResponseExtData::SpdmErrorExtDataVendorDefined(extended_data) => { + cnt += extended_data.spdm_encode(context, bytes)?; + } + SpdmErrorResponseExtData::SpdmErrorExtDataNone(extended_data) => { + cnt += extended_data.spdm_encode(context, bytes)?; + } + } + + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let error_code = SpdmErrorCode::read(r)?; // param1 + let error_data = u8::read(r)?; // param2 + + let extended_data = match error_code { + SpdmErrorCode::SpdmErrorResponseNotReady => { + Some(SpdmErrorResponseExtData::SpdmErrorExtDataNotReady( + SpdmErrorResponseNotReadyExtData::spdm_read(context, r)?, + )) + } + SpdmErrorCode::SpdmErrorVendorDefined => { + Some(SpdmErrorResponseExtData::SpdmErrorExtDataVendorDefined( + SpdmErrorResponseVendorExtData::spdm_read(context, r)?, + )) + } + _ => Some(SpdmErrorResponseExtData::SpdmErrorExtDataNone( + SpdmErrorResponseNoneExtData::spdm_read(context, r)?, + )), + }; + + let extended_data = extended_data?; + + Some(SpdmErrorResponsePayload { + error_code, + error_data, + extended_data, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_error_response_not_ready_ext_data() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + + let value = SpdmErrorResponseNotReadyExtData { + rdt_exponent: 0xaa, + request_code: 0xaa, + token: 0x55, + rdtm: 0x55, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + let spdm_error_response_not_ready_ext_data = + SpdmErrorResponseNotReadyExtData::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_error_response_not_ready_ext_data.rdt_exponent, 0xaa); + assert_eq!(spdm_error_response_not_ready_ext_data.request_code, 0xaa); + assert_eq!(spdm_error_response_not_ready_ext_data.token, 0x55); + assert_eq!(spdm_error_response_not_ready_ext_data.rdtm, 0x55); + assert_eq!(4, reader.left()); + } + #[test] + fn test_case0_spdm_error_response_vendor_ext_data() { + let u8_slice = &mut [0u8; SPDM_ERROR_VENDOR_EXT_DATA_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmErrorResponseVendorExtData { + data_size: SPDM_ERROR_VENDOR_EXT_DATA_SIZE as u8, + data: [100u8; SPDM_ERROR_VENDOR_EXT_DATA_SIZE], + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_ERROR_VENDOR_EXT_DATA_SIZE, reader.left()); + let response_vendor_ext_data = + SpdmErrorResponseVendorExtData::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(response_vendor_ext_data.data_size, 32); + for i in 0..SPDM_ERROR_VENDOR_EXT_DATA_SIZE { + assert_eq!(response_vendor_ext_data.data[i], 100u8); + } + } + #[test] + fn test_case1_spdm_error_response_vendor_ext_data() { + let u8_slice = &mut [0u8; SPDM_ERROR_VENDOR_EXT_DATA_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmErrorResponseVendorExtData::default(); + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_ERROR_VENDOR_EXT_DATA_SIZE, reader.left()); + let response_vendor_ext_data = + SpdmErrorResponseVendorExtData::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + response_vendor_ext_data.data_size, + SPDM_ERROR_VENDOR_EXT_DATA_SIZE as u8 + ); + for i in 0..SPDM_ERROR_VENDOR_EXT_DATA_SIZE { + assert_eq!(response_vendor_ext_data.data[i], 0); + } + } + #[test] + fn test_case0_spdm_error_response_payload() { + let value = SpdmErrorResponsePayload { + error_code: SpdmErrorCode::SpdmErrorResponseNotReady, + error_data: 100, + extended_data: SpdmErrorResponseExtData::SpdmErrorExtDataNotReady( + SpdmErrorResponseNotReadyExtData { + rdt_exponent: 0x11, + request_code: 0x22, + token: 0x33, + rdtm: 0x44, + }, + ), + }; + + create_spdm_context!(context); + + let mut spdm_error_response_payload = new_spdm_response(value, &mut context); + + assert_eq!( + spdm_error_response_payload.error_code, + SpdmErrorCode::SpdmErrorResponseNotReady + ); + assert_eq!(spdm_error_response_payload.error_data, 100); + if let SpdmErrorResponseExtData::SpdmErrorExtDataNotReady(extended_data) = + &spdm_error_response_payload.extended_data + { + assert_eq!(extended_data.rdt_exponent, 0x11); + assert_eq!(extended_data.request_code, 0x22); + assert_eq!(extended_data.token, 0x33); + assert_eq!(extended_data.rdtm, 0x44); + } + + let mut value = SpdmErrorResponsePayload { + error_code: SpdmErrorCode::SpdmErrorVendorDefined, + error_data: 100, + extended_data: SpdmErrorResponseExtData::default(), + }; + value.extended_data = SpdmErrorResponseExtData::SpdmErrorExtDataVendorDefined( + SpdmErrorResponseVendorExtData { + data_size: 32, + data: [100u8; 32], + }, + ); + spdm_error_response_payload = new_spdm_response(value, &mut context); + + if let SpdmErrorResponseExtData::SpdmErrorExtDataVendorDefined(extended_data) = + &spdm_error_response_payload.extended_data + { + assert_eq!( + extended_data.data_size, + SPDM_ERROR_VENDOR_EXT_DATA_SIZE as u8 + ); + for i in 0..SPDM_ERROR_VENDOR_EXT_DATA_SIZE { + assert_eq!(extended_data.data[i], 100u8); + } + } + + let mut value = SpdmErrorResponsePayload { + error_code: SpdmErrorCode::SpdmErrorInvalidRequest, + error_data: 100, + extended_data: SpdmErrorResponseExtData::default(), + }; + value.extended_data = + SpdmErrorResponseExtData::SpdmErrorExtDataNone(SpdmErrorResponseNoneExtData {}); + new_spdm_response(value, &mut context); + } + + fn new_spdm_response( + value: SpdmErrorResponsePayload, + context: &mut common::SpdmContext, + ) -> SpdmErrorResponsePayload { + let u8_slice = &mut [0u8; 4 + SPDM_ERROR_VENDOR_EXT_DATA_SIZE]; + let mut writer = Writer::init(u8_slice); + assert!(value.spdm_encode(context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + + SpdmErrorResponsePayload::spdm_read(context, &mut reader).unwrap() + } +} diff --git a/spdmlib/src/message/finish.rs b/spdmlib/src/message/finish.rs new file mode 100644 index 0000000..341342e --- /dev/null +++ b/spdmlib/src/message/finish.rs @@ -0,0 +1,300 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{ + SpdmDigestStruct, SpdmRequestCapabilityFlags, SpdmResponseCapabilityFlags, SpdmSignatureStruct, +}; +use codec::{Codec, Reader, Writer}; + +bitflags! { + #[derive(Default)] + pub struct SpdmFinishRequestAttributes: u8 { + const SIGNATURE_INCLUDED = 0b00000001; + } +} + +impl Codec for SpdmFinishRequestAttributes { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + + SpdmFinishRequestAttributes::from_bits(bits) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmFinishRequestPayload { + pub finish_request_attributes: SpdmFinishRequestAttributes, + pub req_slot_id: u8, + pub signature: SpdmSignatureStruct, + pub verify_data: SpdmDigestStruct, +} + +impl SpdmCodec for SpdmFinishRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .finish_request_attributes + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .req_slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + if self + .finish_request_attributes + .contains(SpdmFinishRequestAttributes::SIGNATURE_INCLUDED) + { + cnt += self.signature.spdm_encode(context, bytes)?; + } + cnt += self.verify_data.spdm_encode(context, bytes)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let finish_request_attributes = SpdmFinishRequestAttributes::read(r)?; // param1 + let req_slot_id = u8::read(r)?; // param2 + let mut signature = SpdmSignatureStruct::default(); + if finish_request_attributes.contains(SpdmFinishRequestAttributes::SIGNATURE_INCLUDED) { + signature = SpdmSignatureStruct::spdm_read(context, r)?; + } + let verify_data = SpdmDigestStruct::spdm_read(context, r)?; + + Some(SpdmFinishRequestPayload { + finish_request_attributes, + req_slot_id, + signature, + verify_data, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmFinishResponsePayload { + pub verify_data: SpdmDigestStruct, +} + +impl SpdmCodec for SpdmFinishResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + let in_clear_text = context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + if in_clear_text { + cnt += self.verify_data.spdm_encode(context, bytes)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + let in_clear_text = context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + + let verify_data = if in_clear_text { + SpdmDigestStruct::spdm_read(context, r)? + } else { + SpdmDigestStruct::default() + }; + + Some(SpdmFinishResponsePayload { verify_data }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_finish_request_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::SIGNATURE_INCLUDED, + req_slot_id: 100, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 2 + SPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_HASH_SIZE, + reader.left() + ); + let spdm_finish_request_payload = + SpdmFinishRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_finish_request_payload.finish_request_attributes, + SpdmFinishRequestAttributes::SIGNATURE_INCLUDED + ); + assert_eq!(spdm_finish_request_payload.req_slot_id, 100); + assert_eq!( + spdm_finish_request_payload.signature.data_size, + RSASSA_4096_KEY_SIZE as u16 + ); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(spdm_finish_request_payload.signature.data[i], 0xa5u8); + } + assert_eq!( + spdm_finish_request_payload.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_finish_request_payload.verify_data.data[i], 0x5au8); + } + } + #[test] + fn test_case1_spdm_finish_request_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::empty(), + req_slot_id: 100, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_finish_request_payload = + SpdmFinishRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_finish_request_payload.finish_request_attributes, + SpdmFinishRequestAttributes::empty() + ); + assert_eq!(spdm_finish_request_payload.req_slot_id, 100); + assert_eq!(spdm_finish_request_payload.signature.data_size, 0); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(spdm_finish_request_payload.signature.data[i], 0); + } + } + #[test] + fn test_case0_spdm_finish_response_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmFinishResponsePayload { + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_read = SpdmFinishResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_read.verify_data.data_size, SPDM_MAX_HASH_SIZE as u16); + for i in 0..SPDM_MAX_HASH_SIZE { + assert_eq!(spdm_read.verify_data.data[i], 100u8); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_finish_response_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmFinishResponsePayload { + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::KEY_UPD_CAP; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + let spdm_read = SpdmFinishResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_read.verify_data.data_size, 0); + for i in 0..SPDM_MAX_HASH_SIZE { + assert_eq!(spdm_read.verify_data.data[i], 0); + } + assert_eq!(0, reader.left()); + } +} + +#[cfg(test)] +#[path = "finish_test.rs"] +mod finish_test; diff --git a/spdmlib/src/message/finish_test.rs b/spdmlib/src/message/finish_test.rs new file mode 100644 index 0000000..13ad7da --- /dev/null +++ b/spdmlib/src/message/finish_test.rs @@ -0,0 +1,54 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo}, +}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_finish_struct() { + create_spdm_context!(context); + let context = &mut context; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + + // 1. Validate FINISH request length is 4 + SigLen + H. SigLen if Param1 Bit 0 is set. + let u8_slice = &mut [0u8; 4 + 32]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmFinishRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 2. Validate FINISH_RSP response length is 4 + H. H absent when HANDSHAKE_IN_THE_CLEAR_CAP is zero. + let u8_slice = &mut [0u8; 4]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmFinishResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 3. Validate FINISH_RSP response length is 4 + H. when HANDSHAKE_IN_THE_CLEAR_CAPs are not 0. + let u8_slice = &mut [0u8; 4]; + context.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmFinishResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); + + // 4. Validate FINISH_RSP response length is 4 + H. when HANDSHAKE_IN_THE_CLEAR_CAPs are not 0. + let u8_slice = &mut [0u8; 4 + 32]; + context.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmFinishResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} diff --git a/spdmlib/src/message/heartbeat.rs b/spdmlib/src/message/heartbeat.rs new file mode 100644 index 0000000..2125982 --- /dev/null +++ b/spdmlib/src/message/heartbeat.rs @@ -0,0 +1,99 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::{common, error::SpdmStatus}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmHeartbeatRequestPayload {} + +impl SpdmCodec for SpdmHeartbeatRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmHeartbeatRequestPayload {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmHeartbeatResponsePayload {} + +impl SpdmCodec for SpdmHeartbeatResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmHeartbeatResponsePayload {}) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_heartbeat_response_payload() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmHeartbeatResponsePayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmHeartbeatResponsePayload::spdm_read(&mut context, &mut reader); + } + #[test] + fn test_case0_spdm_heartbeat_request_payload() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmHeartbeatRequestPayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmHeartbeatRequestPayload::spdm_read(&mut context, &mut reader); + } +} + +#[cfg(test)] +#[path = "heartbeat_test.rs"] +mod heartbeat_test; diff --git a/spdmlib/src/message/heartbeat_test.rs b/spdmlib/src/message/heartbeat_test.rs new file mode 100644 index 0000000..9b017c0 --- /dev/null +++ b/spdmlib/src/message/heartbeat_test.rs @@ -0,0 +1,28 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_heartbeat_struct() { + create_spdm_context!(context); + let context = &mut context; + + // 1. Validate HEARTBEAT request length is 4. + let u8_slice = &mut [0u8; 4]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmHeartbeatRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 2. Validate HEARTBEAT response length is 4. + let u8_slice = &mut [0u8; 4]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmHeartbeatResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} diff --git a/spdmlib/src/message/key_exchange.rs b/spdmlib/src/message/key_exchange.rs new file mode 100644 index 0000000..ad37d20 --- /dev/null +++ b/spdmlib/src/message/key_exchange.rs @@ -0,0 +1,574 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::opaque::SpdmOpaqueStruct; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{ + SpdmDheExchangeStruct, SpdmDigestStruct, SpdmMeasurementSummaryHashType, SpdmRandomStruct, + SpdmRequestCapabilityFlags, SpdmResponseCapabilityFlags, SpdmSignatureStruct, +}; +use codec::{Codec, Reader, Writer}; + +use super::SpdmVersion; + +pub const KEY_EXCHANGE_REQUESTER_SESSION_POLICY_TERMINATION_POLICY_MASK: u8 = 0b0000_0001; +pub const KEY_EXCHANGE_REQUESTER_SESSION_POLICY_TERMINATION_POLICY_VALUE: u8 = 0b0000_0001; + +#[derive(Debug, Clone, Default)] +pub struct SpdmKeyExchangeRequestPayload { + pub measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + pub slot_id: u8, + pub req_session_id: u16, + pub session_policy: u8, + pub random: SpdmRandomStruct, + pub exchange: SpdmDheExchangeStruct, + pub opaque: SpdmOpaqueStruct, +} + +impl SpdmCodec for SpdmKeyExchangeRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .measurement_summary_hash_type + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .req_session_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + cnt += self + .session_policy + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + } + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + + cnt += self + .random + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self.exchange.spdm_encode(context, bytes)?; + cnt += self.opaque.spdm_encode(context, bytes)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let measurement_summary_hash_type = SpdmMeasurementSummaryHashType::read(r)?; // param1 + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => {} + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll + | SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + if !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + && !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + { + return None; + } + } + SpdmMeasurementSummaryHashType::Unknown(_) => return None, + } + let slot_id = u8::read(r)?; // param2 + let req_session_id = u16::read(r)?; + let session_policy = u8::read(r)?; + u8::read(r)?; + + let random = SpdmRandomStruct::read(r)?; + let exchange = SpdmDheExchangeStruct::spdm_read(context, r)?; + let opaque = SpdmOpaqueStruct::spdm_read(context, r)?; + + Some(SpdmKeyExchangeRequestPayload { + measurement_summary_hash_type, + slot_id, + req_session_id, + session_policy, + random, + exchange, + opaque, + }) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmKeyExchangeMutAuthAttributes: u8 { + const MUT_AUTH_REQ = 0b00000001; + const MUT_AUTH_REQ_WITH_ENCAP_REQUEST = 0b00000010; + const MUT_AUTH_REQ_WITH_GET_DIGESTS = 0b00000100; + } +} + +impl Codec for SpdmKeyExchangeMutAuthAttributes { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + + SpdmKeyExchangeMutAuthAttributes::from_bits(bits) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmKeyExchangeResponsePayload { + pub heartbeat_period: u8, + pub rsp_session_id: u16, + pub mut_auth_req: SpdmKeyExchangeMutAuthAttributes, + pub req_slot_id: u8, + pub random: SpdmRandomStruct, + pub exchange: SpdmDheExchangeStruct, + pub measurement_summary_hash: SpdmDigestStruct, + pub opaque: SpdmOpaqueStruct, + pub signature: SpdmSignatureStruct, + pub verify_data: SpdmDigestStruct, +} + +impl SpdmCodec for SpdmKeyExchangeResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .heartbeat_period + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .rsp_session_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .mut_auth_req + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .req_slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + cnt += self + .random + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self.exchange.spdm_encode(context, bytes)?; + if context.runtime_info.need_measurement_summary_hash { + cnt += self.measurement_summary_hash.spdm_encode(context, bytes)?; + } + cnt += self.opaque.spdm_encode(context, bytes)?; + cnt += self.signature.spdm_encode(context, bytes)?; + + let in_clear_text = context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + if !in_clear_text { + cnt += self.verify_data.spdm_encode(context, bytes)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let heartbeat_period = u8::read(r)?; // param1 + u8::read(r)?; // param2 + + let rsp_session_id = u16::read(r)?; // reserved + let mut_auth_req = SpdmKeyExchangeMutAuthAttributes::read(r)?; + let req_slot_id = u8::read(r)?; + + if !mut_auth_req.is_empty() + && mut_auth_req != SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ + && mut_auth_req != SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_ENCAP_REQUEST + && mut_auth_req != SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS + { + return None; + } + + let random = SpdmRandomStruct::read(r)?; + let exchange = SpdmDheExchangeStruct::spdm_read(context, r)?; + let measurement_summary_hash = if context.runtime_info.need_measurement_summary_hash { + SpdmDigestStruct::spdm_read(context, r)? + } else { + SpdmDigestStruct::default() + }; + let opaque = SpdmOpaqueStruct::spdm_read(context, r)?; + let signature = SpdmSignatureStruct::spdm_read(context, r)?; + let in_clear_text = context + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + let verify_data = if !in_clear_text { + SpdmDigestStruct::spdm_read(context, r)? + } else { + SpdmDigestStruct::default() + }; + + Some(SpdmKeyExchangeResponsePayload { + heartbeat_period, + rsp_session_id, + mut_auth_req, + req_slot_id, + random, + exchange, + measurement_summary_hash, + opaque, + signature, + verify_data, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::opaque::MAX_SPDM_OPAQUE_SIZE; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_key_exchange_mut_auth_attributes() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmKeyExchangeMutAuthAttributes::read(&mut reader).unwrap(), + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ + ); + assert_eq!(3, reader.left()); + } + #[test] + fn test_case0_spdm_key_exchange_request_payload() { + let u8_slice = + &mut [0u8; 6 + SPDM_RANDOM_SIZE + SPDM_MAX_DHE_KEY_SIZE + 2 + MAX_SPDM_OPAQUE_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + slot_id: 100u8, + req_session_id: 100u16, + session_policy: 1, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct { + data_size: SPDM_MAX_DHE_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_DHE_KEY_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 6 + SPDM_RANDOM_SIZE + SPDM_MAX_DHE_KEY_SIZE + 2 + MAX_SPDM_OPAQUE_SIZE, + reader.left() + ); + let exchange_request_payload = + SpdmKeyExchangeRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!( + exchange_request_payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + assert_eq!(exchange_request_payload.slot_id, 100); + for i in 0..SPDM_RANDOM_SIZE { + assert_eq!(exchange_request_payload.random.data[i], 100); + } + assert_eq!( + exchange_request_payload.exchange.data_size, + ECDSA_ECC_NIST_P384_KEY_SIZE as u16 + ); + for i in 0..ECDSA_ECC_NIST_P384_KEY_SIZE { + assert_eq!(exchange_request_payload.exchange.data[i], 100); + } + assert_eq!( + exchange_request_payload.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(exchange_request_payload.opaque.data[i], 100); + } + } + + #[test] + fn test_case0_spdm_key_exchange_response_payload() { + let u8_slice = &mut [0u8; 6 + + SPDM_RANDOM_SIZE + + SPDM_MAX_DHE_KEY_SIZE + + SPDM_MAX_HASH_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE + + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyExchangeResponsePayload { + heartbeat_period: 100u8, + rsp_session_id: 100u16, + mut_auth_req: SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ, + req_slot_id: 100u8, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct { + data_size: SPDM_MAX_DHE_KEY_SIZE as u16, + data: [0xa5u8; SPDM_MAX_DHE_KEY_SIZE], + }, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x11u8; SPDM_MAX_HASH_SIZE]), + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [0x22u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0x5au8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x33u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096; + context.runtime_info.need_measurement_summary_hash = true; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 6 + SPDM_RANDOM_SIZE + + SPDM_MAX_DHE_KEY_SIZE + + SPDM_MAX_HASH_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE + + SPDM_MAX_HASH_SIZE, + reader.left() + ); + let exchange_request_payload = + SpdmKeyExchangeResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(exchange_request_payload.heartbeat_period, 100); + assert_eq!(exchange_request_payload.rsp_session_id, 100); + assert_eq!( + exchange_request_payload.mut_auth_req, + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ + ); + assert_eq!(exchange_request_payload.req_slot_id, 100); + for i in 0..SPDM_RANDOM_SIZE { + assert_eq!(exchange_request_payload.random.data[i], 100); + } + + assert_eq!( + exchange_request_payload.exchange.data_size, + ECDSA_ECC_NIST_P384_KEY_SIZE as u16 + ); + for i in 0..ECDSA_ECC_NIST_P384_KEY_SIZE { + assert_eq!(exchange_request_payload.exchange.data[i], 0xa5); + } + + assert_eq!( + exchange_request_payload.signature.data_size, + RSAPSS_4096_KEY_SIZE as u16 + ); + for i in 0..RSAPSS_4096_KEY_SIZE { + assert_eq!(exchange_request_payload.signature.data[i], 0x5a); + } + + assert_eq!( + exchange_request_payload.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + exchange_request_payload.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + exchange_request_payload.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!( + exchange_request_payload.measurement_summary_hash.data[i], + 0x11 + ); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(exchange_request_payload.opaque.data[i], 0x22); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(exchange_request_payload.verify_data.data[i], 0x33); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_key_exchange_response_payload() { + let u8_slice = &mut [0u8; 6 + + SPDM_RANDOM_SIZE + + SPDM_MAX_DHE_KEY_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE + + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyExchangeResponsePayload { + heartbeat_period: 100u8, + rsp_session_id: 100u16, + mut_auth_req: SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ, + req_slot_id: 100u8, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct { + data_size: SPDM_MAX_DHE_KEY_SIZE as u16, + data: [0xa5u8; SPDM_MAX_DHE_KEY_SIZE], + }, + measurement_summary_hash: SpdmDigestStruct::default(), + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [0x22u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0x5au8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x33u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096; + context.runtime_info.need_measurement_summary_hash = false; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 6 + SPDM_RANDOM_SIZE + + SPDM_MAX_DHE_KEY_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE + + SPDM_MAX_HASH_SIZE, + reader.left() + ); + let exchange_request_payload = + SpdmKeyExchangeResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(exchange_request_payload.heartbeat_period, 100); + assert_eq!(exchange_request_payload.rsp_session_id, 100); + assert_eq!( + exchange_request_payload.mut_auth_req, + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ + ); + assert_eq!(exchange_request_payload.req_slot_id, 100); + for i in 0..SPDM_RANDOM_SIZE { + assert_eq!(exchange_request_payload.random.data[i], 100); + } + + assert_eq!( + exchange_request_payload.exchange.data_size, + ECDSA_ECC_NIST_P384_KEY_SIZE as u16 + ); + for i in 0..ECDSA_ECC_NIST_P384_KEY_SIZE { + assert_eq!(exchange_request_payload.exchange.data[i], 0xa5); + } + + assert_eq!( + exchange_request_payload.signature.data_size, + RSAPSS_4096_KEY_SIZE as u16 + ); + for i in 0..RSAPSS_4096_KEY_SIZE { + assert_eq!(exchange_request_payload.signature.data[i], 0x5a); + } + + assert_eq!( + exchange_request_payload.measurement_summary_hash.data_size, + 0 + ); + assert_eq!( + exchange_request_payload.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + exchange_request_payload.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(exchange_request_payload.measurement_summary_hash.data[i], 0); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(exchange_request_payload.opaque.data[i], 0x22); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(exchange_request_payload.verify_data.data[i], 0x33); + } + assert_eq!(0, reader.left()); + } +} + +#[cfg(test)] +#[path = "key_exchange_test.rs"] +mod key_exchange_test; diff --git a/spdmlib/src/message/key_exchange_test.rs b/spdmlib/src/message/key_exchange_test.rs new file mode 100644 index 0000000..11308ac --- /dev/null +++ b/spdmlib/src/message/key_exchange_test.rs @@ -0,0 +1,202 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmDheAlgo}, +}; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_key_exchange_req_struct() { + create_spdm_context!(context); + let context = &mut context; + + // 1. validate req OpaqueDatalength > 1024, expectation. None + // OpaqueDataLength = 1025 + const OPAQUE_DATA_LENGTH_CASE2: usize = 1025; + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE2]; + u8_slice[2] = SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone.get_u8(); + u8_slice[3] = 1; + LittleEndian::write_u16(&mut u8_slice[4..6], 0xffff); // ReqSessionId + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE2 as u16, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeRequestPayload::spdm_read(context, reader); + assert!(ret.is_none()); + + // 2. validate req OpaqueDatalength 0, expectation. ok + const OPAQUE_DATA_LENGTH_CASE3: usize = 0; + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE3]; + u8_slice[2] = SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone.get_u8(); + u8_slice[3] = 1; + LittleEndian::write_u16(&mut u8_slice[4..6], 0xffff); // ReqSessionId + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE3 as u16, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} + +#[ignore = "extended unit test"] +#[test] +fn test_key_exchange_req_struct_extend() { + create_spdm_context!(context); + let context = &mut context; + + // 3. Validate request length equal to 42 + D + OpaqueDataLength + // OpaqueDataLength = 256 + const OPAQUE_DATA_LENGTH_CASE1: usize = 256; + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE1]; + u8_slice[2] = SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll.get_u8(); + u8_slice[3] = 1; + LittleEndian::write_u16(&mut u8_slice[4..6], 0xffff); // ReqSessionId + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE1 as u16, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 4. validate Param2(SlotId is invalid 10), expectation. none + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE1]; + u8_slice[2] = SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll.get_u8(); + u8_slice[3] = 10; + LittleEndian::write_u16(&mut u8_slice[4..6], 0xffff); // ReqSessionId + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE1 as u16, + ); + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeRequestPayload::spdm_read(context, reader); + assert!(ret.is_none()); +} + +#[test] +fn test_key_exchange_rsp_struct() { + create_spdm_context!(context); + let context = &mut context; + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + + // 1. validate req OpaqueDatalength > 1024, expectation. None + // OpaqueDataLength = 1025 + const OPAQUE_DATA_LENGTH_CASE1: usize = 1025; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE1 + 64 + 32]; + u8_slice[2] = 0; + // RspSessionId + LittleEndian::write_u16(&mut u8_slice[4..6], 0xfffe); + // MutAuthRequested + u8_slice[6] = 0; + // SlotIDParam + u8_slice[7] = 0; + // OpaqueDataLength + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE1 as u16, + ); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); + + // 2. validate req OpaqueDatalength 0, expectation. ok + const OPAQUE_DATA_LENGTH_CASE2: usize = 0; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE2 + 64 + 32]; + u8_slice[2] = 0; + // RspSessionId + LittleEndian::write_u16(&mut u8_slice[4..6], 0xfffe); + // MutAuthRequested + u8_slice[6] = 0; + // SlotIDParam + u8_slice[7] = 0; + // OpaqueDataLength + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE2 as u16, + ); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // Verify the MutAuthRequested parameter, 0/1/2/4 is ok + u8_slice[6] = 0x2; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + + u8_slice[6] = 0x8; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); +} + +#[ignore = "extended unit test"] +#[test] +fn test_key_exchange_rsp_struct_extend() { + create_spdm_context!(context); + let context = &mut context; + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + + // 2. validate req OpaqueDatalength 0, expectation. ok + const OPAQUE_DATA_LENGTH_CASE1: usize = 0; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE1 + 64 + 32]; + u8_slice[2] = 0; + // RspSessionId + LittleEndian::write_u16(&mut u8_slice[4..6], 0xfffe); + // MutAuthRequested + u8_slice[6] = 3; + // SlotIDParam + u8_slice[7] = 0; + // OpaqueDataLength + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE1 as u16, + ); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 3. validate req OpaqueDatalength 256, expectation. ok + const OPAQUE_DATA_LENGTH_CASE2: usize = 256; + let u8_slice = &mut [0u8; 42 + 64 + OPAQUE_DATA_LENGTH_CASE2 + 64 + 32]; + u8_slice[2] = 0; + // RspSessionId + LittleEndian::write_u16(&mut u8_slice[4..6], 0xfffe); + // MutAuthRequested + u8_slice[6] = 0; + // SlotIDParam + u8_slice[7] = 0; + // OpaqueDataLength + LittleEndian::write_u16( + &mut u8_slice[(40 + 64)..(40 + 64 + 2)], + OPAQUE_DATA_LENGTH_CASE2 as u16, + ); + + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyExchangeResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); +} diff --git a/spdmlib/src/message/key_update.rs b/spdmlib/src/message/key_update.rs new file mode 100644 index 0000000..b93679e --- /dev/null +++ b/spdmlib/src/message/key_update.rs @@ -0,0 +1,177 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; + +enum_builder! { + @U8 + EnumName: SpdmKeyUpdateOperation; + EnumVal{ + SpdmUpdateSingleKey => 0x1, + SpdmUpdateAllKeys => 0x2, + SpdmVerifyNewKey => 0x3 + } +} +impl Default for SpdmKeyUpdateOperation { + fn default() -> SpdmKeyUpdateOperation { + SpdmKeyUpdateOperation::Unknown(0) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmKeyUpdateRequestPayload { + pub key_update_operation: SpdmKeyUpdateOperation, + pub tag: u8, +} + +impl SpdmCodec for SpdmKeyUpdateRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .key_update_operation + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .tag + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let key_update_operation = SpdmKeyUpdateOperation::read(r)?; // param1 + let tag = u8::read(r)?; // param2 + + match key_update_operation { + SpdmKeyUpdateOperation::SpdmUpdateSingleKey + | SpdmKeyUpdateOperation::SpdmUpdateAllKeys + | SpdmKeyUpdateOperation::SpdmVerifyNewKey => {} + _ => return None, + } + + Some(SpdmKeyUpdateRequestPayload { + key_update_operation, + tag, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmKeyUpdateResponsePayload { + pub key_update_operation: SpdmKeyUpdateOperation, + pub tag: u8, +} + +impl SpdmCodec for SpdmKeyUpdateResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .key_update_operation + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .tag + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let key_update_operation = SpdmKeyUpdateOperation::read(r)?; // param1 + let tag = u8::read(r)?; // param2 + + match key_update_operation { + SpdmKeyUpdateOperation::SpdmUpdateSingleKey + | SpdmKeyUpdateOperation::SpdmUpdateAllKeys + | SpdmKeyUpdateOperation::SpdmVerifyNewKey => {} + _ => return None, + } + + Some(SpdmKeyUpdateResponsePayload { + key_update_operation, + tag, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_key_update_request_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyUpdateRequestPayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + let key_request_payload = + SpdmKeyUpdateRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + key_request_payload.key_update_operation, + SpdmKeyUpdateOperation::SpdmUpdateAllKeys + ); + assert_eq!(key_request_payload.tag, 100); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_key_update_response_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyUpdateResponsePayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + let key_response_payload = + SpdmKeyUpdateResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + key_response_payload.key_update_operation, + SpdmKeyUpdateOperation::SpdmUpdateAllKeys + ); + assert_eq!(key_response_payload.tag, 100); + assert_eq!(0, reader.left()); + } +} + +#[cfg(test)] +#[path = "key_update_test.rs"] +mod key_update_test; diff --git a/spdmlib/src/message/key_update_test.rs b/spdmlib/src/message/key_update_test.rs new file mode 100644 index 0000000..f3b0a75 --- /dev/null +++ b/spdmlib/src/message/key_update_test.rs @@ -0,0 +1,66 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + message::SpdmRequestResponseCode, + protocol::SpdmVersion, +}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_key_update_struct() { + create_spdm_context!(context); + let context = &mut context; + + // 1. Validate KeyUpdate request length is 4. + let u8_slice = &mut [ + u8::from(SpdmVersion::SpdmVersion11), + SpdmRequestResponseCode::SpdmRequestKeyUpdate.get_u8(), + SpdmKeyUpdateOperation::SpdmUpdateSingleKey.get_u8(), + 0u8, + ]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyUpdateRequestPayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 2. Validate KEY_UPDATE_ACK response length is 4. + let u8_slice = &mut [ + u8::from(SpdmVersion::SpdmVersion11), + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck.get_u8(), + SpdmKeyUpdateOperation::SpdmUpdateSingleKey.get_u8(), + 0u8, + ]; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyUpdateResponsePayload::spdm_read(context, reader); + assert!(ret.is_some()); + assert_eq!(reader.left(), 0); + + // 3. Validate KEY_UPDATE operations equal to reserved value. Expactation, fail. + let u8_slice = &mut [ + u8::from(SpdmVersion::SpdmVersion11), + SpdmRequestResponseCode::SpdmRequestKeyUpdate.get_u8(), + SpdmKeyUpdateOperation::SpdmUpdateSingleKey.get_u8(), + 0u8, + ]; + u8_slice[2] = SpdmKeyUpdateOperation::SpdmVerifyNewKey.get_u8() + 1; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyUpdateRequestPayload::spdm_read(context, reader); + assert!(ret.is_none()); + + // 4. Validate KEY_UPDATE_ACK KEY_UPDATE operations equal to reserved value. Expectation, fail + let u8_slice = &mut [ + u8::from(SpdmVersion::SpdmVersion11), + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck.get_u8(), + SpdmKeyUpdateOperation::SpdmUpdateSingleKey.get_u8(), + 0u8, + ]; + u8_slice[2] = SpdmKeyUpdateOperation::SpdmVerifyNewKey.get_u8() + 1; + let reader = &mut Reader::init(&u8_slice[2..]); + let ret = SpdmKeyUpdateResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()); +} diff --git a/spdmlib/src/message/measurement.rs b/spdmlib/src/message/measurement.rs new file mode 100644 index 0000000..e53fe75 --- /dev/null +++ b/spdmlib/src/message/measurement.rs @@ -0,0 +1,446 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::opaque::SpdmOpaqueStruct; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{SpdmMeasurementRecordStructure, SpdmNonceStruct, SpdmSignatureStruct}; +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; + +use crate::common::SpdmMeasurementContentChanged; + +use super::SpdmVersion; + +pub const MEASUREMENT_RESPONDER_PARAM2_SLOT_ID_MASK: u8 = 0b0000_1111; +pub const MEASUREMENT_RESPONDER_PARAM2_CONTENT_CHANGED_MASK: u8 = 0b0011_0000; + +bitflags! { + #[derive(Default)] + pub struct SpdmMeasurementAttributes: u8 { + const SIGNATURE_REQUESTED = 0b00000001; + const RAW_BIT_STREAM_REQUESTED = 0b0000_0010; + } +} + +impl Codec for SpdmMeasurementAttributes { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + + SpdmMeasurementAttributes::from_bits(bits) + } +} + +enum_builder! { + @U8 + EnumName: SpdmMeasurementOperation; + EnumVal{ + SpdmMeasurementQueryTotalNumber => 0x0, + SpdmMeasurementRequestAll => 0xFF + } +} +impl Default for SpdmMeasurementOperation { + fn default() -> SpdmMeasurementOperation { + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetMeasurementsRequestPayload { + pub measurement_attributes: SpdmMeasurementAttributes, + pub measurement_operation: SpdmMeasurementOperation, + pub nonce: SpdmNonceStruct, + pub slot_id: u8, +} + +impl SpdmCodec for SpdmGetMeasurementsRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .measurement_attributes + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += self + .measurement_operation + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + if self + .measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + cnt += self + .nonce + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let measurement_attributes = SpdmMeasurementAttributes::read(r)?; // param1 + let measurement_operation = SpdmMeasurementOperation::read(r)?; // param2 + let nonce = + if measurement_attributes.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) { + SpdmNonceStruct::read(r)? + } else { + SpdmNonceStruct::default() + }; + let slot_id = + if measurement_attributes.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) { + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 { + u8::read(r)? + } else { + 0 + } + } else { + 0 + }; + + Some(SpdmGetMeasurementsRequestPayload { + measurement_attributes, + measurement_operation, + nonce, + slot_id, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmMeasurementsResponsePayload { + pub number_of_measurement: u8, + pub content_changed: SpdmMeasurementContentChanged, + pub slot_id: u8, + pub measurement_record: SpdmMeasurementRecordStructure, + pub nonce: SpdmNonceStruct, + pub opaque: SpdmOpaqueStruct, + pub signature: SpdmSignatureStruct, + pub measurement_operation: SpdmMeasurementOperation, +} + +impl SpdmCodec for SpdmMeasurementsResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + //When Param2 in the requested measurement operation is 0 , this + //parameter shall return the total number of measurement indices on + //the device. Otherwise, this field is reserved. + if self.measurement_operation == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber { + cnt += self + .number_of_measurement + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + cnt += 0_u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 + && context.runtime_info.need_measurement_signature + { + cnt += (self.slot_id | self.content_changed.bits()) + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + } else if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion11 + && context.runtime_info.need_measurement_signature + { + cnt += self + .slot_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param 2 + } else { + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param 2 + } + cnt += self.measurement_record.spdm_encode(context, bytes)?; + cnt += self + .nonce + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self.opaque.spdm_encode(context, bytes)?; + if context.runtime_info.need_measurement_signature { + cnt += self.signature.spdm_encode(context, bytes)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let number_of_measurement = u8::read(r)?; // param1 + let param2 = u8::read(r)?; // param2 + let slot_id = param2 & MEASUREMENT_RESPONDER_PARAM2_SLOT_ID_MASK; // Bit [3:0] + let content_changed = param2 & MEASUREMENT_RESPONDER_PARAM2_CONTENT_CHANGED_MASK; // Bit [5:4] + let content_changed = SpdmMeasurementContentChanged::from_bits(content_changed)?; + let measurement_record = SpdmMeasurementRecordStructure::spdm_read(context, r)?; + let nonce = SpdmNonceStruct::read(r)?; + let opaque = SpdmOpaqueStruct::spdm_read(context, r)?; + let signature = if context.runtime_info.need_measurement_signature { + SpdmSignatureStruct::spdm_read(context, r)? + } else { + SpdmSignatureStruct::default() + }; + Some(SpdmMeasurementsResponsePayload { + number_of_measurement, + content_changed, + slot_id, + measurement_record, + nonce, + opaque, + signature, + measurement_operation: SpdmMeasurementOperation::Unknown(0), + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::opaque::MAX_SPDM_OPAQUE_SIZE; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::config::{self, *}; + use crate::protocol::*; + use codec::u24; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_spdm_measuremente_attributes() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmMeasurementAttributes::SIGNATURE_REQUESTED; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmMeasurementAttributes::read(&mut reader).unwrap(), + SpdmMeasurementAttributes::SIGNATURE_REQUESTED + ); + assert_eq!(3, reader.left()); + } + #[test] + fn test_case0_spdm_get_measurements_request_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_NONCE_SIZE + 1]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + slot_id: 0x7, + }; + + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + SPDM_NONCE_SIZE + 1, reader.left()); + let get_measurements = + SpdmGetMeasurementsRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + get_measurements.measurement_attributes, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED + ); + assert_eq!( + get_measurements.measurement_operation, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + ); + assert_eq!(get_measurements.slot_id, 0x7); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(get_measurements.nonce.data[i], 100u8); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_get_measurements_request_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::empty(), + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + slot_id: 0x7, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + let get_measurements = + SpdmGetMeasurementsRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + get_measurements.measurement_attributes, + SpdmMeasurementAttributes::empty() + ); + assert_eq!( + get_measurements.measurement_operation, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + ); + assert_eq!(get_measurements.slot_id, 0); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(get_measurements.nonce.data[i], 0); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_measurements_response_payload() { + create_spdm_context!(context); + + let u8_slice = &mut [0u8; 6 + + 5 * (7 + SPDM_MAX_HASH_SIZE) + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE]; + let mut writer = Writer::init(u8_slice); + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_size: 3 + SHA512_DIGEST_SIZE as u16, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: SHA512_DIGEST_SIZE as u16, + value: [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN], + }, + }; + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut measurement_record_data_writer = Writer::init(&mut measurement_record_data); + for _i in 0..5 { + assert!(spdm_measurement_block_structure + .spdm_encode(&mut context, &mut measurement_record_data_writer) + .is_ok()); + spdm_measurement_block_structure.index += 1; + } + let value = SpdmMeasurementsResponsePayload { + number_of_measurement: 100u8, + slot_id: 7u8, + content_changed: SpdmMeasurementContentChanged::NOT_SUPPORTED, + measurement_record: SpdmMeasurementRecordStructure { + number_of_blocks: 5, + measurement_record_length: u24::new(measurement_record_data_writer.used() as u32), + measurement_record_data, + }, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + }; + + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + context.runtime_info.need_measurement_signature = true; + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + + assert_eq!( + 6 + 5 * (7 + SPDM_MAX_HASH_SIZE) + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE, + reader.left() + ); + let mut measurements_response = + SpdmMeasurementsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(measurements_response.number_of_measurement, 100); + assert_eq!(measurements_response.slot_id, 7); + assert_eq!( + measurements_response.content_changed, + SpdmMeasurementContentChanged::NOT_SUPPORTED + ); + + assert_eq!(measurements_response.measurement_record.number_of_blocks, 5); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(measurements_response.nonce.data[i], 100); + } + + assert_eq!( + measurements_response.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(measurements_response.opaque.data[i], 100); + } + + assert_eq!( + measurements_response.signature.data_size, + RSASSA_4096_KEY_SIZE as u16 + ); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(measurements_response.signature.data[i], 100); + } + assert_eq!(0, reader.left()); + + let u8_slice = &mut [0u8; 6 + + 5 * (7 + SPDM_MAX_HASH_SIZE) + + SPDM_NONCE_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE]; + let mut writer = Writer::init(u8_slice); + + context.runtime_info.need_measurement_signature = false; + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 6 + 5 * (7 + SPDM_MAX_HASH_SIZE) + SPDM_NONCE_SIZE + 2 + MAX_SPDM_OPAQUE_SIZE, + reader.left() + ); + measurements_response = + SpdmMeasurementsResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(measurements_response.signature.data_size, 0); + + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(measurements_response.nonce.data[i], 100); + } + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(measurements_response.signature.data[i], 0); + } + assert_eq!(0, reader.left()); + } +} + +#[cfg(test)] +#[path = "measurement_test.rs"] +mod measurement_test; diff --git a/spdmlib/src/message/measurement_test.rs b/spdmlib/src/message/measurement_test.rs new file mode 100644 index 0000000..3a5936b --- /dev/null +++ b/spdmlib/src/message/measurement_test.rs @@ -0,0 +1,65 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::{ + common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}, + config::MAX_SPDM_MEASUREMENT_RECORD_SIZE, +}; +use bit_field::BitField; +use byteorder::{ByteOrder, LittleEndian}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_measurement_struct() { + create_spdm_context!(context); + let context = &mut context; + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + // Validate SpdmMeasurementAttributes::SIGNATURE_REQUESTED length + let u8_slice = &mut [0u8; 4 + 32 + 1]; + let writer = &mut Writer::init(u8_slice); + let request = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + nonce: SpdmNonceStruct::default(), + slot_id: 1, + }; + assert!(request.spdm_encode(context, writer).is_ok()); + assert_eq!(writer.used(), 4 + 32 + 1 - 2); + + // Validate SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED length + let writer = &mut Writer::init(u8_slice); + let request = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + nonce: SpdmNonceStruct::default(), + slot_id: 1, + }; + assert!(request.spdm_encode(context, writer).is_ok()); + assert_eq!(writer.used(), 4 - 2); +} + +#[ignore = "Extend unit tests"] +#[test] +fn test_measurement_response() { + create_spdm_context!(context); + let context = &mut context; + // Validate responder measurement record length is beyond MAX_SPDM_MEASUREMENT_RECORD_SIZE. + let u8_slice = &mut [0u8; MAX_SPDM_MEASUREMENT_RECORD_SIZE + 200]; + u8_slice[3].set_bits(4..=5, 0b10); + u8_slice[3].set_bits(0..=3, 1); + u8_slice[4] = 0xfe; + LittleEndian::write_u24(&mut u8_slice[5..8], MAX_SPDM_MEASUREMENT_RECORD_SIZE as u32); + LittleEndian::write_u16( + &mut u8_slice + [(40 + MAX_SPDM_MEASUREMENT_RECORD_SIZE)..(42 + MAX_SPDM_MEASUREMENT_RECORD_SIZE)], + 1024, + ); + + let reader = &mut Reader::init(u8_slice); + let ret = SpdmMeasurementsResponsePayload::spdm_read(context, reader); + assert!(ret.is_none()) +} diff --git a/spdmlib/src/message/mod.rs b/spdmlib/src/message/mod.rs new file mode 100644 index 0000000..1d1e35c --- /dev/null +++ b/spdmlib/src/message/mod.rs @@ -0,0 +1,1689 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::{SpdmCodec, SpdmContext}; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::*; +use codec::enum_builder; +use codec::{Codec, Reader, Writer}; + +// SPDM 1.0 +pub mod algorithm; +pub mod capability; +pub mod certificate; +pub mod challenge; +pub mod digest; +#[cfg(feature = "mut-auth")] +pub mod encapsulated; +pub mod error; +pub mod measurement; +pub mod vendor; +pub mod version; +// SPDM 1.1 +pub mod end_session; +pub mod finish; +pub mod heartbeat; +pub mod key_exchange; +pub mod key_update; +pub mod psk_exchange; +pub mod psk_finish; +pub mod respond_if_ready; + +pub use algorithm::*; +pub use capability::*; +pub use certificate::*; +pub use challenge::*; +pub use digest::*; +#[cfg(feature = "mut-auth")] +pub use encapsulated::*; +pub use end_session::*; +pub use error::*; +pub use finish::*; +pub use heartbeat::*; +pub use key_exchange::*; +pub use key_update::*; +pub use measurement::*; +pub use psk_exchange::*; +pub use psk_finish::*; +pub use version::*; +// Add new SPDM command here. +pub use respond_if_ready::*; +pub use vendor::*; + +enum_builder! { + @U8 + EnumName: SpdmRequestResponseCode; + EnumVal{ + // 1.0 response + SpdmResponseDigests => 0x01, + SpdmResponseCertificate => 0x02, + SpdmResponseChallengeAuth => 0x03, + SpdmResponseVersion => 0x04, + SpdmResponseMeasurements => 0x60, + SpdmResponseCapabilities => 0x61, + SpdmResponseAlgorithms => 0x63, + SpdmResponseVendorDefinedResponse => 0x7E, + SpdmResponseError => 0x7F, + // 1.1 response + SpdmResponseKeyExchangeRsp => 0x64, + SpdmResponseFinishRsp => 0x65, + SpdmResponsePskExchangeRsp => 0x66, + SpdmResponsePskFinishRsp => 0x67, + SpdmResponseHeartbeatAck => 0x68, + SpdmResponseKeyUpdateAck => 0x69, + SpdmResponseEncapsulatedRequest => 0x6A, + SpdmResponseEncapsulatedResponseAck => 0x6B, + SpdmResponseEndSessionAck => 0x6C, + + // 1.0 rerquest + SpdmRequestGetDigests => 0x81, + SpdmRequestGetCertificate => 0x82, + SpdmRequestChallenge => 0x83, + SpdmRequestGetVersion => 0x84, + SpdmRequestGetMeasurements => 0xE0, + SpdmRequestGetCapabilities => 0xE1, + SpdmRequestNegotiateAlgorithms => 0xE3, + SpdmRequestVendorDefinedRequest => 0xFE, + SpdmRequestResponseIfReady => 0xFF, + // 1.1 request + SpdmRequestKeyExchange => 0xE4, + SpdmRequestFinish => 0xE5, + SpdmRequestPskExchange => 0xE6, + SpdmRequestPskFinish => 0xE7, + SpdmRequestHeartbeat => 0xE8, + SpdmRequestKeyUpdate => 0xE9, + SpdmRequestGetEncapsulatedRequest => 0xEA, + SpdmRequestDeliverEncapsulatedResponse => 0xEB, + SpdmRequestEndSession => 0xEC + } +} +impl Default for SpdmRequestResponseCode { + fn default() -> SpdmRequestResponseCode { + SpdmRequestResponseCode::Unknown(0) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmMessageHeader { + pub version: SpdmVersion, + pub request_response_code: SpdmRequestResponseCode, +} + +impl Codec for SpdmMessageHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.version.encode(bytes)?; + cnt += self.request_response_code.encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let version = SpdmVersion::read(r)?; + let request_response_code = SpdmRequestResponseCode::read(r)?; + Some(SpdmMessageHeader { + version, + request_response_code, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmMessageGeneralPayload { + pub param1: u8, + pub param2: u8, + //pub payload: [u8], +} + +impl Codec for SpdmMessageGeneralPayload { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.param1.encode(bytes)?; + cnt += self.param2.encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let param1 = u8::read(r)?; + let param2 = u8::read(r)?; + Some(SpdmMessageGeneralPayload { param1, param2 }) + } +} + +impl SpdmCodec for SpdmMessageGeneralPayload { + fn spdm_encode( + &self, + _context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read(_context: &mut SpdmContext, r: &mut Reader) -> Option { + let param1 = u8::read(r)?; // param1 + let param2 = u8::read(r)?; // param2 + + Some(SpdmMessageGeneralPayload { param1, param2 }) + } +} + +#[derive(Debug)] +pub struct SpdmMessage { + pub header: SpdmMessageHeader, + pub payload: SpdmMessagePayload, +} + +// +// we have to define big payload to hold the possible data from responder, +// such as, cert_chain, measurement_record, etc. +// +#[allow(clippy::large_enum_variant)] +#[derive(Debug)] +pub enum SpdmMessagePayload { + SpdmMessageGeneral(SpdmMessageGeneralPayload), + + SpdmGetVersionRequest(SpdmGetVersionRequestPayload), + SpdmVersionResponse(SpdmVersionResponsePayload), + + SpdmGetCapabilitiesRequest(SpdmGetCapabilitiesRequestPayload), + SpdmCapabilitiesResponse(SpdmCapabilitiesResponsePayload), + + SpdmNegotiateAlgorithmsRequest(SpdmNegotiateAlgorithmsRequestPayload), + SpdmAlgorithmsResponse(SpdmAlgorithmsResponsePayload), + + SpdmGetDigestsRequest(SpdmGetDigestsRequestPayload), + SpdmDigestsResponse(SpdmDigestsResponsePayload), + + SpdmGetCertificateRequest(SpdmGetCertificateRequestPayload), + SpdmCertificateResponse(SpdmCertificateResponsePayload), + + SpdmChallengeRequest(SpdmChallengeRequestPayload), + SpdmChallengeAuthResponse(SpdmChallengeAuthResponsePayload), + + SpdmGetMeasurementsRequest(SpdmGetMeasurementsRequestPayload), + SpdmMeasurementsResponse(SpdmMeasurementsResponsePayload), + + SpdmKeyExchangeRequest(SpdmKeyExchangeRequestPayload), + SpdmKeyExchangeResponse(SpdmKeyExchangeResponsePayload), + + SpdmFinishRequest(SpdmFinishRequestPayload), + SpdmFinishResponse(SpdmFinishResponsePayload), + + SpdmPskExchangeRequest(SpdmPskExchangeRequestPayload), + SpdmPskExchangeResponse(SpdmPskExchangeResponsePayload), + + #[cfg(feature = "mut-auth")] + SpdmGetEncapsulatedRequestPayload(SpdmGetEncapsulatedRequestPayload), + #[cfg(feature = "mut-auth")] + SpdmEncapsulatedRequestPayload(SpdmEncapsulatedRequestPayload), + #[cfg(feature = "mut-auth")] + SpdmDeliverEncapsulatedResponsePayload(SpdmDeliverEncapsulatedResponsePayload), + #[cfg(feature = "mut-auth")] + SpdmEncapsulatedResponseAckPayload(SpdmEncapsulatedResponseAckPayload), + + SpdmPskFinishRequest(SpdmPskFinishRequestPayload), + SpdmPskFinishResponse(SpdmPskFinishResponsePayload), + + SpdmHeartbeatRequest(SpdmHeartbeatRequestPayload), + SpdmHeartbeatResponse(SpdmHeartbeatResponsePayload), + + SpdmKeyUpdateRequest(SpdmKeyUpdateRequestPayload), + SpdmKeyUpdateResponse(SpdmKeyUpdateResponsePayload), + + SpdmEndSessionRequest(SpdmEndSessionRequestPayload), + SpdmEndSessionResponse(SpdmEndSessionResponsePayload), + + // Add new SPDM command here. + SpdmErrorResponse(SpdmErrorResponsePayload), + SpdmVendorDefinedRequest(SpdmVendorDefinedRequestPayload), + SpdmVendorDefinedResponse(SpdmVendorDefinedResponsePayload), +} + +impl SpdmMessage { + pub fn read_with_detailed_error( + context: &mut SpdmContext, + r: &mut Reader, + ) -> Option { + let header = SpdmMessageHeader::read(r)?; + + let payload = match header.request_response_code { + SpdmRequestResponseCode::SpdmResponseVersion => { + Some(SpdmMessagePayload::SpdmVersionResponse( + SpdmVersionResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestGetVersion => { + Some(SpdmMessagePayload::SpdmGetVersionRequest( + SpdmGetVersionRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseCapabilities => { + Some(SpdmMessagePayload::SpdmCapabilitiesResponse( + SpdmCapabilitiesResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestGetCapabilities => { + Some(SpdmMessagePayload::SpdmGetCapabilitiesRequest( + SpdmGetCapabilitiesRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseAlgorithms => { + Some(SpdmMessagePayload::SpdmAlgorithmsResponse( + SpdmAlgorithmsResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms => { + Some(SpdmMessagePayload::SpdmNegotiateAlgorithmsRequest( + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseDigests => { + Some(SpdmMessagePayload::SpdmDigestsResponse( + SpdmDigestsResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestGetDigests => { + Some(SpdmMessagePayload::SpdmGetDigestsRequest( + SpdmGetDigestsRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseCertificate => { + Some(SpdmMessagePayload::SpdmCertificateResponse( + SpdmCertificateResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestGetCertificate => { + Some(SpdmMessagePayload::SpdmGetCertificateRequest( + SpdmGetCertificateRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseChallengeAuth => { + Some(SpdmMessagePayload::SpdmChallengeAuthResponse( + SpdmChallengeAuthResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestChallenge => { + Some(SpdmMessagePayload::SpdmChallengeRequest( + SpdmChallengeRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseMeasurements => { + Some(SpdmMessagePayload::SpdmMeasurementsResponse( + SpdmMeasurementsResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestGetMeasurements => { + Some(SpdmMessagePayload::SpdmGetMeasurementsRequest( + SpdmGetMeasurementsRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseKeyExchangeRsp => { + Some(SpdmMessagePayload::SpdmKeyExchangeResponse( + SpdmKeyExchangeResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestKeyExchange => { + Some(SpdmMessagePayload::SpdmKeyExchangeRequest( + SpdmKeyExchangeRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseFinishRsp => { + Some(SpdmMessagePayload::SpdmFinishResponse( + SpdmFinishResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestFinish => { + Some(SpdmMessagePayload::SpdmFinishRequest( + SpdmFinishRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponsePskExchangeRsp => { + Some(SpdmMessagePayload::SpdmPskExchangeResponse( + SpdmPskExchangeResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestPskExchange => { + Some(SpdmMessagePayload::SpdmPskExchangeRequest( + SpdmPskExchangeRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponsePskFinishRsp => { + Some(SpdmMessagePayload::SpdmPskFinishResponse( + SpdmPskFinishResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestPskFinish => { + Some(SpdmMessagePayload::SpdmPskFinishRequest( + SpdmPskFinishRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseHeartbeatAck => { + Some(SpdmMessagePayload::SpdmHeartbeatResponse( + SpdmHeartbeatResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestHeartbeat => { + Some(SpdmMessagePayload::SpdmHeartbeatRequest( + SpdmHeartbeatRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck => { + Some(SpdmMessagePayload::SpdmKeyUpdateResponse( + SpdmKeyUpdateResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestKeyUpdate => { + Some(SpdmMessagePayload::SpdmKeyUpdateRequest( + SpdmKeyUpdateRequestPayload::spdm_read(context, r)?, + )) + } + + SpdmRequestResponseCode::SpdmResponseEndSessionAck => { + Some(SpdmMessagePayload::SpdmEndSessionResponse( + SpdmEndSessionResponsePayload::spdm_read(context, r)?, + )) + } + SpdmRequestResponseCode::SpdmRequestEndSession => { + Some(SpdmMessagePayload::SpdmEndSessionRequest( + SpdmEndSessionRequestPayload::spdm_read(context, r)?, + )) + } + + // Add new SPDM command here. + SpdmRequestResponseCode::SpdmResponseError => { + Some(SpdmMessagePayload::SpdmErrorResponse( + SpdmErrorResponsePayload::spdm_read(context, r)?, + )) + } + + _ => None, + }?; + + Some(SpdmMessage { header, payload }) + } +} + +impl SpdmCodec for SpdmMessage { + fn spdm_encode( + &self, + context: &mut SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .header + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + match &self.payload { + SpdmMessagePayload::SpdmMessageGeneral(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmGetVersionRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmVersionResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmGetCapabilitiesRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmCapabilitiesResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmNegotiateAlgorithmsRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmAlgorithmsResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmGetDigestsRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmDigestsResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmGetCertificateRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmCertificateResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmChallengeRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmChallengeAuthResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmGetMeasurementsRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmMeasurementsResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmKeyExchangeRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmKeyExchangeResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmFinishRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmFinishResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmPskExchangeRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmPskExchangeResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmPskFinishRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmPskFinishResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmEndSessionRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmEndSessionResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmHeartbeatRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmHeartbeatResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + SpdmMessagePayload::SpdmKeyUpdateRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmKeyUpdateResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + #[cfg(feature = "mut-auth")] + SpdmMessagePayload::SpdmGetEncapsulatedRequestPayload(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + #[cfg(feature = "mut-auth")] + SpdmMessagePayload::SpdmEncapsulatedRequestPayload(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + #[cfg(feature = "mut-auth")] + SpdmMessagePayload::SpdmDeliverEncapsulatedResponsePayload(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + #[cfg(feature = "mut-auth")] + SpdmMessagePayload::SpdmEncapsulatedResponseAckPayload(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + + // Add new SPDM command here. + SpdmMessagePayload::SpdmErrorResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmVendorDefinedRequest(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + SpdmMessagePayload::SpdmVendorDefinedResponse(payload) => { + cnt += payload.spdm_encode(context, bytes)?; + } + } + Ok(cnt) + } + + fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option { + SpdmMessage::read_with_detailed_error(context, r) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::opaque::MAX_SPDM_OPAQUE_SIZE; + use crate::common::SpdmMeasurementContentChanged; + use crate::common::{ + SpdmConfigInfo, SpdmContext, SpdmOpaqueStruct, SpdmOpaqueSupport, SpdmProvisionInfo, + }; + use crate::config::{self, *}; + use codec::u24; + use testlib::{create_spdm_context, new_spdm_message, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_message_header() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + let spdm_message_header = SpdmMessageHeader::read(&mut reader).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + } + + #[test] + fn test_case0_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseVersion, + }, + payload: SpdmMessagePayload::SpdmVersionResponse(SpdmVersionResponsePayload { + version_number_entry_count: 0x02, + versions: gen_array_clone( + SpdmVersionStruct { + update: 100, + version: SpdmVersion::SpdmVersion11, + }, + MAX_SPDM_VERSION_COUNT, + ), + }), + }; + + create_spdm_context!(context); + + let spdm_message = new_spdm_message(value, context); + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseVersion + ); + if let SpdmMessagePayload::SpdmVersionResponse(payload) = &spdm_message.payload { + assert_eq!(payload.version_number_entry_count, 0x02); + for i in 0..2 { + assert_eq!(payload.versions[i].update, 100); + assert_eq!(payload.versions[i].version, SpdmVersion::SpdmVersion11); + } + } + } + #[test] + fn test_case1_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCapabilities, + }, + payload: SpdmMessagePayload::SpdmGetCapabilitiesRequest( + SpdmGetCapabilitiesRequestPayload { + ct_exponent: 0x02, + flags: SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }, + ), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCapabilities + ); + if let SpdmMessagePayload::SpdmGetCapabilitiesRequest(payload) = &spdm_message.payload { + assert_eq!(payload.ct_exponent, 0x02); + assert_eq!( + payload.flags, + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP + ); + } + } + #[test] + fn test_case2_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseCapabilities, + }, + payload: SpdmMessagePayload::SpdmCapabilitiesResponse( + SpdmCapabilitiesResponsePayload { + ct_exponent: 0x03, + flags: SpdmResponseCapabilityFlags::CACHE_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }, + ), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCapabilities + ); + if let SpdmMessagePayload::SpdmCapabilitiesResponse(payload) = &spdm_message.payload { + assert_eq!(payload.ct_exponent, 0x03); + assert_eq!(payload.flags, SpdmResponseCapabilityFlags::CACHE_CAP); + } + } + #[test] + fn test_case3_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + }, + payload: SpdmMessagePayload::SpdmNegotiateAlgorithmsRequest( + SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: SpdmMeasurementSpecification::DMTF, + other_params_support: SpdmOpaqueSupport::empty(), + base_asym_algo: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ), + }, + ], + }, + ), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms + ); + if let SpdmMessagePayload::SpdmNegotiateAlgorithmsRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_specification, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + payload.base_asym_algo, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + ); + assert_eq!(payload.base_hash_algo, SpdmBaseHashAlgo::TPM_ALG_SHA_256); + assert_eq!(payload.alg_struct_count, 4); + assert_eq!(payload.alg_struct[0].alg_type, SpdmAlgType::SpdmAlgTypeDHE); + assert_eq!( + payload.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + assert_eq!(payload.alg_struct[1].alg_type, SpdmAlgType::SpdmAlgTypeAEAD); + assert_eq!( + payload.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM) + ); + assert_eq!( + payload.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + payload.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256,) + ); + assert_eq!( + payload.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + payload.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,) + ); + } + } + #[test] + fn test_case4_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseAlgorithms, + }, + payload: SpdmMessagePayload::SpdmAlgorithmsResponse(SpdmAlgorithmsResponsePayload { + measurement_specification_sel: SpdmMeasurementSpecification::DMTF, + other_params_selection: SpdmOpaqueSupport::empty(), + measurement_hash_algo: SpdmMeasurementHashAlgo::RAW_BIT_STREAM, + base_asym_sel: SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + base_hash_sel: SpdmBaseHashAlgo::TPM_ALG_SHA_256, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ), + }, + ], + }), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + context.config_info.measurement_specification = SpdmMeasurementSpecification::DMTF; + context.config_info.measurement_hash_algo = SpdmMeasurementHashAlgo::RAW_BIT_STREAM; + context.config_info.base_asym_algo = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048; + context.config_info.base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseAlgorithms + ); + if let SpdmMessagePayload::SpdmAlgorithmsResponse(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_specification_sel, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + payload.measurement_hash_algo, + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + ); + assert_eq!(payload.base_asym_sel, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048); + assert_eq!(payload.base_hash_sel, SpdmBaseHashAlgo::TPM_ALG_SHA_256); + assert_eq!(payload.alg_struct_count, 4); + assert_eq!(payload.alg_struct[0].alg_type, SpdmAlgType::SpdmAlgTypeDHE); + assert_eq!( + payload.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + assert_eq!(payload.alg_struct[1].alg_type, SpdmAlgType::SpdmAlgTypeAEAD); + assert_eq!( + payload.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM) + ); + assert_eq!( + payload.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + payload.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256,) + ); + assert_eq!( + payload.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + payload.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,) + ); + } + } + #[test] + fn test_case5_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseCertificate, + }, + payload: SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: 100, + portion_length: MAX_SPDM_CERT_PORTION_LEN as u16, + remainder_length: 100, + cert_chain: [100u8; MAX_SPDM_CERT_PORTION_LEN], + }), + }; + create_spdm_context!(context); + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCertificate + ); + if let SpdmMessagePayload::SpdmCertificateResponse(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 100); + assert_eq!(payload.portion_length, MAX_SPDM_CERT_PORTION_LEN as u16); + assert_eq!(payload.remainder_length, 100); + for i in 0..MAX_SPDM_CERT_PORTION_LEN { + assert_eq!(payload.cert_chain[i], 100u8); + } + } + } + #[test] + fn test_case6_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }, + payload: SpdmMessagePayload::SpdmChallengeRequest(SpdmChallengeRequestPayload { + slot_id: 100, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + }), + }; + + create_spdm_context!(context); + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + if let SpdmMessagePayload::SpdmChallengeRequest(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 100); + assert_eq!( + payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(payload.nonce.data[i], 100u8); + } + } + } + #[test] + fn test_case7_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseChallengeAuth, + }, + payload: SpdmMessagePayload::SpdmChallengeAuthResponse( + SpdmChallengeAuthResponsePayload { + slot_id: 0x0f, + slot_mask: 100, + challenge_auth_attribute: SpdmChallengeAuthAttribute::BASIC_MUT_AUTH_REQ, + cert_chain_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0xAAu8; SPDM_MAX_HASH_SIZE]), + }, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x55u8; SPDM_MAX_HASH_SIZE]), + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [0xAAu8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0x55u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + }, + ), + }; + create_spdm_context!(context); + + context.runtime_info.need_measurement_summary_hash = true; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseChallengeAuth + ); + if let SpdmMessagePayload::SpdmChallengeAuthResponse(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 0x0f); + assert_eq!(payload.slot_mask, 100); + assert_eq!( + payload.challenge_auth_attribute, + SpdmChallengeAuthAttribute::BASIC_MUT_AUTH_REQ + ); + assert_eq!(payload.cert_chain_hash.data_size, SHA512_DIGEST_SIZE as u16); + assert_eq!( + payload.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!(payload.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + assert_eq!(payload.signature.data_size, RSASSA_4096_KEY_SIZE as u16); + + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.cert_chain_hash.data[i], 0xAAu8); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(payload.opaque.data[i], 0xAAu8); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.measurement_summary_hash.data[i], 0x55u8); + } + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(payload.nonce.data[i], 100u8); + } + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(payload.signature.data[i], 0x55u8); + } + } + } + #[test] + fn test_case8_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetMeasurements, + }, + payload: SpdmMessagePayload::SpdmGetMeasurementsRequest( + SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation: + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + slot_id: 0x7, + }, + ), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetMeasurements + ); + if let SpdmMessagePayload::SpdmGetMeasurementsRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_attributes, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED + ); + assert_eq!( + payload.measurement_operation, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + ); + assert_eq!(payload.slot_id, 0x7); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(payload.nonce.data[i], 100u8); + } + } + } + #[test] + fn test_case9_spdm_message() { + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_size: 3 + SHA512_DIGEST_SIZE as u16, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: SHA512_DIGEST_SIZE as u16, + value: [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN], + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + for _i in 0..5 { + assert!(spdm_measurement_block_structure.encode(&mut writer).is_ok()); + spdm_measurement_block_structure.index += 1; + } + + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseMeasurements, + }, + payload: SpdmMessagePayload::SpdmMeasurementsResponse( + SpdmMeasurementsResponsePayload { + number_of_measurement: 100u8, + slot_id: 7u8, + content_changed: SpdmMeasurementContentChanged::NOT_SUPPORTED, + measurement_record: SpdmMeasurementRecordStructure { + number_of_blocks: 5, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + measurement_operation: + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + }, + ), + }; + create_spdm_context!(context); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + context.runtime_info.need_measurement_signature = true; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseMeasurements + ); + if let SpdmMessagePayload::SpdmMeasurementsResponse(payload) = &spdm_message.payload { + assert_eq!(payload.number_of_measurement, 100); + assert_eq!(payload.slot_id, 7); + assert_eq!( + payload.content_changed, + SpdmMeasurementContentChanged::NOT_SUPPORTED + ); + assert_eq!(payload.measurement_record.number_of_blocks, 5); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(payload.nonce.data[i], 100); + } + assert_eq!(payload.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(payload.opaque.data[i], 100); + } + assert_eq!(payload.signature.data_size, RSASSA_4096_KEY_SIZE as u16); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(payload.signature.data[i], 100); + } + } + } + #[test] + fn test_case10_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestKeyExchange, + }, + payload: SpdmMessagePayload::SpdmKeyExchangeRequest(SpdmKeyExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + slot_id: 100u8, + req_session_id: 100u16, + session_policy: 1, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct { + data_size: SPDM_MAX_DHE_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_DHE_KEY_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + }), + }; + create_spdm_context!(context); + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestKeyExchange + ); + if let SpdmMessagePayload::SpdmKeyExchangeRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + assert_eq!(payload.slot_id, 100); + for i in 0..SPDM_RANDOM_SIZE { + assert_eq!(payload.random.data[i], 100); + } + assert_eq!( + payload.exchange.data_size, + ECDSA_ECC_NIST_P384_KEY_SIZE as u16 + ); + for i in 0..ECDSA_ECC_NIST_P384_KEY_SIZE { + assert_eq!(payload.exchange.data[i], 100); + } + assert_eq!(payload.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(payload.opaque.data[i], 100); + } + } + } + #[test] + fn test_case12_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestFinish, + }, + payload: SpdmMessagePayload::SpdmFinishRequest(SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::SIGNATURE_INCLUDED, + req_slot_id: 100, + signature: SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestFinish + ); + if let SpdmMessagePayload::SpdmFinishRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.finish_request_attributes, + SpdmFinishRequestAttributes::SIGNATURE_INCLUDED + ); + assert_eq!(payload.req_slot_id, 100); + assert_eq!(payload.signature.data_size, RSASSA_4096_KEY_SIZE as u16); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(payload.signature.data[i], 0xa5u8); + } + assert_eq!(payload.verify_data.data_size, SHA512_DIGEST_SIZE as u16); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.verify_data.data[i], 0x5au8); + } + } + } + #[test] + fn test_case13_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseFinishRsp, + }, + payload: SpdmMessagePayload::SpdmFinishResponse(SpdmFinishResponsePayload { + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseFinishRsp + ); + if let SpdmMessagePayload::SpdmFinishResponse(payload) = &spdm_message.payload { + assert_eq!(payload.verify_data.data_size, SHA512_DIGEST_SIZE as u16); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.verify_data.data[i], 100u8); + } + } + } + #[test] + fn test_case114_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestPskExchange, + }, + payload: SpdmMessagePayload::SpdmPskExchangeRequest(SpdmPskExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + req_session_id: 100u16, + psk_hint: SpdmPskHintStruct { + data_size: MAX_SPDM_PSK_HINT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_HINT_SIZE], + }, + psk_context: SpdmPskContextStruct { + data_size: MAX_SPDM_PSK_CONTEXT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + }), + }; + create_spdm_context!(context); + + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestPskExchange + ); + if let SpdmMessagePayload::SpdmPskExchangeRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + assert_eq!(payload.psk_hint.data_size, MAX_SPDM_PSK_HINT_SIZE as u16); + assert_eq!( + payload.psk_context.data_size, + MAX_SPDM_PSK_CONTEXT_SIZE as u16 + ); + assert_eq!(payload.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + for i in 0..MAX_SPDM_PSK_HINT_SIZE { + assert_eq!(payload.psk_hint.data[i], 100); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(payload.psk_context.data[i], 100); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(payload.opaque.data[i], 100); + } + } + + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponsePskExchangeRsp, + }, + payload: SpdmMessagePayload::SpdmPskExchangeResponse(SpdmPskExchangeResponsePayload { + heartbeat_period: 0xaau8, + rsp_session_id: 0xaa55u16, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + psk_context: SpdmPskContextStruct { + data_size: MAX_SPDM_PSK_CONTEXT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.runtime_info.need_measurement_summary_hash = true; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponsePskExchangeRsp + ); + if let SpdmMessagePayload::SpdmPskExchangeResponse(payload) = &spdm_message.payload { + assert_eq!(payload.heartbeat_period, 0xaau8); + assert_eq!(payload.rsp_session_id, 0xaa55u16); + + assert_eq!( + payload.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + payload.psk_context.data_size, + MAX_SPDM_PSK_CONTEXT_SIZE as u16 + ); + assert_eq!(payload.opaque.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + assert_eq!(payload.verify_data.data_size, SHA512_DIGEST_SIZE as u16); + + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.measurement_summary_hash.data[i], 100); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(payload.psk_context.data[i], 100); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(payload.opaque.data[i], 100); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.verify_data.data[i], 100u8); + } + } + } + #[test] + fn test_case15_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestPskFinish, + }, + payload: SpdmMessagePayload::SpdmPskFinishRequest(SpdmPskFinishRequestPayload { + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestPskFinish + ); + if let SpdmMessagePayload::SpdmPskFinishRequest(payload) = &spdm_message.payload { + assert_eq!(payload.verify_data.data_size, SHA512_DIGEST_SIZE as u16); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(payload.verify_data.data[i], 100u8); + } + } + } + #[test] + fn test_case17_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestKeyUpdate, + }, + payload: SpdmMessagePayload::SpdmKeyUpdateRequest(SpdmKeyUpdateRequestPayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + if let SpdmMessagePayload::SpdmKeyUpdateRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.key_update_operation, + SpdmKeyUpdateOperation::SpdmUpdateAllKeys + ); + assert_eq!(payload.tag, 100); + } + + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseKeyUpdateAck, + }, + payload: SpdmMessagePayload::SpdmKeyUpdateResponse(SpdmKeyUpdateResponsePayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck + ); + if let SpdmMessagePayload::SpdmKeyUpdateResponse(payload) = &spdm_message.payload { + assert_eq!( + payload.key_update_operation, + SpdmKeyUpdateOperation::SpdmUpdateAllKeys + ); + assert_eq!(payload.tag, 100); + } + } + #[test] + fn test_case18_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestEndSession, + }, + payload: SpdmMessagePayload::SpdmEndSessionRequest(SpdmEndSessionRequestPayload { + end_session_request_attributes: + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE, + }), + }; + create_spdm_context!(context); + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestEndSession + ); + if let SpdmMessagePayload::SpdmEndSessionRequest(payload) = &spdm_message.payload { + assert_eq!( + payload.end_session_request_attributes, + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE + ); + } + } + #[test] + fn test_case19_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseError, + }, + payload: SpdmMessagePayload::SpdmErrorResponse(SpdmErrorResponsePayload { + error_code: SpdmErrorCode::SpdmErrorResponseNotReady, + error_data: 100, + extended_data: SpdmErrorResponseExtData::SpdmErrorExtDataNotReady( + SpdmErrorResponseNotReadyExtData { + rdt_exponent: 100, + request_code: 100, + token: 100, + rdtm: 100, + }, + ), + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseError + ); + if let SpdmMessagePayload::SpdmErrorResponse(payload) = &spdm_message.payload { + assert_eq!(payload.error_code, SpdmErrorCode::SpdmErrorResponseNotReady); + assert_eq!(payload.error_data, 100); + if let SpdmErrorResponseExtData::SpdmErrorExtDataNotReady(extended_data) = + &payload.extended_data + { + assert_eq!(extended_data.rdt_exponent, 100); + assert_eq!(extended_data.request_code, 100); + assert_eq!(extended_data.token, 100); + assert_eq!(extended_data.rdtm, 100); + } + } + } + #[test] + fn test_case20_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetVersion, + }, + payload: SpdmMessagePayload::SpdmGetVersionRequest(SpdmGetVersionRequestPayload {}), + }; + + create_spdm_context!(context); + new_spdm_message(value, context); + } + #[test] + fn test_case21_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }, + payload: SpdmMessagePayload::SpdmGetDigestsRequest(SpdmGetDigestsRequestPayload {}), + }; + + create_spdm_context!(context); + new_spdm_message(value, context); + } + #[test] + fn test_case22_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }, + payload: SpdmMessagePayload::SpdmGetCertificateRequest( + SpdmGetCertificateRequestPayload { + slot_id: 100, + offset: 100, + length: 100, + }, + ), + }; + + create_spdm_context!(context); + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCertificate + ); + if let SpdmMessagePayload::SpdmGetCertificateRequest(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 100); + assert_eq!(payload.offset, 100); + assert_eq!(payload.length, 100); + } + } + #[test] + fn test_case23_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponsePskFinishRsp, + }, + payload: SpdmMessagePayload::SpdmPskFinishResponse(SpdmPskFinishResponsePayload {}), + }; + create_spdm_context!(context); + new_spdm_message(value, context); + } + #[test] + fn test_case24_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestHeartbeat, + }, + payload: SpdmMessagePayload::SpdmHeartbeatRequest(SpdmHeartbeatRequestPayload {}), + }; + create_spdm_context!(context); + new_spdm_message(value, context); + } + #[test] + fn test_case25_spdm_message() { + let _value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseEndSessionAck, + }, + payload: SpdmMessagePayload::SpdmEndSessionResponse(SpdmEndSessionResponsePayload {}), + }; + create_spdm_context!(context); + } + #[test] + fn test_case26_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::Unknown(0), + }, + payload: SpdmMessagePayload::SpdmEndSessionResponse(SpdmEndSessionResponsePayload {}), + }; + create_spdm_context!(context); + let u8_slice = &mut [0u8; 1000]; + let mut writer = Writer::init(u8_slice); + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + let spdm_message = SpdmMessage::spdm_read(&mut context, &mut reader); + assert_eq!(spdm_message.is_none(), true); + } + + #[test] + fn test_case27_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseDigests, + }, + payload: SpdmMessagePayload::SpdmDigestsResponse(SpdmDigestsResponsePayload { + slot_mask: 0b11111111, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }), + }; + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + let spdm_message = new_spdm_message(value, context); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseDigests + ); + if let SpdmMessagePayload::SpdmDigestsResponse(payload) = &spdm_message.payload { + assert_eq!(payload.slot_mask, 0b11111111); + assert_eq!(payload.digests[1].data_size, SHA512_DIGEST_SIZE as u16); + assert_eq!(payload.digests[1].data[1], 100u8); + } + } + #[test] + fn test_case28_spdm_message() { + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseHeartbeatAck, + }, + payload: SpdmMessagePayload::SpdmHeartbeatResponse(SpdmHeartbeatResponsePayload {}), + }; + create_spdm_context!(context); + new_spdm_message(value, context); + } +} diff --git a/spdmlib/src/message/mod_test.common.inc.rs b/spdmlib/src/message/mod_test.common.inc.rs new file mode 100644 index 0000000..ffe8d58 --- /dev/null +++ b/spdmlib/src/message/mod_test.common.inc.rs @@ -0,0 +1,110 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::{SpdmCodec, SpdmContext, SpdmDeviceIo, SpdmTransportEncap}; +use crate::config::MAX_SPDM_MSG_SIZE; +use crate::message::SpdmMessage; +use codec::{Reader, Writer}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[allow(unused, unused_mut)] +macro_rules! create_spdm_context { + ($context_name: ident) => { + let transport_encap = TransportEncap {}; + let transport_encap: alloc::sync::Arc< + spin::Mutex, + > = alloc::sync::Arc::new(spin::Mutex::new(transport_encap)); + let device_io = DeviceIO {}; + let device_io: alloc::sync::Arc< + spin::Mutex, + > = alloc::sync::Arc::new(spin::Mutex::new(device_io)); + let config_info = SpdmConfigInfo::default(); + let provision_info = SpdmProvisionInfo::default(); + #[allow(unused, unused_mut)] + let mut $context_name = + SpdmContext::new(device_io, transport_encap, config_info, provision_info); + }; +} + +#[allow(unused)] +pub fn new_spdm_message(value: SpdmMessage, mut context: SpdmContext) -> SpdmMessage { + let u8_slice = &mut [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(u8_slice); + value.spdm_encode(&mut context, &mut writer); + let mut reader = Reader::init(u8_slice); + let spdm_message: SpdmMessage = SpdmMessage::spdm_read(&mut context, &mut reader).unwrap(); + spdm_message +} + +#[allow(unused)] +pub(crate) use create_spdm_context; + +pub struct DeviceIO; +pub struct TransportEncap; + +#[maybe_async::maybe_async] +impl SpdmDeviceIo for DeviceIO { + async fn send(&mut self, _buffer: Arc<&[u8]>) -> crate::error::SpdmResult { + unimplemented!() + } + + async fn receive( + &mut self, + _buffer: Arc>, + _timeoutt: usize, + ) -> Result { + unimplemented!() + } + + async fn flush_all(&mut self) -> crate::error::SpdmResult { + unimplemented!() + } +} + +#[maybe_async::maybe_async] +impl SpdmTransportEncap for TransportEncap { + async fn encap( + &mut self, + _spdm_buffer: Arc<&[u8]>, + _transport_buffer: Arc>, + _secured_messagesage: bool, + ) -> crate::error::SpdmResult { + unimplemented!() + } + + async fn decap( + &mut self, + _transport_buffer: Arc<&[u8]>, + _spdm_buffer: Arc>, + ) -> crate::error::SpdmResult<(usize, bool)> { + unimplemented!() + } + + async fn encap_app( + &mut self, + _spdm_buffer: Arc<&[u8]>, + _app_buffer: Arc>, + _is_app_messagesage: bool, + ) -> crate::error::SpdmResult { + unimplemented!() + } + + async fn decap_app( + &mut self, + _app_buffer: Arc<&[u8]>, + _spdm_buffer: Arc>, + ) -> crate::error::SpdmResult<(usize, bool)> { + unimplemented!() + } + + fn get_sequence_number_count(&mut self) -> u8 { + unimplemented!() + } + + fn get_max_random_count(&mut self) -> u16 { + unimplemented!() + } +} diff --git a/spdmlib/src/message/psk_exchange.rs b/spdmlib/src/message/psk_exchange.rs new file mode 100644 index 0000000..bcaa6dd --- /dev/null +++ b/spdmlib/src/message/psk_exchange.rs @@ -0,0 +1,566 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::opaque::{SpdmOpaqueStruct, MAX_SPDM_OPAQUE_SIZE}; +use crate::common::spdm_codec::SpdmCodec; +use crate::config::{MAX_SPDM_PSK_CONTEXT_SIZE, MAX_SPDM_PSK_HINT_SIZE}; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{ + SpdmDigestStruct, SpdmMeasurementSummaryHashType, SpdmPskContextStruct, SpdmPskHintStruct, + SpdmResponseCapabilityFlags, +}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmPskExchangeRequestPayload { + pub measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + pub req_session_id: u16, + pub psk_hint: SpdmPskHintStruct, + pub psk_context: SpdmPskContextStruct, + pub opaque: SpdmOpaqueStruct, +} + +impl SpdmCodec for SpdmPskExchangeRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .measurement_summary_hash_type + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .req_session_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + cnt += self + .psk_hint + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .psk_context + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .opaque + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + for d in self + .psk_hint + .data + .iter() + .take(self.psk_hint.data_size as usize) + { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + for d in self + .psk_context + .data + .iter() + .take(self.psk_context.data_size as usize) + { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + for d in self.opaque.data.iter().take(self.opaque.data_size as usize) { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let measurement_summary_hash_type = SpdmMeasurementSummaryHashType::read(r)?; // param1 + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => {} + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll + | SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + if !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_SIG) + && !context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MEAS_CAP_NO_SIG) + { + return None; + } + } + SpdmMeasurementSummaryHashType::Unknown(_) => return None, + } + u8::read(r)?; // param2 + let req_session_id = u16::read(r)?; + + let mut psk_hint = SpdmPskHintStruct::default(); + let mut psk_context = SpdmPskContextStruct::default(); + let mut opaque = SpdmOpaqueStruct::default(); + + psk_hint.data_size = u16::read(r)?; + if psk_hint.data_size > MAX_SPDM_PSK_HINT_SIZE as u16 { + return None; + } + psk_context.data_size = u16::read(r)?; + if psk_context.data_size > MAX_SPDM_PSK_CONTEXT_SIZE as u16 { + return None; + } + opaque.data_size = u16::read(r)?; + if opaque.data_size > MAX_SPDM_OPAQUE_SIZE as u16 { + return None; + } + + for d in psk_hint.data.iter_mut().take(psk_hint.data_size as usize) { + *d = u8::read(r)?; + } + for d in psk_context + .data + .iter_mut() + .take(psk_context.data_size as usize) + { + *d = u8::read(r)?; + } + for d in opaque.data.iter_mut().take(opaque.data_size as usize) { + *d = u8::read(r)?; + } + + Some(SpdmPskExchangeRequestPayload { + measurement_summary_hash_type, + req_session_id, + psk_hint, + psk_context, + opaque, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmPskExchangeResponsePayload { + pub heartbeat_period: u8, + pub rsp_session_id: u16, + pub measurement_summary_hash: SpdmDigestStruct, + pub psk_context: SpdmPskContextStruct, + pub opaque: SpdmOpaqueStruct, + pub verify_data: SpdmDigestStruct, +} + +impl SpdmCodec for SpdmPskExchangeResponsePayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += self + .heartbeat_period + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .rsp_session_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + let psk_without_context = context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT); + if psk_without_context { + cnt += 0u16.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } else { + cnt += self + .psk_context + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + cnt += self + .opaque + .data_size + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if context.runtime_info.need_measurement_summary_hash { + cnt += self.measurement_summary_hash.spdm_encode(context, bytes)?; + } + if !psk_without_context { + for d in self + .psk_context + .data + .iter() + .take(self.psk_context.data_size as usize) + { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + } + for d in self.opaque.data.iter().take(self.opaque.data_size as usize) { + cnt += d.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + cnt += self.verify_data.spdm_encode(context, bytes)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + let heartbeat_period = u8::read(r)?; // param1 + u8::read(r)?; // param2 + + let rsp_session_id = u16::read(r)?; // reserved + u16::read(r)?; + + let mut psk_context = SpdmPskContextStruct::default(); + let mut opaque = SpdmOpaqueStruct::default(); + + psk_context.data_size = u16::read(r)?; + let psk_without_context = context + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT); + if (psk_without_context && (psk_context.data_size != 0)) + || (!psk_without_context && (psk_context.data_size == 0)) + { + return None; + } + if psk_context.data_size > MAX_SPDM_PSK_CONTEXT_SIZE as u16 { + return None; + } + + opaque.data_size = u16::read(r)?; + if opaque.data_size > MAX_SPDM_OPAQUE_SIZE as u16 { + return None; + } + + let measurement_summary_hash = if context.runtime_info.need_measurement_summary_hash { + SpdmDigestStruct::spdm_read(context, r)? + } else { + SpdmDigestStruct::default() + }; + + for d in psk_context + .data + .iter_mut() + .take(psk_context.data_size as usize) + { + *d = u8::read(r)?; + } + for d in opaque.data.iter_mut().take(opaque.data_size as usize) { + *d = u8::read(r)?; + } + let verify_data = SpdmDigestStruct::spdm_read(context, r)?; + + Some(SpdmPskExchangeResponsePayload { + heartbeat_period, + rsp_session_id, + measurement_summary_hash, + psk_context, + opaque, + verify_data, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_psk_exchange_request_payload() { + let u8_slice = &mut [0u8; 10 + + MAX_SPDM_PSK_HINT_SIZE + + MAX_SPDM_PSK_CONTEXT_SIZE + + MAX_SPDM_OPAQUE_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + req_session_id: 100u16, + psk_hint: SpdmPskHintStruct { + data_size: MAX_SPDM_PSK_HINT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_HINT_SIZE], + }, + psk_context: SpdmPskContextStruct { + data_size: MAX_SPDM_PSK_CONTEXT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 10 + MAX_SPDM_PSK_HINT_SIZE + MAX_SPDM_PSK_CONTEXT_SIZE + MAX_SPDM_OPAQUE_SIZE, + reader.left() + ); + let psk_exchange_request = + SpdmPskExchangeRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!( + psk_exchange_request.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + assert_eq!( + psk_exchange_request.psk_hint.data_size, + MAX_SPDM_PSK_HINT_SIZE as u16 + ); + assert_eq!( + psk_exchange_request.psk_context.data_size, + MAX_SPDM_PSK_CONTEXT_SIZE as u16 + ); + assert_eq!( + psk_exchange_request.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + for i in 0..MAX_SPDM_PSK_HINT_SIZE { + assert_eq!(psk_exchange_request.psk_hint.data[i], 100); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(psk_exchange_request.psk_context.data[i], 100); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(psk_exchange_request.opaque.data[i], 100); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_psk_exchange_request_payload() { + let u8_slice = &mut [0u8; 10]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + req_session_id: 100u16, + psk_hint: SpdmPskHintStruct { + data_size: 0, + data: [100u8; MAX_SPDM_PSK_HINT_SIZE], + }, + psk_context: SpdmPskContextStruct { + data_size: 0, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: 0, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(10, reader.left()); + let psk_exchange_request = + SpdmPskExchangeRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!( + psk_exchange_request.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + ); + assert_eq!(psk_exchange_request.psk_hint.data_size, 0); + assert_eq!(psk_exchange_request.psk_context.data_size, 0); + assert_eq!(psk_exchange_request.opaque.data_size, 0); + for i in 0..MAX_SPDM_PSK_HINT_SIZE { + assert_eq!(psk_exchange_request.psk_hint.data[i], 0); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(psk_exchange_request.psk_context.data[i], 0); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(psk_exchange_request.opaque.data[i], 0); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_psk_exchange_response_payload() { + let u8_slice = &mut [0u8; 10 + + SPDM_MAX_HASH_SIZE + + MAX_SPDM_PSK_CONTEXT_SIZE + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskExchangeResponsePayload { + heartbeat_period: 0xaau8, + rsp_session_id: 0xaa55u16, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + psk_context: SpdmPskContextStruct { + data_size: MAX_SPDM_PSK_CONTEXT_SIZE as u16, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.runtime_info.need_measurement_summary_hash = true; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 10 + SPDM_MAX_HASH_SIZE + + MAX_SPDM_PSK_CONTEXT_SIZE + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_HASH_SIZE, + reader.left() + ); + let psk_exchange_response = + SpdmPskExchangeResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(psk_exchange_response.heartbeat_period, 0xaau8); + assert_eq!(psk_exchange_response.rsp_session_id, 0xaa55u16); + + assert_eq!( + psk_exchange_response.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + psk_exchange_response.psk_context.data_size, + MAX_SPDM_PSK_CONTEXT_SIZE as u16 + ); + assert_eq!( + psk_exchange_response.opaque.data_size, + MAX_SPDM_OPAQUE_SIZE as u16 + ); + assert_eq!( + psk_exchange_response.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_exchange_response.measurement_summary_hash.data[i], 100); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(psk_exchange_response.psk_context.data[i], 100); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(psk_exchange_response.opaque.data[i], 100); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_exchange_response.verify_data.data[i], 100u8); + } + assert_eq!(0, reader.left()); + + let u8_slice = + &mut [0u8; 10 + MAX_SPDM_PSK_CONTEXT_SIZE + MAX_SPDM_OPAQUE_SIZE + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + + context.runtime_info.need_measurement_summary_hash = false; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!( + 10 + MAX_SPDM_PSK_CONTEXT_SIZE + MAX_SPDM_OPAQUE_SIZE + SPDM_MAX_HASH_SIZE, + reader.left() + ); + let psk_exchange_response = + SpdmPskExchangeResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(psk_exchange_response.measurement_summary_hash.data_size, 0); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_exchange_response.measurement_summary_hash.data[i], 0); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case1_spdm_psk_exchange_response_payload() { + let u8_slice = &mut [0u8; 10 + SPDM_MAX_HASH_SIZE + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskExchangeResponsePayload { + heartbeat_period: 0xaau8, + rsp_session_id: 0xaa55u16, + measurement_summary_hash: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + psk_context: SpdmPskContextStruct { + data_size: 0, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct { + data_size: 0, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT; + + context.runtime_info.need_measurement_summary_hash = true; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(10 + SPDM_MAX_HASH_SIZE + SPDM_MAX_HASH_SIZE, reader.left()); + let psk_exchange_response = + SpdmPskExchangeResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(psk_exchange_response.heartbeat_period, 0xaau8); + assert_eq!(psk_exchange_response.rsp_session_id, 0xaa55u16); + + assert_eq!( + psk_exchange_response.measurement_summary_hash.data_size, + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!(psk_exchange_response.psk_context.data_size, 0); + assert_eq!(psk_exchange_response.opaque.data_size, 0); + assert_eq!( + psk_exchange_response.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_exchange_response.measurement_summary_hash.data[i], 100); + } + for i in 0..MAX_SPDM_PSK_CONTEXT_SIZE { + assert_eq!(psk_exchange_response.psk_context.data[i], 0); + } + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(psk_exchange_response.opaque.data[i], 0); + } + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_exchange_response.verify_data.data[i], 100); + } + assert_eq!(0, reader.left()); + } +} diff --git a/spdmlib/src/message/psk_finish.rs b/spdmlib/src/message/psk_finish.rs new file mode 100644 index 0000000..762a7d6 --- /dev/null +++ b/spdmlib/src/message/psk_finish.rs @@ -0,0 +1,120 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::protocol::SpdmDigestStruct; +use crate::{common, error::SpdmStatus}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmPskFinishRequestPayload { + pub verify_data: SpdmDigestStruct, +} + +impl SpdmCodec for SpdmPskFinishRequestPayload { + fn spdm_encode( + &self, + context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self.verify_data.spdm_encode(context, bytes)?; + Ok(cnt) + } + + fn spdm_read( + context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + let verify_data = SpdmDigestStruct::spdm_read(context, r)?; + + Some(SpdmPskFinishRequestPayload { verify_data }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmPskFinishResponsePayload {} + +impl SpdmCodec for SpdmPskFinishResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmPskFinishResponsePayload {}) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use crate::protocol::*; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case0_spdm_psk_finish_request_payload() { + let u8_slice = &mut [0u8; 2 + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskFinishRequestPayload { + verify_data: SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + + create_spdm_context!(context); + + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + SPDM_MAX_HASH_SIZE, reader.left()); + let psk_finish_request = + SpdmPskFinishRequestPayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!( + psk_finish_request.verify_data.data_size, + SHA512_DIGEST_SIZE as u16 + ); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(psk_finish_request.verify_data.data[i], 100u8); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_psk_finish_response_payload() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmPskFinishResponsePayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmPskFinishResponsePayload::spdm_read(&mut context, &mut reader); + } +} diff --git a/spdmlib/src/message/respond_if_ready.rs b/spdmlib/src/message/respond_if_ready.rs new file mode 100644 index 0000000..7291362 --- /dev/null +++ b/spdmlib/src/message/respond_if_ready.rs @@ -0,0 +1,65 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::spdm_codec::SpdmCodec; +use crate::common::{self}; +use crate::config; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmRespondIfReadyRequestPayload {} + +impl SpdmCodec for SpdmRespondIfReadyRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmRespondIfReadyRequestPayload {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmRespondIfReadyRespondPayload {} + +impl SpdmCodec for SpdmRespondIfReadyRespondPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmRespondIfReadyRespondPayload {}) + } +} + +#[derive(Debug, Clone)] +pub struct ReceivedMessage { + pub receive_buffer: [u8; config::MAX_SPDM_MSG_SIZE], + pub used: usize, +} diff --git a/spdmlib/src/message/vendor.rs b/spdmlib/src/message/vendor.rs new file mode 100644 index 0000000..adef223 --- /dev/null +++ b/spdmlib/src/message/vendor.rs @@ -0,0 +1,316 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::config; +use crate::error::{ + SpdmResult, SpdmStatus, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_STATE_LOCAL, +}; +use codec::{enum_builder, Codec, Reader, Writer}; +use conquer_once::spin::OnceCell; +use zeroize::ZeroizeOnDrop; + +// config::MAX_SPDM_MSG_SIZE - 7 - 2 +// SPDM0274 1.2.1: Table 56, table 57 VENDOR_DEFINED_RESPONSE message format +pub const MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE: usize = config::MAX_SPDM_MSG_SIZE - 7 - 2; + +pub const MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN: usize = 0xFF; + +enum_builder! { + @U16 + EnumName: RegistryOrStandardsBodyID; + EnumVal{ + DMTF => 0x00, + TCG => 0x01, + USB => 0x02, + PCISIG => 0x03, + IANA => 0x04, + HDBASET => 0x05, + MIPI => 0x06, + CXL => 0x07, + JEDEC => 0x08 + } +} + +impl RegistryOrStandardsBodyID { + pub fn get_default_vendor_id_len(&self) -> u16 { + match self { + RegistryOrStandardsBodyID::DMTF => 0, + RegistryOrStandardsBodyID::TCG => 2, + RegistryOrStandardsBodyID::USB => 2, + RegistryOrStandardsBodyID::PCISIG => 2, + RegistryOrStandardsBodyID::IANA => 4, + RegistryOrStandardsBodyID::HDBASET => 4, + RegistryOrStandardsBodyID::MIPI => 2, + RegistryOrStandardsBodyID::CXL => 2, + RegistryOrStandardsBodyID::JEDEC => 2, + RegistryOrStandardsBodyID::Unknown(_) => 0, + } + } +} + +#[derive(Debug, Clone)] +pub struct VendorIDStruct { + pub len: u8, + pub vendor_id: [u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], +} + +impl Codec for VendorIDStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.len.encode(bytes)?; + for d in self.vendor_id.iter().take(self.len as usize) { + cnt += d.encode(bytes)?; + } + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let len = u8::read(r)?; + let mut vendor_id = [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN]; + for d in vendor_id.iter_mut().take(len as usize) { + *d = u8::read(r)?; + } + Some(VendorIDStruct { len, vendor_id }) + } + + fn read_bytes(bytes: &[u8]) -> Option { + let mut rd = Reader::init(bytes); + Self::read(&mut rd) + } +} + +impl PartialEq for VendorIDStruct { + fn eq(&self, vid: &VendorIDStruct) -> bool { + if self.len != vid.len { + false + } else { + self.vendor_id[..self.len as usize] == vid.vendor_id[..vid.len as usize] + } + } +} + +impl Eq for VendorIDStruct {} + +impl Default for VendorIDStruct { + fn default() -> Self { + Self { + len: 0, + vendor_id: [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], + } + } +} + +#[derive(Debug, Clone, ZeroizeOnDrop)] +pub struct VendorDefinedReqPayloadStruct { + pub req_length: u16, + pub vendor_defined_req_payload: [u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], +} +impl Codec for VendorDefinedReqPayloadStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.req_length.encode(bytes)?; + for d in self + .vendor_defined_req_payload + .iter() + .take(self.req_length as usize) + { + cnt += d.encode(bytes)?; + } + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let req_length = u16::read(r)?; + let mut vendor_defined_req_payload = [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE]; + for d in vendor_defined_req_payload + .iter_mut() + .take(req_length as usize) + { + *d = u8::read(r)?; + } + Some(VendorDefinedReqPayloadStruct { + req_length, + vendor_defined_req_payload, + }) + } +} + +#[derive(Debug, Clone, ZeroizeOnDrop)] +pub struct VendorDefinedRspPayloadStruct { + pub rsp_length: u16, + pub vendor_defined_rsp_payload: [u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], +} + +impl Codec for VendorDefinedRspPayloadStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.rsp_length.encode(bytes)?; + for d in self + .vendor_defined_rsp_payload + .iter() + .take(self.rsp_length as usize) + { + cnt += d.encode(bytes)?; + } + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let rsp_length = u16::read(r)?; + let mut vendor_defined_rsp_payload = [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE]; + for d in vendor_defined_rsp_payload + .iter_mut() + .take(rsp_length as usize) + { + *d = u8::read(r)?; + } + Some(VendorDefinedRspPayloadStruct { + rsp_length, + vendor_defined_rsp_payload, + }) + } +} + +#[derive(Debug, Clone)] +pub struct SpdmVendorDefinedRequestPayload { + pub standard_id: RegistryOrStandardsBodyID, + pub vendor_id: VendorIDStruct, + pub req_payload: VendorDefinedReqPayloadStruct, +} + +impl SpdmCodec for SpdmVendorDefinedRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .standard_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; //Standard ID + cnt += self + .vendor_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .req_payload + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + let standard_id = RegistryOrStandardsBodyID::read(r)?; // Standard ID + let vendor_id = VendorIDStruct::read(r)?; + let req_payload = VendorDefinedReqPayloadStruct::read(r)?; + + Some(SpdmVendorDefinedRequestPayload { + standard_id, + vendor_id, + req_payload, + }) + } +} + +#[derive(Debug, Clone)] +pub struct SpdmVendorDefinedResponsePayload { + pub standard_id: RegistryOrStandardsBodyID, + pub vendor_id: VendorIDStruct, + pub rsp_payload: VendorDefinedRspPayloadStruct, +} + +impl SpdmCodec for SpdmVendorDefinedResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + cnt += self + .standard_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; //Standard ID + cnt += self + .vendor_id + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + cnt += self + .rsp_payload + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + let standard_id = RegistryOrStandardsBodyID::read(r)?; // Standard ID + let vendor_id = VendorIDStruct::read(r)?; + let rsp_payload = VendorDefinedRspPayloadStruct::read(r)?; + + Some(SpdmVendorDefinedResponsePayload { + standard_id, + vendor_id, + rsp_payload, + }) + } +} + +#[derive(Clone, Copy)] +pub struct VendorDefinedStruct { + pub vendor_defined_request_handler: fn( + usize, + &VendorIDStruct, + &VendorDefinedReqPayloadStruct, + ) -> SpdmResult, + pub vdm_handle: usize, // interpreted/managed by User +} + +static VENDOR_DEFNIED: OnceCell = OnceCell::uninit(); + +static VENDOR_DEFNIED_DEFAULT: VendorDefinedStruct = VendorDefinedStruct { + vendor_defined_request_handler: + |_vdm_handle: usize, + _vendor_id_struct: &VendorIDStruct, + _vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct| + -> SpdmResult { + log::info!("not implement vendor defined struct!!!\n"); + unimplemented!() + }, + vdm_handle: 0, +}; + +pub fn register_vendor_defined_struct(context: VendorDefinedStruct) -> bool { + VENDOR_DEFNIED.try_init_once(|| context).is_ok() +} + +pub fn vendor_defined_request_handler( + vendor_id_struct: &VendorIDStruct, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + if let Ok(vds) = VENDOR_DEFNIED.try_get_or_init(|| VENDOR_DEFNIED_DEFAULT) { + (vds.vendor_defined_request_handler)( + vds.vdm_handle, + vendor_id_struct, + vendor_defined_req_payload_struct, + ) + } else { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } +} diff --git a/spdmlib/src/message/version.rs b/spdmlib/src/message/version.rs new file mode 100644 index 0000000..4f6621d --- /dev/null +++ b/spdmlib/src/message/version.rs @@ -0,0 +1,212 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common; +use crate::common::spdm_codec::SpdmCodec; +use crate::error::{SpdmStatus, SPDM_STATUS_BUFFER_FULL}; +use crate::protocol::{gen_array_clone, SpdmVersion, MAX_SPDM_VERSION_COUNT}; +use codec::{Codec, Reader, Writer}; + +#[derive(Debug, Clone, Default)] +pub struct SpdmGetVersionRequestPayload {} + +impl SpdmCodec for SpdmGetVersionRequestPayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + Ok(2) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + Some(SpdmGetVersionRequestPayload {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmVersionStruct { + pub update: u8, + pub version: SpdmVersion, +} + +impl Codec for SpdmVersionStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.update.encode(bytes)?; + cnt += self.version.encode(bytes)?; + Ok(cnt) + } + fn read(r: &mut Reader) -> Option { + let update = u8::read(r)?; + let version = SpdmVersion::read(r)?; + Some(SpdmVersionStruct { update, version }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmVersionResponsePayload { + pub version_number_entry_count: u8, + pub versions: [SpdmVersionStruct; MAX_SPDM_VERSION_COUNT], +} + +impl SpdmCodec for SpdmVersionResponsePayload { + fn spdm_encode( + &self, + _context: &mut common::SpdmContext, + bytes: &mut Writer, + ) -> Result { + let mut cnt = 0usize; + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param1 + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // param2 + + cnt += 0u8.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; // reserved + cnt += self + .version_number_entry_count + .encode(bytes) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + for version in self + .versions + .iter() + .take(self.version_number_entry_count as usize) + { + cnt += version.encode(bytes).map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + } + Ok(cnt) + } + + fn spdm_read( + _context: &mut common::SpdmContext, + r: &mut Reader, + ) -> Option { + u8::read(r)?; // param1 + u8::read(r)?; // param2 + + u8::read(r)?; // reserved + let version_number_entry_count = u8::read(r)?; + + if version_number_entry_count < 1 + || version_number_entry_count > MAX_SPDM_VERSION_COUNT as u8 + { + return None; + } + + let mut versions = gen_array_clone( + SpdmVersionStruct { + update: 0, + version: SpdmVersion::SpdmVersion10, + }, + MAX_SPDM_VERSION_COUNT, + ); + for version in versions + .iter_mut() + .take(version_number_entry_count as usize) + { + *version = SpdmVersionStruct::read(r)?; + } + Some(SpdmVersionResponsePayload { + version_number_entry_count, + versions, + }) + } +} + +#[cfg(test)] +#[path = "mod_test.common.inc.rs"] +mod testlib; + +#[cfg(test)] +mod tests { + use super::*; + use crate::common::{SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; + use testlib::{create_spdm_context, DeviceIO, TransportEncap}; + extern crate alloc; + + #[test] + fn test_case1_spdmversion_struct() { + let u8_slice = &mut [0u8; 2]; + let mut writer = Writer::init(u8_slice); + let value = SpdmVersionStruct { + update: 0xffu8, + version: SpdmVersion::SpdmVersion10, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2, reader.left()); + let spdmversionstruct = SpdmVersionStruct::read(&mut reader).unwrap(); + assert_eq!(spdmversionstruct.update, 0xff); + assert_eq!(spdmversionstruct.version, SpdmVersion::SpdmVersion10); + } + #[test] + fn test_case2_spdmversion_struct() { + let u8_slice = &mut [0u8; 1]; + let mut writer = Writer::init(u8_slice); + let value = SpdmVersionStruct { + update: 100u8, + version: SpdmVersion::SpdmVersion10, + }; + assert!(value.encode(&mut writer).is_err()); + let mut reader = Reader::init(u8_slice); + let spdmversionstruct = SpdmVersionStruct::read(&mut reader); + assert_eq!(spdmversionstruct.is_none(), true); + } + #[test] + fn test_case0_spdm_version_response_payload() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmVersionResponsePayload { + version_number_entry_count: 2u8, + versions: gen_array_clone( + SpdmVersionStruct { + update: 100u8, + version: SpdmVersion::SpdmVersion10, + }, + MAX_SPDM_VERSION_COUNT, + ), + }; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + let version_response = + SpdmVersionResponsePayload::spdm_read(&mut context, &mut reader).unwrap(); + + assert_eq!(version_response.version_number_entry_count, 2u8); + for i in 0..2 { + assert_eq!(version_response.versions[i].update, 100u8); + assert_eq!( + version_response.versions[i].version, + SpdmVersion::SpdmVersion10 + ); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_get_version_request_payload() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmGetVersionRequestPayload {}; + + create_spdm_context!(context); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmGetVersionRequestPayload::spdm_read(&mut context, &mut reader); + } +} + +#[cfg(test)] +#[path = "version_test.rs"] +mod version_test; diff --git a/spdmlib/src/message/version_test.rs b/spdmlib/src/message/version_test.rs new file mode 100644 index 0000000..ecea226 --- /dev/null +++ b/spdmlib/src/message/version_test.rs @@ -0,0 +1,31 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::*; +use crate::common::{SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmProvisionInfo}; +use testlib::{create_spdm_context, DeviceIO, TransportEncap}; +extern crate alloc; + +#[test] +fn test_case1_spdmversion_struct() { + // Validata VERSION response VersionNumberEntryCount beyond maximum allowed size. + let u8_slice = &mut [0u8; 100]; + + // VersionNumberEntryCount = 0xfe + u8_slice[3] = 0xfe; + let mut reader = Reader::init(u8_slice); + create_spdm_context!(context); + let res = SpdmVersionResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()); + + // Validata VERSION response VersionNumberEntryCount 0 size. + let u8_slice = &mut [0u8; 100]; + + // VersionNumberEntryCount = 0x0 + u8_slice[3] = 0; + let mut reader = Reader::init(u8_slice); + create_spdm_context!(context); + let res = SpdmVersionResponsePayload::spdm_read(&mut context, &mut reader); + assert!(res.is_none()) +} diff --git a/spdmlib/src/protocol/algo.rs b/spdmlib/src/protocol/algo.rs new file mode 100644 index 0000000..25f8010 --- /dev/null +++ b/spdmlib/src/protocol/algo.rs @@ -0,0 +1,1900 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::config; +use crate::crypto::bytes_mut_scrubbed::BytesMutStrubbed; +use bytes::BytesMut; +use codec::{enum_builder, u24, Codec, Reader, Writer}; +use core::convert::From; +extern crate alloc; +use alloc::boxed::Box; +use zeroize::{Zeroize, ZeroizeOnDrop}; + +pub const SHA256_DIGEST_SIZE: usize = 32; +pub const SHA384_DIGEST_SIZE: usize = 48; +pub const SHA512_DIGEST_SIZE: usize = 64; + +pub const RSASSA_2048_KEY_SIZE: usize = 256; +pub const RSASSA_3072_KEY_SIZE: usize = 384; +pub const RSASSA_4096_KEY_SIZE: usize = 512; +pub const RSAPSS_2048_KEY_SIZE: usize = 256; +pub const RSAPSS_3072_KEY_SIZE: usize = 384; +pub const RSAPSS_4096_KEY_SIZE: usize = 512; + +pub const ECDSA_ECC_NIST_P256_KEY_SIZE: usize = 32 * 2; +pub const ECDSA_ECC_NIST_P384_KEY_SIZE: usize = 48 * 2; + +pub const SECP_256_R1_KEY_SIZE: usize = 32 * 2; +pub const SECP_384_R1_KEY_SIZE: usize = 48 * 2; + +pub const AEAD_AES_128_GCM_KEY_SIZE: usize = 16; +pub const AEAD_AES_256_GCM_KEY_SIZE: usize = 32; +pub const AEAD_CHACHA20_POLY1305_KEY_SIZE: usize = 32; + +pub const AEAD_AES_128_GCM_BLOCK_SIZE: usize = 16; +pub const AEAD_AES_256_GCM_BLOCK_SIZE: usize = 16; +pub const AEAD_CHACHA20_POLY1305_BLOCK_SIZE: usize = 16; + +pub const AEAD_AES_128_GCM_IV_SIZE: usize = 12; +pub const AEAD_AES_256_GCM_IV_SIZE: usize = 12; +pub const AEAD_CHACHA20_POLY1305_IV_SIZE: usize = 12; + +pub const AEAD_AES_128_GCM_TAG_SIZE: usize = 16; +pub const AEAD_AES_256_GCM_TAG_SIZE: usize = 16; +pub const AEAD_CHACHA20_POLY1305_TAG_SIZE: usize = 16; + +pub const SPDM_NONCE_SIZE: usize = 32; +pub const SPDM_RANDOM_SIZE: usize = 32; +pub const SPDM_MAX_HASH_SIZE: usize = 64; +pub const SPDM_MAX_ASYM_KEY_SIZE: usize = 512; +pub const SPDM_MAX_DHE_KEY_SIZE: usize = SECP_384_R1_KEY_SIZE; +pub const SPDM_MAX_AEAD_KEY_SIZE: usize = 32; +pub const SPDM_MAX_AEAD_IV_SIZE: usize = 12; +pub const SPDM_MAX_HKDF_OKM_SIZE: usize = SPDM_MAX_HASH_SIZE; + +bitflags! { + #[derive(Default)] + pub struct SpdmMeasurementSpecification: u8 { + const DMTF = 0b0000_0001; + const VALID_MASK = Self::DMTF.bits; + } +} + +impl Codec for SpdmMeasurementSpecification { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u8::read(r)?; + SpdmMeasurementSpecification::from_bits( + bits & SpdmMeasurementSpecification::VALID_MASK.bits, + ) + } +} +impl SpdmMeasurementSpecification { + pub fn prioritize(&mut self, peer: SpdmMeasurementSpecification) { + let prio_table = [SpdmMeasurementSpecification::DMTF]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmMeasurementSpecification::empty(); + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmMeasurementHashAlgo: u32 { + const RAW_BIT_STREAM = 0b0000_0001; + const TPM_ALG_SHA_256 = 0b0000_0010; + const TPM_ALG_SHA_384 = 0b0000_0100; + const TPM_ALG_SHA_512 = 0b0000_1000; + const TPM_ALG_SHA3_256 = 0b0001_0000; + const TPM_ALG_SHA3_384 = 0b0010_0000; + const TPM_ALG_SHA3_512 = 0b0100_0000; + const TPM_ALG_SM3 = 0b1000_0000; + const VALID_MASK = Self::RAW_BIT_STREAM.bits + | Self::TPM_ALG_SHA_256.bits + | Self::TPM_ALG_SHA_384.bits + | Self::TPM_ALG_SHA_512.bits + | Self::TPM_ALG_SHA3_256.bits + | Self::TPM_ALG_SHA3_256.bits + | Self::TPM_ALG_SHA3_256.bits + | Self::TPM_ALG_SM3.bits; + } +} + +impl SpdmMeasurementHashAlgo { + pub fn get_size(&self) -> u16 { + match *self { + SpdmMeasurementHashAlgo::RAW_BIT_STREAM => 0u16, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256 => SHA256_DIGEST_SIZE as u16, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384 => SHA384_DIGEST_SIZE as u16, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_512 => SHA512_DIGEST_SIZE as u16, + SpdmMeasurementHashAlgo::TPM_ALG_SHA3_256 => 32, + SpdmMeasurementHashAlgo::TPM_ALG_SHA3_384 => 48, + SpdmMeasurementHashAlgo::TPM_ALG_SHA3_512 => 64, + SpdmMeasurementHashAlgo::TPM_ALG_SM3 => 32, + _ => { + panic!("invalid MeasurementHashAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} +impl Codec for SpdmMeasurementHashAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u32::read(r)?; + + SpdmMeasurementHashAlgo::from_bits(bits & SpdmMeasurementHashAlgo::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmBaseAsymAlgo: u32 { + const TPM_ALG_RSASSA_2048 = 0b0000_0001; + const TPM_ALG_RSAPSS_2048 = 0b0000_0010; + const TPM_ALG_RSASSA_3072 = 0b0000_0100; + const TPM_ALG_RSAPSS_3072 = 0b0000_1000; + const TPM_ALG_ECDSA_ECC_NIST_P256 = 0b0001_0000; + const TPM_ALG_RSASSA_4096 = 0b0010_0000; + const TPM_ALG_RSAPSS_4096 = 0b0100_0000; + const TPM_ALG_ECDSA_ECC_NIST_P384 = 0b1000_0000; + const VALID_MASK = Self::TPM_ALG_RSASSA_2048.bits + | Self::TPM_ALG_RSAPSS_2048.bits + | Self::TPM_ALG_RSASSA_3072.bits + | Self::TPM_ALG_RSAPSS_3072.bits + | Self::TPM_ALG_ECDSA_ECC_NIST_P256.bits + | Self::TPM_ALG_RSASSA_4096.bits + | Self::TPM_ALG_RSAPSS_4096.bits + | Self::TPM_ALG_ECDSA_ECC_NIST_P384.bits; + } +} + +impl SpdmBaseAsymAlgo { + pub fn prioritize(&mut self, peer: SpdmBaseAsymAlgo) { + let prio_table = [ + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048, + ]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmBaseAsymAlgo::empty(); + } + pub fn get_size(&self) -> u16 { + match *self { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 => RSASSA_2048_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048 => RSAPSS_2048_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 => RSASSA_3072_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072 => RSAPSS_3072_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096 => RSASSA_4096_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096 => RSAPSS_4096_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 => ECDSA_ECC_NIST_P256_KEY_SIZE as u16, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 => ECDSA_ECC_NIST_P384_KEY_SIZE as u16, + _ => { + panic!("invalid AsymAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmBaseAsymAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u32::read(r)?; + + SpdmBaseAsymAlgo::from_bits(bits & SpdmBaseAsymAlgo::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmBaseHashAlgo: u32 { + const TPM_ALG_SHA_256 = 0b0000_0001; + const TPM_ALG_SHA_384 = 0b0000_0010; + const TPM_ALG_SHA_512 = 0b0000_0100; + const VALID_MASK = Self::TPM_ALG_SHA_256.bits + | Self::TPM_ALG_SHA_384.bits + | Self::TPM_ALG_SHA_512.bits; + } +} + +impl SpdmBaseHashAlgo { + pub fn prioritize(&mut self, peer: SpdmBaseHashAlgo) { + let prio_table = [ + SpdmBaseHashAlgo::TPM_ALG_SHA_512, + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmBaseHashAlgo::TPM_ALG_SHA_256, + ]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmBaseHashAlgo::empty(); + } + pub fn get_size(&self) -> u16 { + match *self { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => SHA256_DIGEST_SIZE as u16, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => SHA384_DIGEST_SIZE as u16, + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => SHA512_DIGEST_SIZE as u16, + _ => { + panic!("invalid HashAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmBaseHashAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u32::read(r)?; + + SpdmBaseHashAlgo::from_bits(bits & SpdmBaseHashAlgo::VALID_MASK.bits) + } +} + +enum_builder! { + @U8 + EnumName: SpdmStandardId; + EnumVal{ + SpdmStandardIdDMTF => 0x0, + SpdmStandardIdTCG => 0x1, + SpdmStandardIdUSB => 0x2, + SpdmStandardIdPCISIG => 0x3, + SpdmStandardIdIANA => 0x4, + SpdmStandardIdHDBaseT => 0x5, + SpdmStandardIdMIPI => 0x6, + SpdmStandardIdCXL => 0x7, + SpdmStandardIdJDEC => 0x8 + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmDheAlgo: u16 { + const SECP_256_R1 = 0b0000_1000; + const SECP_384_R1 = 0b0001_0000; + const VALID_MASK = Self::SECP_256_R1.bits + | Self::SECP_384_R1.bits; + } +} + +impl SpdmDheAlgo { + pub fn prioritize(&mut self, peer: SpdmDheAlgo) { + let prio_table = [SpdmDheAlgo::SECP_384_R1, SpdmDheAlgo::SECP_256_R1]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmDheAlgo::empty(); + } + pub fn get_size(&self) -> u16 { + match *self { + SpdmDheAlgo::SECP_256_R1 => SECP_256_R1_KEY_SIZE as u16, + SpdmDheAlgo::SECP_384_R1 => SECP_384_R1_KEY_SIZE as u16, + _ => { + panic!("invalid DheAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmDheAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u16::read(r)?; + + SpdmDheAlgo::from_bits(bits & SpdmDheAlgo::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmAeadAlgo: u16 { + const AES_128_GCM = 0b0000_0001; + const AES_256_GCM = 0b0000_0010; + const CHACHA20_POLY1305 = 0b0000_0100; + const VALID_MASK = Self::AES_128_GCM.bits + | Self::AES_256_GCM.bits + | Self::CHACHA20_POLY1305.bits; + } +} + +impl SpdmAeadAlgo { + pub fn prioritize(&mut self, peer: SpdmAeadAlgo) { + let prio_table = [ + SpdmAeadAlgo::AES_256_GCM, + SpdmAeadAlgo::AES_128_GCM, + SpdmAeadAlgo::CHACHA20_POLY1305, + ]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmAeadAlgo::empty(); + } + pub fn get_key_size(&self) -> u16 { + match *self { + SpdmAeadAlgo::AES_128_GCM => AEAD_AES_128_GCM_KEY_SIZE as u16, + SpdmAeadAlgo::AES_256_GCM => AEAD_AES_256_GCM_KEY_SIZE as u16, + SpdmAeadAlgo::CHACHA20_POLY1305 => AEAD_CHACHA20_POLY1305_KEY_SIZE as u16, + _ => { + panic!("invalid AeadAlgo"); + } + } + } + pub fn get_iv_size(&self) -> u16 { + match *self { + SpdmAeadAlgo::AES_128_GCM => AEAD_AES_128_GCM_IV_SIZE as u16, + SpdmAeadAlgo::AES_256_GCM => AEAD_AES_256_GCM_IV_SIZE as u16, + SpdmAeadAlgo::CHACHA20_POLY1305 => AEAD_CHACHA20_POLY1305_IV_SIZE as u16, + _ => { + panic!("invalid AeadAlgo"); + } + } + } + pub fn get_tag_size(&self) -> u16 { + match *self { + SpdmAeadAlgo::AES_128_GCM => AEAD_AES_128_GCM_TAG_SIZE as u16, + SpdmAeadAlgo::AES_256_GCM => AEAD_AES_256_GCM_TAG_SIZE as u16, + SpdmAeadAlgo::CHACHA20_POLY1305 => AEAD_CHACHA20_POLY1305_TAG_SIZE as u16, + _ => { + panic!("invalid AeadAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmAeadAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u16::read(r)?; + + SpdmAeadAlgo::from_bits(bits & SpdmAeadAlgo::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmReqAsymAlgo: u16 { + const TPM_ALG_RSASSA_2048 = 0b0000_0001; + const TPM_ALG_RSAPSS_2048 = 0b0000_0010; + const TPM_ALG_RSASSA_3072 = 0b0000_0100; + const TPM_ALG_RSAPSS_3072 = 0b0000_1000; + const TPM_ALG_ECDSA_ECC_NIST_P256 = 0b0001_0000; + const TPM_ALG_RSASSA_4096 = 0b0010_0000; + const TPM_ALG_RSAPSS_4096 = 0b0100_0000; + const TPM_ALG_ECDSA_ECC_NIST_P384 = 0b1000_0000; + const VALID_MASK = Self::TPM_ALG_RSASSA_2048.bits + | Self::TPM_ALG_RSAPSS_2048.bits + | Self::TPM_ALG_RSASSA_3072.bits + | Self::TPM_ALG_RSAPSS_3072.bits + | Self::TPM_ALG_ECDSA_ECC_NIST_P256.bits + | Self::TPM_ALG_RSASSA_4096.bits + | Self::TPM_ALG_RSAPSS_4096.bits + | Self::TPM_ALG_ECDSA_ECC_NIST_P384.bits; + } +} + +impl SpdmReqAsymAlgo { + pub fn prioritize(&mut self, peer: SpdmReqAsymAlgo) { + let prio_table = [ + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_4096, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_3072, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048, + SpdmReqAsymAlgo::TPM_ALG_RSASSA_4096, + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072, + SpdmReqAsymAlgo::TPM_ALG_RSASSA_2048, + ]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmReqAsymAlgo::empty(); + } + pub fn get_size(&self) -> u16 { + match *self { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_2048 => RSASSA_2048_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048 => RSAPSS_2048_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 => RSASSA_3072_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_3072 => RSAPSS_3072_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_RSASSA_4096 => RSASSA_4096_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_RSAPSS_4096 => RSAPSS_4096_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 => ECDSA_ECC_NIST_P256_KEY_SIZE as u16, + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 => ECDSA_ECC_NIST_P384_KEY_SIZE as u16, + _ => { + panic!("invalid ReqAsymAlgo"); + } + } + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmReqAsymAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u16::read(r)?; + + SpdmReqAsymAlgo::from_bits(bits & SpdmReqAsymAlgo::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmKeyScheduleAlgo: u16 { + const SPDM_KEY_SCHEDULE = 0b0000_0001; + const VALID_MASK = Self::SPDM_KEY_SCHEDULE.bits; + } +} + +impl SpdmKeyScheduleAlgo { + pub fn prioritize(&mut self, peer: SpdmKeyScheduleAlgo) { + let prio_table = [SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE]; + + *self &= peer; + for v in prio_table.iter() { + if self.bits() & v.bits() != 0 { + *self = *v; + return; + } + } + *self = SpdmKeyScheduleAlgo::empty(); + } + + /// return true if no more than one is selected + /// return false if two or more is selected + pub fn is_no_more_than_one_selected(&self) -> bool { + self.bits() == 0 || self.bits() & (self.bits() - 1) == 0 + } + + pub fn is_valid(&self) -> bool { + (self.bits & Self::VALID_MASK.bits) != 0 + } + + pub fn is_valid_one_select(&self) -> bool { + self.is_no_more_than_one_selected() && self.is_valid() + } +} + +impl Codec for SpdmKeyScheduleAlgo { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u16::read(r)?; + + SpdmKeyScheduleAlgo::from_bits(bits & SpdmKeyScheduleAlgo::VALID_MASK.bits) + } +} + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +pub struct SpdmUnknownAlgo {} +impl Codec for SpdmUnknownAlgo { + fn encode(&self, _bytes: &mut Writer) -> Result { + Ok(0) + } + + fn read(_r: &mut Reader) -> Option { + Some(SpdmUnknownAlgo {}) + } +} + +enum_builder! { + @U8 + EnumName: SpdmAlgType; + EnumVal{ + SpdmAlgTypeDHE => 0x2, + SpdmAlgTypeAEAD => 0x3, + SpdmAlgTypeReqAsym => 0x4, + SpdmAlgTypeKeySchedule => 0x5 + } +} +impl Default for SpdmAlgType { + fn default() -> SpdmAlgType { + SpdmAlgType::Unknown(0) + } +} + +#[derive(Debug, Clone, PartialEq, Eq)] +pub enum SpdmAlg { + SpdmAlgoDhe(SpdmDheAlgo), + SpdmAlgoAead(SpdmAeadAlgo), + SpdmAlgoReqAsym(SpdmReqAsymAlgo), + SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo), + // TBD: Need consider how to handle this SpdmAlgoUnknown + SpdmAlgoUnknown(SpdmUnknownAlgo), +} +impl Default for SpdmAlg { + fn default() -> SpdmAlg { + SpdmAlg::SpdmAlgoUnknown(SpdmUnknownAlgo {}) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmAlgStruct { + pub alg_type: SpdmAlgType, + pub alg_supported: SpdmAlg, +} + +impl Codec for SpdmAlgStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + // DSP0274 Table: Algorithm request structure + let alg_fixed_count = 2u8; + cnt += self.alg_type.encode(bytes)?; + let alg_count = ((alg_fixed_count as u32) << 4) as u8; + cnt += alg_count.encode(bytes)?; + + match &self.alg_supported { + SpdmAlg::SpdmAlgoDhe(alg_supported) => { + cnt += alg_supported.encode(bytes)?; + } + SpdmAlg::SpdmAlgoAead(alg_supported) => { + cnt += alg_supported.encode(bytes)?; + } + SpdmAlg::SpdmAlgoReqAsym(alg_supported) => { + cnt += alg_supported.encode(bytes)?; + } + SpdmAlg::SpdmAlgoKeySchedule(alg_supported) => { + cnt += alg_supported.encode(bytes)?; + } + SpdmAlg::SpdmAlgoUnknown(alg_supported) => { + cnt += alg_supported.encode(bytes)?; + } + } + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let alg_type = SpdmAlgType::read(r)?; + let alg_count = u8::read(r)?; + let alg_fixed_count = ((alg_count as u32 >> 4) & 0xF) as u8; + let alg_ext_count = alg_count & 0xF; + if alg_fixed_count != 2 { + return None; + } + if alg_ext_count != 0 { + return None; + } + + let alg_supported = match alg_type { + SpdmAlgType::SpdmAlgTypeDHE => Some(SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::read(r)?)), + SpdmAlgType::SpdmAlgTypeAEAD => Some(SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::read(r)?)), + SpdmAlgType::SpdmAlgTypeReqAsym => { + Some(SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::read(r)?)) + } + SpdmAlgType::SpdmAlgTypeKeySchedule => { + Some(SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::read(r)?)) + } + _ => return None, + }; + + let alg_supported = alg_supported?; + + Some(SpdmAlgStruct { + alg_type, + alg_supported, + }) + } +} + +pub const SPDM_MAX_SLOT_NUMBER: usize = 8; + +enum_builder! { + @U8 + EnumName: SpdmMeasurementSummaryHashType; + EnumVal{ + SpdmMeasurementSummaryHashTypeNone => 0x0, + SpdmMeasurementSummaryHashTypeTcb => 0x1, + SpdmMeasurementSummaryHashTypeAll => 0xFF + } +} +impl Default for SpdmMeasurementSummaryHashType { + fn default() -> SpdmMeasurementSummaryHashType { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmNonceStruct { + pub data: [u8; SPDM_NONCE_SIZE], +} + +impl Codec for SpdmNonceStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + for d in self.data.iter() { + d.encode(bytes)?; + } + Ok(SPDM_NONCE_SIZE) + } + fn read(r: &mut Reader) -> Option { + let mut data = [0u8; SPDM_NONCE_SIZE]; + for d in data.iter_mut() { + *d = u8::read(r)?; + } + Some(SpdmNonceStruct { data }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmRandomStruct { + pub data: [u8; SPDM_RANDOM_SIZE], +} + +impl Codec for SpdmRandomStruct { + fn encode(&self, bytes: &mut Writer) -> Result { + for d in self.data.iter() { + d.encode(bytes)?; + } + Ok(SPDM_RANDOM_SIZE) + } + fn read(r: &mut Reader) -> Option { + let mut data = [0u8; SPDM_RANDOM_SIZE]; + for d in data.iter_mut() { + *d = u8::read(r)?; + } + Some(SpdmRandomStruct { data }) + } +} + +#[derive(Debug, Clone)] +pub struct SpdmSignatureStruct { + pub data_size: u16, + pub data: [u8; SPDM_MAX_ASYM_KEY_SIZE], +} +impl Default for SpdmSignatureStruct { + fn default() -> SpdmSignatureStruct { + SpdmSignatureStruct { + data_size: 0, + data: [0u8; SPDM_MAX_ASYM_KEY_SIZE], + } + } +} + +impl AsRef<[u8]> for SpdmSignatureStruct { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +impl From for SpdmSignatureStruct { + fn from(value: BytesMut) -> Self { + assert!(value.as_ref().len() <= SPDM_MAX_ASYM_KEY_SIZE); + let data_size = value.as_ref().len() as u16; + let mut data = [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + data[0..value.as_ref().len()].copy_from_slice(value.as_ref()); + Self { data_size, data } + } +} + +#[derive(Debug, Clone)] +pub struct SpdmCertChainData { + pub data_size: u16, + pub data: [u8; config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], +} + +impl Default for SpdmCertChainData { + fn default() -> Self { + SpdmCertChainData { + data_size: 0u16, + data: [0u8; config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + } + } +} +impl AsRef<[u8]> for SpdmCertChainData { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +#[derive(Debug, Clone)] +pub struct SpdmCertChainBuffer { + pub data_size: u16, + pub data: [u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], +} + +impl Default for SpdmCertChainBuffer { + fn default() -> Self { + SpdmCertChainBuffer { + data_size: 0u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + } + } +} +impl AsRef<[u8]> for SpdmCertChainBuffer { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +impl SpdmCertChainBuffer { + /// + /// Table 28 — Certificate chain format + /// This function generate the SpdmCertChainBuffer from a x509 certificates chain. + /// + pub fn new(cert_chain: &[u8], root_cert_hash: &[u8]) -> Option { + if cert_chain.len() + 4 + root_cert_hash.len() > u16::MAX as usize { + return None; + } + + let total_len = (cert_chain.len() + root_cert_hash.len() + 4) as u16; + let mut buff = Self::default(); + let mut pos; + pos = 0; + + // Length + let len = 2; + buff.data[pos..(pos + len)].copy_from_slice(&total_len.to_le_bytes()); + pos += len; + + // Reserved + buff.data[pos] = 0; + buff.data[pos + 1] = 0; + pos += 2; + + // RootHash HashLen + let len = root_cert_hash.len(); + buff.data[pos..(pos + len)].copy_from_slice(root_cert_hash); + pos += len; + + // Certificates + let len = cert_chain.len(); + buff.data[pos..(pos + len)].copy_from_slice(cert_chain); + pos += len; + + buff.data_size = pos as u16; + Some(buff) + } +} + +enum_builder! { + @U8 + EnumName: SpdmDmtfMeasurementType; + EnumVal{ + SpdmDmtfMeasurementRom => 0x0, + SpdmDmtfMeasurementFirmware => 0x1, + SpdmDmtfMeasurementHardwareConfig => 0x2, + SpdmDmtfMeasurementFirmwareConfig => 0x3, + SpdmDmtfMeasurementManifest => 0x4, + SpdmDmtfMeasurementStructuredRepresentationMode => 0x5, + SpdmDmtfMeasurementMutableFirmwareVersionNumber => 0x6, + SpdmDmtfMeasurementMutableFirmwareSecurityVersionNumber => 0x7 + } +} + +enum_builder! { + @U8 + EnumName: SpdmDmtfMeasurementRepresentation; + EnumVal{ + SpdmDmtfMeasurementDigest => 0x0, + SpdmDmtfMeasurementRawBit => 0x80 + } +} + +#[derive(Debug, Clone)] +pub struct SpdmDmtfMeasurementStructure { + pub r#type: SpdmDmtfMeasurementType, + pub representation: SpdmDmtfMeasurementRepresentation, + pub value_size: u16, + pub value: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN], +} +impl Default for SpdmDmtfMeasurementStructure { + fn default() -> SpdmDmtfMeasurementStructure { + SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: 0, + value: [0u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN], + } + } +} +impl Codec for SpdmDmtfMeasurementStructure { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + let type_value = self.r#type.get_u8(); + let representation_value = self.representation.get_u8(); + let final_value = type_value + representation_value; + cnt += final_value.encode(bytes)?; + + // TBD: Check measurement_hash + + cnt += self.value_size.encode(bytes)?; + for v in self.value.iter().take(self.value_size as usize) { + cnt += v.encode(bytes)?; + } + Ok(cnt) + } + fn read(r: &mut Reader) -> Option { + let final_value = u8::read(r)?; + let type_value = final_value & 0x7f; + let representation_value = final_value & 0x80; + let representation = match representation_value { + 0 => SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + 0x80 => SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit, + val => SpdmDmtfMeasurementRepresentation::Unknown(val), + }; + let r#type = match type_value { + 0 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + 1 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + 2 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementHardwareConfig, + 3 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmwareConfig, + 4 => SpdmDmtfMeasurementType::SpdmDmtfMeasurementManifest, + 5 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementStructuredRepresentationMode + } + _ => SpdmDmtfMeasurementType::Unknown(5), + }, + 6 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementMutableFirmwareVersionNumber + } + _ => SpdmDmtfMeasurementType::Unknown(6), + }, + 7 => match representation { + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit => { + SpdmDmtfMeasurementType::SpdmDmtfMeasurementMutableFirmwareSecurityVersionNumber + } + _ => SpdmDmtfMeasurementType::Unknown(7), + }, + val => SpdmDmtfMeasurementType::Unknown(val), + }; + + // TBD: Check measurement_hash + + let value_size = u16::read(r)?; + let mut value = [0u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + for v in value.iter_mut().take(value_size as usize) { + *v = u8::read(r)?; + } + Some(SpdmDmtfMeasurementStructure { + r#type, + representation, + value_size, + value, + }) + } +} + +#[derive(Debug, Clone, Default)] +pub struct SpdmMeasurementBlockStructure { + pub index: u8, + pub measurement_specification: SpdmMeasurementSpecification, + pub measurement_size: u16, + pub measurement: SpdmDmtfMeasurementStructure, +} +impl Codec for SpdmMeasurementBlockStructure { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.index.encode(bytes)?; + cnt += self.measurement_specification.encode(bytes)?; + cnt += self.measurement_size.encode(bytes)?; + cnt += self.measurement.encode(bytes)?; + Ok(cnt) + } + fn read(r: &mut Reader) -> Option { + let index = u8::read(r)?; + let measurement_specification = SpdmMeasurementSpecification::read(r)?; + let measurement_size = u16::read(r)?; + let measurement = SpdmDmtfMeasurementStructure::read(r)?; + Some(SpdmMeasurementBlockStructure { + index, + measurement_specification, + measurement_size, + measurement, + }) + } +} + +#[derive(Debug, Clone)] +pub struct SpdmMeasurementRecordStructure { + pub number_of_blocks: u8, + pub measurement_record_length: u24, + pub measurement_record_data: [u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE], +} +impl Default for SpdmMeasurementRecordStructure { + fn default() -> SpdmMeasurementRecordStructure { + SpdmMeasurementRecordStructure { + number_of_blocks: 0, + measurement_record_length: u24::new(0), + measurement_record_data: [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE], + } + } +} + +#[derive(Debug, Clone)] +pub struct SpdmDheExchangeStruct { + pub data_size: u16, + pub data: [u8; SPDM_MAX_DHE_KEY_SIZE], +} +impl Default for SpdmDheExchangeStruct { + fn default() -> SpdmDheExchangeStruct { + SpdmDheExchangeStruct { + data_size: 0, + data: [0u8; SPDM_MAX_DHE_KEY_SIZE], + } + } +} + +impl AsRef<[u8]> for SpdmDheExchangeStruct { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +impl From for SpdmDheExchangeStruct { + fn from(value: BytesMut) -> Self { + assert!(value.as_ref().len() <= SPDM_MAX_DHE_KEY_SIZE); + let data_size = value.as_ref().len() as u16; + let mut data = [0u8; SPDM_MAX_DHE_KEY_SIZE]; + data[0..value.as_ref().len()].copy_from_slice(value.as_ref()); + Self { data_size, data } + } +} + +#[derive(Debug, Clone)] +pub struct SpdmPskContextStruct { + pub data_size: u16, + pub data: [u8; config::MAX_SPDM_PSK_CONTEXT_SIZE], +} +impl Default for SpdmPskContextStruct { + fn default() -> SpdmPskContextStruct { + SpdmPskContextStruct { + data_size: 0, + data: [0u8; config::MAX_SPDM_PSK_CONTEXT_SIZE], + } + } +} +impl AsRef<[u8]> for SpdmPskContextStruct { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +#[derive(Debug, Clone)] +pub struct SpdmPskHintStruct { + pub data_size: u16, + pub data: [u8; config::MAX_SPDM_PSK_HINT_SIZE], +} +impl Default for SpdmPskHintStruct { + fn default() -> SpdmPskHintStruct { + SpdmPskHintStruct { + data_size: 0, + data: [0u8; config::MAX_SPDM_PSK_HINT_SIZE], + } + } +} +impl AsRef<[u8]> for SpdmPskHintStruct { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } +} + +macro_rules! create_sensitive_datatype { + (Name: $name:ident, Size: $size:expr) => { + #[derive(Debug, Clone, Zeroize, ZeroizeOnDrop)] + pub struct $name { + pub data_size: u16, + pub data: Box<[u8; $size]>, + } + + impl Default for $name { + fn default() -> $name { + $name { + data_size: 0, + data: Box::new([0u8; $size]), + } + } + } + + impl AsRef<[u8]> for $name { + fn as_ref(&self) -> &[u8] { + &self.data[0..(self.data_size as usize)] + } + } + + impl From for $name { + fn from(value: BytesMutStrubbed) -> Self { + assert!(value.as_ref().len() <= $size); + let data_size = value.as_ref().len() as u16; + let mut data = Box::new([0u8; $size]); + data[0..value.as_ref().len()].copy_from_slice(value.as_ref()); + Self { data_size, data } + } + } + + impl From<&[u8]> for $name { + fn from(value: &[u8]) -> Self { + assert!(value.len() <= $size); + let data_size = value.len() as u16; + let mut data = Box::new([0u8; $size]); + data[0..value.len()].copy_from_slice(value.as_ref()); + Self { data_size, data } + } + } + }; +} + +create_sensitive_datatype!(Name: SpdmDigestStruct, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!(Name: SpdmDheFinalKeyStruct, Size: SPDM_MAX_DHE_KEY_SIZE); +create_sensitive_datatype!(Name: SpdmHandshakeSecretStruct, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!( + Name: SpdmDirectionHandshakeSecretStruct, + Size: SPDM_MAX_HASH_SIZE +); +create_sensitive_datatype!(Name: SpdmFinishedKeyStruct, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!(Name: SpdmMasterSecretStruct, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!( + Name: SpdmDirectionDataSecretStruct, + Size: SPDM_MAX_HASH_SIZE +); +create_sensitive_datatype!(Name: SpdmAeadKeyStruct, Size: SPDM_MAX_AEAD_KEY_SIZE); +create_sensitive_datatype!(Name: SpdmAeadIvStruct, Size: SPDM_MAX_AEAD_IV_SIZE); +create_sensitive_datatype!(Name: SpdmExportMasterSecretStruct, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!(Name: SpdmZeroFilledStruct, Size: SPDM_MAX_HASH_SIZE); + +create_sensitive_datatype!(Name: SpdmHkdfPseudoRandomKey, Size: SPDM_MAX_HASH_SIZE); +create_sensitive_datatype!( + Name: SpdmHkdfOutputKeyingMaterial, + Size: SPDM_MAX_HKDF_OKM_SIZE +); + +#[derive(Debug, Clone)] +pub enum SpdmMajorSecret<'a> { + SpdmDirectionHandshakeSecret(&'a SpdmDirectionHandshakeSecretStruct), + SpdmDirectionDataSecret(&'a SpdmDirectionDataSecretStruct), +} + +#[derive(Debug, Clone)] +pub enum SpdmHkdfInputKeyingMaterial<'a> { + SpdmZeroFilled(&'a SpdmZeroFilledStruct), + SpdmDheFinalKey(&'a SpdmDheFinalKeyStruct), + SpdmHandshakeSecret(&'a SpdmHandshakeSecretStruct), + SpdmDirectionHandshakeSecret(&'a SpdmDirectionHandshakeSecretStruct), + SpdmFinishedKey(&'a SpdmFinishedKeyStruct), + SpdmDigest(&'a SpdmDigestStruct), + SpdmMasterSecret(&'a SpdmMasterSecretStruct), + SpdmDirectionDataSecret(&'a SpdmDirectionDataSecretStruct), +} + +impl AsRef<[u8]> for SpdmHkdfInputKeyingMaterial<'_> { + fn as_ref(&self) -> &[u8] { + match self { + SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmDigest(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(inner) => inner.as_ref(), + SpdmHkdfInputKeyingMaterial::SpdmFinishedKey(inner) => inner.as_ref(), + } + } +} + +impl SpdmHkdfInputKeyingMaterial<'_> { + pub fn get_data_size(&self) -> u16 { + match self { + SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmDigest(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(inner) => inner.data_size, + SpdmHkdfInputKeyingMaterial::SpdmFinishedKey(inner) => inner.data_size, + } + } +} + +impl SpdmHandshakeSecretStruct { + pub fn from_spdm_hkdf_okm( + okm: SpdmHkdfOutputKeyingMaterial, + ) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut hds = SpdmHandshakeSecretStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + hds.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(hds) + } + } + pub fn from_spdm_hkdf_prk(prk: SpdmHkdfPseudoRandomKey) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut hds = SpdmHandshakeSecretStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + hds.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(hds) + } + } +} + +impl SpdmDirectionHandshakeSecretStruct { + pub fn from_spdm_hkdf_okm( + okm: SpdmHkdfOutputKeyingMaterial, + ) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut dhds = SpdmDirectionHandshakeSecretStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + dhds.data[..okm.data_size as usize] + .copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(dhds) + } + } + pub fn from_spdm_hkdf_prk( + prk: SpdmHkdfPseudoRandomKey, + ) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut dhds = SpdmDirectionHandshakeSecretStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + dhds.data[..prk.data_size as usize] + .copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(dhds) + } + } +} + +impl SpdmMasterSecretStruct { + pub fn from_spdm_hkdf_okm(okm: SpdmHkdfOutputKeyingMaterial) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut mts = SpdmMasterSecretStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + mts.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(mts) + } + } + pub fn from_spdm_hkdf_prk(prk: SpdmHkdfPseudoRandomKey) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut mts = SpdmMasterSecretStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + mts.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(mts) + } + } +} + +impl SpdmDirectionDataSecretStruct { + pub fn from_spdm_hkdf_okm( + okm: SpdmHkdfOutputKeyingMaterial, + ) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut dmts = SpdmDirectionDataSecretStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + dmts.data[..okm.data_size as usize] + .copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(dmts) + } + } + pub fn from_spdm_hkdf_prk( + prk: SpdmHkdfPseudoRandomKey, + ) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut dmts = SpdmDirectionDataSecretStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + dmts.data[..prk.data_size as usize] + .copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(dmts) + } + } +} + +impl SpdmAeadKeyStruct { + pub fn from_spdm_hkdf_okm(okm: SpdmHkdfOutputKeyingMaterial) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_AEAD_KEY_SIZE as u16 { + None + } else { + let mut adk = SpdmAeadKeyStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + adk.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(adk) + } + } + pub fn from_spdm_hkdf_prk(prk: SpdmHkdfPseudoRandomKey) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_AEAD_KEY_SIZE as u16 { + None + } else { + let mut adk = SpdmAeadKeyStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + adk.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(adk) + } + } +} + +impl SpdmAeadIvStruct { + pub fn from_spdm_hkdf_okm(okm: SpdmHkdfOutputKeyingMaterial) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_AEAD_IV_SIZE as u16 { + None + } else { + let mut adv = SpdmAeadIvStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + adv.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(adv) + } + } + pub fn from_spdm_hkdf_prk(prk: SpdmHkdfPseudoRandomKey) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_AEAD_IV_SIZE as u16 { + None + } else { + let mut adv = SpdmAeadIvStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + adv.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(adv) + } + } +} + +impl SpdmFinishedKeyStruct { + pub fn from_spdm_hkdf_okm(okm: SpdmHkdfOutputKeyingMaterial) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut fdk = SpdmFinishedKeyStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + fdk.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(fdk) + } + } + pub fn from_spdm_hkdf_prk(prk: SpdmHkdfPseudoRandomKey) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut fdk = SpdmFinishedKeyStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + fdk.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(fdk) + } + } +} + +impl SpdmExportMasterSecretStruct { + pub fn from_spdm_hkdf_okm( + okm: SpdmHkdfOutputKeyingMaterial, + ) -> Option { + if okm.data_size == 0 || okm.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut emk = SpdmExportMasterSecretStruct { + data_size: okm.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + emk.data[..okm.data_size as usize].copy_from_slice(&okm.data[..okm.data_size as usize]); + Some(emk) + } + } + pub fn from_spdm_hkdf_prk( + prk: SpdmHkdfPseudoRandomKey, + ) -> Option { + if prk.data_size == 0 || prk.data_size > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut emk = SpdmExportMasterSecretStruct { + data_size: prk.data_size, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + emk.data[..prk.data_size as usize].copy_from_slice(&prk.data[..prk.data_size as usize]); + Some(emk) + } + } +} + +impl SpdmHkdfPseudoRandomKey { + pub fn from_input_keying_material( + ikm: &SpdmHkdfInputKeyingMaterial, + ) -> Option { + if ikm.get_data_size() == 0 || ikm.get_data_size() > SPDM_MAX_HASH_SIZE as u16 { + None + } else { + let mut prk = SpdmHkdfPseudoRandomKey { + data_size: ikm.get_data_size(), + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + match ikm { + SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmHandshakeSecret(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmDirectionHandshakeSecret(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmFinishedKey(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmDigest(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmMasterSecret(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + SpdmHkdfInputKeyingMaterial::SpdmDirectionDataSecret(inner) => prk.data + [..inner.data_size as usize] + .copy_from_slice(&inner.data[..inner.data_size as usize]), + } + Some(prk) + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use codec::{Codec, Reader, Writer}; + + #[test] + fn test_case0_spdm_measurement_specification() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmMeasurementSpecification::all(); + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmMeasurementSpecification::read(&mut reader).unwrap(), + SpdmMeasurementSpecification::DMTF + ); + assert_eq!(3, reader.left()); + } + #[test] + fn test_case0_spdm_measurement_hash_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmMeasurementHashAlgo::RAW_BIT_STREAM; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmMeasurementHashAlgo::read(&mut reader).unwrap(), + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_base_asym_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmBaseAsymAlgo::read(&mut reader).unwrap(), + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_base_hash_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmBaseHashAlgo::read(&mut reader).unwrap(), + SpdmBaseHashAlgo::TPM_ALG_SHA_256 + ); + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_dhe_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmDheAlgo::SECP_256_R1; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmDheAlgo::read(&mut reader).unwrap(), + SpdmDheAlgo::SECP_256_R1 + ); + assert_eq!(2, reader.left()); + } + + #[test] + fn test_case0_spdm_aead_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAeadAlgo::AES_128_GCM; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmAeadAlgo::read(&mut reader).unwrap(), + SpdmAeadAlgo::AES_128_GCM + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case0_spdm_req_asym_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmReqAsymAlgo::TPM_ALG_RSASSA_2048; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmReqAsymAlgo::read(&mut reader).unwrap(), + SpdmReqAsymAlgo::TPM_ALG_RSASSA_2048 + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case0_spdm_key_schedule_algo() { + let u8_slice = &mut [0u8; 4]; + let mut writer = Writer::init(u8_slice); + let value = SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4, reader.left()); + assert_eq!( + SpdmKeyScheduleAlgo::read(&mut reader).unwrap(), + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE + ); + assert_eq!(2, reader.left()); + } + #[test] + fn test_case0_spdm_nonce_struct() { + let u8_slice = &mut [0u8; SPDM_NONCE_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_NONCE_SIZE, reader.left()); + let spdm_nonce_struct = SpdmNonceStruct::read(&mut reader).unwrap(); + + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(spdm_nonce_struct.data[i], 100); + } + assert_eq!(0, reader.left()); + } + + #[test] + fn test_case0_spdm_random_struct() { + let u8_slice = &mut [0u8; SPDM_RANDOM_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_RANDOM_SIZE, reader.left()); + let spdm_random_struct = SpdmRandomStruct::read(&mut reader).unwrap(); + + for i in 0..SPDM_RANDOM_SIZE { + assert_eq!(spdm_random_struct.data[i], 100); + } + assert_eq!(0, reader.left()); + } + #[test] + fn test_case0_spdm_alg_struct() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + let spdm_alg_struct = SpdmAlgStruct::read(&mut reader).unwrap(); + assert_eq!(4, reader.left()); + assert_eq!(spdm_alg_struct.alg_type, SpdmAlgType::SpdmAlgTypeDHE); + assert_eq!( + spdm_alg_struct.alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + } + + #[test] + fn test_case3_spdm_alg_struct() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmAlgStruct { + alg_type: SpdmAlgType::Unknown(1), + alg_supported: SpdmAlg::SpdmAlgoUnknown(SpdmUnknownAlgo {}), + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(8, reader.left()); + let spdm_alg_struct = SpdmAlgStruct::read(&mut reader); + + assert!(spdm_alg_struct.is_none()); + } + #[test] + fn test_case0_spdm_digest_struct() { + let bytes_mut = BytesMutStrubbed::new(); + let u8_slice = &mut [0u8; 68]; + let mut _writer = Writer::init(u8_slice); + let _value = SpdmDigestStruct { + data_size: 64, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + + // TODO: assert should use should_panic + let spdm_digest_struct = SpdmDigestStruct::from(bytes_mut); + assert_eq!(spdm_digest_struct.data_size, 0); + } + #[test] + fn test_case1_spdm_measurement_specification() { + let value = SpdmMeasurementSpecification::DMTF; + let mut spdm_measurement_specification = SpdmMeasurementSpecification::empty(); + spdm_measurement_specification.prioritize(value); + } + #[test] + fn test_case1_spdm_signature_struct() { + let bytes_mut = BytesMut::new(); + let spdm_signature_struct = SpdmSignatureStruct::from(bytes_mut); + assert_eq!(spdm_signature_struct.data_size, 0); + for i in 0..SPDM_MAX_ASYM_KEY_SIZE { + assert_eq!(spdm_signature_struct.data[i], 0); + } + } + + #[test] + #[should_panic(expected = "invalid MeasurementHashAlgo")] + fn test_case1_spdm_measurement_hash_algo() { + let mut value = SpdmMeasurementHashAlgo::TPM_ALG_SHA_256; + assert_eq!(value.get_size(), SHA256_DIGEST_SIZE as u16); + + value = SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + assert_eq!(value.get_size(), SHA384_DIGEST_SIZE as u16); + + value = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + assert_eq!(value.get_size(), SHA512_DIGEST_SIZE as u16); + + value = SpdmMeasurementHashAlgo::RAW_BIT_STREAM; + assert_eq!(value.get_size(), 0u16); + + value = SpdmMeasurementHashAlgo::empty(); + value.get_size(); + } + #[test] + #[should_panic(expected = "invalid AsymAlgo")] + fn test_case1_spdm_base_asym_algo() { + let mut value = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048; + assert_eq!(value.get_size(), RSASSA_2048_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048; + assert_eq!(value.get_size(), RSAPSS_2048_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072; + assert_eq!(value.get_size(), RSASSA_3072_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072; + assert_eq!(value.get_size(), RSAPSS_3072_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + assert_eq!(value.get_size(), RSASSA_4096_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096; + assert_eq!(value.get_size(), RSAPSS_4096_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + assert_eq!(value.get_size(), ECDSA_ECC_NIST_P256_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + assert_eq!(value.get_size(), ECDSA_ECC_NIST_P384_KEY_SIZE as u16); + + value = SpdmBaseAsymAlgo::empty(); + value.get_size(); + } + #[test] + #[should_panic(expected = "invalid DheAlgo")] + fn test_case1_spdm_dhe_algo() { + let mut value = SpdmDheAlgo::SECP_256_R1; + assert_eq!(value.get_size(), SECP_256_R1_KEY_SIZE as u16); + + value = SpdmDheAlgo::SECP_384_R1; + assert_eq!(value.get_size(), SECP_384_R1_KEY_SIZE as u16); + + value = SpdmDheAlgo::empty(); + value.get_size(); + } + #[test] + #[should_panic(expected = "invalid AeadAlgo")] + fn test_case1_spdm_aead_algo() { + let mut value = SpdmAeadAlgo::AES_128_GCM; + assert_eq!(value.get_key_size(), AEAD_AES_128_GCM_KEY_SIZE as u16); + + value = SpdmAeadAlgo::AES_256_GCM; + assert_eq!(value.get_key_size(), AEAD_AES_256_GCM_KEY_SIZE as u16); + + value = SpdmAeadAlgo::CHACHA20_POLY1305; + assert_eq!(value.get_key_size(), AEAD_CHACHA20_POLY1305_KEY_SIZE as u16); + + value = SpdmAeadAlgo::empty(); + value.get_key_size(); + } + #[test] + #[should_panic(expected = "invalid AeadAlgo")] + fn test_case2_spdm_aead_algo() { + let mut value = SpdmAeadAlgo::AES_128_GCM; + assert_eq!(value.get_key_size(), AEAD_AES_128_GCM_KEY_SIZE as u16); + + value = SpdmAeadAlgo::AES_256_GCM; + assert_eq!(value.get_key_size(), AEAD_AES_256_GCM_KEY_SIZE as u16); + + value = SpdmAeadAlgo::CHACHA20_POLY1305; + assert_eq!(value.get_key_size(), AEAD_CHACHA20_POLY1305_KEY_SIZE as u16); + + value = SpdmAeadAlgo::empty(); + value.get_key_size(); + } + #[test] + #[should_panic(expected = "invalid AeadAlgo")] + fn test_case3_spdm_aead_algo() { + let mut value = SpdmAeadAlgo::AES_128_GCM; + assert_eq!(value.get_iv_size(), AEAD_AES_128_GCM_IV_SIZE as u16); + + value = SpdmAeadAlgo::AES_256_GCM; + assert_eq!(value.get_iv_size(), AEAD_AES_256_GCM_IV_SIZE as u16); + + value = SpdmAeadAlgo::CHACHA20_POLY1305; + assert_eq!(value.get_iv_size(), AEAD_CHACHA20_POLY1305_IV_SIZE as u16); + + value = SpdmAeadAlgo::empty(); + value.get_iv_size(); + } + #[test] + #[should_panic(expected = "invalid AeadAlgo")] + fn test_case4_spdm_aead_algo() { + let mut value = SpdmAeadAlgo::AES_128_GCM; + assert_eq!(value.get_tag_size(), AEAD_AES_128_GCM_TAG_SIZE as u16); + + value = SpdmAeadAlgo::AES_256_GCM; + assert_eq!(value.get_tag_size(), AEAD_AES_256_GCM_TAG_SIZE as u16); + + value = SpdmAeadAlgo::CHACHA20_POLY1305; + assert_eq!(value.get_tag_size(), AEAD_CHACHA20_POLY1305_TAG_SIZE as u16); + + value = SpdmAeadAlgo::empty(); + value.get_tag_size(); + } + #[test] + #[should_panic(expected = "invalid ReqAsymAlgo")] + fn test_case1_spdm_req_asym_algo() { + let mut value = SpdmReqAsymAlgo::TPM_ALG_RSASSA_2048; + assert_eq!(value.get_size(), RSASSA_2048_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048; + assert_eq!(value.get_size(), RSAPSS_2048_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072; + assert_eq!(value.get_size(), RSASSA_3072_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_3072; + assert_eq!(value.get_size(), RSAPSS_3072_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_RSASSA_4096; + assert_eq!(value.get_size(), RSASSA_4096_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_RSAPSS_4096; + assert_eq!(value.get_size(), RSAPSS_4096_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256; + assert_eq!(value.get_size(), ECDSA_ECC_NIST_P256_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + assert_eq!(value.get_size(), ECDSA_ECC_NIST_P384_KEY_SIZE as u16); + + value = SpdmReqAsymAlgo::empty(); + value.get_size(); + } + #[test] + fn test_case0_spdm_unknown_algo() { + let u8_slice = &mut [0u8; 8]; + let mut writer = Writer::init(u8_slice); + let value = SpdmUnknownAlgo {}; + assert!(value.encode(&mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + SpdmUnknownAlgo::read(&mut reader); + } +} diff --git a/spdmlib/src/protocol/capability.rs b/spdmlib/src/protocol/capability.rs new file mode 100644 index 0000000..a11bf85 --- /dev/null +++ b/spdmlib/src/protocol/capability.rs @@ -0,0 +1,113 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +bitflags! { + #[derive(Default)] + pub struct SpdmRequestCapabilityFlags: u32 { + const CERT_CAP = 0b0000_0010; + const CHAL_CAP = 0b0000_0100; + const ENCRYPT_CAP = 0b0100_0000; + const MAC_CAP = 0b1000_0000; + const MUT_AUTH_CAP = 0b0000_0001_0000_0000; + const KEY_EX_CAP = 0b0000_0010_0000_0000; + const PSK_CAP = 0b0000_0100_0000_0000; + const PSK_RSVD = 0b0000_1000_0000_0000; + const ENCAP_CAP = 0b0001_0000_0000_0000; + const HBEAT_CAP = 0b0010_0000_0000_0000; + const KEY_UPD_CAP = 0b0100_0000_0000_0000; + const HANDSHAKE_IN_THE_CLEAR_CAP = 0b1000_0000_0000_0000; + const PUB_KEY_ID_CAP = 0b0000_0001_0000_0000_0000_0000; + const CHUNK_CAP = 0b0000_0010_0000_0000_0000_0000; + const VALID_MASK = Self::CERT_CAP.bits + | Self::CHAL_CAP.bits + | Self::ENCRYPT_CAP.bits + | Self::MAC_CAP.bits + | Self::MUT_AUTH_CAP.bits + | Self::KEY_EX_CAP.bits + | Self::PSK_CAP.bits + | Self::PSK_RSVD.bits + | Self::ENCAP_CAP.bits + | Self::HBEAT_CAP.bits + | Self::KEY_UPD_CAP.bits + | Self::HANDSHAKE_IN_THE_CLEAR_CAP.bits + | Self::PUB_KEY_ID_CAP.bits + | Self::CHUNK_CAP.bits; + } +} + +impl Codec for SpdmRequestCapabilityFlags { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u32::read(r)?; + + SpdmRequestCapabilityFlags::from_bits(bits & SpdmRequestCapabilityFlags::VALID_MASK.bits) + } +} + +bitflags! { + #[derive(Default)] + pub struct SpdmResponseCapabilityFlags: u32 { + const CACHE_CAP = 0b0000_0001; + const CERT_CAP = 0b0000_0010; + const CHAL_CAP = 0b0000_0100; + const MEAS_CAP_NO_SIG = 0b0000_1000; + const MEAS_CAP_SIG = 0b0001_0000; + const MEAS_FRESH_CAP = 0b0010_0000; + const ENCRYPT_CAP = 0b0100_0000; + const MAC_CAP = 0b1000_0000; + const MUT_AUTH_CAP = 0b0000_0001_0000_0000; + const KEY_EX_CAP = 0b0000_0010_0000_0000; + const PSK_CAP_WITHOUT_CONTEXT = 0b0000_0100_0000_0000; + const PSK_CAP_WITH_CONTEXT = 0b0000_1000_0000_0000; + const ENCAP_CAP = 0b0001_0000_0000_0000; + const HBEAT_CAP = 0b0010_0000_0000_0000; + const KEY_UPD_CAP = 0b0100_0000_0000_0000; + const HANDSHAKE_IN_THE_CLEAR_CAP = 0b1000_0000_0000_0000; + const PUB_KEY_ID_CAP = 0b0000_0001_0000_0000_0000_0000; + const CHUNK_CAP = 0b0000_0010_0000_0000_0000_0000; + const ALIAS_CERT_CAP = 0b0000_0100_0000_0000_0000_0000; + const SET_CERT_CAP = 0b0000_1000_0000_0000_0000_0000; + const CSR_CAP = 0b0001_0000_0000_0000_0000_0000; + const CERT_INSTALL_RESET_CAP = 0b0010_0000_0000_0000_0000_0000; + const VALID_MASK = Self::CACHE_CAP.bits + | Self::CERT_CAP.bits + | Self::CHAL_CAP.bits + | Self::MEAS_CAP_NO_SIG.bits + | Self::MEAS_CAP_SIG.bits + | Self::MEAS_FRESH_CAP.bits + | Self::ENCRYPT_CAP.bits + | Self::MAC_CAP.bits + | Self::MUT_AUTH_CAP.bits + | Self::KEY_EX_CAP.bits + | Self::PSK_CAP_WITHOUT_CONTEXT.bits + | Self::PSK_CAP_WITH_CONTEXT.bits + | Self::ENCAP_CAP.bits + | Self::HBEAT_CAP.bits + | Self::KEY_UPD_CAP.bits + | Self::HANDSHAKE_IN_THE_CLEAR_CAP.bits + | Self::PUB_KEY_ID_CAP.bits + | Self::CHUNK_CAP.bits + | Self::ALIAS_CERT_CAP.bits + | Self::SET_CERT_CAP.bits + | Self::CSR_CAP.bits + | Self::CERT_INSTALL_RESET_CAP.bits; + } +} + +impl Codec for SpdmResponseCapabilityFlags { + fn encode(&self, bytes: &mut Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut Reader) -> Option { + let bits = u32::read(r)?; + + SpdmResponseCapabilityFlags::from_bits(bits & SpdmResponseCapabilityFlags::VALID_MASK.bits) + } +} diff --git a/spdmlib/src/protocol/mod.rs b/spdmlib/src/protocol/mod.rs new file mode 100644 index 0000000..7c0b9cc --- /dev/null +++ b/spdmlib/src/protocol/mod.rs @@ -0,0 +1,36 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::vec::Vec; + +use core::convert::TryInto; + +mod algo; +mod capability; +mod version; +pub use algo::*; +pub use capability::*; +pub use version::*; + +// util function +pub fn gen_array(count: usize) -> [T; N] { + let mut vec = Vec::new(); + for _i in 0..count { + vec.push(T::default()); + } + vec.try_into() + .unwrap_or_else(|_| panic!("gen_array error!")) +} + +// util function +pub fn gen_array_clone(v: T, count: usize) -> [T; N] { + let mut vec = Vec::new(); + for _i in 1..count { + vec.push(v.clone()); + } + vec.push(v); + vec.try_into() + .unwrap_or_else(|_| panic!("gen_array_clone error!")) +} diff --git a/spdmlib/src/protocol/version.rs b/spdmlib/src/protocol/version.rs new file mode 100644 index 0000000..e42d487 --- /dev/null +++ b/spdmlib/src/protocol/version.rs @@ -0,0 +1,116 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, EncodeErr}; +use core::convert::TryFrom; + +#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)] +pub enum SpdmVersion { + SpdmVersion10, + SpdmVersion11, + SpdmVersion12, +} + +impl Default for SpdmVersion { + fn default() -> Self { + Self::SpdmVersion10 + } +} + +impl TryFrom for SpdmVersion { + type Error = (); + fn try_from(untrusted_spdm_version: u8) -> Result>::Error> { + if untrusted_spdm_version == 0x10 { + Ok(SpdmVersion::SpdmVersion10) + } else if untrusted_spdm_version == 0x11 { + Ok(SpdmVersion::SpdmVersion11) + } else if untrusted_spdm_version == 0x12 { + Ok(SpdmVersion::SpdmVersion12) + } else { + Err(()) + } + } +} + +impl From for u8 { + fn from(spdm_version: SpdmVersion) -> Self { + match spdm_version { + SpdmVersion::SpdmVersion10 => 0x10, + SpdmVersion::SpdmVersion11 => 0x11, + SpdmVersion::SpdmVersion12 => 0x12, + } + } +} + +impl From<&SpdmVersion> for u8 { + fn from(spdm_version: &SpdmVersion) -> Self { + u8::from(*spdm_version) + } +} + +impl Codec for SpdmVersion { + fn encode(&self, bytes: &mut codec::Writer<'_>) -> Result { + u8::from(self).encode(bytes) + } + + fn read(r: &mut codec::Reader<'_>) -> Option { + let spdm_version = u8::read(r)?; + Self::try_from(spdm_version).ok() + } +} + +pub const MAX_SPDM_VERSION_COUNT: usize = 3; + +//SPDM V1.2 signing prefix context +pub const SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT: [u8; 64] = [ + 0x64, 0x6d, 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, 0x2e, 0x2a, + 0x64, 0x6d, 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, 0x2e, 0x2a, + 0x64, 0x6d, 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, 0x2e, 0x2a, + 0x64, 0x6d, 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, 0x2e, 0x2a, +]; +//"dmtf-spdm-v1.2.*dmtf-spdm-v1.2.*dmtf-spdm-v1.2.*dmtf-spdm-v1.2.*" +pub const SPDM_CHALLENGE_AUTH_SIGN_CONTEXT: [u8; 32] = [ + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x2d, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, + 0x6e, 0x67, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, +]; +// "responder-challenge_auth signing" +pub const SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT: [u8; 32] = [ + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x2d, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, + 0x6e, 0x67, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, +]; +// "requester-challenge_auth signing" +pub const SPDM_MEASUREMENTS_SIGN_CONTEXT: [u8; 30] = [ + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x2d, 0x6d, 0x65, 0x61, 0x73, 0x75, 0x72, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, +]; +// "responder-measurements signing" +pub const SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT: [u8; 34] = [ + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x2d, 0x6b, 0x65, 0x79, 0x5f, 0x65, 0x78, + 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x73, 0x70, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, +]; +// "responder-key_exchange_rsp signing" +pub const SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT: [u8; 28] = [ + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x2d, 0x4b, 0x45, 0x50, 0x2d, 0x64, 0x6d, + 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, +]; +// "Requester-KEP-dmtf-spdm-v1.2" +pub const SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT: [u8; 28] = [ + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x2d, 0x4b, 0x45, 0x50, 0x2d, 0x64, 0x6d, + 0x74, 0x66, 0x2d, 0x73, 0x70, 0x64, 0x6d, 0x2d, 0x76, 0x31, 0x2e, 0x32, +]; +// "Responder-KEP-dmtf-spdm-v1.2" +pub const SPDM_FINISH_SIGN_CONTEXT: [u8; 24] = [ + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x2d, 0x66, 0x69, 0x6e, 0x69, 0x73, 0x68, + 0x20, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, +]; +// "requester-finish signing" +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE: usize = 100; +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_2: [u8; 2] = [0x0, 0x0]; +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_4: [u8; 4] = [0x0, 0x0, 0x0, 0x0]; +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6: [u8; 6] = [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]; +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_8: [u8; 8] = + [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]; +pub const SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_12: [u8; 12] = + [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]; diff --git a/spdmlib/src/requester/challenge_req.rs b/spdmlib/src/requester/challenge_req.rs new file mode 100644 index 0000000..1b89f1f --- /dev/null +++ b/spdmlib/src/requester/challenge_req.rs @@ -0,0 +1,273 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto; +#[cfg(feature = "hashed-transcript-data")] +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_ERROR_PEER, + SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_VERIF_FAIL, +}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_challenge( + &mut self, + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + ) -> SpdmResult { + info!("send spdm challenge\n"); + + if slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestChallenge, None); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = + self.encode_spdm_challenge(slot_id, measurement_summary_hash_type, &mut send_buffer)?; + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + // Receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(None, &mut receive_buffer, true) + .await?; + self.handle_spdm_challenge_response( + 0, // NULL + slot_id, + measurement_summary_hash_type, + &send_buffer[..send_used], + &receive_buffer[..used], + ) + } + + pub fn encode_spdm_challenge( + &mut self, + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + buf: &mut [u8], + ) -> SpdmResult { + let mut writer = Writer::init(buf); + + let mut nonce = [0u8; SPDM_NONCE_SIZE]; + crypto::rand::get_random(&mut nonce)?; + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }, + payload: SpdmMessagePayload::SpdmChallengeRequest(SpdmChallengeRequestPayload { + slot_id, + measurement_summary_hash_type, + nonce: SpdmNonceStruct { data: nonce }, + }), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_challenge_response( + &mut self, + session_id: u32, + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult { + self.common.runtime_info.need_measurement_summary_hash = (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll); + + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseChallengeAuth => { + let challenge_auth = SpdmChallengeAuthResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + let used = reader.used(); + if let Some(challenge_auth) = challenge_auth { + debug!("!!! challenge_auth : {:02x?}\n", challenge_auth); + + // verify signature + let base_asym_size = + self.common.negotiate_info.base_asym_sel.get_size() as usize; + let temp_used = used - base_asym_size; + + self.common.append_message_c(send_buffer)?; + self.common.append_message_c(&receive_buffer[..temp_used])?; + + if self + .verify_challenge_auth_signature(slot_id, &challenge_auth.signature) + .is_err() + { + error!("verify_challenge_auth_signature fail"); + self.common.reset_message_b(); + self.common.reset_message_c(); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + self.common.reset_message_b(); + self.common.reset_message_c(); + info!("verify_challenge_auth_signature pass"); + } + + Ok(()) + } else { + error!("!!! challenge_auth : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestChallenge, + SpdmRequestResponseCode::SpdmResponseChallengeAuth, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn verify_challenge_auth_signature( + &self, + slot_id: u8, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let message_m1m2_hash = crypto::hash::hash_ctx_finalize( + self.common + .runtime_info + .digest_context_m1m2 + .as_ref() + .cloned() + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?, + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + debug!("message_m1m2_hash - {:02x?}", message_m1m2_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + let mut message_sign = ManagedBuffer12Sign::default(); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_4) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(message_m1m2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing verification!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_sign.as_ref(), + signature, + ) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn verify_challenge_auth_signature( + &self, + slot_id: u8, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let mut message_m1m2 = ManagedBufferM1M2::default(); + message_m1m2 + .append_message(self.common.runtime_info.message_a.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(self.common.runtime_info.message_b.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(self.common.runtime_info.message_c.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + + // we dont need create message hash for verify + // we just print message hash for debug purpose + let message_m1m2_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + message_m1m2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + debug!("message_m1m2_hash - {:02x?}", message_m1m2_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_m1m2.reset_message(); + message_m1m2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_4) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(&SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(message_m1m2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_m1m2.as_ref(), + signature, + ) + } +} diff --git a/spdmlib/src/requester/context.rs b/spdmlib/src/requester/context.rs new file mode 100644 index 0000000..835377e --- /dev/null +++ b/spdmlib/src/requester/context.rs @@ -0,0 +1,177 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::{self, SpdmDeviceIo, SpdmTransportEncap}; +use crate::common::{ManagedBufferA, ST1}; +use crate::config; +use crate::error::{SpdmResult, SPDM_STATUS_RECEIVE_FAIL, SPDM_STATUS_SEND_FAIL}; +use crate::protocol::*; + +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +pub struct RequesterContext { + pub common: common::SpdmContext, +} + +impl RequesterContext { + pub fn new( + device_io: Arc>, + transport_encap: Arc>, + config_info: common::SpdmConfigInfo, + provision_info: common::SpdmProvisionInfo, + ) -> Self { + RequesterContext { + common: common::SpdmContext::new( + device_io, + transport_encap, + config_info, + provision_info, + ), + } + } + + #[maybe_async::maybe_async] + pub async fn init_connection( + &mut self, + transcript_vca: &mut Option, + ) -> SpdmResult { + *transcript_vca = None; + self.send_receive_spdm_version().await?; + self.send_receive_spdm_capability().await?; + self.send_receive_spdm_algorithm().await?; + *transcript_vca = Some(self.common.runtime_info.message_a.clone()); + Ok(()) + } + + #[maybe_async::maybe_async] + pub async fn start_session( + &mut self, + use_psk: bool, + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + ) -> SpdmResult { + if !use_psk { + let session_id = self + .send_receive_spdm_key_exchange(slot_id, measurement_summary_hash_type) + .await?; + #[cfg(not(feature = "mut-auth"))] + let req_slot_id: Option = None; + #[cfg(feature = "mut-auth")] + let req_slot_id = { + if self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MUT_AUTH_CAP) + && self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP) + { + self.session_based_mutual_authenticate(session_id).await?; + Some(self.common.runtime_info.get_local_used_cert_chain_slot_id()) + } else { + None + } + }; + + self.send_receive_spdm_finish(req_slot_id, session_id) + .await?; + Ok(session_id) + } else { + let session_id = self + .send_receive_spdm_psk_exchange(measurement_summary_hash_type, None) + .await?; + self.send_receive_spdm_psk_finish(session_id).await?; + Ok(session_id) + } + } + + #[maybe_async::maybe_async] + pub async fn end_session(&mut self, session_id: u32) -> SpdmResult { + self.send_receive_spdm_end_session(session_id).await + } + + #[maybe_async::maybe_async] + pub async fn send_message( + &mut self, + session_id: Option, + send_buffer: &[u8], + is_app_message: bool, + ) -> SpdmResult { + if self.common.negotiate_info.rsp_data_transfer_size_sel != 0 + && send_buffer.len() > self.common.negotiate_info.rsp_data_transfer_size_sel as usize + { + return Err(SPDM_STATUS_SEND_FAIL); + } + + if is_app_message && session_id.is_none() { + return Err(SPDM_STATUS_SEND_FAIL); + } + + let mut transport_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + let used = if let Some(session_id) = session_id { + self.common + .encode_secured_message( + session_id, + send_buffer, + &mut transport_buffer, + true, + is_app_message, + ) + .await? + } else { + self.common + .encap(send_buffer, &mut transport_buffer) + .await? + }; + + let mut device_io = self.common.device_io.lock(); + let device_io: &mut (dyn SpdmDeviceIo + Send + Sync) = device_io.deref_mut(); + + device_io.send(Arc::new(&transport_buffer[..used])).await + } + + #[maybe_async::maybe_async] + pub async fn receive_message( + &mut self, + session_id: Option, + receive_buffer: &mut [u8], + crypto_request: bool, + ) -> SpdmResult { + info!("receive_message!\n"); + + let timeout: usize = if crypto_request { + 2 << self.common.negotiate_info.rsp_ct_exponent_sel + } else { + ST1 + }; + + let mut transport_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + let used = { + let mut device_io = self.common.device_io.lock(); + let device_io: &mut (dyn SpdmDeviceIo + Send + Sync) = device_io.deref_mut(); + + device_io + .receive(Arc::new(Mutex::new(&mut transport_buffer)), timeout) + .await + .map_err(|_| SPDM_STATUS_RECEIVE_FAIL)? + }; + + if let Some(session_id) = session_id { + self.common + .decode_secured_message(session_id, &transport_buffer[..used], receive_buffer) + .await + } else { + self.common + .decap(&transport_buffer[..used], receive_buffer) + .await + } + } +} diff --git a/spdmlib/src/requester/encap_certificate.rs b/spdmlib/src/requester/encap_certificate.rs new file mode 100644 index 0000000..ed94281 --- /dev/null +++ b/spdmlib/src/requester/encap_certificate.rs @@ -0,0 +1,141 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use crate::{ + common::SpdmCodec, + message::{ + SpdmCertificateResponsePayload, SpdmErrorCode, SpdmGetCertificateRequestPayload, + SpdmMessage, SpdmMessageHeader, SpdmMessagePayload, SpdmRequestResponseCode, + MAX_SPDM_CERT_PORTION_LEN, + }, + protocol::{SpdmRequestCapabilityFlags, SPDM_MAX_SLOT_NUMBER}, +}; + +use super::RequesterContext; + +impl RequesterContext { + pub fn encap_handle_get_certificate( + &mut self, + encap_request: &[u8], + encap_response: &mut Writer, + ) { + let mut reader = Reader::init(encap_request); + + if !self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::CERT_CAP) + { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + 0, + encap_response, + ); + return; + } + + if let Some(message_header) = SpdmMessageHeader::read(&mut reader) { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorVersionMismatch, + 0, + encap_response, + ); + return; + } + } else { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + + let get_certificate = if let Some(get_certificate) = + SpdmGetCertificateRequestPayload::spdm_read(&mut self.common, &mut reader) + { + debug!("!!! encap get_certificate : {:02x?}\n", get_certificate); + if get_certificate.slot_id != 0 { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + get_certificate + } else { + error!("!!! encap get_certificate : fail !!!\n"); + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + }; + + let slot_id = get_certificate.slot_id as usize; + if slot_id >= SPDM_MAX_SLOT_NUMBER + || self.common.provision_info.my_cert_chain[slot_id].is_none() + { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + + let my_cert_chain = self.common.provision_info.my_cert_chain[slot_id] + .as_ref() + .unwrap(); + + let mut length = get_certificate.length; + if length > MAX_SPDM_CERT_PORTION_LEN as u16 { + length = MAX_SPDM_CERT_PORTION_LEN as u16; + } + + let offset = get_certificate.offset; + if offset > my_cert_chain.data_size { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + + if length > my_cert_chain.data_size - offset { + length = my_cert_chain.data_size - offset; + } + + let portion_length = length; + let remainder_length = my_cert_chain.data_size - (length + offset); + + let cert_chain_data = + &my_cert_chain.data[(offset as usize)..(offset as usize + length as usize)]; + + let mut cert_chain = [0u8; MAX_SPDM_CERT_PORTION_LEN]; + cert_chain[..cert_chain_data.len()].copy_from_slice(cert_chain_data); + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseCertificate, + }, + payload: SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: slot_id as u8, + portion_length, + remainder_length, + cert_chain, + }), + }; + let _ = response.spdm_encode(&mut self.common, encap_response); + + debug!("!!! encap get_certificate : complete\n"); + } +} diff --git a/spdmlib/src/requester/encap_digest.rs b/spdmlib/src/requester/encap_digest.rs new file mode 100644 index 0000000..db50e39 --- /dev/null +++ b/spdmlib/src/requester/encap_digest.rs @@ -0,0 +1,129 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use crate::{ + common::SpdmCodec, + crypto, + message::{ + SpdmDigestsResponsePayload, SpdmErrorCode, SpdmGetDigestsRequestPayload, SpdmMessage, + SpdmMessageHeader, SpdmMessagePayload, SpdmRequestResponseCode, + }, + protocol::{ + gen_array_clone, SpdmDigestStruct, SpdmRequestCapabilityFlags, SPDM_MAX_HASH_SIZE, + SPDM_MAX_SLOT_NUMBER, + }, +}; +extern crate alloc; +use alloc::boxed::Box; + +use super::RequesterContext; + +impl RequesterContext { + pub fn encap_handle_get_digest(&mut self, encap_request: &[u8], encap_response: &mut Writer) { + let mut reader = Reader::init(encap_request); + + if !self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::CERT_CAP) + { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + 0, + encap_response, + ); + return; + } + + if let Some(message_header) = SpdmMessageHeader::read(&mut reader) { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorVersionMismatch, + 0, + encap_response, + ); + return; + } + } else { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + + if let Some(get_digests) = + SpdmGetDigestsRequestPayload::spdm_read(&mut self.common, &mut reader) + { + debug!("!!! encap get_digests : {:02x?}\n", get_digests); + } else { + error!("!!! encap get_digests : fail !!!\n"); + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + encap_response, + ); + return; + } + + let mut slot_mask = 0u8; + for slot_id in 0..SPDM_MAX_SLOT_NUMBER { + if self.common.provision_info.my_cert_chain[slot_id].is_some() { + slot_mask |= (1 << slot_id) as u8; + } + } + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseDigests, + }, + payload: SpdmMessagePayload::SpdmDigestsResponse(SpdmDigestsResponsePayload { + slot_mask, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: Box::new([0xffu8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }), + }; + + if response + .spdm_encode(&mut self.common, encap_response) + .is_err() + { + self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorUnspecified, + 0, + encap_response, + ); + return; + } + + for slot_id in 0..SPDM_MAX_SLOT_NUMBER { + if self.common.provision_info.my_cert_chain[slot_id].is_some() { + let my_cert_chain = self.common.provision_info.my_cert_chain[slot_id] + .as_ref() + .unwrap(); + let cert_chain_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + my_cert_chain.as_ref(), + ) + .unwrap(); + + // patch the message before send + let used = encap_response.used(); + encap_response.mut_used_slice()[(used - cert_chain_hash.data_size as usize)..used] + .copy_from_slice(cert_chain_hash.as_ref()); + } + } + debug!("!!! encap get_digests : complete\n"); + } +} diff --git a/spdmlib/src/requester/encap_error.rs b/spdmlib/src/requester/encap_error.rs new file mode 100644 index 0000000..32c4ee8 --- /dev/null +++ b/spdmlib/src/requester/encap_error.rs @@ -0,0 +1,40 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Writer; + +use crate::{ + common::SpdmCodec, + message::{ + SpdmErrorCode, SpdmErrorResponseExtData, SpdmErrorResponseNoneExtData, + SpdmErrorResponsePayload, SpdmMessage, SpdmMessageHeader, SpdmMessagePayload, + SpdmRequestResponseCode, + }, +}; + +use super::RequesterContext; + +impl RequesterContext { + pub fn encode_encap_error_response( + &mut self, + error_code: SpdmErrorCode, + error_data: u8, + writer: &mut Writer, + ) { + let error = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseError, + }, + payload: SpdmMessagePayload::SpdmErrorResponse(SpdmErrorResponsePayload { + error_code, + error_data, + extended_data: SpdmErrorResponseExtData::SpdmErrorExtDataNone( + SpdmErrorResponseNoneExtData {}, + ), + }), + }; + let _ = error.spdm_encode(&mut self.common, writer); + } +} diff --git a/spdmlib/src/requester/encap_req.rs b/spdmlib/src/requester/encap_req.rs new file mode 100644 index 0000000..e86bb53 --- /dev/null +++ b/spdmlib/src/requester/encap_req.rs @@ -0,0 +1,229 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use crate::{ + common::SpdmCodec, + config, + error::{ + SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_MSG_SIZE, + SPDM_STATUS_UNSUPPORTED_CAP, + }, + message::{ + SpdmDeliverEncapsulatedResponsePayload, SpdmEncapsulatedRequestPayload, + SpdmEncapsulatedResponseAckPayload, SpdmEncapsulatedResponseAckPayloadType, SpdmErrorCode, + SpdmGetDigestsRequestPayload, SpdmGetEncapsulatedRequestPayload, + SpdmKeyExchangeMutAuthAttributes, SpdmMessage, SpdmMessageHeader, SpdmMessagePayload, + SpdmRequestResponseCode, ENCAPSULATED_RESPONSE_ACK_HEADER_SIZE, + }, + protocol::{ + SpdmRequestCapabilityFlags, SpdmResponseCapabilityFlags, SpdmVersion, SPDM_MAX_SLOT_NUMBER, + }, +}; + +use super::RequesterContext; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn get_encapsulated_request_response( + &mut self, + session_id: u32, + mut_auth_requested: SpdmKeyExchangeMutAuthAttributes, + ) -> SpdmResult { + if self.common.negotiate_info.spdm_version_sel < SpdmVersion::SpdmVersion11 { + return Err(SPDM_STATUS_UNSUPPORTED_CAP); + } + + if !self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::ENCAP_CAP) + || !self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::ENCAP_CAP) + { + return Err(SPDM_STATUS_UNSUPPORTED_CAP); + } + + match mut_auth_requested { + // Optimized session-based mutual authentication + // When the Requester successfully receives a Session-Secrets-Exchange response with an included encapsulated + // request (GET_DIGEST), the Requester shall send a DELIVER_ENCAPSULATED_RESPONSE after processing the encapsulated request. + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS => { + let mut encapsulated_request = [0u8; 4]; + let mut writer = Writer::init(&mut encapsulated_request); + let get_digest_request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }, + payload: SpdmMessagePayload::SpdmGetDigestsRequest( + SpdmGetDigestsRequestPayload {}, + ), + }; + let _ = get_digest_request.spdm_encode(&mut self.common, &mut writer)?; + self.process_encapsulated_request(session_id, 0, &encapsulated_request) + .await?; + } + _ => { + self.send_get_encapsulated_request(session_id).await?; + self.receive_encapsulated_request(session_id).await?; + } + } + + while self.receive_encapsulated_response_ack(session_id).await? {} + Ok(()) + } + + #[maybe_async::maybe_async] + pub async fn send_get_encapsulated_request(&mut self, session_id: u32) -> SpdmResult { + let mut send_buffer = [0u8; 4]; + let mut writer = Writer::init(&mut send_buffer); + let get_encap_request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest, + }, + payload: SpdmMessagePayload::SpdmGetEncapsulatedRequestPayload( + SpdmGetEncapsulatedRequestPayload {}, + ), + }; + let _ = get_encap_request.spdm_encode(&mut self.common, &mut writer)?; + + self.send_message(Some(session_id), writer.mut_used_slice(), false) + .await + } + + #[maybe_async::maybe_async] + pub async fn receive_encapsulated_request(&mut self, session_id: u32) -> SpdmResult { + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let _ = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await?; + let mut reader = Reader::init(&receive_buffer); + + let header = SpdmMessageHeader::read(&mut reader).ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + + if self.common.negotiate_info.spdm_version_sel != header.version + || header.request_response_code + != SpdmRequestResponseCode::SpdmResponseEncapsulatedRequest + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + let encapsulated_request = + SpdmEncapsulatedRequestPayload::spdm_read(&mut self.common, &mut reader) + .ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + + self.process_encapsulated_request( + session_id, + encapsulated_request.request_id, + &receive_buffer[reader.used()..], + ) + .await + } + + #[maybe_async::maybe_async] + pub async fn receive_encapsulated_response_ack(&mut self, session_id: u32) -> SpdmResult { + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let size = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await?; + let mut reader = Reader::init(&receive_buffer); + + let header = SpdmMessageHeader::read(&mut reader).ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + + if self.common.negotiate_info.spdm_version_sel != header.version + || header.request_response_code + != SpdmRequestResponseCode::SpdmResponseEncapsulatedResponseAck + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + let ack_header = + SpdmEncapsulatedResponseAckPayload::spdm_read(&mut self.common, &mut reader) + .ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + + match ack_header.payload_type { + SpdmEncapsulatedResponseAckPayloadType::Absent => { + if size == ENCAPSULATED_RESPONSE_ACK_HEADER_SIZE { + return Ok(false); + } else { + return Err(SPDM_STATUS_INVALID_MSG_SIZE); + } + } + SpdmEncapsulatedResponseAckPayloadType::Present => {} + SpdmEncapsulatedResponseAckPayloadType::ReqSlotNumber => { + if size == ENCAPSULATED_RESPONSE_ACK_HEADER_SIZE + 1 { + let req_slot_id = u8::read(&mut reader).ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + if req_slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + self.common + .runtime_info + .set_local_used_cert_chain_slot_id(req_slot_id); + return Ok(false); + } else { + return Err(SPDM_STATUS_INVALID_MSG_SIZE); + } + } + _ => {} + } + + self.process_encapsulated_request( + session_id, + ack_header.request_id, + &receive_buffer[reader.used()..], + ) + .await?; + + Ok(true) + } + + #[maybe_async::maybe_async] + async fn process_encapsulated_request( + &mut self, + session_id: u32, + request_id: u8, + encap_request: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(encap_request); + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + let message = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: + SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse, + }, + payload: SpdmMessagePayload::SpdmDeliverEncapsulatedResponsePayload( + SpdmDeliverEncapsulatedResponsePayload { request_id }, + ), + }; + + let _ = message.spdm_encode(&mut self.common, &mut writer)?; + + let encap_header = + SpdmMessageHeader::read(&mut reader).ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + match encap_header.request_response_code { + crate::message::SpdmRequestResponseCode::SpdmRequestGetDigests => { + self.encap_handle_get_digest(encap_request, &mut writer) + } + crate::message::SpdmRequestResponseCode::SpdmRequestGetCertificate => { + self.encap_handle_get_certificate(encap_request, &mut writer) + } + _ => self.encode_encap_error_response( + SpdmErrorCode::SpdmErrorUnexpectedRequest, + 0, + &mut writer, + ), + } + + self.send_message(Some(session_id), writer.used_slice(), false) + .await + } +} diff --git a/spdmlib/src/requester/end_session_req.rs b/spdmlib/src/requester/end_session_req.rs new file mode 100644 index 0000000..dd20d0f --- /dev/null +++ b/spdmlib/src/requester/end_session_req.rs @@ -0,0 +1,94 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_PARAMETER, +}; +use crate::message::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_end_session(&mut self, session_id: u32) -> SpdmResult { + info!("send spdm end_session\n"); + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestEndSession, + Some(session_id), + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self.encode_spdm_end_session(&mut send_buffer)?; + self.send_message(Some(session_id), &send_buffer[..used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await?; + self.handle_spdm_end_session_response(session_id, &receive_buffer[..used]) + } + + pub fn encode_spdm_end_session(&mut self, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestEndSession, + }, + payload: SpdmMessagePayload::SpdmEndSessionRequest(SpdmEndSessionRequestPayload { + end_session_request_attributes: SpdmEndSessionRequestAttributes::empty(), + }), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_end_session_response( + &mut self, + session_id: u32, + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseEndSessionAck => { + let end_session_rsp = + SpdmEndSessionResponsePayload::spdm_read(&mut self.common, &mut reader); + if let Some(end_session_rsp) = end_session_rsp { + debug!("!!! end_session rsp : {:02x?}\n", end_session_rsp); + + let session = + if let Some(s) = self.common.get_session_via_id(session_id) { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + session.teardown(); + + Ok(()) + } else { + error!("!!! end_session : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestEndSession, + SpdmRequestResponseCode::SpdmResponseEndSessionAck, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/finish_req.rs b/spdmlib/src/requester/finish_req.rs new file mode 100644 index 0000000..58d0695 --- /dev/null +++ b/spdmlib/src/requester/finish_req.rs @@ -0,0 +1,432 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::session::SpdmSession; +use crate::error::*; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; +extern crate alloc; +use alloc::boxed::Box; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_finish( + &mut self, + req_slot_id: Option, + session_id: u32, + ) -> SpdmResult { + info!("send spdm finish\n"); + + if let Err(e) = self + .delegate_send_receive_spdm_finish(req_slot_id, session_id) + .await + { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + + Err(e) + } else { + Ok(()) + } + } + + #[maybe_async::maybe_async] + pub async fn delegate_send_receive_spdm_finish( + &mut self, + req_slot_id: Option, + session_id: u32, + ) -> SpdmResult { + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + info!("in_clear_text {:?}\n", in_clear_text); + + let req_slot_id = if let Some(req_slot_id) = req_slot_id { + if req_slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + if self.common.provision_info.my_cert_chain[req_slot_id as usize].is_none() { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + req_slot_id + } else { + 0 + }; + + if self.common.get_session_via_id(session_id).is_none() { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestFinish, + Some(session_id), + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let res = self.encode_spdm_finish(session_id, req_slot_id, &mut send_buffer); + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return Err(res.err().unwrap()); + } + let send_used = res.unwrap(); + let res = if in_clear_text { + self.send_message(None, &send_buffer[..send_used], false) + .await + } else { + self.send_message(Some(session_id), &send_buffer[..send_used], false) + .await + }; + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return res; + } + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let res = if in_clear_text { + self.receive_message(None, &mut receive_buffer, false).await + } else { + self.receive_message(Some(session_id), &mut receive_buffer, false) + .await + }; + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return Err(res.err().unwrap()); + } + let receive_used = res.unwrap(); + let res = self.handle_spdm_finish_response( + session_id, + req_slot_id, + &receive_buffer[..receive_used], + ); + if res.is_err() { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + res + } + + pub fn encode_spdm_finish( + &mut self, + session_id: u32, + req_slot_id: u8, + buf: &mut [u8], + ) -> SpdmResult { + let mut finish_request_attributes = SpdmFinishRequestAttributes::empty(); + let mut signature = SpdmSignatureStruct::default(); + let mut is_mut_auth = false; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + if !session.get_mut_auth_requested().is_empty() { + finish_request_attributes = SpdmFinishRequestAttributes::SIGNATURE_INCLUDED; + signature.data_size = self.common.negotiate_info.req_asym_sel.get_size(); + is_mut_auth = true; + } + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestFinish, + }, + payload: SpdmMessagePayload::SpdmFinishRequest(SpdmFinishRequestPayload { + finish_request_attributes, + req_slot_id, + signature, + verify_data: SpdmDigestStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: Box::new([0xcc; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + + let mut writer = Writer::init(buf); + let send_used = request.spdm_encode(&mut self.common, &mut writer)?; + + // Record the header of finish request + self.common.append_message_f(true, session_id, &buf[..4])?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + if !session.get_mut_auth_requested().is_empty() { + signature = self.generate_finish_req_signature(session.get_slot_id(), session)?; + // patch the signature + buf[4..4 + signature.data_size as usize].copy_from_slice(signature.as_ref()); + + self.common + .append_message_f(true, session_id, signature.as_ref())?; + } + + // generate HMAC with finished_key + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let transcript_hash = + self.common + .calc_req_transcript_hash(false, req_slot_id, is_mut_auth, session)?; + + let session = self.common.get_session_via_id(session_id).unwrap(); + + let hmac = session.generate_hmac_with_request_finished_key(transcript_hash.as_ref())?; + + self.common + .append_message_f(true, session_id, hmac.as_ref())?; + + // patch the message before send + buf[(send_used - base_hash_size)..send_used].copy_from_slice(hmac.as_ref()); + Ok(send_used) + } + + pub fn handle_spdm_finish_response( + &mut self, + session_id: u32, + req_slot_id: u8, + receive_buffer: &[u8], + ) -> SpdmResult { + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + + let is_mut_auth = !self + .common + .get_immutable_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .get_mut_auth_requested() + .is_empty(); + + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseFinishRsp => { + let finish_rsp = + SpdmFinishResponsePayload::spdm_read(&mut self.common, &mut reader); + let receive_used = reader.used(); + if let Some(finish_rsp) = finish_rsp { + debug!("!!! finish rsp : {:02x?}\n", finish_rsp); + + let base_hash_size = + self.common.negotiate_info.base_hash_sel.get_size() as usize; + + if in_clear_text { + // verify HMAC with finished_key + let temp_used = receive_used - base_hash_size; + self.common.append_message_f( + true, + session_id, + &receive_buffer[..temp_used], + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let transcript_hash = self.common.calc_req_transcript_hash( + false, + req_slot_id, + is_mut_auth, + session, + )?; + + if session + .verify_hmac_with_response_finished_key( + transcript_hash.as_ref(), + &finish_rsp.verify_data, + ) + .is_err() + { + error!("verify_hmac_with_response_finished_key fail"); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + info!("verify_hmac_with_response_finished_key pass"); + } + + self.common.append_message_f( + true, + session_id, + finish_rsp.verify_data.as_ref(), + )?; + } else { + self.common.append_message_f( + true, + session_id, + &receive_buffer[..receive_used], + )?; + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // generate the data secret + let th2 = self.common.calc_req_transcript_hash( + false, + req_slot_id, + is_mut_auth, + session, + )?; + + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = self.common.get_session_via_id(session_id).unwrap(); + match session.generate_data_secret(spdm_version_sel, &th2) { + Ok(_) => {} + Err(e) => { + return Err(e); + } + } + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + + self.common.runtime_info.set_last_session_id(None); + + Ok(()) + } else { + error!("!!! finish : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self.spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestFinish, + SpdmRequestResponseCode::SpdmResponseFinishRsp, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + }, + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[cfg(not(feature = "hashed-transcript-data"))] + fn generate_finish_req_signature( + &self, + slot_id: u8, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_data_hash = self + .common + .calc_req_transcript_hash(false, slot_id, true, session)?; + + let mut transcript_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + transcript_sign.reset_message(); + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_12) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_FINISH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(transcript_data_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + transcript_sign.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + #[cfg(feature = "hashed-transcript-data")] + fn generate_finish_req_signature( + &self, + _slot_id: u8, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_hash = + self.common + .calc_req_transcript_hash(false, INVALID_SLOT, true, session)?; + + debug!("transcript_hash - {:02x?}", transcript_hash.as_ref()); + + let mut transcript_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + transcript_sign.reset_message(); + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_12) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_FINISH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(transcript_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + let signature = crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + transcript_sign.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + let peer_slot_id = self.common.runtime_info.get_local_used_cert_chain_slot_id(); + let peer_cert = &self.common.provision_info.my_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + crate::crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + peer_cert, + transcript_sign.as_ref(), + &signature, + ) + .unwrap(); + + Ok(signature) + } +} diff --git a/spdmlib/src/requester/get_capabilities_req.rs b/spdmlib/src/requester/get_capabilities_req.rs new file mode 100644 index 0000000..e1c8e1e --- /dev/null +++ b/spdmlib/src/requester/get_capabilities_req.rs @@ -0,0 +1,113 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_capability(&mut self) -> SpdmResult { + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + None, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = self.encode_spdm_capability(&mut send_buffer)?; + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(None, &mut receive_buffer, false) + .await?; + self.handle_spdm_capability_response(0, &send_buffer[..send_used], &receive_buffer[..used]) + } + + pub fn encode_spdm_capability(&mut self, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCapabilities, + }, + payload: SpdmMessagePayload::SpdmGetCapabilitiesRequest( + SpdmGetCapabilitiesRequestPayload { + ct_exponent: self.common.config_info.req_ct_exponent, + flags: self.common.config_info.req_capabilities, + data_transfer_size: self.common.config_info.data_transfer_size, + max_spdm_msg_size: self.common.config_info.max_spdm_msg_size, + }, + ), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_capability_response( + &mut self, + session_id: u32, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseCapabilities => { + let capabilities = SpdmCapabilitiesResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + let used = reader.used(); + if let Some(capabilities) = capabilities { + debug!("!!! capabilities : {:02x?}\n", capabilities); + self.common.negotiate_info.req_ct_exponent_sel = + self.common.config_info.req_ct_exponent; + self.common.negotiate_info.req_capabilities_sel = + self.common.config_info.req_capabilities; + self.common.negotiate_info.rsp_ct_exponent_sel = + capabilities.ct_exponent; + self.common.negotiate_info.rsp_capabilities_sel = capabilities.flags; + + if self.common.negotiate_info.spdm_version_sel + >= SpdmVersion::SpdmVersion12 + { + self.common.negotiate_info.req_data_transfer_size_sel = + self.common.config_info.data_transfer_size; + self.common.negotiate_info.req_max_spdm_msg_size_sel = + self.common.config_info.max_spdm_msg_size; + self.common.negotiate_info.rsp_data_transfer_size_sel = + capabilities.data_transfer_size; + self.common.negotiate_info.rsp_max_spdm_msg_size_sel = + capabilities.max_spdm_msg_size; + } + + self.common.append_message_a(send_buffer)?; + self.common.append_message_a(&receive_buffer[..used])?; + + Ok(()) + } else { + error!("!!! capabilities : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + SpdmRequestResponseCode::SpdmResponseCapabilities, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/get_certificate_req.rs b/spdmlib/src/requester/get_certificate_req.rs new file mode 100644 index 0000000..f7ac6c0 --- /dev/null +++ b/spdmlib/src/requester/get_certificate_req.rs @@ -0,0 +1,332 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::{self, is_root_certificate}; +use crate::error::{ + SpdmResult, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_CERT, + SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_INVALID_STATE_LOCAL, +}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + async fn send_receive_spdm_certificate_partial( + &mut self, + session_id: Option, + slot_id: u8, + total_size: u16, + offset: u16, + length: u16, + ) -> SpdmResult<(u16, u16)> { + info!("send spdm certificate\n"); + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = + self.encode_spdm_certificate_partial(slot_id, offset, length, &mut send_buffer)?; + + self.send_message(session_id, &send_buffer[..send_used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(session_id, &mut receive_buffer, false) + .await?; + + self.handle_spdm_certificate_partial_response( + session_id, + slot_id, + total_size, + offset, + length, + &send_buffer[..send_used], + &receive_buffer[..used], + ) + } + + pub fn encode_spdm_certificate_partial( + &mut self, + slot_id: u8, + offset: u16, + length: u16, + buf: &mut [u8], + ) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }, + payload: SpdmMessagePayload::SpdmGetCertificateRequest( + SpdmGetCertificateRequestPayload { + slot_id, + offset, + length, + }, + ), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + #[allow(clippy::too_many_arguments)] + pub fn handle_spdm_certificate_partial_response( + &mut self, + session_id: Option, + slot_id: u8, + total_size: u16, + offset: u16, + length: u16, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult<(u16, u16)> { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseCertificate => { + let certificate = SpdmCertificateResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + let used = reader.used(); + if let Some(certificate) = certificate { + debug!("!!! certificate : {:02x?}\n", certificate); + + if certificate.portion_length == 0 + || certificate.portion_length > length + || certificate.portion_length + > config::MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16 - offset + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + if certificate.remainder_length + >= config::MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16 + - offset + - certificate.portion_length + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + if total_size != 0 + && total_size + != offset + + certificate.portion_length + + certificate.remainder_length + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + if certificate.slot_id != slot_id { + error!("slot id is not match between requester and responder!\n"); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + let peer_cert_chain_temp = self + .common + .peer_info + .peer_cert_chain_temp + .as_mut() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + + peer_cert_chain_temp.data[(offset as usize) + ..(offset as usize + certificate.portion_length as usize)] + .copy_from_slice( + &certificate.cert_chain + [0..(certificate.portion_length as usize)], + ); + + peer_cert_chain_temp.data_size = offset + certificate.portion_length; + + match session_id { + None => { + self.common.append_message_b(send_buffer)?; + self.common.append_message_b(&receive_buffer[..used])?; + } + Some(_session_id) => {} + } + + Ok((certificate.portion_length, certificate.remainder_length)) + } else { + error!("!!! certificate : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let status = self.spdm_handle_error_response_main( + session_id, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestGetCertificate, + SpdmRequestResponseCode::SpdmResponseCertificate, + ); + match status { + Err(status) => Err(status), + Ok(()) => Err(SPDM_STATUS_ERROR_PEER), + } + } + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_certificate( + &mut self, + session_id: Option, + slot_id: u8, + ) -> SpdmResult { + let mut offset = 0u16; + let mut length = MAX_SPDM_CERT_PORTION_LEN as u16; + let mut total_size = 0u16; + + if slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetCertificate, + session_id, + ); + + self.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + while length != 0 { + let (portion_length, remainder_length) = self + .send_receive_spdm_certificate_partial( + session_id, slot_id, total_size, offset, length, + ) + .await?; + if total_size == 0 { + total_size = portion_length + remainder_length; + } + offset += portion_length; + length = remainder_length; + if length > MAX_SPDM_CERT_PORTION_LEN as u16 { + length = MAX_SPDM_CERT_PORTION_LEN as u16; + } + } + if total_size == 0 { + self.common.peer_info.peer_cert_chain_temp = None; + return Err(SPDM_STATUS_INVALID_CERT); + } + + let result = self.verify_spdm_certificate_chain(); + if result.is_ok() { + self.common.peer_info.peer_cert_chain[slot_id as usize] = + self.common.peer_info.peer_cert_chain_temp.clone(); + } + self.common.peer_info.peer_cert_chain_temp = None; + result + } + + pub fn verify_spdm_certificate_chain(&mut self) -> SpdmResult { + // + // 1. Verify the integrity of cert chain + // + if self.common.peer_info.peer_cert_chain_temp.is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let peer_cert_chain = self + .common + .peer_info + .peer_cert_chain_temp + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + if peer_cert_chain.data_size <= (4 + self.common.negotiate_info.base_hash_sel.get_size()) { + return Err(SPDM_STATUS_INVALID_CERT); + } + + let data_size_in_cert_chain = + peer_cert_chain.data[0] as u16 + ((peer_cert_chain.data[1] as u16) << 8); + if data_size_in_cert_chain != peer_cert_chain.data_size { + return Err(SPDM_STATUS_INVALID_CERT); + } + + let data_size = + peer_cert_chain.data_size - 4 - self.common.negotiate_info.base_hash_sel.get_size(); + let mut data = [0u8; config::MAX_SPDM_CERT_CHAIN_DATA_SIZE]; + data[0..(data_size as usize)].copy_from_slice( + &peer_cert_chain.data[(4usize + + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(peer_cert_chain.data_size as usize)], + ); + let runtime_peer_cert_chain_data = SpdmCertChainData { data_size, data }; + info!("1. get runtime_peer_cert_chain_data!\n"); + + // + // 1.1 verify the integrity of the chain + // + if crypto::cert_operation::verify_cert_chain( + &runtime_peer_cert_chain_data.data[..(runtime_peer_cert_chain_data.data_size as usize)], + ) + .is_err() + { + error!("cert_chain verification - fail! - TBD later\n"); + return Err(SPDM_STATUS_INVALID_CERT); + } + info!("1.1. integrity of cert_chain is verified!\n"); + + // + // 1.2 verify the root cert hash + // + let (root_cert_begin, root_cert_end) = crypto::cert_operation::get_cert_from_cert_chain( + &runtime_peer_cert_chain_data.data[..(runtime_peer_cert_chain_data.data_size as usize)], + 0, + )?; + let root_cert = &runtime_peer_cert_chain_data.data[root_cert_begin..root_cert_end]; + if is_root_certificate(root_cert).is_ok() { + let root_hash = if let Some(rh) = + crypto::hash::hash_all(self.common.negotiate_info.base_hash_sel, root_cert) + { + rh + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + if root_hash.data[..(root_hash.data_size as usize)] + != peer_cert_chain.data[4usize + ..(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize)] + { + error!("root_hash - fail!\n"); + return Err(SPDM_STATUS_INVALID_CERT); + } + info!("1.2. root cert hash is verified!\n"); + } + + // + // 2. verify the authority of cert chain if provisioned + // + let mut cert_chain_provisioned = false; + let mut found_match = false; + for peer_root_cert_data in self + .common + .provision_info + .peer_root_cert_data + .iter() + .flatten() + { + cert_chain_provisioned = true; + if root_cert.len() != peer_root_cert_data.data_size as usize { + continue; + } + if root_cert[..] != peer_root_cert_data.data[..peer_root_cert_data.data_size as usize] { + continue; + } else { + found_match = true; + break; + } + } + + if cert_chain_provisioned && !found_match { + return Err(SPDM_STATUS_INVALID_CERT); + } + + info!("2. root cert is verified!\n"); + + info!("cert_chain verification - pass!\n"); + Ok(()) + } +} diff --git a/spdmlib/src/requester/get_digests_req.rs b/spdmlib/src/requester/get_digests_req.rs new file mode 100644 index 0000000..540b669 --- /dev/null +++ b/spdmlib/src/requester/get_digests_req.rs @@ -0,0 +1,96 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD}; +use crate::message::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_digest(&mut self, session_id: Option) -> SpdmResult { + info!("send spdm digest\n"); + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetDigests, + session_id, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = self.encode_spdm_digest(&mut send_buffer)?; + + self.send_message(session_id, &send_buffer[..send_used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(session_id, &mut receive_buffer, false) + .await?; + + self.handle_spdm_digest_response( + session_id, + &send_buffer[..send_used], + &receive_buffer[..used], + ) + } + + pub fn encode_spdm_digest(&mut self, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }, + payload: SpdmMessagePayload::SpdmGetDigestsRequest(SpdmGetDigestsRequestPayload {}), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_digest_response( + &mut self, + session_id: Option, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseDigests => { + let digests = + SpdmDigestsResponsePayload::spdm_read(&mut self.common, &mut reader); + let used = reader.used(); + if let Some(digests) = digests { + debug!("!!! digests : {:02x?}\n", digests); + + match session_id { + None => { + self.common.append_message_b(send_buffer)?; + self.common.append_message_b(&receive_buffer[..used])?; + } + Some(_session_id) => {} + } + + Ok(()) + } else { + error!("!!! digests : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + session_id, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestGetDigests, + SpdmRequestResponseCode::SpdmResponseDigests, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/get_measurements_req.rs b/spdmlib/src/requester/get_measurements_req.rs new file mode 100644 index 0000000..44c03c1 --- /dev/null +++ b/spdmlib/src/requester/get_measurements_req.rs @@ -0,0 +1,464 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto; +#[cfg(feature = "hashed-transcript-data")] +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_ERROR_PEER, + SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_NOT_READY_PEER, + SPDM_STATUS_VERIF_FAIL, +}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + async fn send_receive_spdm_measurement_record( + &mut self, + session_id: Option, + measurement_attributes: SpdmMeasurementAttributes, + measurement_operation: SpdmMeasurementOperation, + content_changed: &mut Option, + spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, + transcript_meas: &mut Option, + slot_id: u8, + ) -> SpdmResult { + if transcript_meas.is_none() { + *transcript_meas = Some(ManagedBufferM::default()); + } + + let result = self + .delegate_send_receive_spdm_measurement_record( + session_id, + measurement_attributes, + measurement_operation, + content_changed, + spdm_measurement_record_structure, + transcript_meas, + slot_id, + ) + .await; + + if let Err(e) = result { + if e != SPDM_STATUS_NOT_READY_PEER { + self.common.reset_message_m(session_id); + *transcript_meas = None; + } + } + + result + } + + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + async fn delegate_send_receive_spdm_measurement_record( + &mut self, + session_id: Option, + measurement_attributes: SpdmMeasurementAttributes, + measurement_operation: SpdmMeasurementOperation, + content_changed: &mut Option, + spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, + transcript_meas: &mut Option, + slot_id: u8, + ) -> SpdmResult { + info!("send spdm measurement\n"); + + if slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + session_id, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = self.encode_spdm_measurement_record( + measurement_attributes, + measurement_operation, + slot_id, + &mut send_buffer, + )?; + self.send_message(session_id, &send_buffer[..send_used], false) + .await?; + + // Receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(session_id, &mut receive_buffer, true) + .await?; + + self.handle_spdm_measurement_record_response( + session_id, + slot_id, + measurement_attributes, + measurement_operation, + content_changed, + spdm_measurement_record_structure, + &send_buffer[..send_used], + &receive_buffer[..used], + transcript_meas, + ) + } + + pub fn encode_spdm_measurement_record( + &mut self, + measurement_attributes: SpdmMeasurementAttributes, + measurement_operation: SpdmMeasurementOperation, + slot_id: u8, + buf: &mut [u8], + ) -> SpdmResult { + let mut writer = Writer::init(buf); + let mut nonce = [0u8; SPDM_NONCE_SIZE]; + crypto::rand::get_random(&mut nonce)?; + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetMeasurements, + }, + payload: SpdmMessagePayload::SpdmGetMeasurementsRequest( + SpdmGetMeasurementsRequestPayload { + measurement_attributes, + measurement_operation, + nonce: SpdmNonceStruct { data: nonce }, + slot_id, + }, + ), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + #[allow(clippy::too_many_arguments)] + pub fn handle_spdm_measurement_record_response( + &mut self, + session_id: Option, + slot_id: u8, + measurement_attributes: SpdmMeasurementAttributes, + measurement_operation: SpdmMeasurementOperation, + content_changed: &mut Option, + spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, + send_buffer: &[u8], + receive_buffer: &[u8], + transcript_meas: &mut Option, + ) -> SpdmResult { + self.common.runtime_info.need_measurement_signature = + measurement_attributes.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED); + + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseMeasurements => { + let measurements = SpdmMeasurementsResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + if measurement_operation + == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber + && measurements.measurement_record.number_of_blocks != 0 + { + error!("measurement_operation == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber && + measurements.measurement_record.number_of_blocks != 0"); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + let used = reader.used(); + + debug!("!!! measurements : {:02x?}\n", measurements); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 + { + self.common.runtime_info.content_changed = measurements.content_changed; + *content_changed = Some(measurements.content_changed); + } else { + *content_changed = None; + } + + let base_asym_size = + self.common.negotiate_info.base_asym_sel.get_size() as usize; + let temp_used = used + - if self.common.runtime_info.need_measurement_signature { + base_asym_size + } else { + 0 + }; + + self.common.append_message_m(session_id, send_buffer)?; + self.common + .append_message_m(session_id, &receive_buffer[..temp_used])?; + if let Some(ret_message_m) = transcript_meas { + ret_message_m + .append_message(send_buffer) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + ret_message_m + .append_message(&receive_buffer[..temp_used]) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + + if measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + if measurements.signature.as_ref().is_empty() { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } else { + ret_message_m + .append_message(measurements.signature.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + } + } + + // verify signature + if measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + if self + .verify_measurement_signature( + slot_id, + session_id, + &measurements.signature, + ) + .is_err() + { + error!("verify_measurement_signature fail"); + self.common.reset_message_m(session_id); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + self.common.reset_message_m(session_id); + info!("verify_measurement_signature pass"); + } + } + + *spdm_measurement_record_structure = SpdmMeasurementRecordStructure { + ..measurements.measurement_record + }; + + match measurement_operation { + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber => { + Ok(measurements.number_of_measurement) + } + SpdmMeasurementOperation::SpdmMeasurementRequestAll => { + Ok(measurements.measurement_record.number_of_blocks) + } + _ => Ok(measurements.measurement_record.number_of_blocks), + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let status = self.spdm_handle_error_response_main( + session_id, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + SpdmRequestResponseCode::SpdmResponseMeasurements, + ); + match status { + Err(status) => Err(status), + Ok(()) => Err(SPDM_STATUS_ERROR_PEER), + } + } + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[allow(clippy::too_many_arguments)] + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_measurement( + &mut self, + session_id: Option, + slot_id: u8, + spdm_measuremente_attributes: SpdmMeasurementAttributes, + measurement_operation: SpdmMeasurementOperation, + content_changed: &mut Option, // out, None if spdm version < 0x12 + out_total_number: &mut u8, // out, total number when measurement_operation = SpdmMeasurementQueryTotalNumber + // number of blocks got measured. + spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, // out + transcript_meas: &mut Option, // out + ) -> SpdmResult { + *out_total_number = self + .send_receive_spdm_measurement_record( + session_id, + spdm_measuremente_attributes, + measurement_operation, + content_changed, + spdm_measurement_record_structure, + transcript_meas, + slot_id, + ) + .await?; + Ok(()) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn verify_measurement_signature( + &self, + slot_id: u8, + session_id: Option, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let message_l1l2_hash = match session_id { + None => { + let ctx = self + .common + .runtime_info + .digest_context_l1l2 + .as_ref() + .cloned() + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + crypto::hash::hash_ctx_finalize(ctx).ok_or(SPDM_STATUS_CRYPTO_ERROR)? + } + Some(session_id) => { + let session = if let Some(s) = self.common.get_immutable_session_via_id(session_id) + { + s + } else { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + }; + let ctx = session + .runtime_info + .digest_context_l1l2 + .as_ref() + .cloned() + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + crypto::hash::hash_ctx_finalize(ctx).ok_or(SPDM_STATUS_CRYPTO_ERROR)? + } + }; + + debug!("message_l1l2_hash - {:02x?}", message_l1l2_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + let mut message_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(message_l1l2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing verification!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_sign.as_ref(), + signature, + ) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn verify_measurement_signature( + &self, + slot_id: u8, + session_id: Option, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let mut message_l1l2 = ManagedBufferL1L2::default(); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + let message_a = self.common.runtime_info.message_a.clone(); + message_l1l2 + .append_message(message_a.as_ref()) + .map_or_else(|| Err(SPDM_STATUS_BUFFER_FULL), |_| Ok(()))?; + } + + match session_id { + None => { + message_l1l2 + .append_message(self.common.runtime_info.message_m.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + Some(session_id) => { + let session = if let Some(s) = self.common.get_immutable_session_via_id(session_id) + { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + message_l1l2 + .append_message(session.runtime_info.message_m.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + } + + // we dont need create message hash for verify + // we just print message hash for debug purpose + debug!("message_l1l2 - {:02x?}", message_l1l2.as_ref()); + let message_l1l2_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + message_l1l2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + debug!("message_l1l2_hash - {:02x?}", message_l1l2_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_l1l2.reset_message(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(message_l1l2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_l1l2.as_ref(), + signature, + ) + } +} diff --git a/spdmlib/src/requester/get_version_req.rs b/spdmlib/src/requester/get_version_req.rs new file mode 100644 index 0000000..d219e21 --- /dev/null +++ b/spdmlib/src/requester/get_version_req.rs @@ -0,0 +1,118 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_NEGOTIATION_FAIL, +}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_version(&mut self) -> SpdmResult { + // reset context on get version request + self.common.reset_context(); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = self.encode_spdm_version(&mut send_buffer)?; + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(None, &mut receive_buffer, false) + .await?; + self.handle_spdm_version_response(0, &send_buffer[..send_used], &receive_buffer[..used]) + } + + pub fn encode_spdm_version(&mut self, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetVersion, + }, + payload: SpdmMessagePayload::SpdmGetVersionRequest(SpdmGetVersionRequestPayload {}), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_version_response( + &mut self, + session_id: u32, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseVersion => { + let version = + SpdmVersionResponsePayload::spdm_read(&mut self.common, &mut reader); + let used = reader.used(); + if let Some(version) = version { + debug!("!!! version : {:02x?}\n", version); + + let SpdmVersionResponsePayload { + version_number_entry_count, + mut versions, + } = version; + + versions.sort_unstable_by(|a, b| b.version.cmp(&a.version)); + + let mut negotiate_version: Option = None; + + for spdm_version_struct in + versions.iter().take(version_number_entry_count as usize) + { + if self + .common + .config_info + .spdm_version + .contains(&Some(spdm_version_struct.version)) + { + negotiate_version = Some(spdm_version_struct.version); + break; + } + } + + if let Some(negotiate_version) = negotiate_version { + self.common.negotiate_info.spdm_version_sel = negotiate_version; + debug!( + "Version negotiated: {:?}", + self.common.negotiate_info.spdm_version_sel + ); + } else { + debug!( + "Version negotiation failed! with given version list: {:?}", + versions + ); + return Err(SPDM_STATUS_NEGOTIATION_FAIL); + } + + // clear cache data + self.common.reset_runtime_info(); + + self.common.append_message_a(send_buffer)?; + self.common.append_message_a(&receive_buffer[..used])?; + + Ok(()) + } else { + error!("!!! version : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self.spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestGetVersion, + SpdmRequestResponseCode::SpdmResponseVersion, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + }, + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/handle_error_response_req.rs b/spdmlib/src/requester/handle_error_response_req.rs new file mode 100644 index 0000000..474b8ed --- /dev/null +++ b/spdmlib/src/requester/handle_error_response_req.rs @@ -0,0 +1,88 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader}; + +use crate::common::session::SpdmSessionState; +use crate::error::{ + SpdmResult, SPDM_STATUS_BUSY_PEER, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_NOT_READY_PEER, SPDM_STATUS_SESSION_MSG_ERROR, +}; +use crate::message::*; +use crate::requester::RequesterContext; + +impl RequesterContext { + fn spdm_handle_simple_error_response( + &mut self, + session_id: Option, + error_code: u8, + ) -> SpdmResult { + /* NOT_READY is treated as error here. + * Use spdm_handle_error_response_main to handle NOT_READY message in long latency command.*/ + if error_code == SpdmErrorCode::SpdmErrorResponseNotReady.get_u8() { + Err(SPDM_STATUS_NOT_READY_PEER) + } else if error_code == SpdmErrorCode::SpdmErrorBusy.get_u8() { + Err(SPDM_STATUS_BUSY_PEER) + } else if error_code == SpdmErrorCode::SpdmErrorRequestResynch.get_u8() { + if let Some(sid) = session_id { + let session = if let Some(s) = self.common.get_session_via_id(sid) { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + session.set_session_state(SpdmSessionState::SpdmSessionNotStarted); + } + Err(SPDM_STATUS_INVALID_PARAMETER) + } else { + Err(SPDM_STATUS_ERROR_PEER) + } + } + + pub fn spdm_handle_error_response_main( + &mut self, + session_id: Option, + response: &[u8], + _original_request_code: SpdmRequestResponseCode, + _expected_response_code: SpdmRequestResponseCode, + ) -> SpdmResult { + let mut spdm_message_header_reader = Reader::init(response); + let spdm_message_header = + if let Some(smh) = SpdmMessageHeader::read(&mut spdm_message_header_reader) { + smh + } else { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + }; + let header_size = spdm_message_header_reader.used(); + + if spdm_message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if spdm_message_header.request_response_code != SpdmRequestResponseCode::SpdmResponseError { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + let mut spdm_message_payload_reader = Reader::init(&response[header_size..]); + let spdm_message_general_payload = + if let Some(smgp) = SpdmMessageGeneralPayload::read(&mut spdm_message_payload_reader) { + smgp + } else { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + }; + + if spdm_message_general_payload.param1 == SpdmErrorCode::SpdmErrorDecryptError.get_u8() { + if let Some(sid) = session_id { + let session = if let Some(s) = self.common.get_session_via_id(sid) { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + session.teardown(); + } + Err(SPDM_STATUS_SESSION_MSG_ERROR) + } else { + self.spdm_handle_simple_error_response(session_id, spdm_message_general_payload.param1) + } + } +} diff --git a/spdmlib/src/requester/heartbeat_req.rs b/spdmlib/src/requester/heartbeat_req.rs new file mode 100644 index 0000000..a088364 --- /dev/null +++ b/spdmlib/src/requester/heartbeat_req.rs @@ -0,0 +1,80 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD}; +use crate::message::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_heartbeat(&mut self, session_id: u32) -> SpdmResult { + info!("send spdm heartbeat\n"); + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestHeartbeat, + Some(session_id), + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self.encode_spdm_heartbeat(&mut send_buffer)?; + self.send_message(Some(session_id), &send_buffer[..used], false) + .await?; + + // Receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await?; + self.handle_spdm_heartbeat_response(session_id, &receive_buffer[..used]) + } + + pub fn encode_spdm_heartbeat(&mut self, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestHeartbeat, + }, + payload: SpdmMessagePayload::SpdmHeartbeatRequest(SpdmHeartbeatRequestPayload {}), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_heartbeat_response( + &mut self, + session_id: u32, + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseHeartbeatAck => { + let heartbeat_rsp = + SpdmHeartbeatResponsePayload::spdm_read(&mut self.common, &mut reader); + if let Some(heartbeat_rsp) = heartbeat_rsp { + debug!("!!! heartbeat rsp : {:02x?}\n", heartbeat_rsp); + Ok(()) + } else { + error!("!!! heartbeat : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestHeartbeat, + SpdmRequestResponseCode::SpdmResponseHeartbeatAck, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/key_exchange_req.rs b/spdmlib/src/requester/key_exchange_req.rs new file mode 100644 index 0000000..0f18ceb --- /dev/null +++ b/spdmlib/src/requester/key_exchange_req.rs @@ -0,0 +1,548 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::boxed::Box; +use core::ops::DerefMut; + +use crate::common::session::SpdmSession; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_ERROR_PEER; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_PARAMETER; +#[cfg(feature = "hashed-transcript-data")] +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_SESSION_NUMBER_EXCEED; +use crate::error::SPDM_STATUS_VERIF_FAIL; +use crate::protocol::*; +use crate::requester::*; + +use crate::crypto; + +use crate::error::SpdmResult; +use crate::message::*; +use crate::protocol::{SpdmMeasurementSummaryHashType, SpdmSignatureStruct, SpdmVersion}; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_key_exchange( + &mut self, + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + ) -> SpdmResult { + info!("send spdm key exchange\n"); + + if slot_id >= SPDM_MAX_SLOT_NUMBER as u8 { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let req_session_id = self.common.get_next_half_session_id(true)?; + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestKeyExchange, None); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let (key_exchange_context, send_used) = self.encode_spdm_key_exchange( + req_session_id, + &mut send_buffer, + slot_id, + measurement_summary_hash_type, + )?; + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + // Receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let receive_used = self + .receive_message(None, &mut receive_buffer, false) + .await?; + + let mut target_session_id = None; + if let Err(e) = self.handle_spdm_key_exchange_response( + req_session_id, + slot_id, + &send_buffer[..send_used], + &receive_buffer[..receive_used], + measurement_summary_hash_type, + key_exchange_context, + &mut target_session_id, + ) { + if let Some(session_id) = target_session_id { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + + Err(e) + } else { + Ok(target_session_id.unwrap()) + } + } + + pub fn encode_spdm_key_exchange( + &mut self, + req_session_id: u16, + buf: &mut [u8], + slot_id: u8, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + ) -> SpdmResult<(Box, usize)> { + let mut writer = Writer::init(buf); + + let mut random = [0u8; SPDM_RANDOM_SIZE]; + crypto::rand::get_random(&mut random)?; + + let (exchange, key_exchange_context) = + crypto::dhe::generate_key_pair(self.common.negotiate_info.dhe_sel) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + debug!("!!! exchange data : {:02x?}\n", exchange); + + let mut secured_message_version_list = SecuredMessageVersionList { + version_count: 0, + versions_list: [SecuredMessageVersion::default(); MAX_SECURE_SPDM_VERSION_COUNT], + }; + + for (_, local_version) in self + .common + .config_info + .secure_spdm_version + .iter() + .flatten() + .enumerate() + { + secured_message_version_list.versions_list + [secured_message_version_list.version_count as usize] = *local_version; + secured_message_version_list.version_count += 1; + } + + let opaque = SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut self.common, + &SMSupportedVerListOpaque { + secured_message_version_list, + }, + )?; + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestKeyExchange, + }, + payload: SpdmMessagePayload::SpdmKeyExchangeRequest(SpdmKeyExchangeRequestPayload { + slot_id, + measurement_summary_hash_type, + req_session_id, + session_policy: self.common.config_info.session_policy, + random: SpdmRandomStruct { data: random }, + exchange, + opaque, + }), + }; + request.spdm_encode(&mut self.common, &mut writer)?; + Ok((key_exchange_context, writer.used())) + } + + #[allow(clippy::too_many_arguments)] + pub fn handle_spdm_key_exchange_response( + &mut self, + req_session_id: u16, + slot_id: u8, + send_buffer: &[u8], + receive_buffer: &[u8], + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + key_exchange_context: Box, + target_session_id: &mut Option, + ) -> SpdmResult { + self.common.runtime_info.need_measurement_summary_hash = (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll); + + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + info!("in_clear_text {:?}\n", in_clear_text); + + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseKeyExchangeRsp => { + let key_exchange_rsp = SpdmKeyExchangeResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + let receive_used = reader.used(); + if let Some(key_exchange_rsp) = key_exchange_rsp { + debug!("!!! key_exchange rsp : {:02x?}\n", key_exchange_rsp); + debug!( + "!!! exchange data (peer) : {:02x?}\n", + &key_exchange_rsp.exchange + ); + + let final_key = key_exchange_context + .compute_final_key(&key_exchange_rsp.exchange) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + debug!("!!! final_key : {:02x?}\n", final_key.as_ref()); + + // create session structure + let base_hash_algo = self.common.negotiate_info.base_hash_sel; + let dhe_algo = self.common.negotiate_info.dhe_sel; + let aead_algo = self.common.negotiate_info.aead_sel; + let key_schedule_algo = self.common.negotiate_info.key_schedule_sel; + let sequence_number_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_sequence_number_count() + }; + let max_random_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_max_random_count() + }; + + let secure_spdm_version_sel = key_exchange_rsp + .opaque + .req_get_dmtf_secure_spdm_version_selection(&mut self.common) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + info!( + "secure_spdm_version_sel set to {:02X?}", + secure_spdm_version_sel + ); + + let session_id = ((key_exchange_rsp.rsp_session_id as u32) << 16) + + req_session_id as u32; + *target_session_id = Some(session_id); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let message_a = self.common.runtime_info.message_a.clone(); + let cert_chain_hash = + self.common.get_certchain_hash_peer(false, slot_id as usize); + if cert_chain_hash.is_none() { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + #[cfg(feature = "mut-auth")] + if !key_exchange_rsp.mut_auth_req.is_empty() { + if !self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP) + || !self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::MUT_AUTH_CAP) + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + if key_exchange_rsp.mut_auth_req + == SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_ENCAP_REQUEST + && key_exchange_rsp.req_slot_id >= SPDM_MAX_SLOT_NUMBER as u8 + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + self.common.runtime_info.set_local_used_cert_chain_slot_id( + key_exchange_rsp.req_slot_id & 0xf, + ); + } + + let session = self + .common + .get_next_avaiable_session() + .ok_or(SPDM_STATUS_SESSION_NUMBER_EXCEED)?; + + session.setup(session_id)?; + + session.set_use_psk(false); + session.set_mut_auth_requested(key_exchange_rsp.mut_auth_req); + + session.set_crypto_param( + base_hash_algo, + dhe_algo, + aead_algo, + key_schedule_algo, + ); + session.set_transport_param(sequence_number_count, max_random_count); + session.set_dhe_secret(spdm_version_sel, final_key)?; + session.runtime_info.message_a = message_a; + session.runtime_info.rsp_cert_hash = cert_chain_hash; + session.runtime_info.req_cert_hash = None; + + // create transcript + let base_asym_size = + self.common.negotiate_info.base_asym_sel.get_size() as usize; + let base_hash_size = + self.common.negotiate_info.base_hash_sel.get_size() as usize; + let temp_receive_used = if in_clear_text { + receive_used - base_asym_size + } else { + receive_used - base_asym_size - base_hash_size + }; + + self.common.append_message_k(session_id, send_buffer)?; + self.common.append_message_k( + session_id, + &receive_buffer[..temp_receive_used], + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // verify signature + if self + .verify_key_exchange_rsp_signature( + slot_id, + session, + &key_exchange_rsp.signature, + ) + .is_err() + { + error!("verify_key_exchange_rsp_signature fail"); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + info!("verify_key_exchange_rsp_signature pass"); + } + + self.common.append_message_k( + session_id, + key_exchange_rsp.signature.as_ref(), + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // generate the handshake secret (including finished_key) before verify HMAC + let th1 = self + .common + .calc_req_transcript_hash(false, slot_id, false, session)?; + debug!("!!! th1 : {:02x?}\n", th1.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.generate_handshake_secret(spdm_version_sel, &th1)?; + + if !in_clear_text { + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // verify HMAC with finished_key + let transcript_hash = self + .common + .calc_req_transcript_hash(false, slot_id, false, session)?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + if session + .verify_hmac_with_response_finished_key( + transcript_hash.as_ref(), + &key_exchange_rsp.verify_data, + ) + .is_err() + { + error!("verify_hmac_with_response_finished_key fail"); + let session = + self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + info!("verify_hmac_with_response_finished_key pass"); + } + + // append verify_data after TH1 + if self + .common + .append_message_k( + session_id, + key_exchange_rsp.verify_data.as_ref(), + ) + .is_err() + { + let session = + self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + return Err(SPDM_STATUS_BUFFER_FULL); + } + } + + // append verify_data after TH1 + let session = self.common.get_session_via_id(session_id).unwrap(); + + session.secure_spdm_version_sel = secure_spdm_version_sel; + session.heartbeat_period = key_exchange_rsp.heartbeat_period; + + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionHandshaking, + ); + + if in_clear_text { + self.common + .runtime_info + .set_last_session_id(Some(session_id)); + } + + Ok(()) + } else { + error!("!!! key_exchange : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let status = self.spdm_handle_error_response_main( + None, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestKeyExchange, + SpdmRequestResponseCode::SpdmResponseKeyExchangeRsp, + ); + match status { + Err(status) => Err(status), + Ok(()) => Err(SPDM_STATUS_ERROR_PEER), + } + } + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn verify_key_exchange_rsp_signature( + &self, + slot_id: u8, + session: &SpdmSession, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let transcript_hash = self + .common + .calc_req_transcript_hash(false, slot_id, false, session)?; + + debug!("message_hash - {:02x?}", transcript_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + let mut message_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_2) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(transcript_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing verification!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_sign.as_ref(), + signature, + ) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn verify_key_exchange_rsp_signature( + &self, + slot_id: u8, + session: &SpdmSession, + signature: &SpdmSignatureStruct, + ) -> SpdmResult { + let message_hash = self + .common + .calc_req_transcript_hash(false, slot_id, false, session)?; + // we dont need create message hash for verify + // we just print message hash for debug purpose + debug!("message_hash - {:02x?}", message_hash.as_ref()); + + if self.common.peer_info.peer_cert_chain[slot_id as usize].is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let cert_chain_data = &self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + let mut message = self.common.calc_req_transcript_data( + false, + slot_id, + false, + &session.runtime_info.message_k, + None, + )?; + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message.reset_message(); + message + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_2) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(&SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(message_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + cert_chain_data, + message.as_ref(), + signature, + ) + } +} diff --git a/spdmlib/src/requester/key_update_req.rs b/spdmlib/src/requester/key_update_req.rs new file mode 100644 index 0000000..7aec510 --- /dev/null +++ b/spdmlib/src/requester/key_update_req.rs @@ -0,0 +1,153 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_PARAMETER, +}; +use crate::message::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + async fn send_receive_spdm_key_update_op( + &mut self, + session_id: u32, + key_update_operation: SpdmKeyUpdateOperation, + tag: u8, + ) -> SpdmResult { + info!("send spdm key_update\n"); + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + Some(session_id), + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self.encode_spdm_key_update_op(key_update_operation, tag, &mut send_buffer)?; + self.send_message(Some(session_id), &send_buffer[..used], false) + .await?; + + // update key + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = if let Some(s) = self.common.get_session_via_id(session_id) { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + let update_requester = key_update_operation == SpdmKeyUpdateOperation::SpdmUpdateSingleKey + || key_update_operation == SpdmKeyUpdateOperation::SpdmUpdateAllKeys; + let update_responder = key_update_operation == SpdmKeyUpdateOperation::SpdmUpdateAllKeys; + session.create_data_secret_update(spdm_version_sel, update_requester, update_responder)?; + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await?; + + self.handle_spdm_key_update_op_response( + session_id, + update_requester, + update_responder, + &receive_buffer[..used], + ) + } + + pub fn encode_spdm_key_update_op( + &mut self, + key_update_operation: SpdmKeyUpdateOperation, + tag: u8, + buf: &mut [u8], + ) -> SpdmResult { + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestKeyUpdate, + }, + payload: SpdmMessagePayload::SpdmKeyUpdateRequest(SpdmKeyUpdateRequestPayload { + key_update_operation, + tag, + }), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_key_update_op_response( + &mut self, + session_id: u32, + update_requester: bool, + update_responder: bool, + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck => { + let key_update_rsp = + SpdmKeyUpdateResponsePayload::spdm_read(&mut self.common, &mut reader); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = if let Some(s) = self.common.get_session_via_id(session_id) { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + if let Some(key_update_rsp) = key_update_rsp { + debug!("!!! key_update rsp : {:02x?}\n", key_update_rsp); + session.activate_data_secret_update( + spdm_version_sel, + update_requester, + update_responder, + true, + )?; + Ok(()) + } else { + error!("!!! key_update : fail !!!\n"); + session.activate_data_secret_update( + spdm_version_sel, + update_requester, + update_responder, + false, + )?; + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + SpdmRequestResponseCode::SpdmResponseKeyUpdateAck, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_key_update( + &mut self, + session_id: u32, + key_update_operation: SpdmKeyUpdateOperation, + ) -> SpdmResult { + if key_update_operation != SpdmKeyUpdateOperation::SpdmUpdateAllKeys + && key_update_operation != SpdmKeyUpdateOperation::SpdmUpdateSingleKey + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + self.send_receive_spdm_key_update_op(session_id, key_update_operation, 1) + .await?; + self.send_receive_spdm_key_update_op( + session_id, + SpdmKeyUpdateOperation::SpdmVerifyNewKey, + 2, + ) + .await + } +} diff --git a/spdmlib/src/requester/mod.rs b/spdmlib/src/requester/mod.rs new file mode 100644 index 0000000..d32f9ad --- /dev/null +++ b/spdmlib/src/requester/mod.rs @@ -0,0 +1,38 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod context; + +mod challenge_req; +#[cfg(feature = "mut-auth")] +mod encap_certificate; +#[cfg(feature = "mut-auth")] +mod encap_digest; +#[cfg(feature = "mut-auth")] +mod encap_error; +#[cfg(feature = "mut-auth")] +mod encap_req; +mod end_session_req; +mod finish_req; +mod get_capabilities_req; +mod get_certificate_req; +mod get_digests_req; +pub mod get_measurements_req; +mod get_version_req; +mod handle_error_response_req; +mod heartbeat_req; +mod key_exchange_req; +pub mod key_update_req; +#[cfg(feature = "mut-auth")] +mod mutual_authenticate; +mod negotiate_algorithms_req; +mod psk_exchange_req; +mod psk_finish_req; +mod vendor_req; + +pub use context::RequesterContext; + +use crate::common::*; +use crate::config; +use codec::{Codec, Reader, Writer}; diff --git a/spdmlib/src/requester/mutual_authenticate.rs b/spdmlib/src/requester/mutual_authenticate.rs new file mode 100644 index 0000000..180586f --- /dev/null +++ b/spdmlib/src/requester/mutual_authenticate.rs @@ -0,0 +1,33 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::{ + error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_STATE_LOCAL}, + message::SpdmKeyExchangeMutAuthAttributes, +}; + +use super::RequesterContext; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn session_based_mutual_authenticate(&mut self, session_id: u32) -> SpdmResult<()> { + self.common.construct_my_cert_chain()?; + + let spdm_session = self + .common + .get_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + + let mut_auth_requested = spdm_session.get_mut_auth_requested(); + match mut_auth_requested { + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ => Ok(()), + SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_ENCAP_REQUEST + | SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS => { + self.get_encapsulated_request_response(session_id, mut_auth_requested) + .await + } + _ => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/negotiate_algorithms_req.rs b/spdmlib/src/requester/negotiate_algorithms_req.rs new file mode 100644 index 0000000..074dbc6 --- /dev/null +++ b/spdmlib/src/requester/negotiate_algorithms_req.rs @@ -0,0 +1,206 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_NEGOTIATION_FAIL, +}; + +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_algorithm(&mut self) -> SpdmResult { + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + None, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let send_used = self.encode_spdm_algorithm(&mut send_buffer)?; + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let used = self + .receive_message(None, &mut receive_buffer, false) + .await?; + self.handle_spdm_algorithm_response(0, &send_buffer[..send_used], &receive_buffer[..used]) + } + + pub fn encode_spdm_algorithm(&mut self, buf: &mut [u8]) -> SpdmResult { + let other_params_support: SpdmOpaqueSupport = self.common.config_info.opaque_support; + + let mut alg_struct_count = 0; + let mut alg_struct: [SpdmAlgStruct; MAX_SUPPORTED_ALG_STRUCTURE_COUNT] = + gen_array_clone(SpdmAlgStruct::default(), MAX_SUPPORTED_ALG_STRUCTURE_COUNT); + if self.common.config_info.dhe_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeDHE; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoDhe(self.common.config_info.dhe_algo); + alg_struct_count += 1; + } + if self.common.config_info.aead_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeAEAD; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoAead(self.common.config_info.aead_algo); + alg_struct_count += 1; + } + if self.common.config_info.req_asym_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeReqAsym; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoReqAsym(self.common.config_info.req_asym_algo); + alg_struct_count += 1; + } + if self.common.config_info.key_schedule_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeKeySchedule; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoKeySchedule(self.common.config_info.key_schedule_algo); + alg_struct_count += 1; + } + + let mut writer = Writer::init(buf); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + }, + payload: SpdmMessagePayload::SpdmNegotiateAlgorithmsRequest( + SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: self.common.config_info.measurement_specification, + other_params_support, + base_asym_algo: self.common.config_info.base_asym_algo, + base_hash_algo: self.common.config_info.base_hash_algo, + alg_struct_count: alg_struct_count as u8, + alg_struct, + }, + ), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_algorithm_response( + &mut self, + session_id: u32, + send_buffer: &[u8], + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseAlgorithms => { + let algorithms = + SpdmAlgorithmsResponsePayload::spdm_read(&mut self.common, &mut reader); + let used = reader.used(); + if let Some(algorithms) = algorithms { + debug!("!!! algorithms : {:02x?}\n", algorithms); + + self.common.negotiate_info.measurement_specification_sel = + algorithms.measurement_specification_sel; + + self.common.negotiate_info.opaque_data_support = + algorithms.other_params_selection; + + self.common.negotiate_info.measurement_hash_sel = + algorithms.measurement_hash_algo; + if algorithms.base_hash_sel.bits() == 0 { + return Err(SPDM_STATUS_NEGOTIATION_FAIL); + } + self.common.negotiate_info.base_hash_sel = algorithms.base_hash_sel; + if algorithms.base_asym_sel.bits() == 0 { + return Err(SPDM_STATUS_NEGOTIATION_FAIL); + } + self.common.negotiate_info.base_asym_sel = algorithms.base_asym_sel; + for alg in algorithms + .alg_struct + .iter() + .take(algorithms.alg_struct_count as usize) + { + match &alg.alg_supported { + SpdmAlg::SpdmAlgoDhe(v) => { + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.dhe_sel = + self.common.config_info.dhe_algo; + self.common.negotiate_info.dhe_sel.prioritize(*v); + } else { + error!( + "unknown Dhe algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + } + SpdmAlg::SpdmAlgoAead(v) => { + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.aead_sel = + self.common.config_info.aead_algo; + self.common.negotiate_info.aead_sel.prioritize(*v); + } else { + error!( + "unknown aead algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + } + SpdmAlg::SpdmAlgoReqAsym(v) => { + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.req_asym_sel = + self.common.config_info.req_asym_algo; + self.common.negotiate_info.req_asym_sel.prioritize(*v); + } else { + error!( + "unknown req asym algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + } + SpdmAlg::SpdmAlgoKeySchedule(v) => { + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.key_schedule_sel = + self.common.config_info.key_schedule_algo; + self.common + .negotiate_info + .key_schedule_sel + .prioritize(*v); + } else { + error!( + "unknown key schedule algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + } + SpdmAlg::SpdmAlgoUnknown(_v) => {} + } + } + + self.common.append_message_a(send_buffer)?; + self.common.append_message_a(&receive_buffer[..used])?; + + return Ok(()); + } + error!("!!! algorithms : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + SpdmRequestResponseCode::SpdmResponseAlgorithms, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/psk_exchange_req.rs b/spdmlib/src/requester/psk_exchange_req.rs new file mode 100644 index 0000000..974ad71 --- /dev/null +++ b/spdmlib/src/requester/psk_exchange_req.rs @@ -0,0 +1,352 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use config::MAX_SPDM_PSK_CONTEXT_SIZE; + +use crate::crypto; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_SESSION_NUMBER_EXCEED, SPDM_STATUS_VERIF_FAIL, +}; +use crate::message::*; +use crate::protocol::SpdmMeasurementSummaryHashType; +use crate::protocol::*; +use crate::requester::*; +extern crate alloc; +use core::ops::DerefMut; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_psk_exchange( + &mut self, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + psk_hint: Option<&SpdmPskHintStruct>, + ) -> SpdmResult { + info!("send spdm psk exchange\n"); + + let psk_hint = if let Some(hint) = psk_hint { + hint.clone() + } else { + SpdmPskHintStruct::default() + }; + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestPskExchange, None); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let half_session_id = self.common.get_next_half_session_id(true)?; + let send_used = self.encode_spdm_psk_exchange( + half_session_id, + measurement_summary_hash_type, + &psk_hint, + &mut send_buffer, + )?; + + self.send_message(None, &send_buffer[..send_used], false) + .await?; + + // Receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let receive_used = self + .receive_message(None, &mut receive_buffer, false) + .await?; + + let mut target_session_id = None; + if let Err(e) = self.handle_spdm_psk_exchange_response( + half_session_id, + measurement_summary_hash_type, + &psk_hint, + &send_buffer[..send_used], + &receive_buffer[..receive_used], + &mut target_session_id, + ) { + if let Some(session_id) = target_session_id { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + + Err(e) + } else { + Ok(target_session_id.unwrap()) + } + } + + pub fn encode_spdm_psk_exchange( + &mut self, + half_session_id: u16, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + psk_hint: &SpdmPskHintStruct, + buf: &mut [u8], + ) -> SpdmResult { + let mut writer = Writer::init(buf); + + let mut psk_context = [0u8; MAX_SPDM_PSK_CONTEXT_SIZE]; + crypto::rand::get_random(&mut psk_context)?; + + let mut secured_message_version_list = SecuredMessageVersionList { + version_count: 0, + versions_list: [SecuredMessageVersion::default(); MAX_SECURE_SPDM_VERSION_COUNT], + }; + + for (_, local_version) in self + .common + .config_info + .secure_spdm_version + .iter() + .flatten() + .enumerate() + { + secured_message_version_list.versions_list + [secured_message_version_list.version_count as usize] = *local_version; + secured_message_version_list.version_count += 1; + } + + let opaque = SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut self.common, + &SMSupportedVerListOpaque { + secured_message_version_list, + }, + )?; + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestPskExchange, + }, + payload: SpdmMessagePayload::SpdmPskExchangeRequest(SpdmPskExchangeRequestPayload { + measurement_summary_hash_type, + req_session_id: half_session_id, + psk_hint: psk_hint.clone(), + psk_context: SpdmPskContextStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: psk_context, + }, + opaque, + }), + }; + request.spdm_encode(&mut self.common, &mut writer) + } + + pub fn handle_spdm_psk_exchange_response( + &mut self, + half_session_id: u16, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + psk_hint: &SpdmPskHintStruct, + send_buffer: &[u8], + receive_buffer: &[u8], + target_session_id: &mut Option, + ) -> SpdmResult { + self.common.runtime_info.need_measurement_summary_hash = (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll); + + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponsePskExchangeRsp => { + let psk_exchange_rsp = SpdmPskExchangeResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + let receive_used = reader.used(); + if let Some(psk_exchange_rsp) = psk_exchange_rsp { + debug!("!!! psk_exchange rsp : {:02x?}\n", psk_exchange_rsp); + + // create session structure + let base_hash_algo = self.common.negotiate_info.base_hash_sel; + let dhe_algo = self.common.negotiate_info.dhe_sel; + let aead_algo = self.common.negotiate_info.aead_sel; + let key_schedule_algo = self.common.negotiate_info.key_schedule_sel; + let sequence_number_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_sequence_number_count() + }; + let max_random_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_max_random_count() + }; + + let secure_spdm_version_sel = psk_exchange_rsp + .opaque + .req_get_dmtf_secure_spdm_version_selection(&mut self.common) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let session_id = ((psk_exchange_rsp.rsp_session_id as u32) << 16) + + half_session_id as u32; + *target_session_id = Some(session_id); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let message_a = self.common.runtime_info.message_a.clone(); + + let session = self + .common + .get_next_avaiable_session() + .ok_or(SPDM_STATUS_SESSION_NUMBER_EXCEED)?; + + session.setup(session_id)?; + + session.set_use_psk(true); + + session.set_crypto_param( + base_hash_algo, + dhe_algo, + aead_algo, + key_schedule_algo, + ); + session.set_transport_param(sequence_number_count, max_random_count); + + session.runtime_info.psk_hint = Some(psk_hint.clone()); + session.runtime_info.message_a = message_a; + session.runtime_info.rsp_cert_hash = None; + session.runtime_info.req_cert_hash = None; + + // create transcript + let base_hash_size = + self.common.negotiate_info.base_hash_sel.get_size() as usize; + let temp_receive_used = receive_used - base_hash_size; + + self.common.append_message_k(session_id, send_buffer)?; + self.common.append_message_k( + session_id, + &receive_buffer[..temp_receive_used], + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // generate the handshake secret (including finished_key) before verify HMAC + let th1 = self.common.calc_req_transcript_hash( + true, + INVALID_SLOT, + false, + session, + )?; + debug!("!!! th1 : {:02x?}\n", th1.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.generate_handshake_secret(spdm_version_sel, &th1)?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // verify HMAC with finished_key + let transcript_hash = self.common.calc_req_transcript_hash( + true, + INVALID_SLOT, + false, + session, + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + + if session + .verify_hmac_with_response_finished_key( + transcript_hash.as_ref(), + &psk_exchange_rsp.verify_data, + ) + .is_err() + { + error!("verify_hmac_with_response_finished_key fail"); + let session = self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + info!("verify_hmac_with_response_finished_key pass"); + } + + // append verify_data after TH1 + if self + .common + .append_message_k(session_id, psk_exchange_rsp.verify_data.as_ref()) + .is_err() + { + let session = self + .common + .get_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + session.teardown(); + return Err(SPDM_STATUS_BUFFER_FULL); + } + + let session = self + .common + .get_session_via_id(session_id) + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionHandshaking, + ); + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + let psk_without_context = self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT); + if psk_without_context { + // generate the data secret directly to skip PSK_FINISH + let th2 = self.common.calc_req_transcript_hash( + true, + INVALID_SLOT, + false, + session, + )?; + + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.generate_data_secret(spdm_version_sel, &th2)?; + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + } + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.secure_spdm_version_sel = secure_spdm_version_sel; + session.heartbeat_period = psk_exchange_rsp.heartbeat_period; + + Ok(session_id) + } else { + error!("!!! psk_exchange : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let status = self.spdm_handle_error_response_main( + None, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestPskExchange, + SpdmRequestResponseCode::SpdmResponsePskExchangeRsp, + ); + match status { + Err(status) => Err(status), + Ok(()) => Err(SPDM_STATUS_ERROR_PEER), + } + } + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/psk_finish_req.rs b/spdmlib/src/requester/psk_finish_req.rs new file mode 100644 index 0000000..0779465 --- /dev/null +++ b/spdmlib/src/requester/psk_finish_req.rs @@ -0,0 +1,192 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{ + SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_PARAMETER, +}; +use crate::message::*; +use crate::protocol::*; +use crate::requester::*; +extern crate alloc; +use alloc::boxed::Box; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_receive_spdm_psk_finish(&mut self, session_id: u32) -> SpdmResult { + info!("send spdm psk_finish\n"); + + if let Err(e) = self.delegate_send_receive_spdm_psk_finish(session_id).await { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + + Err(e) + } else { + Ok(()) + } + } + + #[maybe_async::maybe_async] + pub async fn delegate_send_receive_spdm_psk_finish(&mut self, session_id: u32) -> SpdmResult { + if self.common.get_session_via_id(session_id).is_none() { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestPskFinish, + Some(session_id), + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let res = self.encode_spdm_psk_finish(session_id, &mut send_buffer); + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return Err(res.err().unwrap()); + } + let send_used = res.unwrap(); + let res = self + .send_message(Some(session_id), &send_buffer[..send_used], false) + .await; + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return res; + } + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let res = self + .receive_message(Some(session_id), &mut receive_buffer, false) + .await; + if res.is_err() { + self.common + .get_session_via_id(session_id) + .unwrap() + .teardown(); + return Err(res.err().unwrap()); + } + let receive_used = res.unwrap(); + let res = self.handle_spdm_psk_finish_response(session_id, &receive_buffer[..receive_used]); + if res.is_err() { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + res + } + + pub fn encode_spdm_psk_finish(&mut self, session_id: u32, buf: &mut [u8]) -> SpdmResult { + let mut writer = Writer::init(buf); + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestPskFinish, + }, + payload: SpdmMessagePayload::SpdmPskFinishRequest(SpdmPskFinishRequestPayload { + verify_data: SpdmDigestStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: Box::new([0xcc; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + let send_used = request.spdm_encode(&mut self.common, &mut writer)?; + + // generate HMAC with finished_key + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + let temp_used = send_used - base_hash_size; + + self.common + .append_message_f(true, session_id, &buf[..temp_used])?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + let transcript_hash = + self.common + .calc_req_transcript_hash(true, INVALID_SLOT, false, session)?; + + let session = self.common.get_session_via_id(session_id).unwrap(); + let hmac = session.generate_hmac_with_request_finished_key(transcript_hash.as_ref())?; + + self.common + .append_message_f(true, session_id, hmac.as_ref())?; + + // patch the message before send + buf[(send_used - base_hash_size)..send_used].copy_from_slice(hmac.as_ref()); + Ok(send_used) + } + + pub fn handle_spdm_psk_finish_response( + &mut self, + session_id: u32, + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponsePskFinishRsp => { + let psk_finish_rsp = + SpdmPskFinishResponsePayload::spdm_read(&mut self.common, &mut reader); + let receive_used = reader.used(); + if let Some(psk_finish_rsp) = psk_finish_rsp { + debug!("!!! psk_finish rsp : {:02x?}\n", psk_finish_rsp); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + + self.common.append_message_f( + true, + session_id, + &receive_buffer[..receive_used], + )?; + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let th2 = self.common.calc_req_transcript_hash( + true, + INVALID_SLOT, + false, + session, + )?; + + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.generate_data_secret(spdm_version_sel, &th2)?; + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + + Ok(()) + } else { + error!("!!! psk_finish : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + SpdmRequestResponseCode::SpdmResponseError => self + .spdm_handle_error_response_main( + Some(session_id), + receive_buffer, + SpdmRequestResponseCode::SpdmRequestPskFinish, + SpdmRequestResponseCode::SpdmResponsePskFinishRsp, + ), + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/requester/vendor_req.rs b/spdmlib/src/requester/vendor_req.rs new file mode 100644 index 0000000..f2b0202 --- /dev/null +++ b/spdmlib/src/requester/vendor_req.rs @@ -0,0 +1,95 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::error::{SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD}; +use crate::message::*; +use crate::requester::*; + +impl RequesterContext { + #[maybe_async::maybe_async] + pub async fn send_spdm_vendor_defined_request( + &mut self, + session_id: Option, + standard_id: RegistryOrStandardsBodyID, + vendor_id_struct: VendorIDStruct, + req_payload_struct: VendorDefinedReqPayloadStruct, + ) -> SpdmResult { + info!("send vendor defined request\n"); + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest, + session_id, + ); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest, + }, + payload: SpdmMessagePayload::SpdmVendorDefinedRequest( + SpdmVendorDefinedRequestPayload { + standard_id, + vendor_id: vendor_id_struct, + req_payload: req_payload_struct, + }, + ), + }; + let used = request.spdm_encode(&mut self.common, &mut writer)?; + + self.send_message(session_id, &send_buffer[..used], false) + .await?; + + //receive + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let receive_used = self + .receive_message(session_id, &mut receive_buffer, false) + .await?; + + self.handle_spdm_vendor_defined_respond(session_id, &receive_buffer[..receive_used]) + } + + pub fn handle_spdm_vendor_defined_respond( + &mut self, + session_id: Option, + receive_buffer: &[u8], + ) -> SpdmResult { + let mut reader = Reader::init(receive_buffer); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match message_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseVendorDefinedResponse => { + match SpdmVendorDefinedResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ) { + Some(spdm_vendor_defined_response_payload) => { + Ok(spdm_vendor_defined_response_payload.rsp_payload) + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let status = self.spdm_handle_error_response_main( + session_id, + receive_buffer, + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest, + SpdmRequestResponseCode::SpdmResponseVendorDefinedResponse, + ); + match status { + Err(status) => Err(status), + Ok(()) => Err(SPDM_STATUS_ERROR_PEER), + } + } + _ => Err(SPDM_STATUS_ERROR_PEER), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/responder/algorithm_rsp.rs b/spdmlib/src/responder/algorithm_rsp.rs new file mode 100644 index 0000000..03c6757 --- /dev/null +++ b/spdmlib/src/responder/algorithm_rsp.rs @@ -0,0 +1,271 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_algorithm<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_algorithm(bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_algorithm<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state() + != SpdmConnectionState::SpdmConnectionAfterCapabilities + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + None, + ); + + let other_params_support; + + let negotiate_algorithms = + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(negotiate_algorithms) = negotiate_algorithms { + debug!("!!! negotiate_algorithms : {:02x?}\n", negotiate_algorithms); + other_params_support = negotiate_algorithms.other_params_support; + self.common.negotiate_info.measurement_specification_sel = + negotiate_algorithms.measurement_specification; + self.common.negotiate_info.base_hash_sel = negotiate_algorithms.base_hash_algo; + self.common.negotiate_info.base_asym_sel = negotiate_algorithms.base_asym_algo; + for alg in negotiate_algorithms + .alg_struct + .iter() + .take(negotiate_algorithms.alg_struct_count as usize) + { + match &alg.alg_supported { + SpdmAlg::SpdmAlgoDhe(v) => { + if v.is_valid() { + self.common.negotiate_info.dhe_sel = *v; + } else { + error!("unknown Dhe algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoAead(v) => { + if v.is_valid() { + self.common.negotiate_info.aead_sel = *v; + } else { + error!("unknown aead algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoReqAsym(v) => { + if v.is_valid() { + self.common.negotiate_info.req_asym_sel = *v; + } else { + error!("unknown req asym algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoKeySchedule(v) => { + if v.is_valid() { + self.common.negotiate_info.key_schedule_sel = *v; + } else { + error!("unknown key schedule algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoUnknown(_v) => {} + } + } + } else { + error!("!!! negotiate_algorithms : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + if self + .common + .append_message_a(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + self.common + .negotiate_info + .measurement_specification_sel + .prioritize(self.common.config_info.measurement_specification); + self.common.negotiate_info.measurement_hash_sel = + self.common.config_info.measurement_hash_algo; + self.common + .negotiate_info + .base_hash_sel + .prioritize(self.common.config_info.base_hash_algo); + self.common + .negotiate_info + .base_asym_sel + .prioritize(self.common.config_info.base_asym_algo); + self.common + .negotiate_info + .dhe_sel + .prioritize(self.common.config_info.dhe_algo); + self.common + .negotiate_info + .aead_sel + .prioritize(self.common.config_info.aead_algo); + self.common + .negotiate_info + .req_asym_sel + .prioritize(self.common.config_info.req_asym_algo); + self.common + .negotiate_info + .key_schedule_sel + .prioritize(self.common.config_info.key_schedule_algo); + + // + // update cert chain - append root cert hash + // + if self.common.construct_my_cert_chain().is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + info!("send spdm algorithm\n"); + + let other_params_selection = self.common.config_info.opaque_support & other_params_support; + self.common.negotiate_info.opaque_data_support = other_params_selection; + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseAlgorithms, + }, + payload: SpdmMessagePayload::SpdmAlgorithmsResponse(SpdmAlgorithmsResponsePayload { + measurement_specification_sel: self + .common + .negotiate_info + .measurement_specification_sel, + other_params_selection, + measurement_hash_algo: self.common.negotiate_info.measurement_hash_sel, + base_asym_sel: self.common.negotiate_info.base_asym_sel, + base_hash_sel: self.common.negotiate_info.base_hash_sel, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(self.common.negotiate_info.dhe_sel), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(self.common.negotiate_info.aead_sel), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + self.common.negotiate_info.req_asym_sel, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + self.common.negotiate_info.key_schedule_sel, + ), + }, + ], + }), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + if self.common.append_message_a(writer.used_slice()).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/app_message_handler.rs b/spdmlib/src/responder/app_message_handler.rs new file mode 100644 index 0000000..e87759e --- /dev/null +++ b/spdmlib/src/responder/app_message_handler.rs @@ -0,0 +1,51 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Writer; +use conquer_once::spin::OnceCell; + +use crate::error::SpdmResult; +use crate::responder::ResponderContext; + +type DispatchSecuredAppMessageCbType = for<'a> fn( + &mut ResponderContext, + u32, + &[u8], + usize, + &'a mut Writer, +) -> (SpdmResult, Option<&'a [u8]>); + +#[derive(Clone)] +pub struct SpdmAppMessageHandler { + pub dispatch_secured_app_message_cb: DispatchSecuredAppMessageCbType, +} + +static SPDM_APP_MESSAGE_HANDLER: OnceCell = OnceCell::uninit(); + +static DEFAULT: SpdmAppMessageHandler = SpdmAppMessageHandler { + dispatch_secured_app_message_cb: |_ctx: &mut ResponderContext, + _session_id: u32, + _app_buffer: &[u8], + _app_handle: usize, + _writer: &mut Writer| + -> (SpdmResult, Option<&[u8]>) { unimplemented!() }, +}; + +#[allow(dead_code)] +pub fn register(context: SpdmAppMessageHandler) -> bool { + SPDM_APP_MESSAGE_HANDLER.try_init_once(|| context).is_ok() +} + +pub fn dispatch_secured_app_message_cb<'a>( + ctx: &mut ResponderContext, + session_id: u32, + app_buffer: &[u8], + app_handle: usize, // interpreted/managed by User + writer: &'a mut Writer, +) -> (SpdmResult, Option<&'a [u8]>) { + (SPDM_APP_MESSAGE_HANDLER + .try_get_or_init(|| DEFAULT.clone()) + .unwrap_or(&DEFAULT) + .dispatch_secured_app_message_cb)(ctx, session_id, app_buffer, app_handle, writer) +} diff --git a/spdmlib/src/responder/capability_rsp.rs b/spdmlib/src/responder/capability_rsp.rs new file mode 100644 index 0000000..b142295 --- /dev/null +++ b/spdmlib/src/responder/capability_rsp.rs @@ -0,0 +1,158 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_capability<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_capability_response(bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_capability_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state() + != SpdmConnectionState::SpdmConnectionAfterVersion + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(SpdmMessageHeader { + version, + request_response_code: _, + }) = message_header + { + if version < SpdmVersion::SpdmVersion10 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + self.common.negotiate_info.spdm_version_sel = version; + } else { + error!("!!! get_capabilities : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + None, + ); + + let get_capabilities = + SpdmGetCapabilitiesRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(get_capabilities) = get_capabilities { + debug!("!!! get_capabilities : {:02x?}\n", get_capabilities); + + #[cfg(feature = "mandatory-mut-auth")] + if !get_capabilities + .flags + .contains(SpdmRequestCapabilityFlags::MUT_AUTH_CAP) + { + error!("!!! get_capabilities : mut-auth is not supported by requester while mandatory-mut-auth is enabled in responder !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(crate::error::SPDM_STATUS_UNSUPPORTED_CAP), + Some(writer.used_slice()), + ); + } + + self.common.negotiate_info.req_ct_exponent_sel = get_capabilities.ct_exponent; + self.common.negotiate_info.req_capabilities_sel = get_capabilities.flags; + self.common.negotiate_info.rsp_ct_exponent_sel = + self.common.config_info.rsp_ct_exponent; + self.common.negotiate_info.rsp_capabilities_sel = + self.common.config_info.rsp_capabilities; + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + self.common.negotiate_info.req_data_transfer_size_sel = + get_capabilities.data_transfer_size; + self.common.negotiate_info.req_max_spdm_msg_size_sel = + get_capabilities.max_spdm_msg_size; + self.common.negotiate_info.rsp_data_transfer_size_sel = + self.common.config_info.data_transfer_size; + self.common.negotiate_info.rsp_max_spdm_msg_size_sel = + self.common.config_info.max_spdm_msg_size; + } + } else { + error!("!!! get_capabilities : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + if self + .common + .append_message_a(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + info!("send spdm capability\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseCapabilities, + }, + payload: SpdmMessagePayload::SpdmCapabilitiesResponse( + SpdmCapabilitiesResponsePayload { + ct_exponent: self.common.config_info.rsp_ct_exponent, + flags: self.common.config_info.rsp_capabilities, + data_transfer_size: self.common.config_info.data_transfer_size, + max_spdm_msg_size: self.common.config_info.max_spdm_msg_size, + }, + ), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + if self.common.append_message_a(writer.used_slice()).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/certificate_rsp.rs b/spdmlib/src/responder/certificate_rsp.rs new file mode 100644 index 0000000..76c33ae --- /dev/null +++ b/spdmlib/src/responder/certificate_rsp.rs @@ -0,0 +1,185 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::message::*; +use crate::protocol::SPDM_MAX_SLOT_NUMBER; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_certificate<'a>( + &mut self, + bytes: &[u8], + session_id: Option, + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_certificate_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + fn write_spdm_certificate_response<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetCertificate, + session_id, + ); + + let get_certificate = + SpdmGetCertificateRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(get_certificate) = &get_certificate { + debug!("!!! get_certificate : {:02x?}\n", get_certificate); + if get_certificate.slot_id != 0 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + error!("!!! get_certificate : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + match session_id { + None => { + if self + .common + .append_message_b(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + Some(_session_id) => {} + } + + let get_certificate = get_certificate.unwrap(); + let slot_id = get_certificate.slot_id as usize; + if slot_id >= SPDM_MAX_SLOT_NUMBER { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if self.common.provision_info.my_cert_chain[slot_id].is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let my_cert_chain = self.common.provision_info.my_cert_chain[slot_id] + .as_ref() + .unwrap(); + + let mut length = get_certificate.length; + if length > MAX_SPDM_CERT_PORTION_LEN as u16 { + length = MAX_SPDM_CERT_PORTION_LEN as u16; + } + + let offset = get_certificate.offset; + if offset > my_cert_chain.data_size { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + if length > my_cert_chain.data_size - offset { + length = my_cert_chain.data_size - offset; + } + + let portion_length = length; + let remainder_length = my_cert_chain.data_size - (length + offset); + + let cert_chain_data = + &my_cert_chain.data[(offset as usize)..(offset as usize + length as usize)]; + let mut cert_chain = [0u8; MAX_SPDM_CERT_PORTION_LEN]; + cert_chain[..cert_chain_data.len()].copy_from_slice(cert_chain_data); + + info!("send spdm certificate\n"); + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseCertificate, + }, + payload: SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: slot_id as u8, + portion_length, + remainder_length, + cert_chain, + }), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + match session_id { + None => { + if self.common.append_message_b(writer.used_slice()).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + Some(_session_id) => {} + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/challenge_rsp.rs b/spdmlib/src/responder/challenge_rsp.rs new file mode 100644 index 0000000..727c1f7 --- /dev/null +++ b/spdmlib/src/responder/challenge_rsp.rs @@ -0,0 +1,319 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::opaque::{SpdmOpaqueStruct, MAX_SPDM_OPAQUE_SIZE}; +#[cfg(feature = "hashed-transcript-data")] +use crate::common::ManagedBuffer12Sign; +#[cfg(not(feature = "hashed-transcript-data"))] +use crate::common::ManagedBufferM1M2; +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::crypto; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::error::{SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_CRYPTO_ERROR}; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; +use crate::secret; + +impl ResponderContext { + pub fn handle_spdm_challenge<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_challenge_response(bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_challenge_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestChallenge, None); + + let measurement_summary_hash; + let challenge = SpdmChallengeRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(challenge) = &challenge { + debug!("!!! challenge : {:02x?}\n", challenge); + + if (challenge.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (challenge.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll) + { + self.common.runtime_info.need_measurement_summary_hash = true; + let measurement_summary_hash_res = + secret::measurement::generate_measurement_summary_hash( + self.common.negotiate_info.spdm_version_sel, + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.measurement_specification_sel, + self.common.negotiate_info.measurement_hash_sel, + challenge.measurement_summary_hash_type, + ); + if measurement_summary_hash_res.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + measurement_summary_hash = measurement_summary_hash_res.unwrap(); + if measurement_summary_hash.data_size == 0 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } else { + self.common.runtime_info.need_measurement_summary_hash = false; + measurement_summary_hash = SpdmDigestStruct::default(); + } + } else { + error!("!!! challenge : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let challenge = challenge.unwrap(); + let slot_id = challenge.slot_id as usize; + if slot_id >= SPDM_MAX_SLOT_NUMBER { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if self.common.provision_info.my_cert_chain[slot_id].is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + if self + .common + .append_message_c(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let my_cert_chain = self.common.provision_info.my_cert_chain[slot_id] + .as_ref() + .unwrap(); + let cert_chain_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + my_cert_chain.as_ref(), + ) + .unwrap(); + + let mut nonce = [0u8; SPDM_NONCE_SIZE]; + let res = crypto::rand::get_random(&mut nonce); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + info!("send spdm challenge_auth\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseChallengeAuth, + }, + payload: SpdmMessagePayload::SpdmChallengeAuthResponse( + SpdmChallengeAuthResponsePayload { + slot_id: slot_id as u8, + slot_mask: 0x1, + challenge_auth_attribute: SpdmChallengeAuthAttribute::empty(), + cert_chain_hash, + nonce: SpdmNonceStruct { data: nonce }, + measurement_summary_hash, + opaque: SpdmOpaqueStruct { + data_size: 0, + data: [0u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: self.common.negotiate_info.base_asym_sel.get_size(), + data: [0xbb; SPDM_MAX_ASYM_KEY_SIZE], + }, + }, + ), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let used = writer.used(); + + // generat signature + let base_asym_size = self.common.negotiate_info.base_asym_sel.get_size() as usize; + let temp_used = used - base_asym_size; + + if self + .common + .append_message_c(&writer.used_slice()[..temp_used]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let signature = self.generate_challenge_auth_signature(); + if signature.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let signature = signature.unwrap(); + // patch the message before send + writer.mut_used_slice()[(used - base_asym_size)..used].copy_from_slice(signature.as_ref()); + + self.common.reset_message_b(); + self.common.reset_message_c(); + + (Ok(()), Some(writer.used_slice())) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn generate_challenge_auth_signature(&self) -> SpdmResult { + let message_m1m2_hash = crypto::hash::hash_ctx_finalize( + self.common + .runtime_info + .digest_context_m1m2 + .as_ref() + .cloned() + .unwrap(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + debug!("message_m1m2_hash - {:02x?}", message_m1m2_hash.as_ref()); + + let mut message_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_4) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(message_m1m2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message_sign.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn generate_challenge_auth_signature(&self) -> SpdmResult { + let mut message_m1m2 = ManagedBufferM1M2::default(); + message_m1m2 + .append_message(self.common.runtime_info.message_a.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(self.common.runtime_info.message_b.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(self.common.runtime_info.message_c.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + // we dont need create message hash for verify + // we just print message hash for debug purpose + let message_m1m2_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + message_m1m2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + debug!("message_m1m2_hash - {:02x?}", message_m1m2_hash.as_ref()); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_m1m2.reset_message(); + message_m1m2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_4) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(&SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_m1m2 + .append_message(message_m1m2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message_m1m2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } +} diff --git a/spdmlib/src/responder/context.rs b/spdmlib/src/responder/context.rs new file mode 100644 index 0000000..9b3aaf7 --- /dev/null +++ b/spdmlib/src/responder/context.rs @@ -0,0 +1,599 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use super::app_message_handler::dispatch_secured_app_message_cb; +use crate::common::{session::SpdmSessionState, SpdmDeviceIo, SpdmTransportEncap}; +use crate::common::{SpdmConnectionState, ST1}; +use crate::config::{self, MAX_SPDM_MSG_SIZE, RECEIVER_BUFFER_SIZE}; +use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL, SPDM_STATUS_UNSUPPORTED_CAP}; +use crate::message::*; +use crate::protocol::{SpdmRequestCapabilityFlags, SpdmResponseCapabilityFlags}; +use crate::watchdog::{reset_watchdog, start_watchdog}; +use codec::{Codec, Reader, Writer}; +extern crate alloc; +use core::ops::DerefMut; + +use alloc::sync::Arc; +use spin::Mutex; + +pub struct ResponderContext { + pub common: crate::common::SpdmContext, +} + +impl ResponderContext { + pub fn new( + device_io: Arc>, + transport_encap: Arc>, + config_info: crate::common::SpdmConfigInfo, + provision_info: crate::common::SpdmProvisionInfo, + ) -> Self { + ResponderContext { + common: crate::common::SpdmContext::new( + device_io, + transport_encap, + config_info, + provision_info, + ), + } + } + + #[maybe_async::maybe_async] + pub async fn send_message( + &mut self, + session_id: Option, + send_buffer: &[u8], + is_app_message: bool, + ) -> SpdmResult { + let mut err_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut err_buffer); + + let send_buffer = if self.common.negotiate_info.req_data_transfer_size_sel != 0 + && (send_buffer.len() > self.common.negotiate_info.req_data_transfer_size_sel as usize) + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorResponseTooLarge, 0, &mut writer); + writer.used_slice() + } else if is_app_message && session_id.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorSessionRequired, 0, &mut writer); + writer.used_slice() + } else { + send_buffer + }; + + let mut transport_buffer = [0u8; config::SENDER_BUFFER_SIZE]; + let used = if let Some(session_id) = session_id { + self.common + .encode_secured_message( + session_id, + send_buffer, + &mut transport_buffer, + false, + is_app_message, + ) + .await? + } else { + self.common + .encap(send_buffer, &mut transport_buffer) + .await? + }; + + { + let mut device_io = self.common.device_io.lock(); + let device_io: &mut (dyn SpdmDeviceIo + Send + Sync) = device_io.deref_mut(); + device_io.send(Arc::new(&transport_buffer[..used])).await?; + } + + let opcode = send_buffer[1]; + if opcode == SpdmRequestResponseCode::SpdmResponseVersion.get_u8() { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterVersion); + } else if opcode == SpdmRequestResponseCode::SpdmResponseCapabilities.get_u8() { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCapabilities); + } else if opcode == SpdmRequestResponseCode::SpdmResponseAlgorithms.get_u8() { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + } else if opcode == SpdmRequestResponseCode::SpdmResponseDigests.get_u8() { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionAfterDigest.get_u8() + { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterDigest); + } + } else if opcode == SpdmRequestResponseCode::SpdmResponseCertificate.get_u8() { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionAfterCertificate.get_u8() + { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCertificate); + } + } else if opcode == SpdmRequestResponseCode::SpdmResponseChallengeAuth.get_u8() { + self.common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAuthenticated); + } else if opcode == SpdmRequestResponseCode::SpdmResponseFinishRsp.get_u8() + && session_id.is_none() + { + let session_id = + if let Some(session_id) = self.common.runtime_info.get_last_session_id() { + session_id + } else { + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + }; + + let heartbeat_period = { + let session = self.common.get_session_via_id(session_id).unwrap(); + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + + session.heartbeat_period + }; + + if self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + { + start_watchdog(session_id, heartbeat_period as u16 * 2); + } + + self.common.runtime_info.set_last_session_id(None); + } else if opcode == SpdmRequestResponseCode::SpdmResponseEndSessionAck.get_u8() { + let session = self.common.get_session_via_id(session_id.unwrap()).unwrap(); + session.teardown(); + } else if (opcode == SpdmRequestResponseCode::SpdmResponseFinishRsp.get_u8() + || opcode == SpdmRequestResponseCode::SpdmResponsePskFinishRsp.get_u8()) + && session_id.is_some() + { + #[allow(clippy::unnecessary_unwrap)] + let session_id = session_id.unwrap(); + + let heartbeat_period = { + let session = self.common.get_session_via_id(session_id).unwrap(); + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + + session.heartbeat_period + }; + + if self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + { + start_watchdog(session_id, heartbeat_period as u16 * 2); + } + } + + Ok(()) + } + + #[maybe_async::maybe_async] + pub async fn process_message( + &mut self, + crypto_request: bool, + app_handle: usize, // interpreted/managed by User + raw_packet: &mut [u8; RECEIVER_BUFFER_SIZE], + ) -> Result { + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + + match self.receive_message(raw_packet, crypto_request).await { + Ok((used, secured_message)) => { + if secured_message { + let mut read = Reader::init(&raw_packet[0..used]); + let session_id = u32::read(&mut read).ok_or(used)?; + + let spdm_session = self.common.get_session_via_id(session_id).ok_or(used)?; + + let mut app_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + let decode_size = spdm_session.decode_spdm_secured_message( + &raw_packet[..used], + &mut app_buffer, + true, + ); + if decode_size.is_err() { + return Err(used); + } + let decode_size = decode_size.unwrap(); + + let mut spdm_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let decap_result = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap + .decap_app( + Arc::new(&app_buffer[0..decode_size]), + Arc::new(Mutex::new(&mut spdm_buffer)), + ) + .await + }; + match decap_result { + Err(_) => Err(used), + Ok((decode_size, is_app_message)) => { + // reset watchdog in any session messages. + if self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + { + reset_watchdog(session_id); + } + + if !is_app_message { + let (status, send_buffer) = self.dispatch_secured_message( + session_id, + &spdm_buffer[0..decode_size], + &mut writer, + ); + if let Some(send_buffer) = send_buffer { + if let Err(err) = self + .send_message(Some(session_id), send_buffer, false) + .await + { + Ok(Err(err)) + } else { + Ok(status) + } + } else { + Ok(status) + } + } else { + let (status, send_buffer) = self.dispatch_secured_app_message( + session_id, + &spdm_buffer[..decode_size], + app_handle, + &mut writer, + ); + if let Some(send_buffer) = send_buffer { + if let Err(err) = + self.send_message(Some(session_id), send_buffer, true).await + { + Ok(Err(err)) + } else { + Ok(status) + } + } else { + Ok(status) + } + } + } + } + } else { + let (status, send_buffer) = + self.dispatch_message(&raw_packet[0..used], &mut writer); + if let Some(send_buffer) = send_buffer { + if let Err(err) = self.send_message(None, send_buffer, false).await { + Ok(Err(err)) + } else { + Ok(status) + } + } else { + Ok(status) + } + } + } + Err(used) => Err(used), + } + } + + // Debug note: receive_buffer is used as return value, when receive got a command + // whose value is not normal, will return Err to caller to handle the raw packet, + // So can't swap transport_buffer and receive_buffer, even though it should be by + // their name suggestion. (03.01.2022) + #[maybe_async::maybe_async] + async fn receive_message( + &mut self, + receive_buffer: &mut [u8], + crypto_request: bool, + ) -> Result<(usize, bool), usize> { + info!("receive_message!\n"); + + let timeout: usize = if crypto_request { + 2 << self.common.negotiate_info.req_ct_exponent_sel + } else { + ST1 + }; + + let mut transport_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + let used = { + let mut device_io = self.common.device_io.lock(); + let device_io: &mut (dyn SpdmDeviceIo + Send + Sync) = device_io.deref_mut(); + device_io + .receive(Arc::new(Mutex::new(receive_buffer)), timeout) + .await? + }; + + let (used, secured_message) = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap + .decap( + Arc::new(&receive_buffer[..used]), + Arc::new(Mutex::new(&mut transport_buffer)), + ) + .await + .map_err(|_| used)? + }; + + receive_buffer[..used].copy_from_slice(&transport_buffer[..used]); + Ok((used, secured_message)) + } + + fn dispatch_secured_message<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + + let session = self.common.get_immutable_session_via_id(session_id); + if session.is_none() { + return (Err(SPDM_STATUS_UNSUPPORTED_CAP), None); + } + let session = session.unwrap(); + + match session.get_session_state() { + SpdmSessionState::SpdmSessionHandshaking => { + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + if in_clear_text { + return (Err(SPDM_STATUS_UNSUPPORTED_CAP), None); + } + + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => match message_header.request_response_code { + #[cfg(feature = "mut-auth")] + SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest => { + self.handle_get_encapsulated_request(bytes, writer) + } + #[cfg(feature = "mut-auth")] + SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse => { + self.handle_deliver_encapsulated_reponse(bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestFinish => { + self.handle_spdm_finish(session_id, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestPskFinish => { + self.handle_spdm_psk_finish(session_id, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest => { + self.handle_spdm_vendor_defined_request(Some(session_id), bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestGetVersion + | SpdmRequestResponseCode::SpdmRequestGetCapabilities + | SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms + | SpdmRequestResponseCode::SpdmRequestGetDigests + | SpdmRequestResponseCode::SpdmRequestGetCertificate + | SpdmRequestResponseCode::SpdmRequestChallenge + | SpdmRequestResponseCode::SpdmRequestGetMeasurements + | SpdmRequestResponseCode::SpdmRequestKeyExchange + | SpdmRequestResponseCode::SpdmRequestPskExchange + | SpdmRequestResponseCode::SpdmRequestHeartbeat + | SpdmRequestResponseCode::SpdmRequestKeyUpdate + | SpdmRequestResponseCode::SpdmRequestEndSession => self + .handle_error_request( + SpdmErrorCode::SpdmErrorUnexpectedRequest, + bytes, + writer, + ), + + SpdmRequestResponseCode::SpdmRequestResponseIfReady => self + .handle_error_request( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + bytes, + writer, + ), + + _ => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + }, + None => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + } + } + SpdmSessionState::SpdmSessionEstablished => { + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => match message_header.request_response_code { + SpdmRequestResponseCode::SpdmRequestGetDigests => { + self.handle_spdm_digest(bytes, Some(session_id), writer) + } + SpdmRequestResponseCode::SpdmRequestGetCertificate => { + self.handle_spdm_certificate(bytes, Some(session_id), writer) + } + SpdmRequestResponseCode::SpdmRequestGetMeasurements => { + self.handle_spdm_measurement(Some(session_id), bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestHeartbeat => { + self.handle_spdm_heartbeat(session_id, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestKeyUpdate => { + self.handle_spdm_key_update(session_id, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestEndSession => { + self.handle_spdm_end_session(session_id, bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest => { + self.handle_spdm_vendor_defined_request(Some(session_id), bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestGetVersion + | SpdmRequestResponseCode::SpdmRequestGetCapabilities + | SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms + | SpdmRequestResponseCode::SpdmRequestChallenge + | SpdmRequestResponseCode::SpdmRequestKeyExchange + | SpdmRequestResponseCode::SpdmRequestPskExchange + | SpdmRequestResponseCode::SpdmRequestFinish + | SpdmRequestResponseCode::SpdmRequestPskFinish => self + .handle_error_request( + SpdmErrorCode::SpdmErrorUnexpectedRequest, + bytes, + writer, + ), + + SpdmRequestResponseCode::SpdmRequestResponseIfReady => self + .handle_error_request( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + bytes, + writer, + ), + + _ => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + }, + None => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + } + } + SpdmSessionState::SpdmSessionNotStarted => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + SpdmSessionState::Unknown(_) => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + } + } + + fn dispatch_secured_app_message<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + app_handle: usize, + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + debug!("dispatching secured app message\n"); + + dispatch_secured_app_message_cb(self, session_id, bytes, app_handle, writer) + } + + pub fn dispatch_message<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + match SpdmMessageHeader::read(&mut reader) { + Some(message_header) => match message_header.request_response_code { + SpdmRequestResponseCode::SpdmRequestGetVersion => { + self.handle_spdm_version(bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestGetCapabilities => { + self.handle_spdm_capability(bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms => { + self.handle_spdm_algorithm(bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestGetDigests => { + self.handle_spdm_digest(bytes, None, writer) + } + SpdmRequestResponseCode::SpdmRequestGetCertificate => { + self.handle_spdm_certificate(bytes, None, writer) + } + SpdmRequestResponseCode::SpdmRequestChallenge => { + self.handle_spdm_challenge(bytes, writer) + } + SpdmRequestResponseCode::SpdmRequestGetMeasurements => { + self.handle_spdm_measurement(None, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestKeyExchange => { + self.handle_spdm_key_exchange(bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestPskExchange => { + self.handle_spdm_psk_exchange(bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest => { + self.handle_spdm_vendor_defined_request(None, bytes, writer) + } + + SpdmRequestResponseCode::SpdmRequestFinish => { + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + if in_clear_text { + if let Some(session_id) = self.common.runtime_info.get_last_session_id() { + if let Some(session) = + self.common.get_immutable_session_via_id(session_id) + { + if session.get_session_state() + == SpdmSessionState::SpdmSessionHandshaking + { + return self.handle_spdm_finish(session_id, bytes, writer); + } + } + } + } + + self.handle_error_request( + SpdmErrorCode::SpdmErrorUnexpectedRequest, + bytes, + writer, + ) + } + + SpdmRequestResponseCode::SpdmRequestPskFinish + | SpdmRequestResponseCode::SpdmRequestHeartbeat + | SpdmRequestResponseCode::SpdmRequestKeyUpdate + | SpdmRequestResponseCode::SpdmRequestEndSession => self.handle_error_request( + SpdmErrorCode::SpdmErrorUnexpectedRequest, + bytes, + writer, + ), + + SpdmRequestResponseCode::SpdmRequestResponseIfReady => self.handle_error_request( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + bytes, + writer, + ), + + _ => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + }, + None => (Err(SPDM_STATUS_UNSUPPORTED_CAP), None), + } + } +} diff --git a/spdmlib/src/responder/digest_rsp.rs b/spdmlib/src/responder/digest_rsp.rs new file mode 100644 index 0000000..79f5b72 --- /dev/null +++ b/spdmlib/src/responder/digest_rsp.rs @@ -0,0 +1,165 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::crypto; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; +extern crate alloc; +use crate::error::SpdmResult; +use crate::protocol::gen_array_clone; +use alloc::boxed::Box; + +impl ResponderContext { + pub fn handle_spdm_digest<'a>( + &mut self, + bytes: &[u8], + session_id: Option, + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_digest_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + fn write_spdm_digest_response<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetDigests, + session_id, + ); + + let get_digests = SpdmGetDigestsRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(get_digests) = get_digests { + debug!("!!! get_digests : {:02x?}\n", get_digests); + } else { + error!("!!! get_digests : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + match session_id { + None => { + if self + .common + .append_message_b(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + Some(_session_id) => {} + } + + let digest_size = self.common.negotiate_info.base_hash_sel.get_size(); + + let mut slot_mask = 0u8; + for slot_id in 0..SPDM_MAX_SLOT_NUMBER { + if self.common.provision_info.my_cert_chain[slot_id].is_some() { + slot_mask |= (1 << slot_id) as u8; + } + } + + info!("send spdm digest\n"); + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseDigests, + }, + payload: SpdmMessagePayload::SpdmDigestsResponse(SpdmDigestsResponsePayload { + slot_mask, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: digest_size, + data: Box::new([0xffu8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + for slot_id in 0..SPDM_MAX_SLOT_NUMBER { + if self.common.provision_info.my_cert_chain[slot_id].is_some() { + let my_cert_chain = self.common.provision_info.my_cert_chain[slot_id] + .as_ref() + .unwrap(); + let cert_chain_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + my_cert_chain.as_ref(), + ) + .unwrap(); + + // patch the message before send + let used = writer.used(); + writer.mut_used_slice()[(used - cert_chain_hash.data_size as usize)..used] + .copy_from_slice(cert_chain_hash.as_ref()); + } + } + + match session_id { + None => { + if self.common.append_message_b(writer.used_slice()).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + Some(_session_id) => {} + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/encap_get_certificate.rs b/spdmlib/src/responder/encap_get_certificate.rs new file mode 100644 index 0000000..1bc06a2 --- /dev/null +++ b/spdmlib/src/responder/encap_get_certificate.rs @@ -0,0 +1,280 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use crate::{ + common::SpdmCodec, + config, + crypto::{self, is_root_certificate}, + error::{ + SpdmResult, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_CERT, + SPDM_STATUS_INVALID_MSG_FIELD, SPDM_STATUS_INVALID_MSG_SIZE, SPDM_STATUS_INVALID_PARAMETER, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + SpdmCertificateResponsePayload, SpdmGetCertificateRequestPayload, SpdmMessage, + SpdmMessageGeneralPayload, SpdmMessageHeader, SpdmMessagePayload, SpdmRequestResponseCode, + MAX_SPDM_CERT_PORTION_LEN, + }, + protocol::{SpdmCertChainBuffer, SpdmCertChainData}, +}; + +use super::ResponderContext; + +impl ResponderContext { + pub fn encode_encap_requst_get_certificate( + &mut self, + encap_request: &mut Writer, + ) -> SpdmResult { + if self.common.peer_info.peer_cert_chain_temp.is_none() { + self.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + } + + let encapsulated_request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }, + payload: SpdmMessagePayload::SpdmGetCertificateRequest( + SpdmGetCertificateRequestPayload { + offset: self + .common + .peer_info + .peer_cert_chain_temp + .as_ref() + .unwrap() + .data_size, + length: MAX_SPDM_CERT_PORTION_LEN as u16, + slot_id: self.common.encap_context.req_slot_id, + }, + ), + }; + + let _ = encapsulated_request.spdm_encode(&mut self.common, encap_request)?; + + Ok(()) + } + + pub fn handle_encap_response_certificate(&mut self, encap_response: &[u8]) -> SpdmResult { + let mut reader = Reader::init(encap_response); + let mut get_cert_completed = false; + match SpdmMessageHeader::read(&mut reader) { + Some(encap_header) => { + if encap_header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match encap_header.request_response_code { + SpdmRequestResponseCode::SpdmResponseCertificate => { + let certificate = SpdmCertificateResponsePayload::spdm_read( + &mut self.common, + &mut reader, + ); + if let Some(certificate) = certificate { + debug!("!!! mut_auth certificate : {:02x?}\n", certificate); + + let peer_cert_chain_temp = self + .common + .peer_info + .peer_cert_chain_temp + .as_mut() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)?; + let offset = peer_cert_chain_temp.data_size; + + if certificate.portion_length as usize > MAX_SPDM_CERT_PORTION_LEN + || certificate.portion_length + > config::MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16 - offset + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + if certificate.remainder_length + >= config::MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16 + - offset + - certificate.portion_length + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if certificate.slot_id != self.common.encap_context.req_slot_id { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if offset == 0 { + self.common.encap_context.encap_cert_size = + certificate.portion_length + certificate.remainder_length; + } + + if self.common.encap_context.encap_cert_size != 0 + && self.common.encap_context.encap_cert_size + != offset + + certificate.portion_length + + certificate.remainder_length + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + peer_cert_chain_temp.data[(offset as usize) + ..(offset as usize + certificate.portion_length as usize)] + .copy_from_slice( + &certificate.cert_chain + [0..(certificate.portion_length as usize)], + ); + + peer_cert_chain_temp.data_size = offset + certificate.portion_length; + + if certificate.remainder_length == 0 { + get_cert_completed = true; + } + } else { + error!("!!! mut_auth certificate : fail !!!\n"); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + } + SpdmRequestResponseCode::SpdmResponseError => { + let payload = SpdmMessageGeneralPayload::read(&mut reader) + .ok_or(SPDM_STATUS_INVALID_MSG_SIZE)?; + self.handle_encap_error_response_main(payload.param1)?; + } + _ => return Err(SPDM_STATUS_ERROR_PEER), + } + } + None => return Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + if self.common.encap_context.encap_cert_size == 0 { + self.common.peer_info.peer_cert_chain_temp = None; + return Err(SPDM_STATUS_INVALID_CERT); + } + + if !get_cert_completed { + return Ok(true); + } + + let result = self.verify_spdm_certificate_chain().map(|_| { + self.common.peer_info.peer_cert_chain[self.common.encap_context.req_slot_id as usize] = + self.common.peer_info.peer_cert_chain_temp.clone(); + self.common + .runtime_info + .set_peer_used_cert_chain_slot_id(self.common.encap_context.req_slot_id); + false + }); + + self.common.peer_info.peer_cert_chain_temp = None; + + #[cfg(feature = "mandatory-mut-auth")] + if result.is_ok() { + self.common.mut_auth_done = true; + } + + result + } + + pub fn verify_spdm_certificate_chain(&mut self) -> SpdmResult { + // + // 1. Verify the integrity of cert chain + // + if self.common.peer_info.peer_cert_chain_temp.is_none() { + error!("peer_cert_chain is not populated!\n"); + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let peer_cert_chain = self + .common + .peer_info + .peer_cert_chain_temp + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)?; + if peer_cert_chain.data_size <= (4 + self.common.negotiate_info.base_hash_sel.get_size()) { + return Err(SPDM_STATUS_INVALID_CERT); + } + + let data_size_in_cert_chain = + peer_cert_chain.data[0] as u16 + ((peer_cert_chain.data[1] as u16) << 8); + if data_size_in_cert_chain != peer_cert_chain.data_size { + return Err(SPDM_STATUS_INVALID_CERT); + } + + let data_size = + peer_cert_chain.data_size - 4 - self.common.negotiate_info.base_hash_sel.get_size(); + let mut data = [0u8; config::MAX_SPDM_CERT_CHAIN_DATA_SIZE]; + data[0..(data_size as usize)].copy_from_slice( + &peer_cert_chain.data[(4usize + + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(peer_cert_chain.data_size as usize)], + ); + let runtime_peer_cert_chain_data = SpdmCertChainData { data_size, data }; + info!("1. get runtime_peer_cert_chain_data!\n"); + + // + // 1.1 verify the integrity of the chain + // + if crypto::cert_operation::verify_cert_chain( + &runtime_peer_cert_chain_data.data[..(runtime_peer_cert_chain_data.data_size as usize)], + ) + .is_err() + { + error!("cert_chain verification - fail! - TBD later\n"); + return Err(SPDM_STATUS_INVALID_CERT); + } + info!("1.1. integrity of cert_chain is verified!\n"); + + // + // 1.2 verify the root cert hash + // + let (root_cert_begin, root_cert_end) = crypto::cert_operation::get_cert_from_cert_chain( + &runtime_peer_cert_chain_data.data[..(runtime_peer_cert_chain_data.data_size as usize)], + 0, + )?; + let root_cert = &runtime_peer_cert_chain_data.data[root_cert_begin..root_cert_end]; + if is_root_certificate(root_cert).is_ok() { + let root_hash = if let Some(rh) = + crypto::hash::hash_all(self.common.negotiate_info.base_hash_sel, root_cert) + { + rh + } else { + return Err(SPDM_STATUS_CRYPTO_ERROR); + }; + if root_hash.data[..(root_hash.data_size as usize)] + != peer_cert_chain.data[4usize + ..(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize)] + { + error!("root_hash - fail!\n"); + return Err(SPDM_STATUS_INVALID_CERT); + } + info!("1.2. root cert hash is verified!\n"); + } + + // + // 2. verify the authority of cert chain if provisioned + // + let mut cert_chain_provisioned = false; + let mut found_match = false; + for peer_root_cert_data in self + .common + .provision_info + .peer_root_cert_data + .iter() + .flatten() + { + cert_chain_provisioned = true; + if root_cert.len() != peer_root_cert_data.data_size as usize { + continue; + } + if root_cert[..] != peer_root_cert_data.data[..peer_root_cert_data.data_size as usize] { + continue; + } else { + found_match = true; + break; + } + } + + if cert_chain_provisioned && !found_match { + return Err(SPDM_STATUS_INVALID_CERT); + } + + info!("2. root cert is verified!\n"); + + info!("cert_chain verification - pass!\n"); + Ok(()) + } +} diff --git a/spdmlib/src/responder/encap_get_digest.rs b/spdmlib/src/responder/encap_get_digest.rs new file mode 100644 index 0000000..7456fe3 --- /dev/null +++ b/spdmlib/src/responder/encap_get_digest.rs @@ -0,0 +1,53 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use super::ResponderContext; + +use crate::common::SpdmCodec; +use crate::error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD}; +use crate::message::*; + +impl ResponderContext { + pub fn encode_encap_request_get_digest(&mut self, encap_request: &mut Writer) -> SpdmResult { + let request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }, + payload: SpdmMessagePayload::SpdmGetDigestsRequest(SpdmGetDigestsRequestPayload {}), + }; + + let _ = request.spdm_encode(&mut self.common, encap_request)?; + + Ok(()) + } + + pub fn handle_encap_response_digest(&mut self, encap_response: &[u8]) -> SpdmResult { + let mut reader = Reader::init(encap_response); + match SpdmMessageHeader::read(&mut reader) { + Some(header) => { + if header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + match header.request_response_code { + SpdmRequestResponseCode::SpdmResponseDigests => { + let digests = + SpdmDigestsResponsePayload::spdm_read(&mut self.common, &mut reader); + if let Some(digests) = digests { + debug!("!!! digests : {:02x?}\n", digests); + Ok(()) + } else { + error!("!!! digests : fail !!!\n"); + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } + } + _ => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } + None => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } + } +} diff --git a/spdmlib/src/responder/encap_rsp.rs b/spdmlib/src/responder/encap_rsp.rs new file mode 100644 index 0000000..310595a --- /dev/null +++ b/spdmlib/src/responder/encap_rsp.rs @@ -0,0 +1,283 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Reader, Writer}; + +use crate::{ + common::{SpdmCodec, SpdmConnectionState}, + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_MSG_SIZE, SPDM_STATUS_INVALID_STATE_LOCAL, SPDM_STATUS_NOT_READY_PEER, + SPDM_STATUS_UNSUPPORTED_CAP, + }, + message::{ + SpdmDeliverEncapsulatedResponsePayload, SpdmEncapsulatedRequestPayload, + SpdmEncapsulatedResponseAckPayload, SpdmEncapsulatedResponseAckPayloadType, SpdmErrorCode, + SpdmMessage, SpdmMessageHeader, SpdmMessagePayload, SpdmRequestResponseCode, + }, + protocol::{SpdmRequestCapabilityFlags, SpdmResponseCapabilityFlags, SpdmVersion}, +}; + +use super::ResponderContext; + +impl ResponderContext { + pub fn handle_get_encapsulated_request<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self + .encap_check_version_cap_state( + SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest.get_u8(), + writer, + ) + .is_err() + { + (Ok(()), Some(writer.used_slice())) + } else { + let (_, rsp_slice) = self.write_encap_request_response(bytes, writer); + (Ok(()), rsp_slice) + } + } + + fn write_encap_request_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + if let Some(request_header) = SpdmMessageHeader::read(&mut reader) { + if request_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + }; + + let encapsulated_request = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseEncapsulatedRequest, + }, + payload: SpdmMessagePayload::SpdmEncapsulatedRequestPayload( + SpdmEncapsulatedRequestPayload { + request_id: self.common.encap_context.request_id, + }, + ), + }; + + if encapsulated_request + .spdm_encode(&mut self.common, writer) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + if self.encode_encap_request_get_digest(writer).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidResponseCode, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } + + pub fn handle_deliver_encapsulated_reponse<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if let Err(err) = self.encap_check_version_cap_state( + SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest.get_u8(), + writer, + ) { + (Err(err), Some(writer.used_slice())) + } else { + self.write_encap_response_ack_response(bytes, writer) + } + } + + fn write_encap_response_ack_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + if let Some(request_header) = SpdmMessageHeader::read(&mut reader) { + if request_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + }; + + let encap_response_payload = if let Some(encap_response_payload) = + SpdmDeliverEncapsulatedResponsePayload::spdm_read(&mut self.common, &mut reader) + { + encap_response_payload + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + }; + + if self + .process_encapsulated_response(&encap_response_payload, &bytes[reader.used()..], writer) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidResponseCode, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } + + fn encap_check_version_cap_state( + &mut self, + request_response_code: u8, + writer: &mut Writer<'_>, + ) -> SpdmResult { + if self.common.negotiate_info.spdm_version_sel < SpdmVersion::SpdmVersion11 { + self.write_spdm_error( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + request_response_code, + writer, + ); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + if !self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::ENCAP_CAP) + || !self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::ENCAP_CAP) + { + self.write_spdm_error( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + request_response_code, + writer, + ); + return Err(SPDM_STATUS_UNSUPPORTED_CAP); + } + + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionAfterCertificate.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + Ok(()) + } + + fn process_encapsulated_response( + &mut self, + encap_response_payload: &SpdmDeliverEncapsulatedResponsePayload, + encap_response: &[u8], + encap_response_ack: &mut Writer, + ) -> SpdmResult { + let mut reader = Reader::init(encap_response); + let deliver_encap_response = if let Some(header) = SpdmMessageHeader::read(&mut reader) { + if header.version != self.common.negotiate_info.spdm_version_sel { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + header + } else { + return Err(SPDM_STATUS_INVALID_MSG_SIZE); + }; + + let header = SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseEncapsulatedResponseAck, + }; + let _ = header.encode(encap_response_ack); + + let mut ack_params = SpdmEncapsulatedResponseAckPayload { + request_id: self.common.encap_context.request_id, + payload_type: SpdmEncapsulatedResponseAckPayloadType::Present, + ack_request_id: encap_response_payload.request_id, + }; + + match deliver_encap_response.request_response_code { + SpdmRequestResponseCode::SpdmResponseDigests => { + self.handle_encap_response_digest(encap_response)?; + + let _ = ack_params.spdm_encode(&mut self.common, encap_response_ack); + self.encode_encap_requst_get_certificate(encap_response_ack) + } + SpdmRequestResponseCode::SpdmResponseCertificate => { + match self.handle_encap_response_certificate(encap_response) { + Ok(need_continue) => { + if need_continue { + let _ = ack_params.spdm_encode(&mut self.common, encap_response_ack)?; + self.encode_encap_requst_get_certificate(encap_response_ack) + } else { + ack_params.payload_type = + SpdmEncapsulatedResponseAckPayloadType::ReqSlotNumber; + let _ = ack_params.spdm_encode(&mut self.common, encap_response_ack)?; + let _ = self + .common + .encap_context + .req_slot_id + .encode(encap_response_ack) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + Ok(()) + } + } + Err(e) => { + if e == SPDM_STATUS_NOT_READY_PEER { + ack_params.payload_type = + SpdmEncapsulatedResponseAckPayloadType::Absent; + let _ = ack_params.spdm_encode(&mut self.common, encap_response_ack)?; + Ok(()) + } else { + Err(e) + } + } + } + } + _ => Err(SPDM_STATUS_UNSUPPORTED_CAP), + } + } + + pub fn handle_encap_error_response_main(&self, error_code: u8) -> SpdmResult { + if error_code == SpdmErrorCode::SpdmErrorResponseNotReady.get_u8() { + return Err(SPDM_STATUS_NOT_READY_PEER); + } + + Err(SPDM_STATUS_UNSUPPORTED_CAP) + } +} diff --git a/spdmlib/src/responder/end_session_rsp.rs b/spdmlib/src/responder/end_session_rsp.rs new file mode 100644 index 0000000..537419e --- /dev/null +++ b/spdmlib/src/responder/end_session_rsp.rs @@ -0,0 +1,102 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::protocol::SpdmRequestCapabilityFlags; +use crate::protocol::SpdmResponseCapabilityFlags; +use crate::responder::*; +use crate::watchdog::stop_watchdog; + +impl ResponderContext { + pub fn handle_spdm_end_session<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + { + stop_watchdog(session_id); + } + + let (_, rsp_slice) = self.write_spdm_end_session_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_end_session_response<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let end_session_req = + SpdmEndSessionRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(end_session_req) = end_session_req { + debug!("!!! end_session req : {:02x?}\n", end_session_req); + } else { + error!("!!! end_session req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestEndSession, + Some(session_id), + ); + + info!("send spdm end_session rsp\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseEndSessionAck, + }, + payload: SpdmMessagePayload::SpdmEndSessionResponse(SpdmEndSessionResponsePayload {}), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/error_rsp.rs b/spdmlib/src/responder/error_rsp.rs new file mode 100644 index 0000000..dc475da --- /dev/null +++ b/spdmlib/src/responder/error_rsp.rs @@ -0,0 +1,79 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::message::*; +use crate::responder::*; + +impl ResponderContext { + pub fn write_spdm_error( + &mut self, + error_code: SpdmErrorCode, + error_data: u8, + writer: &mut Writer, + ) { + let error = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseError, + }, + payload: SpdmMessagePayload::SpdmErrorResponse(SpdmErrorResponsePayload { + error_code, + error_data, + extended_data: SpdmErrorResponseExtData::SpdmErrorExtDataNone( + SpdmErrorResponseNoneExtData {}, + ), + }), + }; + writer.clear(); + let _ = error.spdm_encode(&mut self.common, writer); + } +} + +impl ResponderContext { + pub fn handle_error_request<'a>( + &mut self, + error_code: SpdmErrorCode, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_error_response(error_code, bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_error_response<'a>( + &mut self, + error_code: SpdmErrorCode, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let error_data = if error_code == SpdmErrorCode::SpdmErrorUnsupportedRequest { + message_header.request_response_code.get_u8() + } else { + 0u8 + }; + self.write_spdm_error(error_code, error_data, writer); + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/finish_rsp.rs b/spdmlib/src/responder/finish_rsp.rs new file mode 100644 index 0000000..615e9af --- /dev/null +++ b/spdmlib/src/responder/finish_rsp.rs @@ -0,0 +1,435 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::session::SpdmSession; +use crate::common::{ManagedBuffer12Sign, SpdmCodec}; +use crate::crypto; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::*; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; +extern crate alloc; +use alloc::boxed::Box; + +impl ResponderContext { + pub fn handle_spdm_finish<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + #[cfg(feature = "mandatory-mut-auth")] + if !self.common.mut_auth_done { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + return (Ok(()), None); + } + + let (result, rsp_slice) = self.write_spdm_finish_response(session_id, bytes, writer); + if result.is_err() { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + + (Ok(()), rsp_slice) + } + + // Return true on success, false otherwise. + pub fn write_spdm_finish_response<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestFinish, + Some(session_id), + ); + + let finish_req = SpdmFinishRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(finish_req) = &finish_req { + debug!("!!! finish req : {:02x?}\n", finish_req); + } else { + error!("!!! finish req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let finish_req = finish_req.unwrap(); + + if self + .common + .append_message_f(false, session_id, &bytes[..4]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let mut_auth_attributes = self + .common + .get_immutable_session_via_id(session_id) + .unwrap() + .get_mut_auth_requested(); + let finish_request_attributes = finish_req.finish_request_attributes; + + if (!mut_auth_attributes.is_empty() + && !finish_request_attributes.contains(SpdmFinishRequestAttributes::SIGNATURE_INCLUDED)) + || (mut_auth_attributes.is_empty() + && finish_request_attributes + .contains(SpdmFinishRequestAttributes::SIGNATURE_INCLUDED)) + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let is_mut_auth = !mut_auth_attributes.is_empty(); + if is_mut_auth { + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + if self + .verify_finish_req_signature(&finish_req.signature, session) + .is_err() + { + error!("verify finish request signature error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorDecryptError, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + info!("verify_finish_req_signature pass"); + + if self + .common + .append_message_f(false, session_id, finish_req.signature.as_ref()) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + + // verify HMAC with finished_key + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + + { + let session = self.common.get_session_via_id(session_id).unwrap(); + + if session.get_use_psk() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let slot_id = session.get_slot_id(); + + let transcript_hash = + self.common + .calc_rsp_transcript_hash(false, slot_id, is_mut_auth, session); + if transcript_hash.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let transcript_hash = transcript_hash.as_ref().unwrap(); + + if session + .verify_hmac_with_request_finished_key( + transcript_hash.as_ref(), + &finish_req.verify_data, + ) + .is_err() + { + error!("verify_hmac_with_request_finished_key fail"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorDecryptError, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } else { + info!("verify_hmac_with_request_finished_key pass"); + } + + if self + .common + .append_message_f(false, session_id, finish_req.verify_data.as_ref()) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + + info!("send spdm finish rsp\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseFinishRsp, + }, + payload: SpdmMessagePayload::SpdmFinishResponse(SpdmFinishResponsePayload { + verify_data: SpdmDigestStruct { + data_size: (self as &ResponderContext) + .common + .negotiate_info + .base_hash_sel + .get_size(), + data: Box::new([0xcc; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let used = writer.used(); + + if in_clear_text { + // generate HMAC with finished_key + let temp_used = used - base_hash_size; + + if self + .common + .append_message_f(false, session_id, &writer.used_slice()[..temp_used]) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let slot_id = session.get_slot_id(); + + let transcript_hash = + self.common + .calc_rsp_transcript_hash(false, slot_id, is_mut_auth, session); + if transcript_hash.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let transcript_hash = transcript_hash.unwrap(); + + let hmac = session.generate_hmac_with_response_finished_key(transcript_hash.as_ref()); + if hmac.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let hmac = hmac.unwrap(); + + if self + .common + .append_message_f(false, session_id, hmac.as_ref()) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + // patch the message before send + writer.mut_used_slice()[(used - base_hash_size)..used].copy_from_slice(hmac.as_ref()); + } else if self + .common + .append_message_f(false, session_id, &writer.used_slice()[..4]) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + // generate the data secret + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + let slot_id = session.get_slot_id(); + let th2 = self + .common + .calc_rsp_transcript_hash(false, slot_id, is_mut_auth, session); + + if th2.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let th2 = th2.unwrap(); + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = self.common.get_session_via_id(session_id).unwrap(); + if let Err(e) = session.generate_data_secret(spdm_version_sel, &th2) { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(e), Some(writer.used_slice())); + } else { + (Ok(()), Some(writer.used_slice())) + } + } + + #[cfg(not(feature = "hashed-transcript-data"))] + fn verify_finish_req_signature( + &self, + signature: &SpdmSignatureStruct, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_data_hash = + self.common + .calc_rsp_transcript_hash(false, session.get_slot_id(), true, session)?; + + let peer_slot_id = self.common.runtime_info.get_peer_used_cert_chain_slot_id(); + let peer_cert = &self.common.peer_info.peer_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + let mut transcript_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + transcript_sign.reset_message(); + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_12) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(&SPDM_FINISH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_sign + .append_message(transcript_data_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + peer_cert, + transcript_sign.as_ref(), + signature, + ) + } + + #[cfg(feature = "hashed-transcript-data")] + fn verify_finish_req_signature( + &self, + signature: &SpdmSignatureStruct, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_hash = + self.common + .calc_rsp_transcript_hash(false, session.get_slot_id(), true, session)?; + + let peer_slot_id = self.common.runtime_info.get_peer_used_cert_chain_slot_id(); + let peer_cert = &self.common.peer_info.peer_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data[(4usize + self.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(self.common.peer_info.peer_cert_chain[peer_slot_id as usize] + .as_ref() + .ok_or(SPDM_STATUS_INVALID_PARAMETER)? + .data_size as usize)]; + + let mut transcript_hash_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + transcript_hash_sign.reset_message(); + transcript_hash_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_hash_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_12) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_hash_sign + .append_message(&SPDM_FINISH_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + transcript_hash_sign + .append_message(transcript_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + let res = crypto::asym_verify::verify( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + peer_cert, + transcript_hash_sign.as_ref(), + signature, + ); + + res + } +} diff --git a/spdmlib/src/responder/heartbeat_rsp.rs b/spdmlib/src/responder/heartbeat_rsp.rs new file mode 100644 index 0000000..4989be1 --- /dev/null +++ b/spdmlib/src/responder/heartbeat_rsp.rs @@ -0,0 +1,84 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_heartbeat<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_heartbeat_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_heartbeat_response<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestHeartbeat, + Some(session_id), + ); + + let heartbeat_req = SpdmHeartbeatRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(heartbeat_req) = heartbeat_req { + debug!("!!! heartbeat req : {:02x?}\n", heartbeat_req); + } else { + error!("!!! heartbeat req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + info!("send spdm heartbeat rsp\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseHeartbeatAck, + }, + payload: SpdmMessagePayload::SpdmHeartbeatResponse(SpdmHeartbeatResponsePayload {}), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/key_exchange_rsp.rs b/spdmlib/src/responder/key_exchange_rsp.rs new file mode 100644 index 0000000..4f1d0d9 --- /dev/null +++ b/spdmlib/src/responder/key_exchange_rsp.rs @@ -0,0 +1,601 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::session::SpdmSession; +#[cfg(feature = "hashed-transcript-data")] +use crate::common::ManagedBuffer12Sign; +use crate::common::SMVersionSelOpaque; +use crate::common::SecuredMessageVersion; +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::common::SpdmTransportEncap; +use crate::crypto; +use crate::error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_CRYPTO_ERROR, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, SPDM_STATUS_INVALID_STATE_PEER, +}; +use crate::protocol::*; +use crate::responder::*; +extern crate alloc; +use crate::common::opaque::SpdmOpaqueStruct; +use crate::message::*; +use crate::secret; +use alloc::boxed::Box; +use core::convert::TryFrom; +use core::ops::DerefMut; + +impl ResponderContext { + pub fn handle_spdm_key_exchange<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut target_session_id = None; + let (result, rsp_slice) = + self.write_spdm_key_exchange_response(bytes, writer, &mut target_session_id); + if result.is_err() { + if let Some(session_id) = target_session_id { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + } + + (Ok(()), rsp_slice) + } + + pub fn write_spdm_key_exchange_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + target_session_id: &mut Option, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if message_header.version < SpdmVersion::SpdmVersion11 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnsupportedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestKeyExchange, None); + + let key_exchange_req = + SpdmKeyExchangeRequestPayload::spdm_read(&mut self.common, &mut reader); + + let mut return_opaque = SpdmOpaqueStruct::default(); + + let measurement_summary_hash; + if let Some(key_exchange_req) = &key_exchange_req { + debug!("!!! key_exchange req : {:02x?}\n", key_exchange_req); + + if (key_exchange_req.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (key_exchange_req.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll) + { + self.common.runtime_info.need_measurement_summary_hash = true; + let measurement_summary_hash_res = + secret::measurement::generate_measurement_summary_hash( + self.common.negotiate_info.spdm_version_sel, + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.measurement_specification_sel, + self.common.negotiate_info.measurement_hash_sel, + key_exchange_req.measurement_summary_hash_type, + ); + if measurement_summary_hash_res.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + measurement_summary_hash = measurement_summary_hash_res.unwrap(); + if measurement_summary_hash.data_size == 0 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.common.runtime_info.need_measurement_summary_hash = false; + measurement_summary_hash = SpdmDigestStruct::default(); + } + + self.common.negotiate_info.termination_policy_set = key_exchange_req.session_policy + & KEY_EXCHANGE_REQUESTER_SESSION_POLICY_TERMINATION_POLICY_MASK + == KEY_EXCHANGE_REQUESTER_SESSION_POLICY_TERMINATION_POLICY_VALUE; + + if let Some(secured_message_version_list) = key_exchange_req + .opaque + .rsp_get_dmtf_supported_secure_spdm_version_list(&mut self.common) + { + if secured_message_version_list.version_count + > crate::common::opaque::MAX_SECURE_SPDM_VERSION_COUNT as u8 + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let mut selected_version: Option = None; + for index in 0..secured_message_version_list.version_count as usize { + for (_, local_version) in self + .common + .config_info + .secure_spdm_version + .iter() + .flatten() + .enumerate() + { + if secured_message_version_list.versions_list[index] == *local_version { + selected_version = Some(*local_version); + } + } + } + + if let Some(selected_version) = selected_version { + if let Ok(opaque) = SpdmOpaqueStruct::from_sm_version_sel_opaque( + &mut self.common, + &SMVersionSelOpaque { + secured_message_version: selected_version, + }, + ) { + return_opaque = opaque; + } else { + self.write_spdm_error( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + error!("secure message version not selected!"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + } else { + error!("!!! key_exchange req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let key_exchange_req = key_exchange_req.unwrap(); + let slot_id = key_exchange_req.slot_id as usize; + if slot_id >= SPDM_MAX_SLOT_NUMBER { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if self.common.provision_info.my_cert_chain[slot_id].is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common + .runtime_info + .set_local_used_cert_chain_slot_id(key_exchange_req.slot_id); + + let (exchange, key_exchange_context) = + crypto::dhe::generate_key_pair(self.common.negotiate_info.dhe_sel).unwrap(); + + debug!("!!! exchange data : {:02x?}\n", exchange); + + debug!( + "!!! exchange data (peer) : {:02x?}\n", + &key_exchange_req.exchange + ); + + let final_key = key_exchange_context.compute_final_key(&key_exchange_req.exchange); + + if final_key.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let final_key = final_key.unwrap(); + debug!("!!! final_key : {:02x?}\n", final_key.as_ref()); + + let rsp_session_id = self.common.get_next_half_session_id(false); + if rsp_session_id.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorSessionLimitExceeded, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let rsp_session_id = rsp_session_id.unwrap(); + + // create session structure + let hash_algo = self.common.negotiate_info.base_hash_sel; + let dhe_algo = self.common.negotiate_info.dhe_sel; + let aead_algo = self.common.negotiate_info.aead_sel; + let key_schedule_algo = self.common.negotiate_info.key_schedule_sel; + let sequence_number_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_sequence_number_count() + }; + let max_random_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_max_random_count() + }; + + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let message_a = self.common.runtime_info.message_a.clone(); + let cert_chain_hash = self.common.get_certchain_hash_local(false, slot_id); + if cert_chain_hash.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let session = self.common.get_next_avaiable_session(); + if session.is_none() { + error!("!!! too many sessions : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorSessionLimitExceeded, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + #[cfg(feature = "mut-auth")] + let mut_auth_req = SpdmKeyExchangeMutAuthAttributes::MUT_AUTH_REQ_WITH_GET_DIGESTS; + #[cfg(not(feature = "mut-auth"))] + let mut_auth_req = SpdmKeyExchangeMutAuthAttributes::empty(); + + let session = session.unwrap(); + let session_id = ((rsp_session_id as u32) << 16) + key_exchange_req.req_session_id as u32; + *target_session_id = Some(session_id); + session.setup(session_id).unwrap(); + session.set_use_psk(false); + session.set_slot_id(slot_id as u8); + session.set_crypto_param(hash_algo, dhe_algo, aead_algo, key_schedule_algo); + session.set_mut_auth_requested(mut_auth_req); + session.set_transport_param(sequence_number_count, max_random_count); + if session.set_dhe_secret(spdm_version_sel, final_key).is_err() { + session.teardown(); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + session.runtime_info.message_a = message_a; + session.runtime_info.rsp_cert_hash = cert_chain_hash; + session.runtime_info.req_cert_hash = None; + + let mut random = [0u8; SPDM_RANDOM_SIZE]; + let res = crypto::rand::get_random(&mut random); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + + let in_clear_text = self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP); + info!("in_clear_text {:?}\n", in_clear_text); + + info!("send spdm key_exchange rsp\n"); + + // prepare response + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseKeyExchangeRsp, + }, + payload: SpdmMessagePayload::SpdmKeyExchangeResponse(SpdmKeyExchangeResponsePayload { + heartbeat_period: self.common.config_info.heartbeat_period, + rsp_session_id, + mut_auth_req, + req_slot_id: 0x0, + random: SpdmRandomStruct { data: random }, + exchange, + measurement_summary_hash, + opaque: return_opaque, + signature: SpdmSignatureStruct { + data_size: self.common.negotiate_info.base_asym_sel.get_size(), + data: [0xbb; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: Box::new([0xcc; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let used = writer.used(); + + // generate signature + let base_asym_size = self.common.negotiate_info.base_asym_sel.get_size() as usize; + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + let temp_used = if in_clear_text { + used - base_asym_size + } else { + used - base_asym_size - base_hash_size + }; + + if self + .common + .append_message_k(session_id, &bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + if self + .common + .append_message_k(session_id, &writer.used_slice()[..temp_used]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let signature = self.generate_key_exchange_rsp_signature(slot_id as u8, session); + if signature.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let signature = signature.unwrap(); + + if self + .common + .append_message_k(session_id, signature.as_ref()) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // generate the handshake secret (including finished_key) before generate HMAC + let th1 = self + .common + .calc_rsp_transcript_hash(false, slot_id as u8, false, session); + if th1.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let th1 = th1.unwrap(); + debug!("!!! th1 : {:02x?}\n", th1.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + if let Err(e) = session.generate_handshake_secret(spdm_version_sel, &th1) { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(e), Some(writer.used_slice())); + } + + if !in_clear_text { + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // generate HMAC with finished_key + let transcript_hash = + self.common + .calc_rsp_transcript_hash(false, slot_id as u8, false, session); + if transcript_hash.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let transcript_hash = transcript_hash.unwrap(); + + let session = self.common.get_session_via_id(session_id).unwrap(); + + let hmac = session.generate_hmac_with_response_finished_key(transcript_hash.as_ref()); + if hmac.is_err() { + session.teardown(); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let hmac = hmac.unwrap(); + + // append verify_data after TH1 + if self + .common + .append_message_k(session_id, hmac.as_ref()) + .is_err() + { + let session = self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + // patch the message before send + writer.mut_used_slice() + [(used - base_hash_size - base_asym_size)..(used - base_hash_size)] + .copy_from_slice(signature.as_ref()); + writer.mut_used_slice()[(used - base_hash_size)..used].copy_from_slice(hmac.as_ref()); + } + + let heartbeat_period = self.common.config_info.heartbeat_period; + let session = self.common.get_session_via_id(session_id).unwrap(); + + session.heartbeat_period = heartbeat_period; + if return_opaque.data_size != 0 { + session.secure_spdm_version_sel = SecuredMessageVersion::try_from( + return_opaque.data[return_opaque.data_size as usize - 1], + ) + .unwrap(); + } + + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + + if in_clear_text { + self.common + .runtime_info + .set_last_session_id(Some(session_id)); + } + + (Ok(()), Some(writer.used_slice())) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn generate_key_exchange_rsp_signature( + &self, + slot_id: u8, + session: &SpdmSession, + ) -> SpdmResult { + let transcript_hash = self + .common + .calc_rsp_transcript_hash(false, slot_id, false, session)?; + + debug!("message_hash - {:02x?}", transcript_hash.as_ref()); + + let mut message_sign = ManagedBuffer12Sign::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_2) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(transcript_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message_sign.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn generate_key_exchange_rsp_signature( + &self, + slot_id: u8, + session: &SpdmSession, + ) -> SpdmResult { + let message_hash = self + .common + .calc_rsp_transcript_hash(false, slot_id, false, session)?; + // we dont need create message hash for verify + // we just print message hash for debug purpose + debug!("message_hash - {:02x?}", message_hash.as_ref()); + + let mut message = self.common.calc_rsp_transcript_data( + false, + slot_id, + false, + &session.runtime_info.message_k, + None, + )?; + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message.reset_message(); + message + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_2) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(&SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message + .append_message(message_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } +} diff --git a/spdmlib/src/responder/key_update_rsp.rs b/spdmlib/src/responder/key_update_rsp.rs new file mode 100644 index 0000000..63d43a5 --- /dev/null +++ b/spdmlib/src/responder/key_update_rsp.rs @@ -0,0 +1,111 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_key_update<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_key_update_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_key_update_response<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + Some(session_id), + ); + + let key_update_req = SpdmKeyUpdateRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(key_update_req) = &key_update_req { + debug!("!!! key_update req : {:02x?}\n", key_update_req); + } else { + error!("!!! key_update req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let key_update_req = key_update_req.unwrap(); + + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = self.common.get_session_via_id(session_id).unwrap(); + match key_update_req.key_update_operation { + SpdmKeyUpdateOperation::SpdmUpdateSingleKey => { + let _ = session.create_data_secret_update(spdm_version_sel, true, false); + } + SpdmKeyUpdateOperation::SpdmUpdateAllKeys => { + let _ = session.create_data_secret_update(spdm_version_sel, true, true); + let _ = session.activate_data_secret_update(spdm_version_sel, true, true, true); + } + SpdmKeyUpdateOperation::SpdmVerifyNewKey => { + let _ = session.activate_data_secret_update(spdm_version_sel, true, false, true); + } + _ => { + error!("!!! key_update req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + + info!("send spdm key_update rsp\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseKeyUpdateAck, + }, + payload: SpdmMessagePayload::SpdmKeyUpdateResponse(SpdmKeyUpdateResponsePayload { + key_update_operation: key_update_req.key_update_operation, + tag: key_update_req.tag, + }), + }; + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/measurement_rsp.rs b/spdmlib/src/responder/measurement_rsp.rs new file mode 100644 index 0000000..a9fa777 --- /dev/null +++ b/spdmlib/src/responder/measurement_rsp.rs @@ -0,0 +1,415 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::opaque::{SpdmOpaqueStruct, MAX_SPDM_OPAQUE_SIZE}; +#[cfg(feature = "hashed-transcript-data")] +use crate::common::ManagedBuffer12Sign; +#[cfg(not(feature = "hashed-transcript-data"))] +use crate::common::ManagedBufferL1L2; +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::common::SpdmMeasurementContentChanged; +use crate::crypto; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_BUFFER_FULL; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +#[cfg(not(feature = "hashed-transcript-data"))] +use crate::error::SPDM_STATUS_INVALID_PARAMETER; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::error::SPDM_STATUS_NOT_READY_PEER; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; +use crate::secret; + +impl ResponderContext { + pub fn handle_spdm_measurement<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (status, rsp_slice) = self.write_spdm_measurement_response(session_id, bytes, writer); + + if let Err(e) = status { + if e != SPDM_STATUS_NOT_READY_PEER { + self.common.reset_message_m(session_id); + } + } + + (Ok(()), rsp_slice) + } + + pub fn write_spdm_measurement_response<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer<'_>, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + session_id, + ); + + let get_measurements = + SpdmGetMeasurementsRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(get_measurements) = &get_measurements { + debug!("!!! get_measurements : {:02x?}\n", get_measurements); + } else { + error!("!!! get_measurements : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let get_measurements = get_measurements.unwrap(); + let slot_id = get_measurements.slot_id as usize; + + let signature_size = self.common.negotiate_info.base_asym_sel.get_size(); + + if get_measurements + .measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + self.common.runtime_info.need_measurement_signature = true; + + if slot_id >= SPDM_MAX_SLOT_NUMBER { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if self.common.provision_info.my_cert_chain[slot_id].is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } else { + self.common.runtime_info.need_measurement_signature = false; + + if slot_id != 0 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + + let measurement_hash_sel = self.common.negotiate_info.measurement_hash_sel; + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let measurement_specification_sel = + self.common.negotiate_info.measurement_specification_sel; + let runtime_content_change_support = self.common.config_info.runtime_content_change_support; + let content_changed = self.common.runtime_info.content_changed; + let base_asym_sel = self.common.negotiate_info.base_asym_sel; + + if self + .common + .append_message_m(session_id, &bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let number_of_measurement = secret::measurement::measurement_collection( + spdm_version_sel, + measurement_specification_sel, + measurement_hash_sel, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber.get_u8() as usize, + ) + .unwrap() + .number_of_blocks; + + let measurement_record = if get_measurements.measurement_operation + == SpdmMeasurementOperation::SpdmMeasurementRequestAll + { + secret::measurement::measurement_collection( + spdm_version_sel, + measurement_specification_sel, + measurement_hash_sel, + SpdmMeasurementOperation::SpdmMeasurementRequestAll.get_u8() as usize, + ) + .unwrap() + } else if let SpdmMeasurementOperation::Unknown(index) = + get_measurements.measurement_operation + { + if index > number_of_measurement { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + secret::measurement::measurement_collection( + spdm_version_sel, + measurement_specification_sel, + measurement_hash_sel, + index as usize, + ) + .unwrap() + } else { + SpdmMeasurementRecordStructure::default() + }; + + let content_changed = + if runtime_content_change_support && (spdm_version_sel >= SpdmVersion::SpdmVersion12) { + content_changed + } else { + SpdmMeasurementContentChanged::NOT_SUPPORTED + }; + + let mut nonce = [0u8; SPDM_NONCE_SIZE]; + let res = crypto::rand::get_random(&mut nonce); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + + info!("send spdm measurement\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseMeasurements, + }, + payload: SpdmMessagePayload::SpdmMeasurementsResponse( + SpdmMeasurementsResponsePayload { + number_of_measurement, + slot_id: get_measurements.slot_id, + content_changed, + measurement_record, + nonce: SpdmNonceStruct { data: nonce }, + opaque: SpdmOpaqueStruct { + data_size: 0, + data: [0u8; MAX_SPDM_OPAQUE_SIZE], + }, + signature: SpdmSignatureStruct { + data_size: signature_size, + data: [0x60u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + measurement_operation: get_measurements.measurement_operation, + }, + ), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let used = writer.used(); + + // generat signature + if get_measurements + .measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + let base_asym_size = base_asym_sel.get_size() as usize; + let temp_used = used - base_asym_size; + + if self + .common + .append_message_m(session_id, &writer.used_slice()[..temp_used]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let signature = self.generate_measurement_signature(session_id); + if signature.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let signature = signature.unwrap(); + // patch the message before send + writer.mut_used_slice()[(used - base_asym_size)..used] + .copy_from_slice(signature.as_ref()); + + self.common.reset_message_m(session_id); + } else if self + .common + .append_message_m(session_id, writer.used_slice()) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } + + #[cfg(feature = "hashed-transcript-data")] + pub fn generate_measurement_signature( + &self, + session_id: Option, + ) -> SpdmResult { + let message_l1l2_hash = match session_id { + Some(session_id) => crypto::hash::hash_ctx_finalize( + self.common + .get_immutable_session_via_id(session_id) + .unwrap() + .runtime_info + .digest_context_l1l2 + .as_ref() + .cloned() + .unwrap(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?, + None => crypto::hash::hash_ctx_finalize( + self.common + .runtime_info + .digest_context_l1l2 + .as_ref() + .cloned() + .unwrap(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?, + }; + debug!("message_l1l2_hash - {:02x?}", message_l1l2_hash.as_ref()); + + let mut message_sign = ManagedBuffer12Sign::default(); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_sign.reset_message(); + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_sign + .append_message(message_l1l2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } else { + error!("hashed-transcript-data is unsupported in SPDM 1.0/1.1 signing!\n"); + return Err(SPDM_STATUS_INVALID_STATE_LOCAL); + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message_sign.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } + + #[cfg(not(feature = "hashed-transcript-data"))] + pub fn generate_measurement_signature( + &self, + session_id: Option, + ) -> SpdmResult { + let mut message_l1l2 = ManagedBufferL1L2::default(); + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + let message_a = self.common.runtime_info.message_a.clone(); + message_l1l2 + .append_message(message_a.as_ref()) + .map_or_else(|| Err(SPDM_STATUS_BUFFER_FULL), |_| Ok(()))?; + } + + match session_id { + None => { + message_l1l2 + .append_message(self.common.runtime_info.message_m.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + Some(session_id) => { + let session = if let Some(s) = self.common.get_immutable_session_via_id(session_id) + { + s + } else { + return Err(SPDM_STATUS_INVALID_PARAMETER); + }; + message_l1l2 + .append_message(session.runtime_info.message_m.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + } + // we dont need create message hash for verify + // we just print message hash for debug purpose + let message_l1l2_hash = crypto::hash::hash_all( + self.common.negotiate_info.base_hash_sel, + message_l1l2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + + debug!("message_l1l2_hash - {:02x?}", message_l1l2_hash.as_ref()); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 { + message_l1l2.reset_message(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + message_l1l2 + .append_message(message_l1l2_hash.as_ref()) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } + + crate::secret::asym_sign::sign( + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.base_asym_sel, + message_l1l2.as_ref(), + ) + .ok_or(SPDM_STATUS_CRYPTO_ERROR) + } +} diff --git a/spdmlib/src/responder/mod.rs b/spdmlib/src/responder/mod.rs new file mode 100644 index 0000000..3abe3cd --- /dev/null +++ b/spdmlib/src/responder/mod.rs @@ -0,0 +1,36 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod context; + +mod algorithm_rsp; +mod capability_rsp; +mod certificate_rsp; +mod challenge_rsp; +mod digest_rsp; +#[cfg(feature = "mut-auth")] +mod encap_get_certificate; +#[cfg(feature = "mut-auth")] +mod encap_get_digest; +#[cfg(feature = "mut-auth")] +mod encap_rsp; +mod end_session_rsp; +mod finish_rsp; +mod heartbeat_rsp; +mod key_exchange_rsp; +mod key_update_rsp; +mod measurement_rsp; +mod psk_exchange_rsp; +mod psk_finish_rsp; +mod version_rsp; + +mod error_rsp; +mod vendor_rsp; + +pub mod app_message_handler; + +pub use context::ResponderContext; + +use crate::config; +use codec::{Codec, Reader, Writer}; diff --git a/spdmlib/src/responder/psk_exchange_rsp.rs b/spdmlib/src/responder/psk_exchange_rsp.rs new file mode 100644 index 0000000..c3ba88c --- /dev/null +++ b/spdmlib/src/responder/psk_exchange_rsp.rs @@ -0,0 +1,454 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::opaque::SpdmOpaqueStruct; +use crate::common::SMVersionSelOpaque; +use crate::common::SecuredMessageVersion; +use crate::common::SpdmCodec; +use crate::common::SpdmConnectionState; +use crate::common::SpdmTransportEncap; +use crate::common::INVALID_SLOT; +use crate::crypto; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::error::SPDM_STATUS_INVALID_STATE_PEER; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; +use crate::watchdog::start_watchdog; +use config::MAX_SPDM_PSK_CONTEXT_SIZE; +extern crate alloc; +use crate::secret; +use alloc::boxed::Box; +use core::convert::TryFrom; +use core::ops::DerefMut; + +impl ResponderContext { + pub fn handle_spdm_psk_exchange<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut target_session_id = None; + let (result, rsp_slice) = + self.write_spdm_psk_exchange_response(bytes, writer, &mut target_session_id); + if result.is_err() { + if let Some(session_id) = target_session_id { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + } + + (Ok(()), rsp_slice) + } + + pub fn write_spdm_psk_exchange_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + target_session_id: &mut Option, + ) -> (SpdmResult, Option<&'a [u8]>) { + if self.common.runtime_info.get_connection_state().get_u8() + < SpdmConnectionState::SpdmConnectionNegotiated.get_u8() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnexpectedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_PEER), + Some(writer.used_slice()), + ); + } + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + if message_header.version < SpdmVersion::SpdmVersion11 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnsupportedRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestPskExchange, None); + + let psk_exchange_req = + SpdmPskExchangeRequestPayload::spdm_read(&mut self.common, &mut reader); + + let mut return_opaque = SpdmOpaqueStruct::default(); + + let measurement_summary_hash; + let psk_hint; + if let Some(psk_exchange_req) = &psk_exchange_req { + debug!("!!! psk_exchange req : {:02x?}\n", psk_exchange_req); + + if (psk_exchange_req.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb) + || (psk_exchange_req.measurement_summary_hash_type + == SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll) + { + self.common.runtime_info.need_measurement_summary_hash = true; + let measurement_summary_hash_res = + secret::measurement::generate_measurement_summary_hash( + self.common.negotiate_info.spdm_version_sel, + self.common.negotiate_info.base_hash_sel, + self.common.negotiate_info.measurement_specification_sel, + self.common.negotiate_info.measurement_hash_sel, + psk_exchange_req.measurement_summary_hash_type, + ); + if measurement_summary_hash_res.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + measurement_summary_hash = measurement_summary_hash_res.unwrap(); + if measurement_summary_hash.data_size == 0 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + } else { + self.common.runtime_info.need_measurement_summary_hash = false; + measurement_summary_hash = SpdmDigestStruct::default(); + } + + psk_hint = psk_exchange_req.psk_hint.clone(); + + if let Some(secured_message_version_list) = psk_exchange_req + .opaque + .rsp_get_dmtf_supported_secure_spdm_version_list(&mut self.common) + { + if secured_message_version_list.version_count + > crate::common::opaque::MAX_SECURE_SPDM_VERSION_COUNT as u8 + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let mut selected_version: Option = None; + for index in 0..secured_message_version_list.version_count as usize { + for (_, local_version) in self + .common + .config_info + .secure_spdm_version + .iter() + .flatten() + .enumerate() + { + if secured_message_version_list.versions_list[index] == *local_version { + selected_version = Some(*local_version); + } + } + } + + if let Some(selected_version) = selected_version { + if let Ok(opaque) = SpdmOpaqueStruct::from_sm_version_sel_opaque( + &mut self.common, + &SMVersionSelOpaque { + secured_message_version: selected_version, + }, + ) { + return_opaque = opaque; + } else { + self.write_spdm_error( + SpdmErrorCode::SpdmErrorUnsupportedRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + error!("secure message version not selected!"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + } else { + error!("!!! psk_exchange req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + let psk_without_context = self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::PSK_CAP_WITHOUT_CONTEXT); + let psk_context_size = if psk_without_context { + 0u16 + } else { + MAX_SPDM_PSK_CONTEXT_SIZE as u16 + }; + let mut psk_context = [0u8; MAX_SPDM_PSK_CONTEXT_SIZE]; + if psk_without_context { + let res = crypto::rand::get_random(&mut psk_context); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + } + + let rsp_session_id = self.common.get_next_half_session_id(false); + if rsp_session_id.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorSessionLimitExceeded, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let rsp_session_id = rsp_session_id.unwrap(); + + // create session structure + let hash_algo = self.common.negotiate_info.base_hash_sel; + let dhe_algo = self.common.negotiate_info.dhe_sel; + let aead_algo = self.common.negotiate_info.aead_sel; + let key_schedule_algo = self.common.negotiate_info.key_schedule_sel; + let sequence_number_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_sequence_number_count() + }; + let max_random_count = { + let mut transport_encap = self.common.transport_encap.lock(); + let transport_encap: &mut (dyn SpdmTransportEncap + Send + Sync) = + transport_encap.deref_mut(); + transport_encap.get_max_random_count() + }; + + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let message_a = self.common.runtime_info.message_a.clone(); + + let session = self.common.get_next_avaiable_session(); + if session.is_none() { + error!("!!! too many sessions : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorSessionLimitExceeded, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = session.unwrap(); + let session_id = + ((rsp_session_id as u32) << 16) + psk_exchange_req.unwrap().req_session_id as u32; + *target_session_id = Some(session_id); + session.setup(session_id).unwrap(); + session.set_use_psk(true); + + session.set_crypto_param(hash_algo, dhe_algo, aead_algo, key_schedule_algo); + session.set_transport_param(sequence_number_count, max_random_count); + + session.runtime_info.psk_hint = Some(psk_hint); + session.runtime_info.message_a = message_a; + session.runtime_info.rsp_cert_hash = None; + session.runtime_info.req_cert_hash = None; + + info!("send spdm psk_exchange rsp\n"); + + // prepare response + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponsePskExchangeRsp, + }, + payload: SpdmMessagePayload::SpdmPskExchangeResponse(SpdmPskExchangeResponsePayload { + heartbeat_period: self.common.config_info.heartbeat_period, + rsp_session_id, + measurement_summary_hash, + psk_context: SpdmPskContextStruct { + data_size: psk_context_size, + data: psk_context, + }, + opaque: return_opaque, + verify_data: SpdmDigestStruct { + data_size: self.common.negotiate_info.base_hash_sel.get_size(), + data: Box::new([0xcc; SPDM_MAX_HASH_SIZE]), + }, + }), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + let used = writer.used(); + + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + let temp_used = used - base_hash_size; + + if self + .common + .append_message_k(session_id, &bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + if self + .common + .append_message_k(session_id, &writer.used_slice()[..temp_used]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + // create session - generate the handshake secret (including finished_key) + let th1 = self + .common + .calc_rsp_transcript_hash(true, INVALID_SLOT, false, session); + if th1.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let th1 = th1.unwrap(); + debug!("!!! th1 : {:02x?}\n", th1.as_ref()); + + let session = self.common.get_session_via_id(session_id).unwrap(); + if let Err(e) = session.generate_handshake_secret(spdm_version_sel, &th1) { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(e), Some(writer.used_slice())); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + // generate HMAC with finished_key + let transcript_hash = + self.common + .calc_rsp_transcript_hash(true, INVALID_SLOT, false, session); + if transcript_hash.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let transcript_hash = transcript_hash.unwrap(); + + let hmac = session.generate_hmac_with_response_finished_key(transcript_hash.as_ref()); + if hmac.is_err() { + let session = self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let hmac = hmac.unwrap(); + + // append verify_data after TH1 + if self + .common + .append_message_k(session_id, hmac.as_ref()) + .is_err() + { + let session = self.common.get_session_via_id(session_id).unwrap(); + session.teardown(); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + // patch the message before send + writer.mut_used_slice()[(used - base_hash_size)..used].copy_from_slice(hmac.as_ref()); + let heartbeat_period = self.common.config_info.heartbeat_period; + let session = self.common.get_session_via_id(session_id).unwrap(); + session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking); + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + if psk_without_context { + // generate the data secret directly to skip PSK_FINISH + let th2 = self + .common + .calc_rsp_transcript_hash(true, 0, false, session); + if th2.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let th2 = th2.unwrap(); + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let heartbeat_period = { + let session = self.common.get_session_via_id(session_id).unwrap(); + session + .generate_data_secret(spdm_version_sel, &th2) + .unwrap(); + session.set_session_state( + crate::common::session::SpdmSessionState::SpdmSessionEstablished, + ); + + session.heartbeat_period + }; + if self + .common + .negotiate_info + .req_capabilities_sel + .contains(SpdmRequestCapabilityFlags::HBEAT_CAP) + && self + .common + .negotiate_info + .rsp_capabilities_sel + .contains(SpdmResponseCapabilityFlags::HBEAT_CAP) + { + start_watchdog(session_id, heartbeat_period as u16 * 2); + } + } + + let session = self.common.get_session_via_id(session_id).unwrap(); + session.heartbeat_period = heartbeat_period; + if return_opaque.data_size != 0 { + session.secure_spdm_version_sel = SecuredMessageVersion::try_from( + return_opaque.data[return_opaque.data_size as usize - 1], + ) + .unwrap(); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/psk_finish_rsp.rs b/spdmlib/src/responder/psk_finish_rsp.rs new file mode 100644 index 0000000..6d444de --- /dev/null +++ b/spdmlib/src/responder/psk_finish_rsp.rs @@ -0,0 +1,209 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::common::INVALID_SLOT; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_CRYPTO_ERROR; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_psk_finish<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (result, rsp_slice) = self.write_spdm_psk_finish_response(session_id, bytes, writer); + if result.is_err() { + if let Some(session) = self.common.get_session_via_id(session_id) { + session.teardown(); + } + } + + (Ok(()), rsp_slice) + } + + // Return true on success, false otherwise + pub fn write_spdm_psk_finish_response<'a>( + &mut self, + session_id: u32, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestPskFinish, + Some(session_id), + ); + + let psk_finish_req = SpdmPskFinishRequestPayload::spdm_read(&mut self.common, &mut reader); + + if let Some(psk_finish_req) = &psk_finish_req { + debug!("!!! psk_finish req : {:02x?}\n", psk_finish_req); + } else { + error!("!!! psk_finish req : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + // Safety to call unwrap() + let psk_finish_req = psk_finish_req.unwrap(); + let read_used = reader.used(); + + // verify HMAC with finished_key + let base_hash_size = self.common.negotiate_info.base_hash_sel.get_size() as usize; + + let temp_used = read_used - base_hash_size; + + { + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + if !session.get_use_psk() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + if self + .common + .append_message_f(false, session_id, &bytes[..temp_used]) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + + let transcript_hash = + self.common + .calc_rsp_transcript_hash(true, INVALID_SLOT, false, session); + if transcript_hash.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + let transcript_hash = transcript_hash.as_ref().unwrap(); + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + let res = session.verify_hmac_with_request_finished_key( + transcript_hash.as_ref(), + &psk_finish_req.verify_data, + ); + if res.is_err() { + error!("verify_hmac_with_request_finished_key fail"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorDecryptError, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } else { + info!("verify_hmac_with_request_finished_key pass"); + } + + if self + .common + .append_message_f(false, session_id, psk_finish_req.verify_data.as_ref()) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + } + + info!("send spdm psk_finish rsp\n"); + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponsePskFinishRsp, + }, + payload: SpdmMessagePayload::SpdmPskFinishResponse(SpdmPskFinishResponsePayload {}), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + if self + .common + .append_message_f(false, session_id, writer.used_slice()) + .is_err() + { + error!("message_f add the message error"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + let session = self + .common + .get_immutable_session_via_id(session_id) + .unwrap(); + // generate the data secret + let th2 = self + .common + .calc_rsp_transcript_hash(true, 0, false, session); + if th2.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(SPDM_STATUS_CRYPTO_ERROR), Some(writer.used_slice())); + } + // Safely to call unwrap; + let th2 = th2.unwrap(); + debug!("!!! th2 : {:02x?}\n", th2.as_ref()); + let spdm_version_sel = self.common.negotiate_info.spdm_version_sel; + let session = self.common.get_session_via_id(session_id).unwrap(); + if let Err(e) = session.generate_data_secret(spdm_version_sel, &th2) { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(e), Some(writer.used_slice())); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/responder/vendor_rsp.rs b/spdmlib/src/responder/vendor_rsp.rs new file mode 100644 index 0000000..f2a9618 --- /dev/null +++ b/spdmlib/src/responder/vendor_rsp.rs @@ -0,0 +1,117 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_vendor_defined_request<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_vendor_defined_response(session_id, bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_vendor_defined_response<'a>( + &mut self, + session_id: Option, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != self.common.negotiate_info.spdm_version_sel { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common.reset_buffer_via_request_code( + SpdmRequestResponseCode::SpdmRequestVendorDefinedRequest, + session_id, + ); + + let vendor_defined_request_payload = + SpdmVendorDefinedRequestPayload::spdm_read(&mut self.common, &mut reader); + if vendor_defined_request_payload.is_none() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + let vendor_defined_request_payload = vendor_defined_request_payload.unwrap(); + + let standard_id = vendor_defined_request_payload.standard_id; + let vendor_id = vendor_defined_request_payload.vendor_id; + let req_payload = vendor_defined_request_payload.req_payload; + let rsp_payload = self.respond_to_vendor_defined_request( + &req_payload, + &vendor_id, + vendor_defined_request_handler, + ); + if let Err(e) = rsp_payload { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return (Err(e), Some(writer.used_slice())); + } + + let rsp_payload = rsp_payload.unwrap(); + let response = SpdmMessage { + header: SpdmMessageHeader { + version: self.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseVendorDefinedResponse, + }, + payload: SpdmMessagePayload::SpdmVendorDefinedResponse( + SpdmVendorDefinedResponsePayload { + standard_id, + vendor_id, + rsp_payload, + }, + ), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } + + pub fn respond_to_vendor_defined_request( + &mut self, + req: &VendorDefinedReqPayloadStruct, + vendor_id_struct: &VendorIDStruct, + verdor_defined_func: F, + ) -> SpdmResult + where + F: Fn( + &VendorIDStruct, + &VendorDefinedReqPayloadStruct, + ) -> SpdmResult, + { + verdor_defined_func(vendor_id_struct, req) + } +} diff --git a/spdmlib/src/responder/version_rsp.rs b/spdmlib/src/responder/version_rsp.rs new file mode 100644 index 0000000..bce0d65 --- /dev/null +++ b/spdmlib/src/responder/version_rsp.rs @@ -0,0 +1,122 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::SpdmCodec; +use crate::error::SpdmResult; +use crate::error::SPDM_STATUS_INVALID_MSG_FIELD; +use crate::error::SPDM_STATUS_INVALID_STATE_LOCAL; +use crate::message::*; +use crate::protocol::*; +use crate::responder::*; + +impl ResponderContext { + pub fn handle_spdm_version<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let (_, rsp_slice) = self.write_spdm_version_response(bytes, writer); + (Ok(()), rsp_slice) + } + + pub fn write_spdm_version_response<'a>( + &mut self, + bytes: &[u8], + writer: &'a mut Writer, + ) -> (SpdmResult, Option<&'a [u8]>) { + let mut reader = Reader::init(bytes); + let message_header = SpdmMessageHeader::read(&mut reader); + if let Some(message_header) = message_header { + if message_header.version != SpdmVersion::SpdmVersion10 { + self.write_spdm_error(SpdmErrorCode::SpdmErrorVersionMismatch, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } else { + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + self.common + .reset_buffer_via_request_code(SpdmRequestResponseCode::SpdmRequestGetVersion, None); + + let get_version = SpdmGetVersionRequestPayload::spdm_read(&mut self.common, &mut reader); + if let Some(get_version) = get_version { + debug!("!!! get_version : {:02x?}\n", get_version); + } else { + error!("!!! get_version : fail !!!\n"); + self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + + // clear cache data + self.common.reset_context(); + + if self + .common + .append_message_a(&bytes[..reader.used()]) + .is_err() + { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + info!("send spdm version\n"); + let mut version_number_entry_count = 0; + let mut versions = gen_array_clone(SpdmVersionStruct::default(), MAX_SPDM_VERSION_COUNT); + for (_, v) in self + .common + .config_info + .spdm_version + .iter() + .flatten() + .enumerate() + { + versions[version_number_entry_count] = SpdmVersionStruct { + update: 0, + version: *v, + }; + version_number_entry_count += 1; + } + let response = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseVersion, + }, + payload: SpdmMessagePayload::SpdmVersionResponse(SpdmVersionResponsePayload { + version_number_entry_count: version_number_entry_count as u8, + versions, + }), + }; + + let res = response.spdm_encode(&mut self.common, writer); + if res.is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + if self.common.append_message_a(writer.used_slice()).is_err() { + self.write_spdm_error(SpdmErrorCode::SpdmErrorUnspecified, 0, writer); + return ( + Err(SPDM_STATUS_INVALID_STATE_LOCAL), + Some(writer.used_slice()), + ); + } + + (Ok(()), Some(writer.used_slice())) + } +} diff --git a/spdmlib/src/secret/mod.rs b/spdmlib/src/secret/mod.rs new file mode 100644 index 0000000..0a36cd8 --- /dev/null +++ b/spdmlib/src/secret/mod.rs @@ -0,0 +1,166 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT +mod secret_callback; + +use conquer_once::spin::OnceCell; +pub use secret_callback::{SpdmSecretAsymSign, SpdmSecretMeasurement, SpdmSecretPsk}; + +static SECRET_MEASUREMENT_INSTANCE: OnceCell = OnceCell::uninit(); +static SECRET_PSK_INSTANCE: OnceCell = OnceCell::uninit(); +static SECRET_ASYM_INSTANCE: OnceCell = OnceCell::uninit(); + +pub mod measurement { + use super::{SpdmSecretMeasurement, SECRET_MEASUREMENT_INSTANCE}; + use crate::protocol::*; + + pub fn register(context: SpdmSecretMeasurement) -> bool { + SECRET_MEASUREMENT_INSTANCE + .try_init_once(|| context) + .is_ok() + } + + static UNIMPLETEMTED: SpdmSecretMeasurement = SpdmSecretMeasurement { + measurement_collection_cb: |_spdm_version: SpdmVersion, + _measurement_specification: SpdmMeasurementSpecification, + _measurement_hash_algo: SpdmMeasurementHashAlgo, + _measurement_index: usize| + -> Option { + unimplemented!() + }, + + generate_measurement_summary_hash_cb: + |_spdm_version: SpdmVersion, + _base_hash_algo: SpdmBaseHashAlgo, + _measurement_specification: SpdmMeasurementSpecification, + _measurement_hash_algo: SpdmMeasurementHashAlgo, + _measurement_summary_hash_type: SpdmMeasurementSummaryHashType| + -> Option { unimplemented!() }, + }; + + /* + Function to get measurements. + + This function wraps SpdmSecret.measurement_collection_cb callback + Device security lib is responsible for the implementation of SpdmSecret. + If SECRET_INSTANCE got no registered, a panic with string "not implemented" + will be emit. + + @When measurement_index == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber + A dummy Some(SpdmMeasurementRecordStructure) is returned, with its number_of_blocks + field set and all other field reserved. + @When measurement_index != SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber + A normal Some(SpdmMeasurementRecordStructure) is returned, with all fields valid. + */ + pub fn measurement_collection( + spdm_version: SpdmVersion, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_index: usize, + ) -> Option { + (SECRET_MEASUREMENT_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok()? + .measurement_collection_cb)( + spdm_version, + measurement_specification, + measurement_hash_algo, + measurement_index, + ) + } + pub fn generate_measurement_summary_hash( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, + ) -> Option { + (SECRET_MEASUREMENT_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok()? + .generate_measurement_summary_hash_cb)( + spdm_version, + base_hash_algo, + measurement_specification, + measurement_hash_algo, + measurement_summary_hash_type, + ) + } +} +pub mod psk { + use super::{SpdmSecretPsk, SECRET_PSK_INSTANCE}; + use crate::protocol::*; + pub fn register(context: SpdmSecretPsk) -> bool { + SECRET_PSK_INSTANCE.try_init_once(|| context).is_ok() + } + + static UNIMPLETEMTED: SpdmSecretPsk = SpdmSecretPsk { + handshake_secret_hkdf_expand_cb: |_spdm_version: SpdmVersion, + _base_hash_algo: SpdmBaseHashAlgo, + _psk_hint: &SpdmPskHintStruct, + _info: &[u8]| + -> Option { + unimplemented!() + }, + + master_secret_hkdf_expand_cb: |_spdm_version: SpdmVersion, + _base_hash_algo: SpdmBaseHashAlgo, + _psk_hint: &SpdmPskHintStruct, + _info: &[u8]| + -> Option { + unimplemented!() + }, + }; + + pub fn handshake_secret_hkdf_expand( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], + ) -> Option { + (SECRET_PSK_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok()? + .handshake_secret_hkdf_expand_cb)(spdm_version, base_hash_algo, psk_hint, info) + } + + pub fn master_secret_hkdf_expand( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], + ) -> Option { + (SECRET_PSK_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok()? + .master_secret_hkdf_expand_cb)(spdm_version, base_hash_algo, psk_hint, info) + } +} + +pub mod asym_sign { + use super::SECRET_ASYM_INSTANCE; + use crate::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; + use crate::secret::SpdmSecretAsymSign; + + pub fn register(context: SpdmSecretAsymSign) -> bool { + SECRET_ASYM_INSTANCE.try_init_once(|| context).is_ok() + } + + static DEFAULT: SpdmSecretAsymSign = SpdmSecretAsymSign { + sign_cb: |_base_hash_algo: SpdmBaseHashAlgo, + _base_asym_algo: SpdmBaseAsymAlgo, + _data: &[u8]| + -> Option { unimplemented!() }, + }; + + pub fn sign( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + data: &[u8], + ) -> Option { + (SECRET_ASYM_INSTANCE + .try_get_or_init(|| DEFAULT.clone()) + .ok()? + .sign_cb)(base_hash_algo, base_asym_algo, data) + } +} diff --git a/spdmlib/src/secret/secret_callback.rs b/spdmlib/src/secret/secret_callback.rs new file mode 100644 index 0000000..d941428 --- /dev/null +++ b/spdmlib/src/secret/secret_callback.rs @@ -0,0 +1,60 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::protocol::{ + SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmDigestStruct, SpdmHkdfOutputKeyingMaterial, + SpdmMeasurementHashAlgo, SpdmMeasurementRecordStructure, SpdmMeasurementSpecification, + SpdmMeasurementSummaryHashType, SpdmPskHintStruct, SpdmSignatureStruct, SpdmVersion, +}; + +type SpdmMeasurementCollectionCbType = fn( + spdm_version: SpdmVersion, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_index: usize, +) -> Option; + +type SpdmGenerateMeasurementSummaryHashCbType = fn( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, +) -> Option; + +type SpdmPskHandshakeSecretHkdfExpandCbType = fn( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option; +type SpdmPskMasterSecretHkdfExpandCbType = fn( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option; + +#[derive(Clone)] +pub struct SpdmSecretMeasurement { + pub measurement_collection_cb: SpdmMeasurementCollectionCbType, + + pub generate_measurement_summary_hash_cb: SpdmGenerateMeasurementSummaryHashCbType, +} + +#[derive(Clone)] +pub struct SpdmSecretPsk { + pub handshake_secret_hkdf_expand_cb: SpdmPskHandshakeSecretHkdfExpandCbType, + + pub master_secret_hkdf_expand_cb: SpdmPskMasterSecretHkdfExpandCbType, +} + +#[derive(Clone)] +pub struct SpdmSecretAsymSign { + pub sign_cb: fn( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + data: &[u8], + ) -> Option, +} diff --git a/spdmlib/src/time/mod.rs b/spdmlib/src/time/mod.rs new file mode 100644 index 0000000..cfb8602 --- /dev/null +++ b/spdmlib/src/time/mod.rs @@ -0,0 +1,27 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod time_callbacks; + +pub use time_callbacks::SpdmTime; + +use conquer_once::spin::OnceCell; + +static TIME_INSTANCE: OnceCell = OnceCell::uninit(); + +static DEFAULT: SpdmTime = SpdmTime { + sleep_cb: |_: usize| unimplemented!(), +}; + +pub fn register(context: SpdmTime) -> bool { + TIME_INSTANCE.try_init_once(|| context).is_ok() +} + +pub fn sleep(us: usize) { + (TIME_INSTANCE + .try_get_or_init(|| DEFAULT.clone()) + .ok() + .unwrap() + .sleep_cb)(us) +} diff --git a/spdmlib/src/time/time_callbacks.rs b/spdmlib/src/time/time_callbacks.rs new file mode 100644 index 0000000..22556eb --- /dev/null +++ b/spdmlib/src/time/time_callbacks.rs @@ -0,0 +1,8 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[derive(Clone)] +pub struct SpdmTime { + pub sleep_cb: fn(us: usize), +} diff --git a/spdmlib/src/watchdog/mod.rs b/spdmlib/src/watchdog/mod.rs new file mode 100644 index 0000000..332e57c --- /dev/null +++ b/spdmlib/src/watchdog/mod.rs @@ -0,0 +1,45 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod watchdog_callbacks; + +pub use watchdog_callbacks::SpdmWatchDog; + +use conquer_once::spin::OnceCell; + +static WATCHDOG_INSTANCE: OnceCell = OnceCell::uninit(); + +static DEFAULT: SpdmWatchDog = SpdmWatchDog { + start_watchdog_cb: |_session_id: u32, _seconds: u16| unimplemented!(), + stop_watchdog_cb: |_session_id: u32| unimplemented!(), + reset_watchdog_cb: |_session_id: u32| unimplemented!(), +}; + +pub fn register(context: SpdmWatchDog) -> bool { + WATCHDOG_INSTANCE.try_init_once(|| context).is_ok() +} + +pub fn start_watchdog(session_id: u32, seconds: u16) { + (WATCHDOG_INSTANCE + .try_get_or_init(|| DEFAULT.clone()) + .ok() + .unwrap() + .start_watchdog_cb)(session_id, seconds) +} + +pub fn stop_watchdog(session_id: u32) { + (WATCHDOG_INSTANCE + .try_get_or_init(|| DEFAULT.clone()) + .ok() + .unwrap() + .stop_watchdog_cb)(session_id) +} + +pub fn reset_watchdog(session_id: u32) { + (WATCHDOG_INSTANCE + .try_get_or_init(|| DEFAULT.clone()) + .ok() + .unwrap() + .reset_watchdog_cb)(session_id) +} diff --git a/spdmlib/src/watchdog/watchdog_callbacks.rs b/spdmlib/src/watchdog/watchdog_callbacks.rs new file mode 100644 index 0000000..639a6ed --- /dev/null +++ b/spdmlib/src/watchdog/watchdog_callbacks.rs @@ -0,0 +1,10 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[derive(Clone)] +pub struct SpdmWatchDog { + pub start_watchdog_cb: fn(session_id: u32, seconds: u16), + pub stop_watchdog_cb: fn(session_id: u32), + pub reset_watchdog_cb: fn(session_id: u32), +} diff --git a/spdmlib_crypto_mbedtls/Cargo.toml b/spdmlib_crypto_mbedtls/Cargo.toml new file mode 100644 index 0000000..0fb4208 --- /dev/null +++ b/spdmlib_crypto_mbedtls/Cargo.toml @@ -0,0 +1,18 @@ +[package] +name = "spdmlib_crypto_mbedtls" +version = "0.1.0" +edition = "2018" + +[dependencies] +spdmlib = { path = "../spdmlib", default-features = false} +lazy_static = { version = "1.0", features = ["spin_no_std"] } +spin = "0.9.8" +zeroize = { version = "1.5.0", features = ["zeroize_derive"]} +mbedtls = { version = "0.9.1", default-features = false, features = ["no_std_deps", "rdrand"]} +mbedtls-sys-auto = { version = "2.28.0", default-features = false } +der = { version = "0.7.7", default-features = false } + +[features] +default = ["hashed-transcript-data", "std"] +hashed-transcript-data = ["spdmlib/hashed-transcript-data"] +std = [] diff --git a/spdmlib_crypto_mbedtls/README.md b/spdmlib_crypto_mbedtls/README.md new file mode 100644 index 0000000..c8880ae --- /dev/null +++ b/spdmlib_crypto_mbedtls/README.md @@ -0,0 +1,26 @@ +## spdmlib_crypto_mbedtls library + +This library wrapper mbedtls crypto interface for spdmlib. + +## rust-mbedtls + +This library depends on rust-mbedtls. + +## Algorithms implemented + +* Asymmetric algo + * ECDSA-NIST_P384 + * ECDSA-NIST_P256 + * RSASSA-3072 +* Hash + * SHA2-384 + * SHA2-256 +* Key Exchange + * ECDHE SECP 384r1 + * ECDHE SECP 256r1 +* AEAD + * AES-256-GCM + +## no_std usage. + +Disable ```std``` feature and provide ```calloc``` ```free``` ```snprintf``` implementation. diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/Cargo.toml b/spdmlib_crypto_mbedtls/mbedtls-platform-support/Cargo.toml new file mode 100644 index 0000000..7f1ddb7 --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/Cargo.toml @@ -0,0 +1,45 @@ +[package] +name = "mbedtls-platform-support" +version = "0.1.1" +authors = ["Yuxiang Cao "] +build = "build.rs" +edition = "2018" +license = "Apache-2.0 OR GPL-2.0-or-later" +description = """ +This Rust crate is a support library for the `mbedtls` crate, providing platform and target specific +implementations of all necessary functions. By separating this logic into a separate crate, multiple +versions of the mbedtls crate can coexist within a single crate.This helps to avoid link name conflict +errors. The crate exports Rust functions and defines C functions to support external overrides as +needed for custom implementation under various platforms or targets. +""" +readme = "../README.md" +repository = "https://github.com/fortanix/rust-mbedtls" +documentation = "https://docs.rs/mbedtls-platform-support/" +keywords = ["MbedTLS", "mbed", "TLS", "SSL", "cryptography"] +links = "mbedtls-platform-support" + +[dependencies] +cfg-if = "1.0.0" +spin = { version = "0.5.2", default-features = false, optional = true } +chrono = { version = "0.4", optional = true } + +[target.x86_64-fortanix-unknown-sgx.dependencies] +chrono = "0.4" + +[dependencies.mbedtls-sys-auto] +version = "2.25.0" +default-features = false +features = ["threading", "custom_printf"] + +[build-dependencies] +cc = "1.0" + +[features] +time = ["mbedtls-sys-auto/time"] +std = ["mbedtls-sys-auto/std"] +spin_threading = ["spin", "mbedtls-sys-auto/custom_threading"] +rust_threading = ["mbedtls-sys-auto/custom_threading", "std"] +custom_gmtime_r = ["mbedtls-sys-auto/custom_gmtime_r", "chrono"] +custom_time = ["mbedtls-sys-auto/custom_time", "chrono"] +force_aesni_support = ["mbedtls-sys-auto/custom_has_support","mbedtls-sys-auto/aes_alt", "aesni"] +aesni = ["mbedtls-sys-auto/aesni"] diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/Readme.md b/spdmlib_crypto_mbedtls/mbedtls-platform-support/Readme.md new file mode 100644 index 0000000..bfcb9f8 --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/Readme.md @@ -0,0 +1 @@ +Customized mbedtls-platform-support crate for rust-mbedtls diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/build.rs b/spdmlib_crypto_mbedtls/mbedtls-platform-support/build.rs new file mode 100644 index 0000000..98074ad --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/build.rs @@ -0,0 +1,39 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +use std::collections::{HashMap, HashSet}; +use std::env; + +fn main() { + let env_components = env::var("DEP_MBEDTLS_PLATFORM_COMPONENTS").unwrap(); + let mut sys_platform_components = HashMap::<_, HashSet<_>>::new(); + for mut kv in env_components.split(",").map(|component| component.splitn(2, "=")) { + let k = kv.next().unwrap(); + let v = kv.next().unwrap(); + sys_platform_components.entry(k).or_insert_with(Default::default).insert(v); + println!(r#"cargo:rustc-cfg=sys_{}="{}""#, k, v); + } + + let mut b = cc::Build::new(); + b.include(env::var_os("DEP_MBEDTLS_INCLUDE").unwrap()); + let config_file = format!(r#""{}""#, env::var("DEP_MBEDTLS_CONFIG_H").unwrap()); + b.define("MBEDTLS_CONFIG_FILE", + Some(config_file.as_str())); + + b.file("src/rust_printf.c"); + if sys_platform_components.get("c_compiler").map_or(false, |comps| comps.contains("freestanding")) { + b.flag("-U_FORTIFY_SOURCE") + .define("_FORTIFY_SOURCE", Some("0")) + .flag("-ffreestanding"); + } + b.compile("librust-mbedtls-platform-support.a"); + // Force correct link order for mbedtls_printf + println!("cargo:rustc-link-lib=static=mbedtls"); + println!("cargo:rustc-link-lib=static=mbedx509"); + println!("cargo:rustc-link-lib=static=mbedcrypto"); +} diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/lib.rs b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/lib.rs new file mode 100644 index 0000000..b957263 --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/lib.rs @@ -0,0 +1,108 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +#![cfg_attr(not(feature = "std"), no_std)] + +#[cfg(not(feature = "std"))] +#[allow(unused)] +#[macro_use] +extern crate alloc as rust_alloc; + +#[cfg(not(feature = "std"))] +mod alloc_prelude { + #![allow(unused)] + pub(crate) use rust_alloc::borrow::ToOwned; + pub(crate) use rust_alloc::boxed::Box; + pub(crate) use rust_alloc::sync::Arc; + pub(crate) use rust_alloc::string::String; + pub(crate) use rust_alloc::string::ToString; + pub(crate) use rust_alloc::vec::Vec; + pub(crate) use rust_alloc::borrow::Cow; +} + +pub mod self_test; + +#[cfg(any(feature = "spin_threading", feature = "rust_threading", sys_threading_component = "custom"))] +#[doc(hidden)] +pub mod threading; + +#[cfg(any(feature = "force_aesni_support", target_env = "sgx"))] +#[doc(hidden)] +#[no_mangle] +// needs to be pub for global visibility +pub extern "C" fn mbedtls_aesni_has_support(_what: u32) -> i32 { + return 1; +} + +#[cfg(any(feature = "force_aesni_support", target_env = "sgx"))] +#[doc(hidden)] +#[no_mangle] +// needs to be pub for global visibility +pub extern "C" fn mbedtls_internal_aes_encrypt(_ctx: *mut mbedtls_sys::types::raw_types::c_void, + _input: *const u8, + _output: *mut u8) -> i32 { + panic!("AES-NI support is forced but the T-tables code was invoked") +} + +#[cfg(any(feature = "force_aesni_support", target_env = "sgx"))] +#[doc(hidden)] +#[no_mangle] +// needs to be pub for global visibility +pub extern "C" fn mbedtls_internal_aes_decrypt(_ctx: *mut mbedtls_sys::types::raw_types::c_void, + _input: *const u8, + _output: *mut u8) -> i32 { + panic!("AES-NI support is forced but the T-tables code was invoked") +} + + +#[cfg(any(all(feature = "time", feature = "custom_gmtime_r"), sys_time_component = "custom"))] +#[doc(hidden)] +#[no_mangle] +// needs to be pub for global visibility +pub unsafe extern "C" fn mbedtls_platform_gmtime_r(tt: *const mbedtls_sys::types::time_t, tp: *mut mbedtls_sys::types::tm) -> *mut mbedtls_sys::types::tm { + use chrono::prelude::*; + + //0 means no TZ offset + let naive = if tp.is_null() { + return core::ptr::null_mut() + } else { + match NaiveDateTime::from_timestamp_opt(*tt, 0) { + Some(t) => t, + None => return core::ptr::null_mut() + } + }; + let utc = DateTime::::from_utc(naive, Utc); + + let tp = &mut *tp; + tp.tm_sec = utc.second() as i32; + tp.tm_min = utc.minute() as i32; + tp.tm_hour = utc.hour() as i32; + tp.tm_mday = utc.day() as i32; + tp.tm_mon = utc.month0() as i32; + tp.tm_year = match (utc.year() as i32).checked_sub(1900) { + Some(year) => year, + None => return core::ptr::null_mut() + }; + tp.tm_wday = utc.weekday().num_days_from_sunday() as i32; + tp.tm_yday = utc.ordinal0() as i32; + tp.tm_isdst = 0; + + tp +} + +#[cfg(any(all(feature = "time", feature = "custom_time"), sys_time_component = "custom"))] +#[doc(hidden)] +#[no_mangle] +// needs to be pub for global visibility +pub unsafe extern "C" fn mbedtls_time(tp: *mut mbedtls_sys::types::time_t) -> mbedtls_sys::types::time_t { + let timestamp = chrono::Utc::now().timestamp() as mbedtls_sys::types::time_t; + if !tp.is_null() { + *tp = timestamp; + } + timestamp +} diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/rust_printf.c b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/rust_printf.c new file mode 100644 index 0000000..d11d02e --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/rust_printf.c @@ -0,0 +1,43 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +#include +#include +#ifdef _WIN32 +#define alloca _alloca +#include +#else +#include +#endif + +extern void mbedtls_log(const char* msg); + +extern int mbedtls_printf(const char *fmt, ...) { + va_list ap; + + va_start(ap,fmt); + int n=vsnprintf(0,0,fmt,ap); + va_end(ap); + + if (n<0) + return -1; + + n++; + char *p = alloca(n); + + va_start(ap,fmt); + n=vsnprintf(p,n,fmt,ap); + va_end(ap); + + if (n<0) + return -1; + + mbedtls_log(p); + + return n; +} diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/self_test.rs b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/self_test.rs new file mode 100644 index 0000000..37bb5ff --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/self_test.rs @@ -0,0 +1,104 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +//! MbedTLS self tests. +//! +//! Calling MbedTLS self test functions before they're enabled using the +//! `enable()` function here will result in a panic. +//! +//! Using this module in multithreaded or async environment will fail. The self +//! test functions rely on global variables to track operations and anything +//! non-self-test related operations will clobber these variables, resulting in +//! self test failures. Make sure no other code uses MbedTLS while running the +//! self tests. Multiple self test operations done simultaneously may also +//! return failures. + +use mbedtls_sys::types::raw_types::{c_char, c_int}; + +cfg_if::cfg_if! { + if #[cfg(feature = "std")] { + // needs to be pub for global visiblity + #[doc(hidden)] + #[no_mangle] + pub unsafe extern "C" fn mbedtls_log(msg: *const std::os::raw::c_char) { + print!("{}", std::ffi::CStr::from_ptr(msg).to_string_lossy()); + } + } else { + #[allow(non_upper_case_globals)] + static mut log_f: Option = None; + + // needs to be pub for global visiblity + #[doc(hidden)] + #[no_mangle] + pub unsafe extern "C" fn mbedtls_log(msg: *const c_char) { + log_f.expect("Called self-test log without enabling self-test")(msg) + } + } +} + +#[cfg(any(not(feature = "std"), target_env = "sgx"))] +#[allow(non_upper_case_globals)] +static mut rand_f: Option c_int> = None; + +// needs to be pub for global visiblity +#[cfg(all(any(not(feature = "std"), target_env = "sgx"), not(target_env = "msvc")))] +#[doc(hidden)] +#[no_mangle] +pub unsafe extern "C" fn rand() -> c_int { + rand_f.expect("Called self-test rand without enabling self-test")() +} + +/// Set callback functions to enable the MbedTLS self tests. +/// +/// `rand` only needs to be set on platforms that don't have a `rand()` +/// function in libc. `log` only needs to be set when using `no_std`, i.e. +/// the `std` feature of this create is not enabled. If neither function +/// needs to be set, you don't have to call `enable()`. +/// +/// # Safety +/// +/// The caller needs to ensure this function is not called while any other +/// function in this module is called. +#[allow(unused)] +pub unsafe fn enable(rand: fn() -> c_int, log: Option) { + #[cfg(any(not(feature = "std"), target_env = "sgx"))] { + rand_f = Some(rand); + } + #[cfg(not(feature = "std"))] { + log_f = log; + } +} + +/// # Safety +/// +/// The caller needs to ensure this function is not called while any other +/// function in this module is called. +pub unsafe fn disable() { + #[cfg(any(not(feature = "std"), target_env = "sgx"))] { + rand_f = None; + } + #[cfg(not(feature = "std"))] { + log_f = None; + } +} + +/// # Safety +/// +/// The caller needs to ensure this function is not called while *any other* +/// MbedTLS function is called. See the module documentation for more +/// information. +pub use mbedtls_sys::{ + aes_self_test as aes, arc4_self_test as arc4, aria_self_test as aria, base64_self_test as base64, + camellia_self_test as camellia, ccm_self_test as ccm, ctr_drbg_self_test as ctr_drbg, + des_self_test as des, dhm_self_test as dhm, ecjpake_self_test as ecjpake, ecp_self_test as ecp, + entropy_self_test as entropy, gcm_self_test as gcm, hmac_drbg_self_test as hmac_drbg, + md2_self_test as md2, md4_self_test as md4, md5_self_test as md5, mpi_self_test as mpi, + pkcs5_self_test as pkcs5, ripemd160_self_test as ripemd160, rsa_self_test as rsa, + sha1_self_test as sha1, sha256_self_test as sha256, sha512_self_test as sha512, + x509_self_test as x509, xtea_self_test as xtea, nist_kw_self_test as nist_kw, cmac_self_test as cmac +}; diff --git a/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/threading.rs b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/threading.rs new file mode 100644 index 0000000..94aa72d --- /dev/null +++ b/spdmlib_crypto_mbedtls/mbedtls-platform-support/src/threading.rs @@ -0,0 +1,116 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +#[cfg(not(feature = "std"))] +use crate::alloc_prelude::*; + +// use cfg_if to ensure conditional compilation is compatible with v0.7 code +cfg_if::cfg_if! { + if #[cfg(any(all(feature = "spin_threading", not(feature = "rust_threading")), not(feature = "std")))] { + use spin::{Mutex, MutexGuard}; + } else if #[cfg(any(feature = "rust_threading", feature = "std"))] { + use std::sync::{Mutex, MutexGuard}; + } else { + {} + } +} + +use core::ptr; + +use mbedtls_sys::types::raw_types::c_int; + +pub struct StaticMutex { + guard: Option>, + mutex: Mutex<()>, +} + +#[no_mangle] +#[allow(non_upper_case_globals)] +pub static mut mbedtls_mutex_init: unsafe extern "C" fn(mutex: *mut *mut StaticMutex) = StaticMutex::init; +#[no_mangle] +#[allow(non_upper_case_globals)] +pub static mut mbedtls_mutex_free: unsafe extern "C" fn(mutex: *mut *mut StaticMutex) = StaticMutex::free; +#[no_mangle] +#[allow(non_upper_case_globals)] +pub static mut mbedtls_mutex_lock: unsafe extern "C" fn(mutex: *mut *mut StaticMutex) -> c_int = StaticMutex::lock; +#[no_mangle] +#[allow(non_upper_case_globals)] +pub static mut mbedtls_mutex_unlock: unsafe extern "C" fn(mutex: *mut *mut StaticMutex) -> c_int = StaticMutex::unlock; + +// The nightly compiler complains that StaticMutex has no representation hint, +// but this is not an issue because this pointer is opaque to mbedtls +#[allow(improper_ctypes)] +impl StaticMutex { + unsafe extern "C" fn init(mutex: *mut *mut StaticMutex) { + if let Some(m) = mutex.as_mut() { + *m = Box::into_raw(Box::new(StaticMutex { + guard: None, + mutex: Mutex::new(()), + })); + } + } + + unsafe extern "C" fn free(mutex: *mut *mut StaticMutex) { + if let Some(m) = mutex.as_mut() { + if *m != ptr::null_mut() { + let mut mutex = Box::from_raw(*m); + mutex.guard.take(); + *m = ptr::null_mut(); + } + } + } + + unsafe extern "C" fn lock(mutex: *mut *mut StaticMutex) -> c_int { + if let Some(m) = mutex.as_mut().and_then(|p| p.as_mut()) { + let guard = m.mutex.lock(); + + // use cfg_if to ensure conditional compilation is compatible with v0.7 code + cfg_if::cfg_if! { + if #[cfg(any(not(feature = "std"), feature = "spin_threading"))] { + m.guard = Some(guard); + } else if #[cfg(any(feature = "std", all(feature = "rust_threading", not(feature = "spin_threading"))))] { + m.guard = Some(guard.unwrap()); + } else { + {} + } + } + + 0 + } else { + ::mbedtls_sys::ERR_THREADING_BAD_INPUT_DATA + } + } + + unsafe extern "C" fn unlock(mutex: *mut *mut StaticMutex) -> c_int { + if let Some(m) = mutex.as_mut().and_then(|p| p.as_mut()) { + m.guard.take(); + 0 + } else { + ::mbedtls_sys::ERR_THREADING_BAD_INPUT_DATA + } + } +} + +pub fn test_double_free() { + unsafe { + let mut mutex: *mut StaticMutex = ptr::null_mut(); + mbedtls_mutex_init(&mut mutex); + mbedtls_mutex_free(&mut mutex); + mbedtls_mutex_free(&mut mutex); + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn double_free() { + test_double_free() + } +} diff --git a/spdmlib_crypto_mbedtls/src/aead_impl.rs b/spdmlib_crypto_mbedtls/src/aead_impl.rs new file mode 100644 index 0000000..8ed30d0 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/aead_impl.rs @@ -0,0 +1,239 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[cfg(not(feature = "std"))] +use alloc::vec::Vec; + +use mbedtls::cipher::{raw, Authenticated, Cipher, Decryption, Encryption, Fresh}; +use spdmlib::crypto::SpdmAead; +use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_PARAMETER}; +use spdmlib::protocol::{ + SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct, AEAD_AES_256_GCM_TAG_SIZE, +}; + +pub static DEFAULT: SpdmAead = SpdmAead { + encrypt_cb: encrypt, + decrypt_cb: decrypt, +}; + +fn encrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)> { + let key_len = key.as_ref().len(); + if key_len != 32 { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + if tag.len() != AEAD_AES_256_GCM_TAG_SIZE { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + if aead_algo != SpdmAeadAlgo::AES_256_GCM { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + let mut cipher_and_tag = Vec::::new(); + cipher_and_tag.extend_from_slice(plain_text); + cipher_and_tag.extend_from_slice(&[0u8; AEAD_AES_256_GCM_TAG_SIZE]); + match aead_algo { + SpdmAeadAlgo::AES_256_GCM => { + let cipher = Cipher::::new( + raw::CipherId::Aes, + raw::CipherMode::GCM, + (key_len * 8) as u32, + ) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + let cipher = cipher + .set_key_iv(key.as_ref(), iv.as_ref()) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + + let (len, _) = cipher + .encrypt_auth( + aad, + plain_text, + cipher_and_tag.as_mut_slice(), + AEAD_AES_256_GCM_TAG_SIZE, + ) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + let len = len - AEAD_AES_256_GCM_TAG_SIZE; + if cipher_text.len() < len { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + cipher_text[0..len].copy_from_slice(&cipher_and_tag[0..len]); + tag[0..AEAD_AES_256_GCM_TAG_SIZE] + .copy_from_slice(&cipher_and_tag[len..(len + AEAD_AES_256_GCM_TAG_SIZE)]); + Ok((len, AEAD_AES_256_GCM_TAG_SIZE)) + } + _ => Err(SPDM_STATUS_INVALID_PARAMETER), + } +} + +fn decrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + cipher_text: &[u8], + tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult { + let key_len = key.as_ref().len(); + if key_len != 32 { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + if tag.len() != AEAD_AES_256_GCM_TAG_SIZE { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + if aead_algo != SpdmAeadAlgo::AES_256_GCM { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let mut cipher_and_tag = Vec::::new(); + cipher_and_tag.extend_from_slice(cipher_text); + cipher_and_tag.extend_from_slice(tag); + + match aead_algo { + SpdmAeadAlgo::AES_256_GCM => { + let cipher = Cipher::::new( + raw::CipherId::Aes, + raw::CipherMode::GCM, + (key_len * 8) as u32, + ) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + let cipher = cipher + .set_key_iv(key.as_ref(), iv.as_ref()) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + let (len, _) = cipher + .decrypt_auth( + aad, + cipher_and_tag.as_slice(), + plain_text, + AEAD_AES_256_GCM_TAG_SIZE, + ) + .map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + Ok(len) + } + _ => Err(SPDM_STATUS_INVALID_PARAMETER), + } +} + +#[cfg(test)] +mod test { + use super::*; + use spdmlib::{ + protocol::SpdmAeadAlgo, + protocol::{ + SpdmAeadIvStruct, SpdmAeadKeyStruct, SPDM_MAX_AEAD_IV_SIZE, SPDM_MAX_AEAD_KEY_SIZE, + }, + }; + #[test] + fn test_case_gcm256() { + // Test vector from GCM Test Vectors (SP 800-38D) + // [Keylen = 256] + // [IVlen = 96] + // [PTlen = 128] + // [AADlen = 128] + // [Taglen = 128] + + // Count = 0 + // Key = 92e11dcdaa866f5ce790fd24501f92509aacf4cb8b1339d50c9c1240935dd08b + // IV = ac93a1a6145299bde902f21a + // PT = 2d71bcfa914e4ac045b2aa60955fad24 + // AAD = 1e0889016f67601c8ebea4943bc23ad6 + // CT = 8995ae2e6df3dbf96fac7b7137bae67f + // Tag = eca5aa77d51d4a0a14d9c51e1da474ab + let aead_algo = SpdmAeadAlgo::AES_256_GCM; + let key = &from_hex_to_aead_key( + "92e11dcdaa866f5ce790fd24501f92509aacf4cb8b1339d50c9c1240935dd08b", + ) + .unwrap(); + let iv = &from_hex_to_aead_iv("ac93a1a6145299bde902f21a").unwrap(); + let plain_text = &from_hex("2d71bcfa914e4ac045b2aa60955fad24").unwrap()[..]; + let tag = &from_hex("eca5aa77d51d4a0a14d9c51e1da474ab").unwrap()[..]; + let aad = &from_hex("1e0889016f67601c8ebea4943bc23ad6").unwrap()[..]; + let cipher = &from_hex("8995ae2e6df3dbf96fac7b7137bae67f").unwrap()[..]; + let out_tag = &mut [0u8; 16][..]; + let out_cipher = &mut [0u8; 16][..]; + let out_plain_text = &mut [0u8; 16][..]; + let (out_cipher_len, out_tag_len) = + encrypt(aead_algo, key, iv, aad, plain_text, out_tag, out_cipher).unwrap(); + assert_eq!(tag, &out_tag[0..out_tag_len]); + assert_eq!(cipher, &out_cipher[0..out_cipher_len]); + + let out_plain_text_len = + decrypt(aead_algo, key, iv, aad, out_cipher, out_tag, out_plain_text).unwrap(); + assert_eq!(out_plain_text, plain_text); + assert_eq!(out_plain_text_len, plain_text.len()); + } + + fn from_hex(hex_str: &str) -> Result, String> { + if hex_str.len() % 2 != 0 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = Vec::with_capacity(hex_str.len() / 2); + for digits in hex_str.as_bytes().chunks(2) { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.push((hi * 0x10) | lo); + } + Ok(result) + } + + fn from_hex_to_aead_key(hex_str: &str) -> Result { + if hex_str.len() % 2 != 0 || hex_str.len() > SPDM_MAX_AEAD_KEY_SIZE * 2 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = SpdmAeadKeyStruct { + data_size: hex_str.len() as u16 / 2, + data: Box::new([0u8; SPDM_MAX_AEAD_KEY_SIZE]), + }; + for (i, digits) in hex_str.as_bytes().chunks(2).enumerate() { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.data[i] = (hi * 0x10) | lo; + } + Ok(result) + } + + fn from_hex_to_aead_iv(hex_str: &str) -> Result { + if hex_str.len() % 2 != 0 || hex_str.len() > SPDM_MAX_AEAD_IV_SIZE * 2 { + return Err(String::from( + "Hex string does not have an even number of digits", + )); + } + + let mut result = SpdmAeadIvStruct { + data_size: hex_str.len() as u16 / 2, + data: Box::new([0u8; SPDM_MAX_AEAD_IV_SIZE]), + }; + for (i, digits) in hex_str.as_bytes().chunks(2).enumerate() { + let hi = from_hex_digit(digits[0])?; + let lo = from_hex_digit(digits[1])?; + result.data[i] = (hi * 0x10) | lo; + } + Ok(result) + } + + fn from_hex_digit(d: u8) -> Result { + use core::ops::RangeInclusive; + const DECIMAL: (u8, RangeInclusive) = (0, b'0'..=b'9'); + const HEX_LOWER: (u8, RangeInclusive) = (10, b'a'..=b'f'); + const HEX_UPPER: (u8, RangeInclusive) = (10, b'A'..=b'F'); + for (offset, range) in &[DECIMAL, HEX_LOWER, HEX_UPPER] { + if range.contains(&d) { + return Ok(d - range.start() + offset); + } + } + Err(format!("Invalid hex digit '{}'", d as char)) + } +} diff --git a/spdmlib_crypto_mbedtls/src/asym_verify_impl.rs b/spdmlib_crypto_mbedtls/src/asym_verify_impl.rs new file mode 100644 index 0000000..48abd69 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/asym_verify_impl.rs @@ -0,0 +1,144 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use mbedtls::{hash, x509::Certificate}; +use spdmlib::crypto::SpdmAsymVerify; +use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_PARAMETER, SPDM_STATUS_VERIF_FAIL}; +use spdmlib::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; + +pub static DEFAULT: SpdmAsymVerify = SpdmAsymVerify { + verify_cb: asym_verify, +}; + +fn asym_verify( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + public_cert_der: &[u8], + data: &[u8], + signature: &SpdmSignatureStruct, +) -> SpdmResult { + if signature.data_size != base_asym_algo.get_size() { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + + let hash_algo = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Ok(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Ok(hash::Type::Sha384), + _ => Err(SPDM_STATUS_INVALID_PARAMETER), + }?; + + match base_asym_algo { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 + | SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096 => {} + _ => return Err(SPDM_STATUS_INVALID_PARAMETER), + }; + + // DER has this format: 0x30 size 0x02 r_size 0x00 [r_size] 0x02 s_size 0x00 [s_size] + let mut der_signature = [0u8; spdmlib::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE + 8]; + + let signature = match base_asym_algo { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256 + | SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 => { + let der_sign_size = ecc_signature_bin_to_der(signature.as_ref(), &mut der_signature)?; + &der_signature[0..der_sign_size] + } + SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048 + | SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072 + | SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + | SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096 => signature.as_ref(), + _ => { + return Err(SPDM_STATUS_INVALID_PARAMETER); + } + }; + + let (leaf_begin, leaf_end) = + (super::cert_operation_impl::DEFAULT.get_cert_from_cert_chain_cb)(public_cert_der, -1)?; + let leaf_cert_der = &public_cert_der[leaf_begin..leaf_end]; + + let data_hash = (super::hash_impl::DEFAULT.hash_all_cb)(base_hash_algo, data).unwrap(); + + let mut certificate = + Certificate::from_der(leaf_cert_der).map_err(|_| SPDM_STATUS_INVALID_PARAMETER)?; + certificate + .public_key_mut() + .verify(hash_algo, data_hash.as_ref(), signature) + .map_err(|_| SPDM_STATUS_VERIF_FAIL) +} + +// add ASN.1 for the ECDSA binary signature +fn ecc_signature_bin_to_der(signature: &[u8], der_signature: &mut [u8]) -> SpdmResult { + let sign_size = signature.len(); + assert!( + // prevent API misuse + sign_size == spdmlib::protocol::ECDSA_ECC_NIST_P256_KEY_SIZE + || sign_size == spdmlib::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE + ); + let half_size = sign_size / 2; + + let mut r_index = half_size; + for (i, item) in signature.iter().enumerate().take(half_size) { + if *item != 0 { + r_index = i; + break; + } + } + let r_size = half_size - r_index; + let r = &signature[r_index..half_size]; + + let mut s_index = half_size; + for i in 0..half_size { + if signature[i + half_size] != 0 { + s_index = i; + break; + } + } + let s_size = half_size - s_index; + let s = &signature[half_size + s_index..sign_size]; + if r_size == 0 || s_size == 0 { + return Ok(0); + } + + let der_r_size = if r[0] < 0x80 { r_size } else { r_size + 1 }; + let der_s_size = if s[0] < 0x80 { s_size } else { s_size + 1 }; + // der_sign_size includes: 0x30 _ 0x02 _ [der_r_size] 0x02 _ [der_s_size] + let der_sign_size = der_r_size + der_s_size + 6; + + if der_signature.len() < der_sign_size { + return Err(SPDM_STATUS_VERIF_FAIL); + } + + if der_r_size > u8::MAX as usize + || der_s_size > u8::MAX as usize + || der_sign_size > u8::MAX as usize + { + return Err(SPDM_STATUS_VERIF_FAIL); + } + + der_signature[0] = 0x30u8; + der_signature[1] = (der_sign_size - 2) as u8; + der_signature[2] = 0x02u8; + der_signature[3] = der_r_size as u8; + if r[0] < 0x80 { + der_signature[4..(4 + r_size)].copy_from_slice(r); + } else { + der_signature[4] = 0u8; + der_signature[5..(5 + r_size)].copy_from_slice(r); + } + der_signature[4 + der_r_size] = 0x02u8; + der_signature[5 + der_r_size] = der_s_size as u8; + + if s[0] < 0x80 { + der_signature[(6 + der_r_size)..(6 + der_r_size + s_size)].copy_from_slice(s); + } else { + der_signature[6 + der_r_size] = 0u8; + der_signature[(7 + der_r_size)..(7 + der_r_size + s_size)].copy_from_slice(s); + } + + Ok(der_sign_size) +} diff --git a/spdmlib_crypto_mbedtls/src/cert_operation_impl.rs b/spdmlib_crypto_mbedtls/src/cert_operation_impl.rs new file mode 100644 index 0000000..03f2427 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/cert_operation_impl.rs @@ -0,0 +1,100 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use mbedtls::x509::Certificate; +use spdmlib::crypto::SpdmCertOperation; +use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_CERT}; + +use der::{Reader, SliceReader}; + +pub static DEFAULT: SpdmCertOperation = SpdmCertOperation { + get_cert_from_cert_chain_cb: get_cert_from_cert_chain, + verify_cert_chain_cb: verify_cert_chain, +}; + +fn get_cert_from_cert_chain(cert_chain: &[u8], index: isize) -> SpdmResult<(usize, usize)> { + let mut offset = 0usize; + let mut this_index = 0isize; + let cert_chain_size = cert_chain.len(); + loop { + if cert_chain[offset..].len() < 4 || offset > cert_chain.len() { + return Err(SPDM_STATUS_INVALID_CERT); + } + if cert_chain[offset] != 0x30 || cert_chain[offset + 1] != 0x82 { + return Err(SPDM_STATUS_INVALID_CERT); + } + let this_cert_len = + ((cert_chain[offset + 2] as usize) << 8) + (cert_chain[offset + 3] as usize) + 4; + if this_cert_len > cert_chain_size - offset { + return Err(SPDM_STATUS_INVALID_CERT); + } + if this_index == index { + // return the this one + return Ok((offset, offset + this_cert_len)); + } + this_index += 1; + if (offset + this_cert_len == cert_chain_size) && (index == -1) { + // return the last one + return Ok((offset, offset + this_cert_len)); + } + offset += this_cert_len; + } +} + +fn verify_cert_chain(cert_chain: &[u8]) -> SpdmResult { + let mut reader = SliceReader::new(cert_chain).map_err(|_| SPDM_STATUS_INVALID_CERT)?; + let mut chain = mbedtls::alloc::List::new(); + let mut ca = mbedtls::alloc::List::new(); + + loop { + let res = reader.tlv_bytes(); + if res.is_err() { + break; + } + let cert = Certificate::from_der(res.unwrap()).map_err(|_| SPDM_STATUS_INVALID_CERT)?; + if ca.is_empty() { + ca.push(cert); + } else { + chain.push(cert); + } + } + if chain.is_empty() && ca.is_empty() { + return Err(SPDM_STATUS_INVALID_CERT); + } + if chain.is_empty() { + chain.append(ca.clone()) + } + Certificate::verify(&chain, &ca, None, None).map_err(|_| SPDM_STATUS_INVALID_CERT) +} + +#[test] +fn test_certificate() { + let cert_chain = + include_bytes!("../../test_key/rsa3072_Expiration/bundle_requester.certchain.der"); + + let mut reader = SliceReader::new(cert_chain).unwrap(); + let mut chain = mbedtls::alloc::List::new(); + let mut ca = mbedtls::alloc::List::new(); + loop { + let res = reader.tlv_bytes(); + if res.is_err() { + break; + } + let res = res.unwrap(); + let cert = Certificate::from_der(res).unwrap(); + if ca.is_empty() { + ca.push(cert); + } else { + chain.push(cert); + } + } + if chain.is_empty() && ca.is_empty() { + panic!("SPDM_STATUS_INVALID_CERT") + } + if chain.is_empty() { + chain.append(ca.clone()) + } + + Certificate::verify(&chain, &ca, None, None).unwrap(); +} diff --git a/spdmlib_crypto_mbedtls/src/dhe_impl.rs b/spdmlib_crypto_mbedtls/src/dhe_impl.rs new file mode 100644 index 0000000..a5c7963 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/dhe_impl.rs @@ -0,0 +1,141 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[cfg(not(feature = "std"))] +use alloc::{boxed::Box, vec::Vec}; + +use mbedtls::ecp::EcPoint; +use mbedtls::pk::{EcGroup, EcGroupId, Pk}; +use mbedtls::rng::RngCallback; +use mbedtls_sys::types::raw_types::{c_int, c_uchar, c_void}; +use mbedtls_sys::types::size_t; +use spdmlib::crypto::{SpdmDhe, SpdmDheKeyExchange}; +use spdmlib::protocol::{SpdmDheAlgo, SpdmDheExchangeStruct, SpdmDheFinalKeyStruct}; +pub static DEFAULT: SpdmDhe = SpdmDhe { + generate_key_pair_cb: generate_key_pair, +}; + +fn generate_key_pair( + dhe_algo: SpdmDheAlgo, +) -> Option<(SpdmDheExchangeStruct, Box)> { + match dhe_algo { + SpdmDheAlgo::SECP_256_R1 => SpdmDheKeyExchangeP256::generate_key_pair(), + SpdmDheAlgo::SECP_384_R1 => SpdmDheKeyExchangeP384::generate_key_pair(), + _ => None, + } +} + +pub struct SpdmDheKeyExchangeP256(Pk); + +impl SpdmDheKeyExchangeP256 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + let mut peer = SpdmDheExchangeStruct::default(); + let mut rng = RdRand; + let secp256r1 = EcGroup::new(EcGroupId::SecP256R1).ok()?; + let pk = Pk::generate_ec(&mut rng, secp256r1.clone()).ok()?; + let peer_key = pk.ec_public().ok()?.to_binary(&secp256r1, false).ok()?; + peer.data.as_mut_slice()[0..(peer_key.len() - 1)] + .copy_from_slice(&peer_key.as_slice()[1..(peer_key.len())]); + peer.data_size = (peer_key.len() - 1) as u16; + let res: Box = Box::new(Self(pk)); + Some((peer, res)) + } +} + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP256 { + fn compute_final_key( + mut self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + let mut final_key = SpdmDheFinalKeyStruct::default(); + let mut rng = RdRand; + let secp256r1 = EcGroup::new(EcGroupId::SecP256R1).ok()?; + let mut peer = Vec::new(); + peer.push(0x4u8); + peer.extend_from_slice(peer_pub_key.as_ref()); + let peer = EcPoint::from_binary(&secp256r1, peer.as_slice()).ok()?; + let peer = &Pk::public_from_ec_components(secp256r1, peer).ok()?; + let len = self + .0 + .agree(peer, final_key.data.as_mut_slice(), &mut rng) + .ok()?; + final_key.data_size = len as u16; + Some(final_key) + } +} + +pub struct SpdmDheKeyExchangeP384(Pk); + +impl SpdmDheKeyExchangeP384 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + let mut peer = SpdmDheExchangeStruct::default(); + let mut rng = RdRand; + let secp384r1 = EcGroup::new(EcGroupId::SecP384R1).ok()?; + let pk = Pk::generate_ec(&mut rng, secp384r1.clone()).ok()?; + let peer_key = pk.ec_public().ok()?.to_binary(&secp384r1, false).ok()?; + peer.data.as_mut_slice()[0..(peer_key.len() - 1)] + .copy_from_slice(&peer_key.as_slice()[1..(peer_key.len())]); + peer.data_size = (peer_key.len() - 1) as u16; + let res: Box = Box::new(Self(pk)); + Some((peer, res)) + } +} + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP384 { + fn compute_final_key( + mut self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + let mut final_key = SpdmDheFinalKeyStruct::default(); + let mut rng = RdRand; + let secp384r1 = EcGroup::new(EcGroupId::SecP384R1).ok()?; + let mut peer = Vec::new(); + peer.push(0x4u8); + peer.extend_from_slice(peer_pub_key.as_ref()); + let peer = EcPoint::from_binary(&secp384r1, peer.as_slice()).ok()?; + let peer = &Pk::public_from_ec_components(secp384r1, peer).ok()?; + let len = self + .0 + .agree(peer, final_key.data.as_mut_slice(), &mut rng) + .ok()?; + final_key.data_size = len as u16; + Some(final_key) + } +} + +#[derive(Default)] +pub struct RdRand; + +impl RngCallback for RdRand { + unsafe extern "C" fn call(_user_data: *mut c_void, data: *mut c_uchar, len: size_t) -> c_int + where + Self: Sized, + { + use crate::rand_impl::random; + random(data, len) + } + + fn data_ptr(&self) -> *mut c_void { + core::ptr::null_mut() + } +} + +#[test] +fn test_case0_dhe() { + for dhe_algo in [SpdmDheAlgo::SECP_256_R1, SpdmDheAlgo::SECP_384_R1].iter() { + let (exchange1, private1) = generate_key_pair(*dhe_algo).unwrap(); + let (exchange2, private2) = generate_key_pair(*dhe_algo).unwrap(); + + let peer1 = private1.compute_final_key(&exchange2).unwrap(); + let peer2 = private2.compute_final_key(&exchange1).unwrap(); + + assert_eq!(peer1.as_ref(), peer2.as_ref()); + } +} +#[test] +fn test_case1_dhe() { + for dhe_algo in [SpdmDheAlgo::empty()].iter() { + assert_eq!(generate_key_pair(*dhe_algo).is_none(), true); + } +} diff --git a/spdmlib_crypto_mbedtls/src/hash_impl.rs b/spdmlib_crypto_mbedtls/src/hash_impl.rs new file mode 100644 index 0000000..5ae1184 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/hash_impl.rs @@ -0,0 +1,126 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use mbedtls::hash; +use spdmlib::crypto::SpdmHash; +use spdmlib::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +#[cfg(feature = "hashed-transcript-data")] +pub use hash_ext::DEFAULT; + +#[cfg(feature = "hashed-transcript-data")] +mod hash_ext { + extern crate alloc; + use super::*; + use alloc::boxed::Box; + use alloc::collections::BTreeMap; + use lazy_static::lazy_static; + use spdmlib::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; + use spin::Mutex; + pub type HashCtxConcrete = hash::Md; + lazy_static! { + static ref HASH_CTX_TABLE: Mutex>> = + Mutex::new(BTreeMap::new()); + } + + pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, + hash_ctx_init_cb: hash_ctx_init, + hash_ctx_update_cb: hash_ctx_update, + hash_ctx_finalize_cb: hash_ctx_finalize, + hash_ctx_dup_cb: hash_ctx_dup, + }; + + pub(crate) fn hash_ctx_init(base_hash_algo: SpdmBaseHashAlgo) -> Option { + let hash_algo = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(hash::Type::Sha384), + _ => None, + }?; + + let md = hash::Md::new(hash_algo).ok()?; + let ctx = Box::new(md); + Some(insert_to_table(ctx)) + } + + pub(crate) fn hash_ctx_update(handle: usize, data: &[u8]) -> SpdmResult { + let mut table = HASH_CTX_TABLE.lock(); + let ctx = table.get_mut(&handle).ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + ctx.update(data).map_err(|_e| SPDM_STATUS_CRYPTO_ERROR) + } + + pub(crate) fn hash_ctx_finalize(handle: usize) -> Option { + let ctx = HASH_CTX_TABLE.lock().remove(&handle)?; + let mut digest = SpdmDigestStruct::default(); + let digest_len = ctx.finish(digest.data.as_mut()).ok()?; + if digest_len > u16::MAX as usize { + return None; + } + digest.data_size = digest_len as u16; + Some(digest) + } + + pub(crate) fn hash_ctx_dup(handle: usize) -> Option { + let ctx = { + let table = HASH_CTX_TABLE.lock(); + let ctx = table.get(&handle)?; + ctx.clone() + }; + Some(insert_to_table(ctx)) + } + + pub(crate) fn insert_to_table(value: Box) -> usize { + let handle_ptr: *const HashCtxConcrete = &*value; + let handle = handle_ptr as usize; + HASH_CTX_TABLE.lock().insert(handle, value); + handle + } + + #[allow(dead_code)] + #[cfg(test)] + pub fn get_hash_ctx_count() -> usize { + HASH_CTX_TABLE.lock().len() + } +} + +#[cfg(not(feature = "hashed-transcript-data"))] +pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, +}; + +fn hash_all(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option { + let mut spdm_digest = SpdmDigestStruct::default(); + let hash_algo = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(hash::Type::Sha384), + _ => None, + }?; + + let mut md = hash::Md::new(hash_algo).ok()?; + md.update(data).ok()?; + let hash_len = md.finish(spdm_digest.data.as_mut()).ok()?; + spdm_digest.data_size = hash_len as u16; + Some(spdm_digest) +} + +#[test] +fn test_case1_hash_all() { + use std::fmt::Write; + use std::string::String; + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let data = &b"hello"[..]; + + let mut res = String::new(); + let hash_all = hash_all(base_hash_algo, data).unwrap(); + for d in hash_all.as_ref() { + let _ = write!(&mut res, "{:02x}", d); + } + println!("res: {}", String::from_utf8_lossy(res.as_ref())); + assert_eq!(hash_all.data_size, 32); + + assert_eq!( + res, + "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824".to_string() + ) +} diff --git a/spdmlib_crypto_mbedtls/src/hkdf_impl.rs b/spdmlib_crypto_mbedtls/src/hkdf_impl.rs new file mode 100644 index 0000000..715a5b7 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/hkdf_impl.rs @@ -0,0 +1,134 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use mbedtls::hash; +use spdmlib::crypto::SpdmHkdf; +use spdmlib::protocol::{ + SpdmBaseHashAlgo, SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, + SpdmHkdfPseudoRandomKey, +}; + +pub static DEFAULT: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: hkdf_extract, + hkdf_expand_cb: hkdf_expand, +}; + +fn hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + salt: &[u8], + ikm: &SpdmHkdfInputKeyingMaterial, +) -> Option { + use mbedtls_sys::hkdf_extract; + let md = match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(hash::Type::Sha384), + _ => None, + }?; + let md: hash::MdInfo = match md.into() { + Some(md) => md, + None => return None, + }; + + let mut prk = SpdmHkdfPseudoRandomKey::default(); + unsafe { + let ret = hkdf_extract( + md.into(), + salt.as_ptr(), + salt.len(), + ikm.as_ref().as_ptr(), + ikm.as_ref().len(), + prk.data.as_mut_ptr(), + ); + if ret != 0 { + return None; + } + prk.data_size = md.size() as u16; + } + Some(prk) +} + +fn hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + prk: &SpdmHkdfPseudoRandomKey, + info: &[u8], + out_size: u16, +) -> Option { + use mbedtls_sys::hkdf_expand; + let md = match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(hash::Type::Sha384), + _ => None, + }?; + let md: hash::MdInfo = match md.into() { + Some(md) => md, + None => return None, + }; + let mut okm = SpdmHkdfOutputKeyingMaterial::default(); + unsafe { + let res = hkdf_expand( + md.into(), + prk.as_ref().as_ptr(), + prk.as_ref().len(), + info.as_ptr(), + info.len(), + okm.data.as_mut_ptr(), + out_size as usize, + ); + if res != 0 { + return None; + } + } + okm.data_size = out_size; + Some(okm) +} + +#[cfg(test)] +mod tests { + use super::*; + use spdmlib::protocol::{SpdmBaseHashAlgo, SPDM_MAX_HASH_SIZE}; + #[test] + fn test_case0_hkdf_expand() { + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let prk = SpdmHkdfPseudoRandomKey { + data_size: 32, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let info = &mut [100u8; 64]; + let out_size = 64; + let hkdf_expand = hkdf_expand(base_hash_algo, &prk, info, out_size); + + match hkdf_expand { + Some(_) => { + assert!(true) + } + None => { + assert!(false) + } + } + } + #[test] + fn test_case1_hkdf_expand() { + // remove should panic + // hkdf_expand is a library call. It's better to return failure/success instead of panic. + let base_hash_algo = SpdmBaseHashAlgo::empty(); + let prk = SpdmHkdfPseudoRandomKey { + data_size: 64, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + let info = &mut [100u8; 64]; + let out_size = 64; + let hkdf_expand = hkdf_expand(base_hash_algo, &prk, info, out_size); + + match hkdf_expand { + Some(_) => { + // when bash_hash_algo is empty + // hkdf_expand will failed and return None. + assert!(false) + } + None => { + assert!(true) + } + } + } +} diff --git a/spdmlib_crypto_mbedtls/src/hmac_impl.rs b/spdmlib_crypto_mbedtls/src/hmac_impl.rs new file mode 100644 index 0000000..7cc42a6 --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/hmac_impl.rs @@ -0,0 +1,72 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use mbedtls::hash; +use spdmlib::crypto::SpdmHmac; +use spdmlib::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; +use spdmlib::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +pub static DEFAULT: SpdmHmac = SpdmHmac { + hmac_cb: hmac, + hmac_verify_cb: hmac_verify, +}; + +fn hmac(base_hash_algo: SpdmBaseHashAlgo, key: &[u8], data: &[u8]) -> Option { + let hash_algo = match base_hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(hash::Type::Sha256), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(hash::Type::Sha384), + _ => None, + }?; + let mut ctx = hash::Hmac::new(hash_algo, key).ok()?; + ctx.update(data).ok()?; + let mut digest = SpdmDigestStruct::default(); + let len = ctx.finish(digest.data.as_mut()).ok()?; + digest.data_size = len as u16; + Some(digest) +} + +fn hmac_verify( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + message_digest: &SpdmDigestStruct, +) -> SpdmResult { + let digest = hmac(base_hash_algo, key, data).ok_or(SPDM_STATUS_CRYPTO_ERROR)?; + if digest.as_ref() == message_digest.as_ref() { + Ok(()) + } else { + Err(SPDM_STATUS_CRYPTO_ERROR) + } +} + +#[cfg(test)] +mod tests { + use spdmlib::protocol::{SpdmFinishedKeyStruct, SPDM_MAX_HASH_SIZE}; + + use super::*; + #[test] + fn test_case_rfc4231_2() { + let key = &mut SpdmFinishedKeyStruct { + data_size: 4, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }; + key.data[0..4].copy_from_slice(&[0x4a, 0x65, 0x66, 0x65]); + let data: &[u8] = &[ + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, + 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x3f, + ][..]; + let hmac_256: &[u8] = &[ + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, + 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, + 0x64, 0xec, 0x38, 0x43, + ][..]; + + let base_hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_256; + let spdm_digest = hmac(base_hash_algo, key.as_ref(), data).unwrap(); + assert_eq!(spdm_digest.as_ref(), hmac_256); + + let digest = SpdmDigestStruct::from(hmac_256); + hmac_verify(base_hash_algo, key.as_ref(), data, &digest).unwrap(); + } +} diff --git a/spdmlib_crypto_mbedtls/src/lib.rs b/spdmlib_crypto_mbedtls/src/lib.rs new file mode 100644 index 0000000..e3af12f --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/lib.rs @@ -0,0 +1,19 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![cfg_attr(not(feature = "std"), no_std)] + +#[cfg(not(feature = "std"))] +extern crate alloc; + +pub mod aead_impl; + +pub mod dhe_impl; +pub mod hash_impl; +pub mod hkdf_impl; +pub mod hmac_impl; +pub mod rand_impl; + +pub mod asym_verify_impl; +pub mod cert_operation_impl; diff --git a/spdmlib_crypto_mbedtls/src/rand_impl.rs b/spdmlib_crypto_mbedtls/src/rand_impl.rs new file mode 100644 index 0000000..bcc313a --- /dev/null +++ b/spdmlib_crypto_mbedtls/src/rand_impl.rs @@ -0,0 +1,48 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use core::arch::x86_64::_rdrand64_step; +use spdmlib::crypto::SpdmCryptoRandom; +use spdmlib::error::{SpdmResult, SPDM_STATUS_CRYPTO_ERROR}; + +pub static DEFAULT: SpdmCryptoRandom = SpdmCryptoRandom { + get_random_cb: get_random, +}; + +/// # Safety +/// +/// The function contains the length of data, so it is safe +pub unsafe fn random(output: *mut u8, len: usize) -> i32 { + let mut remain = len; + while remain > 8 { + remain -= 8; + let mut count = 0; + unsafe { + while _rdrand64_step(&mut *(output.add(remain) as *mut u64)) != 1 || count > 5 { + count += 1; + } + if count > 5 { + return 1; + } + } + } + let mut buf = [0u8; 8]; + let mut count = 0; + while _rdrand64_step(&mut *(buf.as_mut_ptr() as *mut u64)) != 1 || count > 5 { + count += 1; + } + if count > 5 { + return 1; + } + core::slice::from_raw_parts_mut(output, remain).copy_from_slice(&buf[0..remain]); + 0 +} + +fn get_random(data: &mut [u8]) -> SpdmResult { + if 0 == unsafe { random(data.as_mut_ptr(), data.len()) } { + Ok(data.len()) + } else { + Err(SPDM_STATUS_CRYPTO_ERROR) + } +} diff --git a/sys_time/Cargo.toml b/sys_time/Cargo.toml new file mode 100644 index 0000000..f65a51f --- /dev/null +++ b/sys_time/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "sys_time" +version = "0.1.0" +authors = ["Xiaoyu Lu "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +x86_64 = "0.14" +time = { version = "0.3", default-features = false } diff --git a/sys_time/src/lib.rs b/sys_time/src/lib.rs new file mode 100644 index 0000000..9bf9d8c --- /dev/null +++ b/sys_time/src/lib.rs @@ -0,0 +1,28 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![no_std] +// use chrono::NaiveDate; + +use core::convert::TryFrom; + +use rtc::read_rtc; +use time::{Date, Month, PrimitiveDateTime, Time}; + +pub mod rtc; + +pub fn get_sys_time() -> Option { + let data_time = read_rtc(); + + let date_time = PrimitiveDateTime::new( + Date::from_calendar_date( + data_time.year as i32, + Month::try_from(data_time.month).ok()?, + data_time.day, + ) + .ok()?, + Time::from_hms(data_time.hour, data_time.minute, data_time.second).ok()?, + ); + Some(date_time.assume_utc().unix_timestamp()) +} diff --git a/sys_time/src/rtc.rs b/sys_time/src/rtc.rs new file mode 100644 index 0000000..249303b --- /dev/null +++ b/sys_time/src/rtc.rs @@ -0,0 +1,137 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +//! Untrusted time get from CMOS/RTC device commonly seen on x86 I/O port 0x70/0x71 + +use x86_64::instructions::port::{PortRead, PortWrite}; + +const CMOS_ADDRESS_PORT: u16 = 0x70; +const CMOS_DATA_PORT: u16 = 0x71; + +// Select the register through port 0x70, and read the value from port 0x71 +const CMOS_SECOND_REGISTER: u8 = 0x00; +const CMOS_MINUTE_REGISTER: u8 = 0x02; +const CMOS_HOUR_REGISTER: u8 = 0x04; +const CMOS_DAY_REGISTER: u8 = 0x07; +const CMOS_MONTH_REGISTER: u8 = 0x08; +const CMOS_YEAR_REGISTER: u8 = 0x09; +const CMOS_STATUS_REGISTER_A: u8 = 0x0A; +const CMOS_STATUS_REGISTER_B: u8 = 0x0B; + +const CMOS_NMI_DISABLE_BIT: u8 = 1 << 7; +// Status Register A, Bit 7 +const CMOS_UPDATE_IN_PROGRESS_FLAG: u8 = 1 << 7; +// Status Register B, Bit 1 +const CMOS_24_HOUR_FORMAT_FLAG: u8 = 1 << 1; +// Status Register B, Bit 2 +const CMOS_BINARY_MODE_FLAG: u8 = 1 << 2; + +// In 12 hour mode, if the hour is pm, then the 0x80 bit is set on the hour byte +const CMOS_PM_BIT: u8 = 0x80; + +const CMOS_YEARS_OFFSET: u16 = 2000; + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub struct DateTime { + pub second: u8, + pub minute: u8, + /// Hours in current day, 24 hour format. + pub hour: u8, + pub day: u8, + pub month: u8, + pub year: u16, +} + +pub fn read_rtc() -> DateTime { + // It is possible to read the time and date while an update is in progress and get inconsistent + // values, for example, at 9:00 o'clock we might get 8:59, or 8:60, or 8:00, or 9:00. + // The solution here is to read all the values we need twice, and make sure the update_in_progress + // flag is clear before each reading. If the two values are the same, then we get a correct value. + loop { + // Wait until RTC finishes its update + while get_update_in_progress_flag() > 0 {} + let first_read = read_date_time(); + + // If the flag is set before our second reading, we can't get the same value + if get_update_in_progress_flag() > 0 { + continue; + } + let second_read = read_date_time(); + + // Compare the values read out twice. If they are equal, then we get a correct value + if first_read == second_read { + return first_read; + } + } +} + +/// Convert a value in BCD format into binary mode +const fn bcd_to_binary(bcd: u8) -> u8 { + (bcd & 0xF) + ((bcd / 16) * 10) +} + +fn is_24_hour_format() -> bool { + let status_register_b: u8 = read_cmos_register(CMOS_STATUS_REGISTER_B); + status_register_b & CMOS_24_HOUR_FORMAT_FLAG > 0 +} + +fn is_binary_mode() -> bool { + let status_register_b: u8 = read_cmos_register(CMOS_STATUS_REGISTER_B); + status_register_b & CMOS_BINARY_MODE_FLAG > 0 +} + +fn read_cmos_register(reg: u8) -> u8 { + unsafe { + u8::write_to_port(CMOS_ADDRESS_PORT, CMOS_NMI_DISABLE_BIT | reg); + u8::read_from_port(CMOS_DATA_PORT) + } +} + +fn get_update_in_progress_flag() -> u8 { + read_cmos_register(CMOS_STATUS_REGISTER_A) & CMOS_UPDATE_IN_PROGRESS_FLAG +} + +fn read_datetime_register(register: u8) -> u8 { + let value = read_cmos_register(register); + + if is_binary_mode() { + value + } else { + bcd_to_binary(value) + } +} + +fn read_hour_register() -> u8 { + let mut hour = read_cmos_register(CMOS_HOUR_REGISTER); + if !is_binary_mode() { + // Mask the possible PM flag + hour = ((hour & 0xF) + (((hour & !CMOS_PM_BIT) / 16) * 10)) | (hour & CMOS_PM_BIT); + } + + // Convert from 12 hour format to 24 hour format if necessary + if !is_24_hour_format() && (hour & CMOS_PM_BIT != 0) { + // midnight is 12, 1am is 1 + ((hour & !CMOS_PM_BIT) + 12) % 24 + } else { + hour + } +} + +fn read_date_time() -> DateTime { + let year = CMOS_YEARS_OFFSET + read_datetime_register(CMOS_YEAR_REGISTER) as u16; + let month = read_datetime_register(CMOS_MONTH_REGISTER); + let day = read_datetime_register(CMOS_DAY_REGISTER); + let minute = read_datetime_register(CMOS_MINUTE_REGISTER); + let second = read_datetime_register(CMOS_SECOND_REGISTER); + let hour = read_hour_register(); + + DateTime { + year, + month, + day, + minute, + second, + hour, + } +} diff --git a/targets/x86_64-unknown-none.json b/targets/x86_64-unknown-none.json new file mode 100644 index 0000000..cea8193 --- /dev/null +++ b/targets/x86_64-unknown-none.json @@ -0,0 +1,16 @@ +{ + "llvm-target": "x86_64-unknown-none", + "data-layout": "e-m:e-i64:64-f80:128-n8:16:32:64-S128", + "arch": "x86_64", + "target-endian": "little", + "target-pointer-width": "64", + "target-c-int-width": "32", + "os": "none", + "executables": true, + "linker": "rust-lld", + "linker-flavor": "ld.lld", + "panic-strategy": "abort", + "disable-redzone": true, + "features": "-mmx,-sse,+soft-float", + "position-independent-executables": true +} diff --git a/tdisp/Cargo.toml b/tdisp/Cargo.toml new file mode 100644 index 0000000..f4cf385 --- /dev/null +++ b/tdisp/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "tdisp" +license = "BSD-2-Clause-Patent" +version = "0.2.0" +authors = [ + "Jiewen Yao ", + "Xiaoyu Lu ", + "Longlong Yang " + ] +edition = "2018" + +[dev-dependencies] + +[build-dependencies] + +[dependencies] +codec = { path = "../codec" } +bitflags = "1.2.1" +spdmlib = { path = "../spdmlib", default-features = false, features = ["spdm-ring"]} +conquer-once = { version = "0.3.2", default-features = false } +spin = { version = "0.9.8" } +maybe-async = "0.2.7" + +[features] +is_sync = ["spdmlib/is_sync", "maybe-async/is_sync"] diff --git a/tdisp/src/lib.rs b/tdisp/src/lib.rs new file mode 100644 index 0000000..6e834ee --- /dev/null +++ b/tdisp/src/lib.rs @@ -0,0 +1,13 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] +#![cfg_attr(not(feature = "std"), no_std)] + +#[macro_use] +extern crate bitflags; + +pub mod pci_tdisp; +pub mod pci_tdisp_requester; +pub mod pci_tdisp_responder; diff --git a/tdisp/src/pci_tdisp.rs b/tdisp/src/pci_tdisp.rs new file mode 100644 index 0000000..5f771ea --- /dev/null +++ b/tdisp/src/pci_tdisp.rs @@ -0,0 +1,1130 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{u24, Codec}; +use core::convert::TryFrom; +use spdmlib::message::{ + RegistryOrStandardsBodyID, VendorIDStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN, +}; + +pub const TDISP_PROTOCOL_ID: u8 = 1; + +#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] +pub struct FunctionId { + pub requester_id: u16, + pub requester_segment: u8, + pub requester_segment_valid: bool, +} + +impl Codec for FunctionId { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut function_id = 0u32; + function_id |= self.requester_id as u32; + if self.requester_segment_valid { + function_id |= (self.requester_segment as u32) << 16; + } + function_id |= (self.requester_segment_valid as u32) << 24; + + function_id.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let function_id = u32::read(r)?; + + let requester_id = (function_id & 0x0000FFFF) as u16; + let requester_segment = ((function_id & 0x00FF0000) >> 16) as u8; + let requester_segment_valid = function_id & (1 << 24) != 0; + + if !requester_segment_valid && requester_segment != 0 { + return None; + } + + Some(Self { + requester_id, + requester_segment, + requester_segment_valid, + }) + } +} + +#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] +pub struct InterfaceId { + pub function_id: FunctionId, +} + +impl Codec for InterfaceId { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.function_id.encode(bytes)?; + cnt += 0u64.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let function_id = FunctionId::read(r)?; + let _ = u64::read(r)?; + + Some(Self { function_id }) + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[allow(non_camel_case_types)] +pub enum TdiState { + RUN, + ERROR, + CONFIG_LOCKED, + CONFIG_UNLOCKED, +} + +impl From for u8 { + fn from(ts: TdiState) -> Self { + match ts { + TdiState::RUN => 2, + TdiState::ERROR => 3, + TdiState::CONFIG_LOCKED => 1, + TdiState::CONFIG_UNLOCKED => 0, + } + } +} + +impl From<&TdiState> for u8 { + fn from(ts: &TdiState) -> Self { + u8::from(*ts) + } +} + +impl TryFrom for TdiState { + type Error = (); + fn try_from(uts: u8) -> Result>::Error> { + match uts { + 0 => Ok(Self::CONFIG_UNLOCKED), + 1 => Ok(Self::CONFIG_LOCKED), + 2 => Ok(Self::RUN), + 3 => Ok(Self::ERROR), + 4_u8..=u8::MAX => Err(()), + } + } +} + +impl Default for TdiState { + fn default() -> Self { + Self::CONFIG_UNLOCKED + } +} + +impl Codec for TdiState { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + u8::from(self).encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let tdi_state = u8::read(r)?; + Self::try_from(tdi_state).ok() + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[allow(non_camel_case_types)] +pub enum TdispRequestResponseCode { + // Request + GET_TDISP_VERSION, + GET_TDISP_CAPABILITIES, + LOCK_INTERFACE_REQUEST, + GET_DEVICE_INTERFACE_REPORT, + GET_DEVICE_INTERFACE_STATE, + START_INTERFACE_REQUEST, + STOP_INTERFACE_REQUEST, + BIND_P2P_STREAM_REQUEST, + UNBIND_P2P_STREAM_REQUEST, + SET_MMIO_ATTRIBUTE_REQUEST, + VDM_REQUEST, + + // Response + TDISP_VERSION, + TDISP_CAPABILITIES, + LOCK_INTERFACE_RESPONSE, + DEVICE_INTERFACE_REPORT, + DEVICE_INTERFACE_STATE, + START_INTERFACE_RESPONSE, + STOP_INTERFACE_RESPONSE, + BIND_P2P_STREAM_RESPONSE, + UNBIND_P2P_STREAM_RESPONSE, + SET_MMIO_ATTRIBUTE_RESPONSE, + VDM_RESPONSE, + TDISP_ERROR, +} + +impl From for u8 { + fn from(trrc: TdispRequestResponseCode) -> Self { + match trrc { + TdispRequestResponseCode::GET_TDISP_VERSION => 0x81, + TdispRequestResponseCode::GET_TDISP_CAPABILITIES => 0x82, + TdispRequestResponseCode::LOCK_INTERFACE_REQUEST => 0x83, + TdispRequestResponseCode::GET_DEVICE_INTERFACE_REPORT => 0x84, + TdispRequestResponseCode::GET_DEVICE_INTERFACE_STATE => 0x85, + TdispRequestResponseCode::START_INTERFACE_REQUEST => 0x86, + TdispRequestResponseCode::STOP_INTERFACE_REQUEST => 0x87, + TdispRequestResponseCode::BIND_P2P_STREAM_REQUEST => 0x88, + TdispRequestResponseCode::UNBIND_P2P_STREAM_REQUEST => 0x89, + TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_REQUEST => 0x8A, + TdispRequestResponseCode::VDM_REQUEST => 0x8B, + TdispRequestResponseCode::TDISP_VERSION => 0x01, + TdispRequestResponseCode::TDISP_CAPABILITIES => 0x02, + TdispRequestResponseCode::LOCK_INTERFACE_RESPONSE => 0x03, + TdispRequestResponseCode::DEVICE_INTERFACE_REPORT => 0x04, + TdispRequestResponseCode::DEVICE_INTERFACE_STATE => 0x05, + TdispRequestResponseCode::START_INTERFACE_RESPONSE => 0x06, + TdispRequestResponseCode::STOP_INTERFACE_RESPONSE => 0x07, + TdispRequestResponseCode::BIND_P2P_STREAM_RESPONSE => 0x08, + TdispRequestResponseCode::UNBIND_P2P_STREAM_RESPONSE => 0x09, + TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_RESPONSE => 0x0A, + TdispRequestResponseCode::VDM_RESPONSE => 0x0B, + TdispRequestResponseCode::TDISP_ERROR => 0x7F, + } + } +} + +impl From<&TdispRequestResponseCode> for u8 { + fn from(trrc: &TdispRequestResponseCode) -> Self { + u8::from(*trrc) + } +} + +impl TryFrom for TdispRequestResponseCode { + type Error = (); + fn try_from(utrrc: u8) -> Result>::Error> { + match utrrc { + 0x81 => Ok(TdispRequestResponseCode::GET_TDISP_VERSION), + 0x82 => Ok(TdispRequestResponseCode::GET_TDISP_CAPABILITIES), + 0x83 => Ok(TdispRequestResponseCode::LOCK_INTERFACE_REQUEST), + 0x84 => Ok(TdispRequestResponseCode::GET_DEVICE_INTERFACE_REPORT), + 0x85 => Ok(TdispRequestResponseCode::GET_DEVICE_INTERFACE_STATE), + 0x86 => Ok(TdispRequestResponseCode::START_INTERFACE_REQUEST), + 0x87 => Ok(TdispRequestResponseCode::STOP_INTERFACE_REQUEST), + 0x88 => Ok(TdispRequestResponseCode::BIND_P2P_STREAM_REQUEST), + 0x89 => Ok(TdispRequestResponseCode::UNBIND_P2P_STREAM_REQUEST), + 0x8A => Ok(TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_REQUEST), + 0x8B => Ok(TdispRequestResponseCode::VDM_REQUEST), + 0x01 => Ok(TdispRequestResponseCode::TDISP_VERSION), + 0x02 => Ok(TdispRequestResponseCode::TDISP_CAPABILITIES), + 0x03 => Ok(TdispRequestResponseCode::LOCK_INTERFACE_RESPONSE), + 0x04 => Ok(TdispRequestResponseCode::DEVICE_INTERFACE_REPORT), + 0x05 => Ok(TdispRequestResponseCode::DEVICE_INTERFACE_STATE), + 0x06 => Ok(TdispRequestResponseCode::START_INTERFACE_RESPONSE), + 0x07 => Ok(TdispRequestResponseCode::STOP_INTERFACE_RESPONSE), + 0x08 => Ok(TdispRequestResponseCode::BIND_P2P_STREAM_RESPONSE), + 0x09 => Ok(TdispRequestResponseCode::UNBIND_P2P_STREAM_RESPONSE), + 0x0A => Ok(TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_RESPONSE), + 0x0B => Ok(TdispRequestResponseCode::VDM_RESPONSE), + 0x7F => Ok(TdispRequestResponseCode::TDISP_ERROR), + _ => Err(()), + } + } +} + +impl Codec for TdispRequestResponseCode { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + u8::from(self).encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let req_rsp_code = u8::read(r)?; + Self::try_from(req_rsp_code).ok() + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +pub struct TdispVersion { + pub major_version: u8, + pub minor_version: u8, +} + +impl Default for TdispVersion { + fn default() -> Self { + Self { + major_version: 1, + minor_version: 0, + } + } +} + +impl PartialOrd for TdispVersion { + fn partial_cmp(&self, tv: &TdispVersion) -> Option { + if self.major_version > tv.major_version { + Some(core::cmp::Ordering::Greater) + } else if self.major_version < tv.major_version { + Some(core::cmp::Ordering::Less) + } else if self.minor_version > tv.minor_version { + Some(core::cmp::Ordering::Greater) + } else if self.minor_version < tv.minor_version { + Some(core::cmp::Ordering::Less) + } else { + Some(core::cmp::Ordering::Equal) + } + } +} + +impl Codec for TdispVersion { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + (self.major_version << 4 | self.minor_version).encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let tdisp_version = u8::read(r)?; + + let major_version = (tdisp_version & 0xF0) >> 4; + let minor_version = tdisp_version & 0x0F; + + Some(Self { + major_version, + minor_version, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct TdispMessageHeader { + pub tdisp_version: TdispVersion, + pub message_type: TdispRequestResponseCode, + pub interface_id: InterfaceId, +} + +impl Codec for TdispMessageHeader { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += TDISP_PROTOCOL_ID.encode(bytes)?; + cnt += self.tdisp_version.encode(bytes)?; + cnt += self.message_type.encode(bytes)?; + cnt += 0u16.encode(bytes)?; // reserved + cnt += self.interface_id.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let protocol_id = u8::read(r)?; + if protocol_id != TDISP_PROTOCOL_ID { + return None; + } + let tdisp_version = TdispVersion::read(r)?; + let message_type = TdispRequestResponseCode::read(r)?; + u16::read(r)?; // reserved + let interface_id = InterfaceId::read(r)?; + + Some(Self { + tdisp_version, + message_type, + interface_id, + }) + } +} + +#[derive(Debug, Copy, Clone, PartialEq, Eq)] +#[allow(non_camel_case_types)] +pub enum TdispErrorCode { + INVALID_REQUEST, + BUSY, + INVALID_INTERFACE_STATE, + UNSPECIFIED, + UNSUPPORTED_REQUEST, + VERSION_MISMATCH, + VENDOR_SPECIFIC_ERROR, + INVALID_INTERFACE, + INVALID_NONCE, + INSUFFICIENT_ENTROPY, + INVALID_DEVICE_CONFIGURATION, +} + +impl From for u32 { + fn from(ec: TdispErrorCode) -> Self { + match ec { + TdispErrorCode::INVALID_REQUEST => 0x0001, + TdispErrorCode::BUSY => 0x0003, + TdispErrorCode::INVALID_INTERFACE_STATE => 0x0004, + TdispErrorCode::UNSPECIFIED => 0x0005, + TdispErrorCode::UNSUPPORTED_REQUEST => 0x0007, + TdispErrorCode::VERSION_MISMATCH => 0x0041, + TdispErrorCode::VENDOR_SPECIFIC_ERROR => 0x00FF, + TdispErrorCode::INVALID_INTERFACE => 0x0101, + TdispErrorCode::INVALID_NONCE => 0x0102, + TdispErrorCode::INSUFFICIENT_ENTROPY => 0x0103, + TdispErrorCode::INVALID_DEVICE_CONFIGURATION => 0x0104, + } + } +} + +impl From<&TdispErrorCode> for u32 { + fn from(ec: &TdispErrorCode) -> Self { + u32::from(*ec) + } +} + +impl TryFrom for TdispErrorCode { + type Error = (); + fn try_from(uec: u32) -> Result>::Error> { + match uec { + 0x0001 => Ok(Self::INVALID_REQUEST), + 0x0003 => Ok(Self::BUSY), + 0x0004 => Ok(Self::INVALID_INTERFACE_STATE), + 0x0005 => Ok(Self::UNSPECIFIED), + 0x0007 => Ok(Self::UNSUPPORTED_REQUEST), + 0x0041 => Ok(Self::VERSION_MISMATCH), + 0x00FF => Ok(Self::VENDOR_SPECIFIC_ERROR), + 0x0101 => Ok(Self::INVALID_INTERFACE), + 0x0102 => Ok(Self::INVALID_NONCE), + 0x0103 => Ok(Self::INSUFFICIENT_ENTROPY), + 0x0104 => Ok(Self::INVALID_DEVICE_CONFIGURATION), + _ => Err(()), + } + } +} + +impl Codec for TdispErrorCode { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + u32::from(self).encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let errcode = u32::read(r)?; + Self::try_from(errcode).ok() + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqGetTdispVersion { + pub interface_id: InterfaceId, +} + +impl Codec for ReqGetTdispVersion { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + TdispMessageHeader { + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + message_type: TdispRequestResponseCode::GET_TDISP_VERSION, + interface_id: self.interface_id, + } + .encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + if message_header.tdisp_version.major_version != 1 { + return None; + } + + if message_header.message_type != TdispRequestResponseCode::GET_TDISP_VERSION { + return None; + } + + Some(Self { + interface_id: message_header.interface_id, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspTdispVersion { + pub interface_id: InterfaceId, + pub version_num_count: u8, + pub version_num_entry: [TdispVersion; u8::MAX as usize], +} + +impl Codec for RspTdispVersion { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += TdispMessageHeader { + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + message_type: TdispRequestResponseCode::TDISP_VERSION, + interface_id: self.interface_id, + } + .encode(bytes)?; + cnt += self.version_num_count.encode(bytes)?; + for version in self + .version_num_entry + .iter() + .take(self.version_num_count as usize) + { + cnt += version.encode(bytes)?; + } + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + if message_header.tdisp_version.major_version != 1 { + return None; + } + + if message_header.message_type != TdispRequestResponseCode::TDISP_VERSION { + return None; + } + + let version_num_count = u8::read(r)?; + let mut version_num_entry = [TdispVersion::default(); u8::MAX as usize]; + for version in version_num_entry + .iter_mut() + .take(version_num_count as usize) + { + *version = TdispVersion::read(r)?; + } + + Some(Self { + interface_id: message_header.interface_id, + version_num_count, + version_num_entry, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqGetTdispCapabilities { + pub message_header: TdispMessageHeader, + pub tsm_caps: u32, +} + +impl Codec for ReqGetTdispCapabilities { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.tsm_caps.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let tsm_caps = u32::read(r)?; + + Some(Self { + message_header, + tsm_caps, + }) + } +} + +bitflags! { + #[derive(Default)] + pub struct LockInterfaceFlag: u16 { + const NO_FW_UPDATE = 0b0000_0000_0000_0001; + const SYSTEM_CACHE_LINE_SIZE = 0b0000_0000_0000_0010; + const LOCK_MSIX = 0b0000_0000_0000_0100; + const BIND_P2P = 0b0000_0000_0000_1000; + const ALL_REQUEST_REDIRECT = 0b0000_0000_0001_0000; + } +} + +impl Codec for LockInterfaceFlag { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let bits = u16::read(r)?; + Some(Self { bits }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspTdispCapabilities { + pub message_header: TdispMessageHeader, + pub dsm_caps: u32, + pub req_msgs_supported: [u8; 16], + pub lock_interface_flags_supported: LockInterfaceFlag, + pub dev_addr_width: u8, + pub num_req_this: u8, + pub num_req_all: u8, +} + +impl Codec for RspTdispCapabilities { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.dsm_caps.encode(bytes)?; + cnt += self.req_msgs_supported.encode(bytes)?; + cnt += self.lock_interface_flags_supported.encode(bytes)?; + cnt += u24::new(0).encode(bytes)?; // reserved + cnt += self.dev_addr_width.encode(bytes)?; + cnt += self.num_req_this.encode(bytes)?; + cnt += self.num_req_all.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let dsm_caps = u32::read(r)?; + let req_msgs_supported = <[u8; 16]>::read(r)?; + let lock_interface_flags_supported = LockInterfaceFlag::read(r)?; + u24::read(r)?; // reserved + let dev_addr_width = u8::read(r)?; + let num_req_this = u8::read(r)?; + let num_req_all = u8::read(r)?; + + Some(Self { + message_header, + dsm_caps, + req_msgs_supported, + lock_interface_flags_supported, + dev_addr_width, + num_req_this, + num_req_all, + }) + } +} + +#[derive(Debug, Copy, Clone)] +#[allow(non_snake_case)] +pub struct ReqLockInterfaceRequest { + pub message_header: TdispMessageHeader, + pub flags: LockInterfaceFlag, + pub default_stream_id: u8, + pub mmio_reporting_offset: u64, + pub bind_p2p_address_mask: u64, +} + +impl Codec for ReqLockInterfaceRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.flags.encode(bytes)?; + cnt += self.default_stream_id.encode(bytes)?; + cnt += 0u8.encode(bytes)?; //reserved + cnt += self.mmio_reporting_offset.encode(bytes)?; + cnt += self.bind_p2p_address_mask.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let flags = LockInterfaceFlag::read(r)?; + let default_stream_id = u8::read(r)?; + u8::read(r)?; // reserved + let mmio_reporting_offset = u64::read(r)?; + let bind_p2p_address_mask = u64::read(r)?; + + Some(Self { + message_header, + flags, + default_stream_id, + mmio_reporting_offset, + bind_p2p_address_mask, + }) + } +} + +pub const START_INTERFACE_NONCE_LEN: usize = 32; + +#[derive(Debug, Copy, Clone)] +#[allow(non_snake_case)] +pub struct RspLockInterfaceResponse { + pub message_header: TdispMessageHeader, + pub start_interface_nonce: [u8; START_INTERFACE_NONCE_LEN], +} + +impl Codec for RspLockInterfaceResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.start_interface_nonce.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let start_interface_nonce = <[u8; START_INTERFACE_NONCE_LEN]>::read(r)?; + + Some(Self { + message_header, + start_interface_nonce, + }) + } +} + +#[derive(Debug, Copy, Clone)] +#[allow(non_snake_case)] +pub struct ReqGetDeviceInterfaceReport { + pub message_header: TdispMessageHeader, + pub offset: u16, + pub length: u16, +} + +impl Codec for ReqGetDeviceInterfaceReport { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.offset.encode(bytes)?; + cnt += self.length.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let offset = u16::read(r)?; + let length = u16::read(r)?; + + Some(Self { + message_header, + offset, + length, + }) + } +} + +bitflags! { + #[derive(Default)] + pub struct InterfaceInfo: u16 { + const DEVICE_FIRMWARE_UPDATES_NOT_PERMITTED = 0b0000_0000_0000_0001; + const DMA_REQUESTS_WITHOUT_PASID = 0b0000_0000_0000_0010; + const DMA_REQUESTS_WITH_PASID = 0b0000_0000_0000_0100; + const ATS_SUPPORTED_ENABLED = 0b0000_0000_0000_1000; + const PRS_SUPPORTED_ENABLED = 0b0000_0000_0001_0000; + } +} + +impl Codec for InterfaceInfo { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let bits = u16::read(r)?; + Some(Self { bits }) + } +} + +pub const MAX_DEVICE_REPORT_BUFFER: usize = + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE - 1/*Protocol ID*/ - 16/*Header size*/ - 4; +pub const MAX_PORTION_LENGTH: usize = MAX_DEVICE_REPORT_BUFFER; + +#[derive(Debug, Copy, Clone)] +#[allow(non_snake_case)] +pub struct RspDeviceInterfaceReport { + pub message_header: TdispMessageHeader, + pub portion_length: u16, + pub remainder_length: u16, + pub report: [u8; MAX_PORTION_LENGTH], +} + +impl Codec for RspDeviceInterfaceReport { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.portion_length.encode(bytes)?; + cnt += self.remainder_length.encode(bytes)?; + for b in self.report.iter().take(self.portion_length as usize) { + cnt += b.encode(bytes)?; + } + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let portion_length = u16::read(r)?; + let remainder_length = u16::read(r)?; + let mut report = [0u8; MAX_PORTION_LENGTH]; + if portion_length as usize > MAX_PORTION_LENGTH { + return None; + } + for rp in report.iter_mut().take(portion_length as usize) { + *rp = u8::read(r)?; + } + + Some(Self { + message_header, + portion_length, + remainder_length, + report, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqGetDeviceInterfaceState { + pub message_header: TdispMessageHeader, +} + +impl Codec for ReqGetDeviceInterfaceState { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +#[allow(non_snake_case)] +pub struct RspDeviceInterfaceState { + pub message_header: TdispMessageHeader, + pub tdi_state: TdiState, +} + +impl Codec for RspDeviceInterfaceState { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.tdi_state.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let tdi_state = TdiState::read(r)?; + + Some(Self { + message_header, + tdi_state, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqStartInterfaceRequest { + pub message_header: TdispMessageHeader, + pub start_interface_nonce: [u8; START_INTERFACE_NONCE_LEN], +} + +impl Codec for ReqStartInterfaceRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.start_interface_nonce.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let start_interface_nonce = <[u8; START_INTERFACE_NONCE_LEN]>::read(r)?; + + Some(Self { + message_header, + start_interface_nonce, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspStartInterfaceResponse { + pub message_header: TdispMessageHeader, +} + +impl Codec for RspStartInterfaceResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqStopInterfaceRequest { + pub message_header: TdispMessageHeader, +} + +impl Codec for ReqStopInterfaceRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspStopInterfaceResponse { + pub message_header: TdispMessageHeader, +} + +impl Codec for RspStopInterfaceResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqBindP2PStreamRequest { + pub message_header: TdispMessageHeader, + pub p2p_stream_id: u8, +} + +impl Codec for ReqBindP2PStreamRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.p2p_stream_id.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let p2p_stream_id = u8::read(r)?; + + Some(Self { + message_header, + p2p_stream_id, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspBindP2PStreamResponse { + pub message_header: TdispMessageHeader, +} + +impl Codec for RspBindP2PStreamResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqUnBindP2PStreamRequest { + pub message_header: TdispMessageHeader, + pub p2p_stream_id: u8, +} + +impl Codec for ReqUnBindP2PStreamRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.p2p_stream_id.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let p2p_stream_id = u8::read(r)?; + + Some(Self { + message_header, + p2p_stream_id, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspUnBindP2PStreamResponse { + pub message_header: TdispMessageHeader, +} + +impl Codec for RspUnBindP2PStreamResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +bitflags! { + #[derive(Default)] + pub struct MMIORangeAttribute: u16 { + const MSI_X_TABLE = 0b0000_0000_0000_0001; + const MSI_X_PBA = 0b0000_0000_0000_0010; + const IS_NON_TEE_MEM = 0b0000_0000_0000_0100; + const IS_MEM_ATTR_UPDATABLE = 0b0000_0000_0000_1000; + const PRS_SUPPORTED_ENABLED = 0b0000_0000_0001_0000; + } +} + +impl Codec for MMIORangeAttribute { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.bits().encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let bits = u16::read(r)?; + Some(Self { bits }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct TdispMmioRange { + pub first_page_with_offset_added: u64, + pub number_of_pages: u32, + pub range_attributes: MMIORangeAttribute, +} + +impl Default for TdispMmioRange { + fn default() -> Self { + Self { + first_page_with_offset_added: 0, + number_of_pages: 0, + range_attributes: MMIORangeAttribute::empty(), + } + } +} + +impl Codec for TdispMmioRange { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.first_page_with_offset_added.encode(bytes)?; + cnt += self.number_of_pages.encode(bytes)?; + cnt += self.range_attributes.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let first_page_with_offset_added = u64::read(r)?; + let number_of_pages = u32::read(r)?; + let range_attributes = MMIORangeAttribute::read(r)?; + + Some(Self { + first_page_with_offset_added, + number_of_pages, + range_attributes, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct ReqSetMmioAttributeRequest { + pub message_header: TdispMessageHeader, + pub mmio_range: TdispMmioRange, +} + +impl Codec for ReqSetMmioAttributeRequest { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.mmio_range.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + let mmio_range = TdispMmioRange::read(r)?; + + Some(Self { + message_header, + mmio_range, + }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspSetMmioAttributeResponse { + pub message_header: TdispMessageHeader, +} + +impl Codec for RspSetMmioAttributeResponse { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + self.message_header.encode(bytes) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + + Some(Self { message_header }) + } +} + +#[derive(Debug, Copy, Clone)] +pub struct RspTdispError { + pub message_header: TdispMessageHeader, + pub error_code: TdispErrorCode, + pub error_data: u32, +} + +impl Codec for RspTdispError { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.message_header.encode(bytes)?; + cnt += self.error_code.encode(bytes)?; + cnt += self.error_data.encode(bytes)?; + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let message_header = TdispMessageHeader::read(r)?; + if message_header.message_type != TdispRequestResponseCode::TDISP_ERROR { + return None; + } + let error_code = TdispErrorCode::read(r)?; + let error_data = u32::read(r)?; + + Some(Self { + message_header, + error_code, + error_data, + }) + } +} + +pub const STANDARD_ID: RegistryOrStandardsBodyID = RegistryOrStandardsBodyID::PCISIG; + +#[inline] +pub const fn vendor_id() -> VendorIDStruct { + let mut vendor_idstruct = VendorIDStruct { + len: 2, + vendor_id: [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], + }; + + vendor_idstruct.vendor_id[0] = 0x01; + + vendor_idstruct +} diff --git a/tdisp/src/pci_tdisp_requester/mod.rs b/tdisp/src/pci_tdisp_requester/mod.rs new file mode 100644 index 0000000..ad5084c --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/mod.rs @@ -0,0 +1,38 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::pci_tdisp::{InterfaceId, TdispVersion}; + +pub mod pci_tdisp_req_get_tdisp_version; +pub use pci_tdisp_req_get_tdisp_version::*; + +pub mod pci_tdisp_req_get_tdisp_capabilities; +pub use pci_tdisp_req_get_tdisp_capabilities::*; + +pub mod pci_tdisp_req_lock_interface_request; +pub use pci_tdisp_req_lock_interface_request::*; + +pub mod pci_tdisp_req_get_device_interface_report; +pub use pci_tdisp_req_get_device_interface_report::*; + +pub mod pci_tdisp_req_get_device_interface_state; +pub use pci_tdisp_req_get_device_interface_state::*; + +pub mod pci_tdisp_req_start_interface_request; +pub use pci_tdisp_req_start_interface_request::*; + +pub mod pci_tdisp_req_stop_interface_request; +pub use pci_tdisp_req_stop_interface_request::*; + +pub mod pci_tdisp_req_bind_p2p_stream_request; +pub use pci_tdisp_req_bind_p2p_stream_request::*; + +pub mod pci_tdisp_req_set_mmio_attribute_request; +pub use pci_tdisp_req_set_mmio_attribute_request::*; + +pub mod pci_tdisp_req_unbind_p2p_stream_request; +pub use pci_tdisp_req_unbind_p2p_stream_request::*; + +pub mod pci_tdisp_req_vdm_request; +pub use pci_tdisp_req_vdm_request::*; diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_bind_p2p_stream_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_bind_p2p_stream_request.rs new file mode 100644 index 0000000..4b8098a --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_bind_p2p_stream_request.rs @@ -0,0 +1,97 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::RspBindP2PStreamResponse; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::TdispVersion; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::{ + InterfaceId, ReqBindP2PStreamRequest, TdispErrorCode, TdispMessageHeader, + TdispRequestResponseCode, +}; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_bind_p2p_stream_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + p2p_stream_id: u8, + // OUT + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqBindP2PStreamRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::BIND_P2P_STREAM_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + p2p_stream_id, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_bind_p2_pstream_response = RspBindP2PStreamResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_bind_p2_pstream_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_bind_p2_pstream_response.message_header.message_type + != TdispRequestResponseCode::BIND_P2P_STREAM_RESPONSE + || rsp_bind_p2_pstream_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_report.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_report.rs new file mode 100644 index 0000000..efa6494 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_report.rs @@ -0,0 +1,133 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::ReqGetDeviceInterfaceReport; +use crate::pci_tdisp::RspDeviceInterfaceReport; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::TdispErrorCode; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::MAX_DEVICE_REPORT_BUFFER; +use crate::pci_tdisp::MAX_PORTION_LENGTH; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp_requester::TdispVersion; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_get_device_interface_report( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + // OUT + report: &mut [u8; MAX_DEVICE_REPORT_BUFFER], + report_size: &mut usize, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut offset = 0u16; + let length = MAX_PORTION_LENGTH as u16; + let mut report_buffer_walker = 0usize; + *report_size = 0; + + loop { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqGetDeviceInterfaceReport { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::GET_DEVICE_INTERFACE_REPORT, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + offset, + length, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_device_interface_report = RspDeviceInterfaceReport::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_device_interface_report.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_device_interface_report.message_header.message_type + != TdispRequestResponseCode::DEVICE_INTERFACE_REPORT + || rsp_device_interface_report.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if report_buffer_walker + + rsp_device_interface_report.portion_length as usize + + rsp_device_interface_report.remainder_length as usize + > MAX_DEVICE_REPORT_BUFFER + { + return Err(SPDM_STATUS_BUFFER_FULL); + } + + report[report_buffer_walker + ..report_buffer_walker + rsp_device_interface_report.portion_length as usize] + .copy_from_slice( + &rsp_device_interface_report.report + [..rsp_device_interface_report.portion_length as usize], + ); + report_buffer_walker += rsp_device_interface_report.portion_length as usize; + + if rsp_device_interface_report.remainder_length != 0 { + offset += rsp_device_interface_report.portion_length; + continue; + } else { + *report_size = report_buffer_walker; + break; + } + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_state.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_state.rs new file mode 100644 index 0000000..8e97029 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_device_interface_state.rs @@ -0,0 +1,86 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::ReqGetDeviceInterfaceState; +use crate::pci_tdisp::RspDeviceInterfaceState; +use crate::pci_tdisp::TdiState; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::TdispVersion; +use crate::pci_tdisp::STANDARD_ID; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_get_device_interface_state( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + // OUT + tdi_state: &mut TdiState, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqGetDeviceInterfaceState { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::GET_DEVICE_INTERFACE_STATE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let rsp_device_interface_state = RspDeviceInterfaceState::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_device_interface_state.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_device_interface_state.message_header.message_type + != TdispRequestResponseCode::DEVICE_INTERFACE_STATE + || rsp_device_interface_state.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + *tdi_state = rsp_device_interface_state.tdi_state; + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_capabilities.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_capabilities.rs new file mode 100644 index 0000000..3b89838 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_capabilities.rs @@ -0,0 +1,99 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::LockInterfaceFlag; +use crate::pci_tdisp::ReqGetTdispCapabilities; +use crate::pci_tdisp::RspTdispCapabilities; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::TdispVersion; +use crate::pci_tdisp::STANDARD_ID; + +#[maybe_async::maybe_async] +#[allow(clippy::too_many_arguments)] +pub async fn pci_tdisp_req_get_tdisp_capabilities( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + tsm_caps: u32, + interface_id: InterfaceId, + // OUT + dsm_caps: &mut u32, + lock_interface_flags_supported: &mut LockInterfaceFlag, + dev_addr_width: &mut u8, + num_req_this: &mut u8, + num_req_all: &mut u8, + req_msgs_supported: &mut [u8; 16], +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqGetTdispCapabilities { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::GET_TDISP_CAPABILITIES, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + tsm_caps, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let rsp_tdisp_capabilities = RspTdispCapabilities::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_tdisp_capabilities.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_tdisp_capabilities.message_header.message_type + != TdispRequestResponseCode::TDISP_CAPABILITIES + || rsp_tdisp_capabilities.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + *dsm_caps = rsp_tdisp_capabilities.dsm_caps; + req_msgs_supported.copy_from_slice(&rsp_tdisp_capabilities.req_msgs_supported); + *lock_interface_flags_supported = rsp_tdisp_capabilities.lock_interface_flags_supported; + *lock_interface_flags_supported = rsp_tdisp_capabilities.lock_interface_flags_supported; + *dev_addr_width = rsp_tdisp_capabilities.dev_addr_width; + *num_req_this = rsp_tdisp_capabilities.num_req_this; + *num_req_all = rsp_tdisp_capabilities.num_req_all; + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_version.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_version.rs new file mode 100644 index 0000000..8dd6b87 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_get_tdisp_version.rs @@ -0,0 +1,71 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::RspTdispVersion; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::{ReqGetTdispVersion, TdispVersion}; +use crate::pci_tdisp_requester::InterfaceId; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_get_tdisp_version( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqGetTdispVersion { interface_id } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let rsp_tdisp_version = RspTdispVersion::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_tdisp_version.interface_id != interface_id { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if rsp_tdisp_version.version_num_count == 1 + && rsp_tdisp_version.version_num_entry[0] + == (TdispVersion { + major_version: 1, + minor_version: 0, + }) + { + Ok(()) + } else { + Err(SPDM_STATUS_INVALID_MSG_FIELD) + } +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_lock_interface_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_lock_interface_request.rs new file mode 100644 index 0000000..a5da8d9 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_lock_interface_request.rs @@ -0,0 +1,110 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::LockInterfaceFlag; +use crate::pci_tdisp::ReqLockInterfaceRequest; +use crate::pci_tdisp::RspLockInterfaceResponse; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::TdispErrorCode; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::START_INTERFACE_NONCE_LEN; +use crate::pci_tdisp_requester::TdispVersion; + +#[allow(clippy::too_many_arguments)] +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_lock_interface_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + flags: LockInterfaceFlag, + default_stream_id: u8, + mmio_reporting_offset: u64, + bind_p2p_address_mask: u64, + // OUT + start_interface_nonce: &mut [u8; START_INTERFACE_NONCE_LEN], + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqLockInterfaceRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::LOCK_INTERFACE_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + flags, + default_stream_id, + mmio_reporting_offset, + bind_p2p_address_mask, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_lock_interface_response = RspLockInterfaceResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_lock_interface_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_lock_interface_response.message_header.message_type + != TdispRequestResponseCode::LOCK_INTERFACE_RESPONSE + || rsp_lock_interface_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + start_interface_nonce.copy_from_slice(&rsp_lock_interface_response.start_interface_nonce); + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_set_mmio_attribute_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_set_mmio_attribute_request.rs new file mode 100644 index 0000000..9aa6e60 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_set_mmio_attribute_request.rs @@ -0,0 +1,97 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::ReqSetMmioAttributeRequest; +use crate::pci_tdisp::RspSetMmioAttributeResponse; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::TdispMmioRange; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::{ + InterfaceId, TdispErrorCode, TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_set_mmio_attribute_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + mmio_range: TdispMmioRange, + // OUT + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqSetMmioAttributeRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + mmio_range, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_set_mmio_attribute_response = RspSetMmioAttributeResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_set_mmio_attribute_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_set_mmio_attribute_response.message_header.message_type + != TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_RESPONSE + || rsp_set_mmio_attribute_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_start_interface_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_start_interface_request.rs new file mode 100644 index 0000000..deadcaf --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_start_interface_request.rs @@ -0,0 +1,99 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::ReqStartInterfaceRequest; +use crate::pci_tdisp::RspStartInterfaceResponse; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::TdispErrorCode; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::TdispVersion; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::START_INTERFACE_NONCE_LEN; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_start_interface_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + start_interface_nonce: &[u8; START_INTERFACE_NONCE_LEN], + // OUT + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqStartInterfaceRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::START_INTERFACE_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + start_interface_nonce: *start_interface_nonce, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_start_interface_response = RspStartInterfaceResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_start_interface_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_start_interface_response.message_header.message_type + != TdispRequestResponseCode::START_INTERFACE_RESPONSE + || rsp_start_interface_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_stop_interface_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_stop_interface_request.rs new file mode 100644 index 0000000..1b804c5 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_stop_interface_request.rs @@ -0,0 +1,81 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::InterfaceId; +use crate::pci_tdisp::ReqStopInterfaceRequest; +use crate::pci_tdisp::RspStopInterfaceResponse; +use crate::pci_tdisp::TdispMessageHeader; +use crate::pci_tdisp::TdispRequestResponseCode; +use crate::pci_tdisp::TdispVersion; +use crate::pci_tdisp::STANDARD_ID; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_stop_interface_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqStopInterfaceRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::STOP_INTERFACE_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + let rsp_stop_interface_response = RspStopInterfaceResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_stop_interface_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_stop_interface_response.message_header.message_type + != TdispRequestResponseCode::STOP_INTERFACE_RESPONSE + || rsp_stop_interface_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_unbind_p2p_stream_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_unbind_p2p_stream_request.rs new file mode 100644 index 0000000..ce1e6d9 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_unbind_p2p_stream_request.rs @@ -0,0 +1,96 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +use codec::Writer; +use spdmlib::error::SPDM_STATUS_BUFFER_FULL; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD; +use spdmlib::{ + error::SpdmResult, + message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE}, + requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::ReqUnBindP2PStreamRequest; +use crate::pci_tdisp::RspTdispError; +use crate::pci_tdisp::RspUnBindP2PStreamResponse; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::{ + InterfaceId, TdispErrorCode, TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_unbind_p2p_stream_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + interface_id: InterfaceId, + p2p_stream_id: u8, + // OUT + tdisp_error_code: &mut Option, +) -> SpdmResult { + let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload); + + vendor_defined_req_payload_struct.req_length = ReqUnBindP2PStreamRequest { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::UNBIND_P2P_STREAM_REQUEST, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + p2p_stream_id, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)? + as u16; + + let vendor_defined_rsp_payload_struct = spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await?; + + if let Ok(tdisp_error) = RspTdispError::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD) + { + *tdisp_error_code = Some(tdisp_error.error_code); + return Err(SPDM_STATUS_ERROR_PEER); + } + + let rsp_un_bind_p2_pstream_response = RspUnBindP2PStreamResponse::read_bytes( + &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload + [..vendor_defined_rsp_payload_struct.rsp_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + if rsp_un_bind_p2_pstream_response.message_header.tdisp_version + != (TdispVersion { + major_version: 1, + minor_version: 0, + }) + || rsp_un_bind_p2_pstream_response.message_header.message_type + != TdispRequestResponseCode::UNBIND_P2P_STREAM_RESPONSE + || rsp_un_bind_p2_pstream_response.message_header.interface_id != interface_id + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + Ok(()) +} diff --git a/tdisp/src/pci_tdisp_requester/pci_tdisp_req_vdm_request.rs b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_vdm_request.rs new file mode 100644 index 0000000..ffd9eb7 --- /dev/null +++ b/tdisp/src/pci_tdisp_requester/pci_tdisp_req_vdm_request.rs @@ -0,0 +1,37 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::error::SPDM_STATUS_INVALID_PARAMETER; +use spdmlib::message::VendorDefinedRspPayloadStruct; +use spdmlib::{ + error::SpdmResult, message::VendorDefinedReqPayloadStruct, requester::RequesterContext, +}; + +use crate::pci_tdisp::vendor_id; +use crate::pci_tdisp::STANDARD_ID; +use crate::pci_tdisp::TDISP_PROTOCOL_ID; + +#[maybe_async::maybe_async] +pub async fn pci_tdisp_req_vdm_request( + // IN + spdm_requester: &mut RequesterContext, + session_id: u32, + vendor_defined_req_payload_struct: VendorDefinedReqPayloadStruct, + // OUT +) -> SpdmResult { + if vendor_defined_req_payload_struct.req_length < 1 + || vendor_defined_req_payload_struct.vendor_defined_req_payload[0] != TDISP_PROTOCOL_ID + { + Err(SPDM_STATUS_INVALID_PARAMETER) + } else { + spdm_requester + .send_spdm_vendor_defined_request( + Some(session_id), + STANDARD_ID, + vendor_id(), + vendor_defined_req_payload_struct, + ) + .await + } +} diff --git a/tdisp/src/pci_tdisp_responder/mod.rs b/tdisp/src/pci_tdisp_responder/mod.rs new file mode 100644 index 0000000..b35fd5e --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/mod.rs @@ -0,0 +1,21 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub const MAX_TDISP_VERSION_COUNT: usize = u8::MAX as usize; + +pub mod pci_tdisp_rsp_dispatcher; +pub use pci_tdisp_rsp_dispatcher::*; + +pub mod pci_tdisp_rsp_bind_p2p_stream_request; +pub mod pci_tdisp_rsp_device_interface_report; +pub mod pci_tdisp_rsp_device_interface_state; +pub mod pci_tdisp_rsp_lock_interface_request; +pub mod pci_tdisp_rsp_set_mmio_attribute_request; +pub mod pci_tdisp_rsp_start_interface_request; +pub mod pci_tdisp_rsp_stop_interface_request; +pub mod pci_tdisp_rsp_tdisp_capabilities; +pub mod pci_tdisp_rsp_tdisp_error; +pub mod pci_tdisp_rsp_tdisp_version; +pub mod pci_tdisp_rsp_unbind_p2p_stream_request; +pub mod pci_tdisp_rsp_vdm_response; diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_bind_p2p_stream_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_bind_p2p_stream_request.rs new file mode 100644 index 0000000..cb9393a --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_bind_p2p_stream_request.rs @@ -0,0 +1,135 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqBindP2PStreamRequest, RspBindP2PStreamResponse, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_BING_P2P_STREAM_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceBindP2pStream { + pub pci_tdisp_device_bind_p2p_stream_cb: fn( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceBindP2pStream) -> bool { + PCI_TDISP_DEVICE_BING_P2P_STREAM_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceBindP2pStream = PciTdispDeviceBindP2pStream { + pci_tdisp_device_bind_p2p_stream_cb: |//IN + _vdm_handle: usize, + _p2p_stream_id: u8, + //OUT + _interface_id: &mut InterfaceId, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_bind_p2p_stream( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_BING_P2P_STREAM_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_bind_p2p_stream_cb)( + vdm_handle, + p2p_stream_id, + interface_id, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_bind_p2p_stream( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_bind_p2_pstream_request = ReqBindP2PStreamRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdisp_error_code = None; + + pci_tdisp_device_bind_p2p_stream( + vdm_handle, + req_bind_p2_pstream_request.p2p_stream_id, + &mut interface_id, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspBindP2PStreamResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::BIND_P2P_STREAM_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_report.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_report.rs new file mode 100644 index 0000000..1edbad1 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_report.rs @@ -0,0 +1,182 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqGetDeviceInterfaceReport, RspDeviceInterfaceReport, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, MAX_DEVICE_REPORT_BUFFER, + MAX_PORTION_LENGTH, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_INTERFACE_REPORT_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +#[allow(clippy::type_complexity)] +pub struct PciTdispDeviceInterfaceReport { + pub pci_tdisp_device_interface_report_cb: fn( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_report: &mut [u8; MAX_DEVICE_REPORT_BUFFER], + tdi_report_size: &mut usize, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceInterfaceReport) -> bool { + PCI_TDISP_DEVICE_INTERFACE_REPORT_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceInterfaceReport = PciTdispDeviceInterfaceReport { + pci_tdisp_device_interface_report_cb: |_: usize, + _: &mut InterfaceId, + _: &mut [u8; MAX_DEVICE_REPORT_BUFFER], + _: &mut usize, + _: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_interface_report( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_report: &mut [u8; MAX_DEVICE_REPORT_BUFFER], + tdi_report_size: &mut usize, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_INTERFACE_REPORT_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_interface_report_cb)( + vdm_handle, + interface_id, + tdi_report, + tdi_report_size, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_interface_report( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_get_device_interface_report = ReqGetDeviceInterfaceReport::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdi_report = [0u8; MAX_DEVICE_REPORT_BUFFER]; + let mut tdi_report_size = 0usize; + let mut tdisp_error_code_code = None; + + // device need to check tdi state + pci_tdisp_device_interface_report( + vdm_handle, + &mut interface_id, + &mut tdi_report, + &mut tdi_report_size, + &mut tdisp_error_code_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code_code) = tdisp_error_code_code { + let len = write_error( + vdm_handle, + tdisp_error_code_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let portion_length = if req_get_device_interface_report.length as usize > MAX_PORTION_LENGTH { + MAX_PORTION_LENGTH as u16 + } else { + req_get_device_interface_report.length + }; + + let portion_length = if req_get_device_interface_report.offset as usize + + portion_length as usize + > tdi_report_size + { + let remainder = (tdi_report_size - req_get_device_interface_report.offset as usize) as u16; + if remainder > portion_length { + portion_length + } else { + remainder + } + } else { + portion_length + }; + + let remainder_length = if tdi_report_size + > req_get_device_interface_report.offset as usize + portion_length as usize + { + (tdi_report_size + - req_get_device_interface_report.offset as usize + - portion_length as usize) as u16 + } else { + 0 + }; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let mut report = [0u8; MAX_PORTION_LENGTH]; + report[..portion_length as usize].copy_from_slice( + &tdi_report[req_get_device_interface_report.offset as usize + ..req_get_device_interface_report.offset as usize + portion_length as usize], + ); + + let cnt = RspDeviceInterfaceReport { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::DEVICE_INTERFACE_REPORT, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + portion_length, + remainder_length, + report, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_state.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_state.rs new file mode 100644 index 0000000..85a2272 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_device_interface_state.rs @@ -0,0 +1,132 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqGetDeviceInterfaceState, RspDeviceInterfaceState, TdiState, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_INTERFACE_STATE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceInterfaceState { + pub pci_tdisp_device_interface_state_cb: fn( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_state: &mut TdiState, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceInterfaceState) -> bool { + PCI_TDISP_DEVICE_INTERFACE_STATE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceInterfaceState = PciTdispDeviceInterfaceState { + pci_tdisp_device_interface_state_cb: |_: usize, + _: &mut InterfaceId, + _: &mut TdiState, + _: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_interface_state( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_state: &mut TdiState, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_INTERFACE_STATE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_interface_state_cb)( + vdm_handle, interface_id, tdi_state, tdisp_error_code + ) +} + +pub(crate) fn pci_tdisp_rsp_interface_state( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let _ = ReqGetDeviceInterfaceState::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdi_state = TdiState::ERROR; + let mut tdisp_error_code = None; + + pci_tdisp_device_interface_state( + vdm_handle, + &mut interface_id, + &mut tdi_state, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspDeviceInterfaceState { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::DEVICE_INTERFACE_STATE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + tdi_state, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_dispatcher.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_dispatcher.rs new file mode 100644 index 0000000..cb80f7a --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_dispatcher.rs @@ -0,0 +1,96 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use core::convert::TryFrom; +use spdmlib::{ + error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD}, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, VendorIDStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{vendor_id, TdispErrorCode, TdispRequestResponseCode, TDISP_PROTOCOL_ID}; + +use super::{ + pci_tdisp_rsp_bind_p2p_stream_request::pci_tdisp_rsp_bind_p2p_stream, + pci_tdisp_rsp_device_interface_report::pci_tdisp_rsp_interface_report, + pci_tdisp_rsp_device_interface_state::pci_tdisp_rsp_interface_state, + pci_tdisp_rsp_lock_interface_request::pci_tdisp_rsp_lock_interface, + pci_tdisp_rsp_set_mmio_attribute_request::pci_tdisp_rsp_set_mmio_attribute, + pci_tdisp_rsp_start_interface_request::pci_tdisp_rsp_start_interface, + pci_tdisp_rsp_stop_interface_request::pci_tdisp_rsp_stop_interface, + pci_tdisp_rsp_tdisp_capabilities::pci_tdisp_rsp_capabilities, + pci_tdisp_rsp_tdisp_error::write_error, pci_tdisp_rsp_tdisp_version::pci_tdisp_rsp_version, + pci_tdisp_rsp_unbind_p2p_stream_request::pci_tdisp_rsp_unbind_p2p_stream, + pci_tdisp_rsp_vdm_response::pci_tdisp_rsp_vdm_response, +}; + +pub fn pci_tdisp_rsp_dispatcher( + vdm_handle: usize, + vendor_id_struct: &VendorIDStruct, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + if vendor_defined_req_payload_struct.req_length < 3 + || vendor_id_struct != &vendor_id() + || vendor_defined_req_payload_struct.vendor_defined_req_payload[0] != TDISP_PROTOCOL_ID + { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + if let Ok(request_response_code) = TdispRequestResponseCode::try_from( + vendor_defined_req_payload_struct.vendor_defined_req_payload[2], + ) { + match request_response_code { + TdispRequestResponseCode::GET_TDISP_VERSION => { + pci_tdisp_rsp_version(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::GET_TDISP_CAPABILITIES => { + pci_tdisp_rsp_capabilities(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::LOCK_INTERFACE_REQUEST => { + pci_tdisp_rsp_lock_interface(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::GET_DEVICE_INTERFACE_REPORT => { + pci_tdisp_rsp_interface_report(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::GET_DEVICE_INTERFACE_STATE => { + pci_tdisp_rsp_interface_state(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::START_INTERFACE_REQUEST => { + pci_tdisp_rsp_start_interface(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::STOP_INTERFACE_REQUEST => { + pci_tdisp_rsp_stop_interface(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_REQUEST => { + pci_tdisp_rsp_set_mmio_attribute(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::BIND_P2P_STREAM_REQUEST => { + pci_tdisp_rsp_bind_p2p_stream(vdm_handle, vendor_defined_req_payload_struct) + } + TdispRequestResponseCode::UNBIND_P2P_STREAM_REQUEST => { + pci_tdisp_rsp_unbind_p2p_stream(vdm_handle, vendor_defined_req_payload_struct) + } + _ => { + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let len = write_error( + vdm_handle, + TdispErrorCode::UNSUPPORTED_REQUEST, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + Ok(vendor_defined_rsp_payload_struct) + } + } + } else { + pci_tdisp_rsp_vdm_response(vdm_handle, vendor_defined_req_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_lock_interface_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_lock_interface_request.rs new file mode 100644 index 0000000..668f746 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_lock_interface_request.rs @@ -0,0 +1,161 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, LockInterfaceFlag, ReqLockInterfaceRequest, RspLockInterfaceResponse, + TdispErrorCode, TdispMessageHeader, TdispRequestResponseCode, TdispVersion, + START_INTERFACE_NONCE_LEN, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_LOCK_INTERFACE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceLockInterface { + #[allow(clippy::type_complexity)] + pub pci_tdisp_device_lock_interface_cb: fn( + // IN + vdm_handle: usize, + flags: &LockInterfaceFlag, + default_stream_id: u8, + mmio_reporting_offset: u64, + bind_p2p_address_mask: u64, + // OUT + interface_id: &mut InterfaceId, + start_interface_nonce: &mut [u8; START_INTERFACE_NONCE_LEN], + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceLockInterface) -> bool { + PCI_TDISP_DEVICE_LOCK_INTERFACE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceLockInterface = PciTdispDeviceLockInterface { + pci_tdisp_device_lock_interface_cb: + |// IN + _vdm_handle: usize, + _flags: &LockInterfaceFlag, + _default_stream_id: u8, + _mmio_reporting_offset: u64, + _bind_p2p_address_mask: u64, + // OUT + _interface_id: &mut InterfaceId, + _start_interface_nonce: &mut [u8; START_INTERFACE_NONCE_LEN], + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +#[allow(clippy::too_many_arguments)] +pub(crate) fn pci_tdisp_device_lock_interface( + // IN + vdm_handle: usize, + flags: &LockInterfaceFlag, + default_stream_id: u8, + mmio_reporting_offset: u64, + bind_p2p_address_mask: u64, + // OUT + interface_id: &mut InterfaceId, + start_interface_nonce: &mut [u8; START_INTERFACE_NONCE_LEN], + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_LOCK_INTERFACE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_lock_interface_cb)( + vdm_handle, + flags, + default_stream_id, + mmio_reporting_offset, + bind_p2p_address_mask, + interface_id, + start_interface_nonce, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_lock_interface( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_lock_interface_request = ReqLockInterfaceRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut interface_id = InterfaceId::default(); + let mut start_interface_nonce = [0u8; START_INTERFACE_NONCE_LEN]; + let mut tdisp_error_code = None; + + pci_tdisp_device_lock_interface( + vdm_handle, + &req_lock_interface_request.flags, + req_lock_interface_request.default_stream_id, + req_lock_interface_request.mmio_reporting_offset, + req_lock_interface_request.bind_p2p_address_mask, + &mut interface_id, + &mut start_interface_nonce, + &mut tdisp_error_code, + )?; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspLockInterfaceResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::LOCK_INTERFACE_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + start_interface_nonce, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_set_mmio_attribute_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_set_mmio_attribute_request.rs new file mode 100644 index 0000000..3b24933 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_set_mmio_attribute_request.rs @@ -0,0 +1,135 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqSetMmioAttributeRequest, RspSetMmioAttributeResponse, TdispErrorCode, + TdispMessageHeader, TdispMmioRange, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_SET_MMIO_ATTRIBUTE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceSetMmioAttribute { + pub pci_tdisp_device_set_mmio_attribute_cb: fn( + //IN + vdm_handle: usize, + mmio_range: &TdispMmioRange, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceSetMmioAttribute) -> bool { + PCI_TDISP_DEVICE_SET_MMIO_ATTRIBUTE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceSetMmioAttribute = PciTdispDeviceSetMmioAttribute { + pci_tdisp_device_set_mmio_attribute_cb: |//IN + _vdm_handle: usize, + _mmio_range: &TdispMmioRange, + //OUT + _interface_id: &mut InterfaceId, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_set_mmio_attribute( + //IN + vdm_handle: usize, + mmio_range: &TdispMmioRange, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_SET_MMIO_ATTRIBUTE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_set_mmio_attribute_cb)( + vdm_handle, + mmio_range, + interface_id, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_set_mmio_attribute( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_set_mmio_attribute_request = ReqSetMmioAttributeRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdisp_error_code = None; + + pci_tdisp_device_set_mmio_attribute( + vdm_handle, + &req_set_mmio_attribute_request.mmio_range, + &mut interface_id, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspSetMmioAttributeResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::SET_MMIO_ATTRIBUTE_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_start_interface_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_start_interface_request.rs new file mode 100644 index 0000000..88d29e4 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_start_interface_request.rs @@ -0,0 +1,136 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqStartInterfaceRequest, RspStartInterfaceResponse, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, START_INTERFACE_NONCE_LEN, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_START_INTERFACE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceStartInterface { + pub pci_tdisp_device_start_interface_cb: fn( + //IN + vdm_handle: usize, + start_interface_nonce: &[u8; START_INTERFACE_NONCE_LEN], + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceStartInterface) -> bool { + PCI_TDISP_DEVICE_START_INTERFACE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceStartInterface = PciTdispDeviceStartInterface { + pci_tdisp_device_start_interface_cb: + |//IN + _vdm_handle: usize, + _start_interface_nonce: &[u8; START_INTERFACE_NONCE_LEN], + //OUT + _interface_id: &mut InterfaceId, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_start_interface( + //IN + vdm_handle: usize, + start_interface_nonce: &[u8; START_INTERFACE_NONCE_LEN], + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_START_INTERFACE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_start_interface_cb)( + vdm_handle, + start_interface_nonce, + interface_id, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_start_interface( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_start_interface_request = ReqStartInterfaceRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdisp_error_code = None; + + pci_tdisp_device_start_interface( + vdm_handle, + &req_start_interface_request.start_interface_nonce, + &mut interface_id, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspStartInterfaceResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::START_INTERFACE_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_stop_interface_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_stop_interface_request.rs new file mode 100644 index 0000000..0025461 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_stop_interface_request.rs @@ -0,0 +1,122 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqStopInterfaceRequest, RspStartInterfaceResponse, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_STOP_INTERFACE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceStopInterface { + pub pci_tdisp_device_stop_interface_cb: fn( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceStopInterface) -> bool { + PCI_TDISP_DEVICE_STOP_INTERFACE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceStopInterface = PciTdispDeviceStopInterface { + pci_tdisp_device_stop_interface_cb: |// IN + _vdm_handle: usize, + // OUT + _interface_id: &mut InterfaceId, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_stop_interface( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_STOP_INTERFACE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_stop_interface_cb)(vdm_handle, interface_id, tdisp_error_code) +} + +pub(crate) fn pci_tdisp_rsp_stop_interface( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let _ = ReqStopInterfaceRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdisp_error_code = None; + + pci_tdisp_device_stop_interface(vdm_handle, &mut interface_id, &mut tdisp_error_code)?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspStartInterfaceResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::STOP_INTERFACE_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_capabilities.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_capabilities.rs new file mode 100644 index 0000000..d0586d7 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_capabilities.rs @@ -0,0 +1,181 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, LockInterfaceFlag, ReqGetTdispCapabilities, RspTdispCapabilities, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_CAPABILITIES_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceCapabilities { + #[allow(clippy::type_complexity)] + pub pci_tdisp_device_capabilities_cb: fn( + // IN + vdm_handle: usize, + tsm_caps: u32, + // OUT + interface_id: &mut InterfaceId, + dsm_caps: &mut u32, + req_msgs_supported: &mut [u8; 16], + lock_interface_flags_supported: &mut LockInterfaceFlag, + dev_addr_width: &mut u8, + num_req_this: &mut u8, + num_req_all: &mut u8, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceCapabilities) -> bool { + PCI_TDISP_DEVICE_CAPABILITIES_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceCapabilities = PciTdispDeviceCapabilities { + pci_tdisp_device_capabilities_cb: |// IN + _vdm_handle: usize, + _tsm_caps: u32, + // OUT + _interface_id: &mut InterfaceId, + _dsm_caps: &mut u32, + _req_msgs_supported: &mut [u8; 16], + _lock_interface_flags_supported: &mut LockInterfaceFlag, + _dev_addr_width: &mut u8, + _num_req_this: &mut u8, + _num_req_all: &mut u8, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +#[allow(clippy::too_many_arguments)] +pub(crate) fn pci_tdisp_device_capabilities( + // IN + vdm_handle: usize, + tsm_caps: u32, + // OUT + interface_id: &mut InterfaceId, + dsm_caps: &mut u32, + req_msgs_supported: &mut [u8; 16], + lock_interface_flags_supported: &mut LockInterfaceFlag, + dev_addr_width: &mut u8, + num_req_this: &mut u8, + num_req_all: &mut u8, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_CAPABILITIES_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_capabilities_cb)( + // IN + vdm_handle, + tsm_caps, + // OUT + interface_id, + dsm_caps, + req_msgs_supported, + lock_interface_flags_supported, + dev_addr_width, + num_req_this, + num_req_all, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_capabilities( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_get_tdisp_capabilities = ReqGetTdispCapabilities::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut dsm_caps = 0u32; + let mut req_msgs_supported = [0u8; 16]; + let mut lock_interface_flags_supported = LockInterfaceFlag::empty(); + let mut dev_addr_width = 0u8; + let mut num_req_this = 0u8; + let mut num_req_all = 0u8; + let mut tdisp_error_code = None; + + pci_tdisp_device_capabilities( + vdm_handle, + req_get_tdisp_capabilities.tsm_caps, + &mut interface_id, + &mut dsm_caps, + &mut req_msgs_supported, + &mut lock_interface_flags_supported, + &mut dev_addr_width, + &mut num_req_this, + &mut num_req_all, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspTdispCapabilities { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::TDISP_CAPABILITIES, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + dsm_caps, + req_msgs_supported, + lock_interface_flags_supported, + dev_addr_width, + num_req_this, + num_req_all, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_error.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_error.rs new file mode 100644 index 0000000..b3c4c28 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_error.rs @@ -0,0 +1,95 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_STATE_LOCAL}, + message::MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, +}; + +use crate::pci_tdisp::{ + InterfaceId, RspTdispError, TdispErrorCode, TdispMessageHeader, TdispRequestResponseCode, + TdispVersion, +}; + +static PCI_TDISP_DEVICE_ERROR_INSTANCE: OnceCell = OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceError { + #[allow(clippy::type_complexity)] + pub pci_tdisp_device_error_cb: fn( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceError) -> bool { + PCI_TDISP_DEVICE_ERROR_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceError = PciTdispDeviceError { + pci_tdisp_device_error_cb: |// IN + _vdm_handle: usize, + // OUT + _interface_id: &mut InterfaceId| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_error( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, +) -> SpdmResult { + (PCI_TDISP_DEVICE_ERROR_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_error_cb)( + // IN + vdm_handle, + // OUT + interface_id, + ) +} + +pub(crate) fn write_error( + vdm_handle: usize, + error_code: TdispErrorCode, + error_data: u32, + ext_error_data: &[u8], + vendor_defined_rsp_payload: &mut [u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], +) -> SpdmResult { + let mut writer = Writer::init(vendor_defined_rsp_payload); + + let mut interface_id = InterfaceId::default(); + + pci_tdisp_device_error(vdm_handle, &mut interface_id)?; + + let len1 = RspTdispError { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::TDISP_ERROR, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + error_code, + error_data, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if let Some(len2) = writer.extend_from_slice(ext_error_data) { + Ok(len1 + len2) + } else { + Err(SPDM_STATUS_BUFFER_FULL) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_version.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_version.rs new file mode 100644 index 0000000..068e367 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_tdisp_version.rs @@ -0,0 +1,119 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{InterfaceId, ReqGetTdispVersion, RspTdispVersion, TdispVersion}; + +use super::MAX_TDISP_VERSION_COUNT; + +static PCI_TDISP_DEVICE_VERSIONI_INSTANCE: OnceCell = OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceVersion { + #[allow(clippy::type_complexity)] + pub pci_tdisp_device_version_cb: fn( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + version_num_count: &mut u8, + version_num_entry: &mut [TdispVersion; MAX_TDISP_VERSION_COUNT], + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceVersion) -> bool { + PCI_TDISP_DEVICE_VERSIONI_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceVersion = PciTdispDeviceVersion { + pci_tdisp_device_version_cb: |// IN + _vdm_handle: usize, + // OUT + _interface_id: &mut InterfaceId, + _version_num_count: &mut u8, + _version_num_entry: &mut [TdispVersion; + MAX_TDISP_VERSION_COUNT]| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_version( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + version_num_count: &mut u8, + version_num_entry: &mut [TdispVersion; MAX_TDISP_VERSION_COUNT], +) -> SpdmResult { + (PCI_TDISP_DEVICE_VERSIONI_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_version_cb)( + // IN + vdm_handle, + // OUT + interface_id, + version_num_count, + version_num_entry, + ) +} + +pub(crate) fn pci_tdisp_rsp_version( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let _ = ReqGetTdispVersion::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut version_num_count = 0u8; + let mut version_num_entry = [TdispVersion::default(); MAX_TDISP_VERSION_COUNT]; + + pci_tdisp_device_version( + vdm_handle, + &mut interface_id, + &mut version_num_count, + &mut version_num_entry, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspTdispVersion { + interface_id, + version_num_count, + version_num_entry, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_unbind_p2p_stream_request.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_unbind_p2p_stream_request.rs new file mode 100644 index 0000000..5b59652 --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_unbind_p2p_stream_request.rs @@ -0,0 +1,135 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{ + SpdmResult, SPDM_STATUS_BUFFER_FULL, SPDM_STATUS_INVALID_MSG_FIELD, + SPDM_STATUS_INVALID_STATE_LOCAL, + }, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; + +use crate::pci_tdisp::{ + InterfaceId, ReqUnBindP2PStreamRequest, RspUnBindP2PStreamResponse, TdispErrorCode, + TdispMessageHeader, TdispRequestResponseCode, TdispVersion, +}; + +use super::pci_tdisp_rsp_tdisp_error::write_error; + +static PCI_TDISP_DEVICE_UNBING_P2P_STREAM_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceUnBindP2pStream { + pub pci_tdisp_device_unbind_p2p_stream_cb: fn( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceUnBindP2pStream) -> bool { + PCI_TDISP_DEVICE_UNBING_P2P_STREAM_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceUnBindP2pStream = PciTdispDeviceUnBindP2pStream { + pci_tdisp_device_unbind_p2p_stream_cb: |//IN + _vdm_handle: usize, + _p2p_stream_id: u8, + //OUT + _interface_id: &mut InterfaceId, + _tdisp_error_code: &mut Option| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_unbind_p2p_stream( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + (PCI_TDISP_DEVICE_UNBING_P2P_STREAM_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_unbind_p2p_stream_cb)( + vdm_handle, + p2p_stream_id, + interface_id, + tdisp_error_code, + ) +} + +pub(crate) fn pci_tdisp_rsp_unbind_p2p_stream( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + let req_un_bind_p2_pstream_request = ReqUnBindP2PStreamRequest::read_bytes( + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize], + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + + let mut interface_id = InterfaceId::default(); + let mut tdisp_error_code = None; + + pci_tdisp_device_unbind_p2p_stream( + vdm_handle, + req_un_bind_p2_pstream_request.p2p_stream_id, + &mut interface_id, + &mut tdisp_error_code, + )?; + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + if let Some(tdisp_error_code) = tdisp_error_code { + let len = write_error( + vdm_handle, + tdisp_error_code, + 0, + &[], + &mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload, + )?; + vendor_defined_rsp_payload_struct.rsp_length = len as u16; + return Ok(vendor_defined_rsp_payload_struct); + } + + let mut writer = + Writer::init(&mut vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload); + + let cnt = RspUnBindP2PStreamResponse { + message_header: TdispMessageHeader { + interface_id, + message_type: TdispRequestResponseCode::UNBIND_P2P_STREAM_RESPONSE, + tdisp_version: TdispVersion { + major_version: 1, + minor_version: 0, + }, + }, + } + .encode(&mut writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + if cnt > u16::MAX as usize { + Err(SPDM_STATUS_INVALID_STATE_LOCAL) + } else { + vendor_defined_rsp_payload_struct.rsp_length = cnt as u16; + Ok(vendor_defined_rsp_payload_struct) + } +} diff --git a/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_vdm_response.rs b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_vdm_response.rs new file mode 100644 index 0000000..de81d1e --- /dev/null +++ b/tdisp/src/pci_tdisp_responder/pci_tdisp_rsp_vdm_response.rs @@ -0,0 +1,54 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use conquer_once::spin::OnceCell; +use spdmlib::{ + error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}, + message::{VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct}, +}; + +static PCI_TDISP_DEVICE_VDM_RESPONSE_INSTANCE: OnceCell = + OnceCell::uninit(); + +#[derive(Clone)] +pub struct PciTdispDeviceVdmResponse { + pub pci_tdisp_device_vdm_response_cb: fn( + //IN + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, + ) -> SpdmResult, +} + +pub fn register(context: PciTdispDeviceVdmResponse) -> bool { + PCI_TDISP_DEVICE_VDM_RESPONSE_INSTANCE + .try_init_once(|| context) + .is_ok() +} + +static UNIMPLETEMTED: PciTdispDeviceVdmResponse = PciTdispDeviceVdmResponse { + pci_tdisp_device_vdm_response_cb: + |//IN + _vdm_handle: usize, + _vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct| + -> SpdmResult { unimplemented!() }, +}; + +pub(crate) fn pci_tdisp_device_vdm_response( + //IN + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + (PCI_TDISP_DEVICE_VDM_RESPONSE_INSTANCE + .try_get_or_init(|| UNIMPLETEMTED.clone()) + .ok() + .ok_or(SPDM_STATUS_INVALID_STATE_LOCAL)? + .pci_tdisp_device_vdm_response_cb)(vdm_handle, vendor_defined_req_payload_struct) +} + +pub(crate) fn pci_tdisp_rsp_vdm_response( + vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + pci_tdisp_device_vdm_response(vdm_handle, vendor_defined_req_payload_struct) +} diff --git a/test/spdm-emu/Cargo.toml b/test/spdm-emu/Cargo.toml new file mode 100644 index 0000000..524c0bd --- /dev/null +++ b/test/spdm-emu/Cargo.toml @@ -0,0 +1,38 @@ +[package] +name = "spdm-emu" +version = "0.1.0" +authors = ["Jiewen Yao "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +log = "0.4.13" +ring = { version = "0.17.6" } +webpki = { version = "0.22.4", default-features = false, features = ["alloc"]} +untrusted = { version = "0.9.0" } +codec = { path = "../../codec" } +spdmlib = { path = "../../spdmlib", default-features = false } +mctp_transport = { path = "../../mctp_transport" } +pcidoe_transport = { path = "../../pcidoe_transport" } +bytes = { version = "1", default-features = false } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +tokio = { version = "1.30.0", features = ["full"] } +executor = { path = "../../executor" } +maybe-async = "0.2.7" + +spdmlib_crypto_mbedtls = { path = "../../spdmlib_crypto_mbedtls", default-features = false, optional = true } + +[features] +default = ["spdm-ring", "spdmlib/hashed-transcript-data", "async-executor"] +mut-auth = ["spdmlib/mut-auth"] +mandatory-mut-auth = ["mut-auth", "spdmlib/mandatory-mut-auth"] +spdm-ring = ["spdmlib/spdm-ring", "spdmlib/std"] +spdm-mbedtls = ["spdmlib_crypto_mbedtls"] +hashed-transcript-data = ["spdmlib/hashed-transcript-data", "spdmlib_crypto_mbedtls?/hashed-transcript-data"] +async-executor = [] +async-tokio = [] +is_sync = ["spdmlib/is_sync", "maybe-async/is_sync", "mctp_transport/is_sync", "pcidoe_transport/is_sync"] diff --git a/test/spdm-emu/src/async_runtime.rs b/test/spdm-emu/src/async_runtime.rs new file mode 100644 index 0000000..1e49db0 --- /dev/null +++ b/test/spdm-emu/src/async_runtime.rs @@ -0,0 +1,29 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::boxed::Box; +use core::{future::Future, pin::Pin}; + +// Run async task +pub fn block_on(future: Pin + 'static + Send>>) -> T +where + T: Send + 'static, +{ + #[cfg(feature = "is_sync")] + compile_error!("block_on function is not available when feature is `is_sync`"); + + #[cfg(all(feature = "async-executor", feature = "async-tokio"))] + compile_error!("features `async-executor` and `async-tokio` are mutually exclusive"); + + if cfg!(feature = "async-executor") { + executor::block_on(future) + } else if cfg!(feature = "async-tokio") { + let rt = tokio::runtime::Runtime::new().unwrap(); + + rt.block_on(future) + } else { + panic!("Calling block_on require one of `async-executor` or `async-tokio` is enabled!"); + } +} diff --git a/test/spdm-emu/src/crypto.rs b/test/spdm-emu/src/crypto.rs new file mode 100644 index 0000000..165f549 --- /dev/null +++ b/test/spdm-emu/src/crypto.rs @@ -0,0 +1,26 @@ +// Copyright (c) 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#[cfg(feature = "spdm-mbedtls")] +pub fn crypto_mbedtls_register_handles() { + spdmlib::crypto::aead::register(spdmlib_crypto_mbedtls::aead_impl::DEFAULT.clone()); + + spdmlib::crypto::asym_verify::register( + spdmlib_crypto_mbedtls::asym_verify_impl::DEFAULT.clone(), + ); + + spdmlib::crypto::cert_operation::register( + spdmlib_crypto_mbedtls::cert_operation_impl::DEFAULT.clone(), + ); + + spdmlib::crypto::dhe::register(spdmlib_crypto_mbedtls::dhe_impl::DEFAULT.clone()); + + spdmlib::crypto::hash::register(spdmlib_crypto_mbedtls::hash_impl::DEFAULT.clone()); + + spdmlib::crypto::hkdf::register(spdmlib_crypto_mbedtls::hkdf_impl::DEFAULT.clone()); + + spdmlib::crypto::hmac::register(spdmlib_crypto_mbedtls::hmac_impl::DEFAULT.clone()); + + spdmlib::crypto::rand::register(spdmlib_crypto_mbedtls::rand_impl::DEFAULT.clone()); +} diff --git a/test/spdm-emu/src/crypto_callback.rs b/test/spdm-emu/src/crypto_callback.rs new file mode 100644 index 0000000..e76a181 --- /dev/null +++ b/test/spdm-emu/src/crypto_callback.rs @@ -0,0 +1,181 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use std::path::PathBuf; + +use spdmlib::secret::SpdmSecretAsymSign; + +use spdmlib::protocol::{ + SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct, RSAPSS_2048_KEY_SIZE, + RSAPSS_3072_KEY_SIZE, RSAPSS_4096_KEY_SIZE, RSASSA_2048_KEY_SIZE, RSASSA_3072_KEY_SIZE, + RSASSA_4096_KEY_SIZE, SPDM_MAX_ASYM_KEY_SIZE, +}; + +pub static SECRET_ASYM_IMPL_INSTANCE: SpdmSecretAsymSign = + SpdmSecretAsymSign { sign_cb: asym_sign }; + +fn asym_sign( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + data: &[u8], +) -> Option { + match (base_hash_algo, base_asym_algo) { + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256) => { + sign_ecdsa_asym_algo(&ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING, data) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384) => { + sign_ecdsa_asym_algo(&ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING, data) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PKCS1_SHA256, + base_asym_algo.get_size() as usize, + data, + ) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PSS_SHA256, + base_asym_algo.get_size() as usize, + data, + ) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PKCS1_SHA384, + base_asym_algo.get_size() as usize, + data, + ) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PSS_SHA384, + base_asym_algo.get_size() as usize, + data, + ) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PKCS1_SHA512, + base_asym_algo.get_size() as usize, + data, + ) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_2048) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_3072) + | (SpdmBaseHashAlgo::TPM_ALG_SHA_512, SpdmBaseAsymAlgo::TPM_ALG_RSAPSS_4096) => { + sign_rsa_asym_algo( + &ring::signature::RSA_PSS_SHA512, + base_asym_algo.get_size() as usize, + data, + ) + } + _ => { + panic!(); + } + } +} + +fn sign_ecdsa_asym_algo( + algorithm: &'static ring::signature::EcdsaSigningAlgorithm, + data: &[u8], +) -> Option { + // openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -outform DER > private.der + // or openssl.exe ecparam -name prime256v1 -genkey -out private.der -outform der + // openssl.exe pkcs8 -in private.der -inform DER -topk8 -nocrypt -outform DER > private.p8 + + let crate_dir = get_test_key_directory(); + println!("crate dir: {:?}", crate_dir.as_os_str().to_str()); + let key_file_path = if algorithm == &ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING { + crate_dir.join("test_key/ecp256/end_responder.key.p8") + } else if algorithm == &ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING { + crate_dir.join("test_key/ecp384/end_responder.key.p8") + } else { + panic!("not support") + }; + let der_file = std::fs::read(key_file_path).expect("unable to read key der!"); + let key_bytes = der_file.as_slice(); + let rng = ring::rand::SystemRandom::new(); + let key_pair: ring::signature::EcdsaKeyPair = + ring::signature::EcdsaKeyPair::from_pkcs8(algorithm, key_bytes, &rng).ok()?; + + let rng = ring::rand::SystemRandom::new(); + + let signature = key_pair.sign(&rng, data).ok()?; + let signature = signature.as_ref(); + + let mut full_signature: [u8; SPDM_MAX_ASYM_KEY_SIZE] = [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + full_signature[..signature.len()].copy_from_slice(signature); + + Some(SpdmSignatureStruct { + data_size: signature.len() as u16, + data: full_signature, + }) +} + +fn sign_rsa_asym_algo( + padding_alg: &'static dyn ring::signature::RsaEncoding, + key_len: usize, + data: &[u8], +) -> Option { + // openssl.exe genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -outform DER > private.der + let crate_dir = get_test_key_directory(); + + #[allow(unreachable_patterns)] + let key_file_path = match key_len { + RSASSA_2048_KEY_SIZE | RSAPSS_2048_KEY_SIZE => { + crate_dir.join("test_key/rsa2048/end_responder.key.der") + } + RSASSA_3072_KEY_SIZE | RSAPSS_3072_KEY_SIZE => { + crate_dir.join("test_key/rsa3072/end_responder.key.der") + } + RSASSA_4096_KEY_SIZE | RSAPSS_4096_KEY_SIZE => { + crate_dir.join("test_key/rsa3072/end_responder.key.der") + } + _ => { + panic!("RSA key len not supported") + } + }; + let der_file = std::fs::read(key_file_path).expect("unable to read key der!"); + let key_bytes = der_file.as_slice(); + + let key_pair: ring::signature::RsaKeyPair = + ring::signature::RsaKeyPair::from_der(key_bytes).ok()?; + + if key_len != key_pair.public().modulus_len() { + panic!(); + } + + let rng = ring::rand::SystemRandom::new(); + + let mut full_sign = [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + key_pair + .sign(padding_alg, &rng, data, &mut full_sign[0..key_len]) + .ok()?; + + Some(SpdmSignatureStruct { + data_size: key_len as u16, + data: full_sign, + }) +} + +fn get_test_key_directory() -> PathBuf { + let crate_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR")); + let crate_dir = crate_dir + .parent() + .expect("can't find parent dir") + .parent() + .expect("can't find parent_dir"); + crate_dir.to_path_buf() +} diff --git a/test/spdm-emu/src/lib.rs b/test/spdm-emu/src/lib.rs new file mode 100644 index 0000000..34e599c --- /dev/null +++ b/test/spdm-emu/src/lib.rs @@ -0,0 +1,65 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +#[cfg(all( + feature = "is_sync", + any(feature = "async-executor", feature = "async-tokio") +))] +compile_error!("Only support either sync mode or async mode, not both at the same time!"); + +#[cfg(not(feature = "is_sync"))] +pub mod async_runtime; +pub mod crypto; +pub mod crypto_callback; +pub mod secret_impl_sample; +pub mod socket_io_transport; +pub mod spdm_emu; +pub mod watchdog_impl_sample; + +use std::mem::size_of; + +use mctp_transport::{MctpTransportEncap, MCTP_TRANSPORT_STACK_SIZE}; +use pcidoe_transport::{PciDoeTransportEncap, PCIDOE_TRANSPORT_STACK_SIZE}; +use socket_io_transport::DEVICE_IO_STACK_SIZE; +use spdmlib::{ + config::{RECEIVER_BUFFER_SIZE, SENDER_BUFFER_SIZE}, + protocol::{ + SpdmCertChainBuffer, SpdmCertChainData, SpdmMeasurementRecordStructure, + SPDM_MAX_SLOT_NUMBER, + }, + SPDM_STACK_SIZE, +}; +use std::net::TcpStream; + +#[allow(non_snake_case)] +pub const fn MAX(a: usize, b: usize) -> usize { + if a > b { + a + } else { + b + } +} + +const TRANSPORT_STACK_SIZE: usize = MAX(PCIDOE_TRANSPORT_STACK_SIZE, MCTP_TRANSPORT_STACK_SIZE); + +const EMU_FUNCTION_STACK_SIZE: usize = SENDER_BUFFER_SIZE + + RECEIVER_BUFFER_SIZE + + size_of::() + + size_of::() + + size_of::() + + size_of::() * 255 + + size_of::() * (SPDM_MAX_SLOT_NUMBER + 1) + + size_of::() * SPDM_MAX_SLOT_NUMBER + + size_of::() * 256; // for general stack case + +#[allow(clippy::identity_op)] +const ASYNC_RUNTIME_SIZE: usize = 1 * 1024 * 1024; // for executor dispatcher like tokio + +pub const EMU_STACK_SIZE: usize = TRANSPORT_STACK_SIZE + + DEVICE_IO_STACK_SIZE + + SPDM_STACK_SIZE + + EMU_FUNCTION_STACK_SIZE + + ASYNC_RUNTIME_SIZE; diff --git a/test/spdm-emu/src/secret_impl_sample.rs b/test/spdm-emu/src/secret_impl_sample.rs new file mode 100644 index 0000000..9836743 --- /dev/null +++ b/test/spdm-emu/src/secret_impl_sample.rs @@ -0,0 +1,319 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(dead_code)] +#![allow(unused_variables)] +use codec::u24; +use codec::Codec; +use codec::Writer; +use spdmlib::common::key_schedule::SpdmKeySchedule; +use spdmlib::config; +use spdmlib::crypto; +use spdmlib::crypto::hash; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::protocol::{ + SpdmBaseHashAlgo, SpdmDigestStruct, SpdmHkdfOutputKeyingMaterial, + SpdmMeasurementRecordStructure, SpdmMeasurementSpecification, SpdmMeasurementSummaryHashType, +}; +use spdmlib::secret::*; + +pub static SECRET_MEASUREMENT_IMPL_INSTANCE: SpdmSecretMeasurement = SpdmSecretMeasurement { + measurement_collection_cb: measurement_collection_impl, + generate_measurement_summary_hash_cb: generate_measurement_summary_hash_impl, +}; + +pub static SECRET_PSK_IMPL_INSTANCE: SpdmSecretPsk = SpdmSecretPsk { + handshake_secret_hkdf_expand_cb: handshake_secret_hkdf_expand_impl, + master_secret_hkdf_expand_cb: master_secret_hkdf_expand_impl, +}; + +#[allow(clippy::field_reassign_with_default)] +fn measurement_collection_impl( + spdm_version: SpdmVersion, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_index: usize, +) -> Option { + if measurement_specification != SpdmMeasurementSpecification::DMTF { + None + } else { + let base_hash_algo = match measurement_hash_algo { + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256 => SpdmBaseHashAlgo::TPM_ALG_SHA_256, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384 => SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_512 => SpdmBaseHashAlgo::TPM_ALG_SHA_512, + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_256 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_384 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_512 + | SpdmMeasurementHashAlgo::TPM_ALG_SM3 => return None, + _ => return None, + }; + let hashsize = base_hash_algo.get_size(); + if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber.get_u8() as usize + { + let mut dummy_spdm_measurement_record_structure = + SpdmMeasurementRecordStructure::default(); + dummy_spdm_measurement_record_structure.number_of_blocks = 10; + Some(dummy_spdm_measurement_record_structure) + } else if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementRequestAll.get_u8() as usize + { + let mut firmware1: [u8; 8] = [0; 8]; + let mut firmware2: [u8; 8] = [0; 8]; + let mut firmware3: [u8; 8] = [0; 8]; + let mut firmware4: [u8; 8] = [0; 8]; + let mut firmware5: [u8; 8] = [0; 8]; + let mut firmware6: [u8; 8] = [0; 8]; + let mut firmware7: [u8; 8] = [0; 8]; + let mut firmware8: [u8; 8] = [0; 8]; + let mut firmware9: [u8; 8] = [0; 8]; + let mut firmware10: [u8; 8] = [0; 8]; + firmware1.copy_from_slice("deadbeef".as_bytes()); + firmware2.copy_from_slice("eadbeefd".as_bytes()); + firmware3.copy_from_slice("adbeefde".as_bytes()); + firmware4.copy_from_slice("dbeefdea".as_bytes()); + firmware5.copy_from_slice("beefdead".as_bytes()); + firmware6.copy_from_slice("deadbeef".as_bytes()); + firmware7.copy_from_slice("eadbeefd".as_bytes()); + firmware8.copy_from_slice("adbeefde".as_bytes()); + firmware9.copy_from_slice("dbeefdea".as_bytes()); + firmware10.copy_from_slice("beefdead".as_bytes()); + let digest1 = hash::hash_all(base_hash_algo, &firmware1).expect("hash_all failed!"); + let digest2 = hash::hash_all(base_hash_algo, &firmware2).expect("hash_all failed!"); + let digest3 = hash::hash_all(base_hash_algo, &firmware3).expect("hash_all failed!"); + let digest4 = hash::hash_all(base_hash_algo, &firmware4).expect("hash_all failed!"); + let digest5 = hash::hash_all(base_hash_algo, &firmware5).expect("hash_all failed!"); + let digest6 = hash::hash_all(base_hash_algo, &firmware6).expect("hash_all failed!"); + let digest7 = hash::hash_all(base_hash_algo, &firmware7).expect("hash_all failed!"); + let digest8 = hash::hash_all(base_hash_algo, &firmware8).expect("hash_all failed!"); + let digest9 = hash::hash_all(base_hash_algo, &firmware9).expect("hash_all failed!"); + let digest10 = hash::hash_all(base_hash_algo, &firmware10).expect("hash_all failed!"); + let mut digest_value1: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value2: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value3: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value4: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value5: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value6: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value7: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value8: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value9: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value10: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value1[..64].copy_from_slice(digest1.data.as_ref()); + digest_value2[..64].copy_from_slice(digest2.data.as_ref()); + digest_value3[..64].copy_from_slice(digest3.data.as_ref()); + digest_value4[..64].copy_from_slice(digest4.data.as_ref()); + digest_value5[..64].copy_from_slice(digest5.data.as_ref()); + digest_value6[..64].copy_from_slice(digest6.data.as_ref()); + digest_value7[..64].copy_from_slice(digest7.data.as_ref()); + digest_value8[..64].copy_from_slice(digest8.data.as_ref()); + digest_value9[..64].copy_from_slice(digest9.data.as_ref()); + digest_value10[..64].copy_from_slice(digest10.data.as_ref()); + + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification, + measurement_size: digest1.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest1.data_size, + value: digest_value1, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + for i in 0..10 { + spdm_measurement_block_structure.encode(&mut writer).ok()?; + spdm_measurement_block_structure.index += 1; + } + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 10, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } else if measurement_index > 10 { + None + } else { + let mut firmware: [u8; 8] = [0; 8]; + firmware.copy_from_slice("deadbeef".as_bytes()); + + let digest = hash::hash_all(base_hash_algo, &firmware)?; + + let mut digest_value: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value[(measurement_index) * SPDM_MAX_HASH_SIZE + ..(measurement_index + 1) * SPDM_MAX_HASH_SIZE] + .copy_from_slice(digest.data.as_ref()); + + let spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: measurement_index as u8, + measurement_specification, + measurement_size: digest.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest.data_size, + value: digest_value, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + spdm_measurement_block_structure.encode(&mut writer).ok()?; + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 1, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } + } +} + +fn generate_measurement_summary_hash_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, +) -> Option { + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll => { + let mut dummyall: [u8; 8] = [0; 8]; + dummyall.copy_from_slice("dummyall".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummyall)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + let mut dummytcb: [u8; 8] = [0; 8]; + dummytcb.copy_from_slice("dummytcb".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummytcb)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => None, + _ => None, + } +} + +const MAX_BIN_CONCAT_BUF_SIZE: usize = 2 + 8 + 12 + SPDM_MAX_HASH_SIZE; +const SALT_0: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const ZERO_FILLED: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const BIN_STR0_LABEL: &[u8] = b"derived"; + +fn handshake_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, info, base_hash_algo.get_size()) +} + +fn master_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str0 = SpdmKeySchedule::binconcat( + &SpdmKeySchedule, + base_hash_algo.get_size(), + spdm_version, + BIN_STR0_LABEL, + None, + buffer, + )?; + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + let salt_1 = + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, bin_str0, base_hash_algo.get_size())?; + + let mst_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + salt_1.as_ref(), + &SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(&SpdmZeroFilledStruct { + data_size: base_hash_algo.get_size(), + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &mst_sec, info, base_hash_algo.get_size()) +} + +#[cfg(test)] +mod tests { + use super::SECRET_MEASUREMENT_IMPL_INSTANCE; + use codec::Codec; + use spdmlib::protocol::{ + SpdmBaseHashAlgo, SpdmMeasurementBlockStructure, SpdmMeasurementSpecification, SpdmVersion, + }; + + #[test] + fn test_case0_measurement_collection() { + let reg_result = register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + assert_eq!(reg_result, true); + + let records = measurement_collection( + SpdmVersion::SpdmVersion11, + SpdmMeasurementSpecification::DMTF, + SpdmBaseHashAlgo::TPM_ALG_SHA_512, + 1, + ); + let deadbeefsha512 = [ + 17, 58, 59, 199, 131, 216, 81, 252, 3, 115, 33, 75, 25, 234, 123, 233, 250, 61, 229, + 65, 236, 185, 254, 2, 109, 82, 198, 3, 232, 234, 25, 193, 116, 204, 14, 151, 5, 248, + 185, 13, 49, 34, 18, 192, 195, 166, 216, 69, 61, 223, 179, 227, 20, 20, 9, 207, 75, + 237, 200, 239, 3, 53, 144, 180, + ]; + + match records { + Some(v) => { + let spdm_measurement_block_structure = + SpdmMeasurementBlockStructure::read_bytes(&v.measurement_record_data).unwrap(); + assert_eq!( + deadbeefsha512, + &spdm_measurement_block_structure.measurement.value[0..SHA512_DIGEST_SIZE] + ); + } + None => { + assert!(false) + } + } + } +} diff --git a/test/spdm-emu/src/socket_io_transport.rs b/test/spdm-emu/src/socket_io_transport.rs new file mode 100644 index 0000000..1af97c6 --- /dev/null +++ b/test/spdm-emu/src/socket_io_transport.rs @@ -0,0 +1,83 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::spdm_emu::*; +use std::net::TcpStream; + +use spdmlib::common::SpdmDeviceIo; +use spdmlib::config; +use spdmlib::error::SpdmResult; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +pub const DEVICE_IO_STACK_SIZE: usize = core::mem::size_of::() + + config::RECEIVER_BUFFER_SIZE + + core::mem::size_of::() * 256; // for general stack case; + +pub struct SocketIoTransport { + pub data: Arc>, + transport_type: u32, +} +impl SocketIoTransport { + pub fn new(stream: Arc>) -> Self { + SocketIoTransport { + data: stream, + transport_type: if USE_PCIDOE { + SOCKET_TRANSPORT_TYPE_PCI_DOE + } else { + SOCKET_TRANSPORT_TYPE_MCTP + }, + } + } +} + +#[maybe_async::maybe_async] +impl SpdmDeviceIo for SocketIoTransport { + async fn receive( + &mut self, + read_buffer: Arc>, + timeout: usize, + ) -> Result { + let mut buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + + if let Some((_, command, payload)) = + receive_message(self.data.clone(), &mut buffer[..], timeout).await + { + // TBD: do we need this? + // self.transport_type = transport_type; + let used = payload.len(); + let total = used + SOCKET_HEADER_LEN; + if command == SOCKET_SPDM_COMMAND_NORMAL { + read_buffer[..used].copy_from_slice(payload); + Ok(used) + } else { + // this commmand need caller to deal. + read_buffer[..total].copy_from_slice(&buffer[..total]); + Err(total) + } + } else { + // socket header can't be received. + Err(0) + } + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + send_message( + self.data.clone(), + self.transport_type, + SOCKET_SPDM_COMMAND_NORMAL, + &buffer, + ); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} diff --git a/test/spdm-emu/src/spdm_emu.rs b/test/spdm-emu/src/spdm_emu.rs new file mode 100644 index 0000000..e5d557b --- /dev/null +++ b/test/spdm-emu/src/spdm_emu.rs @@ -0,0 +1,157 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use std::io::{Read, Write}; +use std::net::TcpStream; + +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +use codec::{Codec, Reader, Writer}; +use spdmlib::config; + +pub const SOCKET_HEADER_LEN: usize = 12; +pub const USE_PCIDOE: bool = true; // align with DMTF spdm_emu +pub const USE_ECDSA: bool = true; + +pub const SOCKET_TRANSPORT_TYPE_MCTP: u32 = 0x01; +pub const SOCKET_TRANSPORT_TYPE_PCI_DOE: u32 = 0x02; + +pub const SOCKET_SPDM_COMMAND_NORMAL: u32 = 0x0001; +pub const SOCKET_SPDM_COMMAND_STOP: u32 = 0xFFFE; +pub const SOCKET_SPDM_COMMAND_UNKOWN: u32 = 0xFFFF; +pub const SOCKET_SPDM_COMMAND_TEST: u32 = 0xDEAD; + +#[derive(Debug, Copy, Clone, Default)] +pub struct SpdmSocketHeader { + pub command: u32, + pub transport_type: u32, + pub payload_size: u32, +} + +impl Codec for SpdmSocketHeader { + fn encode(&self, bytes: &mut Writer) -> Result { + let mut cnt = 0usize; + cnt += self.command.encode(bytes)?; + cnt += self.transport_type.encode(bytes)?; + cnt += self.payload_size.encode(bytes)?; + Ok(cnt) + } + + fn read(r: &mut Reader) -> Option { + let command = u32::read(r)?; + let transport_type = u32::read(r)?; + let payload_size = u32::read(r)?; + + Some(SpdmSocketHeader { + command, + transport_type, + payload_size, + }) + } +} + +// u32 type, u32 command, usize, payload +#[maybe_async::maybe_async] +pub async fn receive_message( + stream: Arc>, + buffer: &mut [u8], + _timeout: usize, +) -> Option<(u32, u32, &[u8])> { + let mut buffer_size = 0; + let mut expected_size = 0; + let mut stream = stream.lock(); + let stream = stream.deref_mut(); + loop { + let s = stream + .read(&mut buffer[buffer_size..]) + .expect("socket read error!"); + buffer_size += s; + if (expected_size == 0) && (buffer_size >= SOCKET_HEADER_LEN) { + let mut reader = Reader::init(&buffer[..core::mem::size_of::()]); + let socket_header = SpdmSocketHeader::read(&mut reader)?; + + expected_size = socket_header.payload_size.to_be() as usize + SOCKET_HEADER_LEN; + } + if (expected_size != 0) && (buffer_size >= expected_size) { + break; + } + } + println!( + "read: {:02X?}{:02X?}", + &buffer[..SOCKET_HEADER_LEN], + &buffer[SOCKET_HEADER_LEN..buffer_size] + ); + + if buffer_size < SOCKET_HEADER_LEN { + return None; + } + + let mut reader = Reader::init(&buffer[..SOCKET_HEADER_LEN]); + let socket_header = SpdmSocketHeader::read(&mut reader)?; + + Some(( + socket_header.transport_type.to_be(), + socket_header.command.to_be(), + &mut buffer[SOCKET_HEADER_LEN..buffer_size], + )) +} + +pub fn send_message( + stream: Arc>, + transport_type: u32, + command: u32, + payload: &[u8], +) -> usize { + let mut buffer = [0u8; config::SENDER_BUFFER_SIZE]; + + let mut writer = Writer::init(&mut buffer); + let payload_size = payload.len(); + let header = SpdmSocketHeader { + command: command.to_be(), + transport_type: transport_type.to_be(), + payload_size: (payload_size as u32).to_be(), + }; + assert!(header.encode(&mut writer).is_ok()); + let used = writer.used(); + assert_eq!(used, SOCKET_HEADER_LEN); + + let buffer_size = SOCKET_HEADER_LEN + payload_size; + let mut stream = stream.lock(); + let stream = stream.deref_mut(); + stream + .write_all(&buffer[..used]) + .expect("socket write error!"); + stream.write_all(payload).expect("socket write error!"); + stream.flush().expect("flush error"); + println!("write: {:02X?}{:02X?}", &buffer[..used], payload); + + buffer_size +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_case0_spdm_socket_header() { + let u8_slice = &mut [0u8; 16]; + let mut writer = Writer::init(u8_slice); + let value = SpdmSocketHeader { + command: 0x100u32, + transport_type: 0x200u32, + payload_size: 0x300u32, + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut reader = Reader::init(u8_slice); + assert_eq!(16, reader.left()); + let spdm_socket_header = SpdmSocketHeader::read(&mut reader).unwrap(); + assert_eq!(spdm_socket_header.command, 0x100u32); + assert_eq!(spdm_socket_header.transport_type, 0x200u32); + assert_eq!(spdm_socket_header.payload_size, 0x300u32); + } +} diff --git a/test/spdm-emu/src/tcp_transport.rs b/test/spdm-emu/src/tcp_transport.rs new file mode 100644 index 0000000..42e3ffb --- /dev/null +++ b/test/spdm-emu/src/tcp_transport.rs @@ -0,0 +1,38 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +// use codec::{Reader, Codec, Writer}; +use std::io::{Read, Write}; +use std::net::TcpStream; + +use spdmlib::common::SpdmDeviceIo; +use spdmlib::error::{SpdmResult, SPDM_STATUS_SEND_FAIL}; + +pub struct TcpTransport<'a> { + pub data: &'a mut TcpStream, +} + +impl SpdmDeviceIo for TcpTransport<'_> { + fn receive(&mut self, buffer: &mut [u8], _timeout: usize) -> Result { + let res = self.data.read(buffer).ok(); + if let Some(size) = res { + Ok(size) + } else { + Err(0) + } + } + + fn send(&mut self, buffer: &[u8]) -> SpdmResult { + let res = self.data.write(buffer); + if res.is_ok() { + Ok(()) + } else { + Err(SPDM_STATUS_SEND_FAIL) + } + } + + fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} diff --git a/test/spdm-emu/src/watchdog_impl_sample.rs b/test/spdm-emu/src/watchdog_impl_sample.rs new file mode 100644 index 0000000..089c712 --- /dev/null +++ b/test/spdm-emu/src/watchdog_impl_sample.rs @@ -0,0 +1,32 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::watchdog::SpdmWatchDog; + +fn start_watchdog(session_id: u32, seconds: u16) { + if seconds == 0 { + log::info!("seconds is 0, watch dog is set to idle all the time."); + } + log::info!( + "Starting watch dog with session id: {:X?}, seconds: {:X?}", + session_id, + seconds + ); +} + +fn stop_watchdog(session_id: u32) { + log::info!("Stoping watch dog with session id: {:X?}", session_id); +} + +fn reset_watchdog(session_id: u32) { + log::info!("Resetting watch dog with session id: {:X?}", session_id); +} + +pub fn init_watchdog() { + spdmlib::watchdog::register(SpdmWatchDog { + start_watchdog_cb: start_watchdog, + stop_watchdog_cb: stop_watchdog, + reset_watchdog_cb: reset_watchdog, + }); +} diff --git a/test/spdm-requester-emu/Cargo.toml b/test/spdm-requester-emu/Cargo.toml new file mode 100644 index 0000000..84ef2fb --- /dev/null +++ b/test/spdm-requester-emu/Cargo.toml @@ -0,0 +1,37 @@ +[package] +name = "spdm-requester-emu" +version = "0.1.0" +authors = ["Jiewen Yao "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +spdm-emu = { path = "../spdm-emu", default-features = false } +spdmlib = { path = "../../spdmlib", default-features = false } +idekm = { path = "../../idekm", default-features = false } +tdisp = { path = "../../tdisp", default-features = false } +codec = { path = "../../codec" } +mctp_transport = { path = "../../mctp_transport" } +pcidoe_transport = { path = "../../pcidoe_transport" } +log = "0.4.13" +simple_logger = "4.2.0" +futures = { version = "0.3", default-features = false } +spin = { version = "0.9.8" } +tokio = { version = "1.30.0", features = ["full"] } +executor = { path = "../../executor" } +maybe-async = "0.2.7" +td-benchmark = { git = "https://github.com/confidential-containers/td-shim.git", default-features = false, optional = true } +dhat = { version = "0.3.2", optional = true } + +[features] +default = ["spdm-emu/default", "async-executor"] +mut-auth = ["spdm-emu/mut-auth"] +spdm-ring = ["spdm-emu/spdm-ring"] +spdm-mbedtls = ["spdm-emu/spdm-mbedtls"] +hashed-transcript-data = ["spdm-emu/hashed-transcript-data"] +async-executor = ["spdm-emu/async-executor"] +async-tokio = ["spdm-emu/async-tokio"] +is_sync = ["spdm-emu/is_sync", "spdmlib/is_sync", "maybe-async/is_sync", "idekm/is_sync", "tdisp/is_sync", "mctp_transport/is_sync", "pcidoe_transport/is_sync"] +test_stack_size = ["td-benchmark"] +test_heap_size = ["dhat"] diff --git a/test/spdm-requester-emu/src/main.rs b/test/spdm-requester-emu/src/main.rs new file mode 100644 index 0000000..9c4077e --- /dev/null +++ b/test/spdm-requester-emu/src/main.rs @@ -0,0 +1,1526 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +use codec::Codec; +use common::SpdmDeviceIo; +use common::SpdmTransportEncap; +use core::convert::TryFrom; +use idekm::pci_ide_km_requester::IdekmReqContext; +use idekm::pci_idekm::Aes256GcmKeyBuffer; +use idekm::pci_idekm::KpAckStatus; +use idekm::pci_idekm::KEY_DIRECTION_RX; +use idekm::pci_idekm::KEY_DIRECTION_TX; +use idekm::pci_idekm::KEY_SET_0; +use idekm::pci_idekm::KEY_SUB_STREAM_CPL; +use idekm::pci_idekm::KEY_SUB_STREAM_NPR; +use idekm::pci_idekm::KEY_SUB_STREAM_PR; +use idekm::pci_idekm::PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT; +use log::LevelFilter; +use log::*; +use simple_logger::SimpleLogger; + +#[cfg(not(feature = "is_sync"))] +use spdm_emu::async_runtime::block_on; +use spdm_emu::crypto_callback::SECRET_ASYM_IMPL_INSTANCE; +use spdm_emu::secret_impl_sample::SECRET_PSK_IMPL_INSTANCE; +use spdm_emu::EMU_STACK_SIZE; +use spdmlib::common; +use spdmlib::common::SecuredMessageVersion; +use spdmlib::common::SpdmOpaqueSupport; +use spdmlib::common::ST1; +use spdmlib::config; +use spdmlib::config::MAX_ROOT_CERT_SUPPORT; +use spdmlib::crypto::rand::get_random; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::requester; + +use mctp_transport::MctpTransportEncap; +use pcidoe_transport::PciDoeTransportEncap; +use spdm_emu::socket_io_transport::SocketIoTransport; +use spdm_emu::spdm_emu::*; +use std::net::TcpStream; +use tdisp::pci_tdisp::FunctionId; +use tdisp::pci_tdisp::InterfaceId; +use tdisp::pci_tdisp::InterfaceInfo; +use tdisp::pci_tdisp::LockInterfaceFlag; +use tdisp::pci_tdisp::TdiState; +use tdisp::pci_tdisp::TdispMmioRange; +use tdisp::pci_tdisp::MAX_DEVICE_REPORT_BUFFER; +use tdisp::pci_tdisp::START_INTERFACE_NONCE_LEN; +use tdisp::pci_tdisp_requester::pci_tdisp_req_get_device_interface_report; +use tdisp::pci_tdisp_requester::pci_tdisp_req_get_device_interface_state; +use tdisp::pci_tdisp_requester::pci_tdisp_req_get_tdisp_capabilities; +use tdisp::pci_tdisp_requester::pci_tdisp_req_get_tdisp_version; +use tdisp::pci_tdisp_requester::pci_tdisp_req_lock_interface_request; +use tdisp::pci_tdisp_requester::pci_tdisp_req_start_interface_request; +use tdisp::pci_tdisp_requester::pci_tdisp_req_stop_interface_request; + +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +#[maybe_async::maybe_async] +async fn send_receive_hello( + stream: Arc>, + transport_encap: Arc>, + transport_type: u32, +) { + println!("send test"); + let mut payload = [0u8; 1024]; + + let mut transport_encap = transport_encap.lock(); + let transport_encap = transport_encap.deref_mut(); + let used = transport_encap + .encap( + Arc::new(b"Client Hello!\0"), + Arc::new(Mutex::new(&mut payload[..])), + false, + ) + .await + .unwrap(); + + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream.clone(), + transport_type, + SOCKET_SPDM_COMMAND_TEST, + &payload[0..used], + ); + let mut buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + let (_transport_type, _command, _payload) = + spdm_emu::spdm_emu::receive_message(stream, &mut buffer[..], ST1) + .await + .unwrap(); +} + +#[maybe_async::maybe_async] +async fn send_receive_stop( + stream: Arc>, + transport_encap: Arc>, + transport_type: u32, +) { + println!("send stop"); + + let mut payload = [0u8; 1024]; + + let mut transport_encap = transport_encap.lock(); + let transport_encap = transport_encap.deref_mut(); + + let used = transport_encap + .encap(Arc::new(b""), Arc::new(Mutex::new(&mut payload[..])), false) + .await + .unwrap(); + + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream.clone(), + transport_type, + SOCKET_SPDM_COMMAND_STOP, + &payload[0..used], + ); + let mut buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + let (_transport_type, _command, _payload) = + spdm_emu::spdm_emu::receive_message(stream, &mut buffer[..], ST1) + .await + .unwrap(); +} + +#[maybe_async::maybe_async] +async fn test_spdm( + socket_io_transport: Arc>, + transport_encap: Arc>, +) { + let req_capabilities = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::CHAL_CAP + | SpdmRequestCapabilityFlags::ENCRYPT_CAP + | SpdmRequestCapabilityFlags::MAC_CAP + | SpdmRequestCapabilityFlags::KEY_EX_CAP + | SpdmRequestCapabilityFlags::PSK_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::HBEAT_CAP + | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + // | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP + // | SpdmRequestCapabilityFlags::PUB_KEY_ID_CAP + let req_capabilities = if cfg!(feature = "mut-auth") { + req_capabilities | SpdmRequestCapabilityFlags::MUT_AUTH_CAP + } else { + req_capabilities + }; + + let config_info = common::SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + req_capabilities, + req_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + base_asym_algo: if USE_ECDSA { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + }, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: if USE_ECDSA { + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 + }, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32, + max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut peer_root_cert_data = SpdmCertChainData { + ..Default::default() + }; + + let ca_file_path = if USE_ECDSA { + "test_key/ecp384/ca.cert.der" + } else { + "test_key/rsa3072/ca.cert.der" + }; + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = if USE_ECDSA { + "test_key/ecp384/inter.cert.der" + } else { + "test_key/rsa3072/inter.cert.der" + }; + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = if USE_ECDSA { + "test_key/ecp384/end_responder.cert.der" + } else { + "test_key/rsa3072/end_responder.cert.der" + }; + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + println!( + "total cert size - {:?} = {:?} + {:?} + {:?}", + ca_len + inter_len + leaf_len, + ca_len, + inter_len, + leaf_len + ); + peer_root_cert_data.data_size = (ca_len) as u16; + peer_root_cert_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + + let mut peer_root_cert_data_list = gen_array_clone(None, MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(peer_root_cert_data); + + let provision_info = if cfg!(feature = "mut-auth") { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + common::SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + } else { + common::SpdmProvisionInfo { + my_cert_chain_data: [None, None, None, None, None, None, None, None], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + }; + + let mut context = requester::RequesterContext::new( + socket_io_transport, + transport_encap, + config_info, + provision_info, + ); + + let mut transcript_vca = None; + if context.init_connection(&mut transcript_vca).await.is_err() { + panic!("init_connection failed!"); + } + + if context.send_receive_spdm_digest(None).await.is_err() { + panic!("send_receive_spdm_digest failed!"); + } + + if context + .send_receive_spdm_certificate(None, 0) + .await + .is_err() + { + panic!("send_receive_spdm_certificate failed!"); + } + + if context + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .is_err() + { + panic!("send_receive_spdm_challenge failed!"); + } + + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + if context + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementRequestAll, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_err() + { + panic!("send_receive_spdm_measurement failed!"); + } + + if transcript_meas.is_none() { + panic!("get message_m from send_receive_spdm_measurement failed!"); + } + + let result = context + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + if let Ok(session_id) = result { + info!("\nSession established ... session_id {:0x?}\n", session_id); + info!("Key Information ...\n"); + + let session = context.common.get_session_via_id(session_id).unwrap(); + let (request_direction, response_direction) = session.export_keys(); + info!( + "equest_direction.encryption_key {:0x?}\n", + request_direction.encryption_key.as_ref() + ); + info!( + "equest_direction.salt {:0x?}\n", + request_direction.salt.as_ref() + ); + info!( + "esponse_direction.encryption_key {:0x?}\n", + response_direction.encryption_key.as_ref() + ); + info!( + "esponse_direction.salt {:0x?}\n", + response_direction.salt.as_ref() + ); + + if context + .send_receive_spdm_heartbeat(session_id) + .await + .is_err() + { + panic!("send_receive_spdm_heartbeat failed"); + } + + if context + .send_receive_spdm_key_update(session_id, SpdmKeyUpdateOperation::SpdmUpdateAllKeys) + .await + .is_err() + { + panic!("send_receive_spdm_key_update failed"); + } + + let mut content_changed = None; + let mut transcript_meas = None; + + if context + .send_receive_spdm_measurement( + Some(session_id), + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_err() + { + panic!("send_receive_spdm_measurement failed"); + } + + if transcript_vca.is_none() || transcript_meas.is_none() { + panic!("get VCA + message_m from send_receive_spdm_measurement failed!"); + } + + if context + .send_receive_spdm_digest(Some(session_id)) + .await + .is_err() + { + panic!("send_receive_spdm_digest failed"); + } + + if context + .send_receive_spdm_certificate(Some(session_id), 0) + .await + .is_err() + { + panic!("send_receive_spdm_certificate failed"); + } + + if context.end_session(session_id).await.is_err() { + panic!("end_session failed"); + } + } else { + panic!("\nSession session_id not got\n"); + } + + let result = context + .start_session( + true, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + if let Ok(session_id) = result { + if context.end_session(session_id).await.is_err() { + panic!("\nSession session_id is err\n"); + } + } else { + panic!("\nSession session_id not got\n"); + } + + #[cfg(feature = "test_stack_size")] + { + let value = td_benchmark::StackProfiling::stack_usage().unwrap(); + println!("max stack usage(no idekm): {}", value); + } +} + +#[maybe_async::maybe_async] +async fn test_idekm_tdisp( + socket_io_transport: Arc>, + transport_encap: Arc>, + key_iv: Arc>, +) { + let req_capabilities = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::CHAL_CAP + | SpdmRequestCapabilityFlags::ENCRYPT_CAP + | SpdmRequestCapabilityFlags::MAC_CAP + | SpdmRequestCapabilityFlags::KEY_EX_CAP + | SpdmRequestCapabilityFlags::PSK_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::HBEAT_CAP + | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + // | SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP + // | SpdmRequestCapabilityFlags::PUB_KEY_ID_CAP + let req_capabilities = if cfg!(feature = "mut-auth") { + req_capabilities | SpdmRequestCapabilityFlags::MUT_AUTH_CAP + } else { + req_capabilities + }; + + let config_info = common::SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + req_capabilities, + req_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + base_asym_algo: if USE_ECDSA { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + }, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: if USE_ECDSA { + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 + }, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32, + max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut peer_root_cert_data = SpdmCertChainData { + ..Default::default() + }; + + let ca_file_path = if USE_ECDSA { + "test_key/ecp384/ca.cert.der" + } else { + "test_key/rsa3072/ca.cert.der" + }; + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = if USE_ECDSA { + "test_key/ecp384/inter.cert.der" + } else { + "test_key/rsa3072/inter.cert.der" + }; + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = if USE_ECDSA { + "test_key/ecp384/end_responder.cert.der" + } else { + "test_key/rsa3072/end_responder.cert.der" + }; + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + println!( + "total cert size - {:?} = {:?} + {:?} + {:?}", + ca_len + inter_len + leaf_len, + ca_len, + inter_len, + leaf_len + ); + peer_root_cert_data.data_size = (ca_len) as u16; + peer_root_cert_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + + let mut peer_root_cert_data_list = gen_array_clone(None, MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(peer_root_cert_data); + + let provision_info = if cfg!(feature = "mut-auth") { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + common::SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + } else { + common::SpdmProvisionInfo { + my_cert_chain_data: [None, None, None, None, None, None, None, None], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + }; + + let mut context = requester::RequesterContext::new( + socket_io_transport, + transport_encap, + config_info, + provision_info, + ); + + let mut transcript_vca = None; + if context.init_connection(&mut transcript_vca).await.is_err() { + panic!("init_connection failed!"); + } + + if context.send_receive_spdm_digest(None).await.is_err() { + panic!("send_receive_spdm_digest failed!"); + } + + if context + .send_receive_spdm_certificate(None, 0) + .await + .is_err() + { + panic!("send_receive_spdm_certificate failed!"); + } + + if context + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .is_err() + { + panic!("send_receive_spdm_challenge failed!"); + } + + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + if context + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + SpdmMeasurementOperation::SpdmMeasurementRequestAll, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_err() + { + panic!("send_receive_spdm_measurement failed!"); + } + + let session_id = context + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await + .unwrap(); + + // ide_km test + let mut idekm_req_context = IdekmReqContext; + // ide_km query + let port_index = 0u8; + let mut dev_func_num = 0u8; + let mut bus_num = 0u8; + let mut segment = 0u8; + let mut max_port_index = 0u8; + let mut ide_reg_block = [0u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT]; + let mut ide_reg_block_cnt = 0usize; + idekm_req_context + .pci_ide_km_query( + &mut context, + session_id, + port_index, + &mut dev_func_num, + &mut bus_num, + &mut segment, + &mut max_port_index, + &mut ide_reg_block, + &mut ide_reg_block_cnt, + ) + .await + .unwrap(); + + // ide_km key_prog key set 0 | RX | PR + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_PR; + + let mut key_iv = key_iv.lock(); + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | RX | PR failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | RX | PR!"); + } + + // ide_km key_prog key set 0 | RX | NPR + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | RX | NPR failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | RX | NPR!"); + } + + // ide_km key_prog key set 0 | RX | CPL + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | RX | CPL failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | RX | CPL!"); + } + + // ide_km key_prog key set 0 | TX | PR + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_PR; + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | TX | PR failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | TX | PR!"); + } + + // ide_km key_prog key set 0 | TX | NPR + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | TX | NPR failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | TX | NPR!"); + } + + // ide_km key_prog key set 0 | TX | CPL + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + + get_random(&mut key_iv.key[0].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[1].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[2].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[3].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[4].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[5].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[6].to_le_bytes()).unwrap(); + get_random(&mut key_iv.key[7].to_le_bytes()).unwrap(); + key_iv.iv[0] = 0; + key_iv.iv[1] = 1; + let mut kp_ack_status = KpAckStatus::default(); + idekm_req_context + .pci_ide_km_key_prog( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + &key_iv, + &mut kp_ack_status, + ) + .await + .unwrap(); + if kp_ack_status != KpAckStatus::SUCCESS { + panic!( + "KEY_PROG at Key Set 0 | TX | CPL failed with {:X?}", + kp_ack_status + ); + } else { + println!("Successful KEY_PROG at Key Set 0 | TX | CPL!"); + } + + // ide_km key_set_go key set 0 | RX | PR + let stream_id = 0u8; + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_PR; + let port_index = 0u8; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | RX | PR!"); + + // ide_km key_set_go key set 0 | RX | NPR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | RX | NPR!"); + + // ide_km key_set_go key set 0 | RX | CPL + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | RX | CPL!"); + + // ide_km key_set_go key set 0 | TX | PR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_PR; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | TX | PR!"); + + // ide_km key_set_go key set 0 | TX | NPR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | TX | NPR!"); + + // ide_km key_set_go key set 0 | TX | CPL + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + idekm_req_context + .pci_ide_km_key_set_go( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_GO at Key Set 0 | TX | CPL!"); + + // ide_km key_set_stop key set 0 | RX | PR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_PR; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | RX | PR!"); + + // ide_km key_set_stop key set 0 | RX | NPR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | RX | NPR!"); + + // ide_km key_set_stop key set 0 | RX | CPL + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_RX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | RX | CPL!"); + + // ide_km key_set_stop key set 0 | TX | PR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_PR; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | TX | PR!"); + + // ide_km key_set_stop key set 0 | TX | NPR + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_NPR; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | TX | NPR!"); + + // ide_km key_set_stop key set 0 | TX | CPL + let key_set = KEY_SET_0; + let key_direction = KEY_DIRECTION_TX; + let key_sub_stream = KEY_SUB_STREAM_CPL; + idekm_req_context + .pci_ide_km_key_set_stop( + &mut context, + session_id, + stream_id, + key_set, + key_direction, + key_sub_stream, + port_index, + ) + .await + .unwrap(); + println!("Successful KEY_SET_STOP at Key Set 0 | TX | CPL!"); + + // tdisp test + let interface_id = InterfaceId { + function_id: FunctionId { + requester_id: 0x1234, + requester_segment: 0, + requester_segment_valid: false, + }, + }; + + pci_tdisp_req_get_tdisp_version(&mut context, session_id, interface_id) + .await + .unwrap(); + println!("Successful Get Tdisp Version!"); + + let tsm_caps = 0; + let mut dsm_caps = 0u32; + let mut lock_interface_flags_supported = LockInterfaceFlag::empty(); + let mut dev_addr_width = 0u8; + let mut num_req_this = 0u8; + let mut num_req_all = 0u8; + let mut req_msgs_supported = [0u8; 16]; + pci_tdisp_req_get_tdisp_capabilities( + &mut context, + session_id, + tsm_caps, + interface_id, + &mut dsm_caps, + &mut lock_interface_flags_supported, + &mut dev_addr_width, + &mut num_req_this, + &mut num_req_all, + &mut req_msgs_supported, + ) + .await + .unwrap(); + println!("Successful Get Tdisp Capabilities!"); + + let mut tdi_state = TdiState::ERROR; + pci_tdisp_req_get_device_interface_state( + &mut context, + session_id, + interface_id, + &mut tdi_state, + ) + .await + .unwrap(); + assert_eq!(tdi_state, TdiState::CONFIG_UNLOCKED); + println!("Successful Get Tdisp State: {:X?}!", tdi_state); + + let flags = LockInterfaceFlag::NO_FW_UPDATE; + let default_stream_id = 0; + let mmio_reporting_offset = 0xFFFFFF00; + let bind_p2p_address_mask = 0; + let mut start_interface_nonce = [0u8; START_INTERFACE_NONCE_LEN]; + let mut tdisp_error_code = None; + pci_tdisp_req_lock_interface_request( + &mut context, + session_id, + interface_id, + flags, + default_stream_id, + mmio_reporting_offset, + bind_p2p_address_mask, + &mut start_interface_nonce, + &mut tdisp_error_code, + ) + .await + .unwrap(); + assert!(tdisp_error_code.is_none()); + println!( + "Successful Lock Interface, start_interface_nonce: {:X?}!", + start_interface_nonce + ); + + pci_tdisp_req_get_device_interface_state( + &mut context, + session_id, + interface_id, + &mut tdi_state, + ) + .await + .unwrap(); + assert_eq!(tdi_state, TdiState::CONFIG_LOCKED); + println!("Successful Get Tdisp State: {:X?}!", tdi_state); + + let mut report = [0u8; MAX_DEVICE_REPORT_BUFFER]; + let mut report_size = 0usize; + pci_tdisp_req_get_device_interface_report( + &mut context, + session_id, + interface_id, + &mut report, + &mut report_size, + &mut tdisp_error_code, + ) + .await + .unwrap(); + assert!(tdisp_error_code.is_none()); + let tdi_report = TdiReportStructure::read_bytes(&report).unwrap(); + println!( + "Successful Get Interface Report, tdi_report: {:X?}!", + tdi_report + ); + + pci_tdisp_req_start_interface_request( + &mut context, + session_id, + interface_id, + &start_interface_nonce, + &mut tdisp_error_code, + ) + .await + .unwrap(); + assert!(tdisp_error_code.is_none()); + println!("Successful Start Interface!"); + + pci_tdisp_req_get_device_interface_state( + &mut context, + session_id, + interface_id, + &mut tdi_state, + ) + .await + .unwrap(); + assert_eq!(tdi_state, TdiState::RUN); + println!("Successful Get Tdisp State: {:X?}!", tdi_state); + + pci_tdisp_req_stop_interface_request(&mut context, session_id, interface_id) + .await + .unwrap(); + println!("Successful Stop Interface!"); + + pci_tdisp_req_get_device_interface_state( + &mut context, + session_id, + interface_id, + &mut tdi_state, + ) + .await + .unwrap(); + assert_eq!(tdi_state, TdiState::CONFIG_UNLOCKED); + println!("Successful Get Tdisp State: {:X?}!", tdi_state); + + // end spdm session + context.end_session(session_id).await.unwrap(); +} + +// A new logger enables the user to choose log level by setting a `SPDM_LOG` environment variable. +// Use the `Trace` level by default. +fn new_logger_from_env() -> SimpleLogger { + let level = match std::env::var("SPDM_LOG") { + Ok(x) => match x.to_lowercase().as_str() { + "trace" => LevelFilter::Trace, + "debug" => LevelFilter::Debug, + "info" => LevelFilter::Info, + "warn" => LevelFilter::Warn, + _ => LevelFilter::Error, + }, + _ => LevelFilter::Trace, + }; + + SimpleLogger::new().with_utc_timestamps().with_level(level) +} + +#[cfg(feature = "test_stack_size")] +fn emu_main() { + // emu_main function stack + // 1. When compiler optimization is turned off + // The stack size used by emu_main will not exceed 4k + // 2. However if compiler optimization is turned on. + // The situation becomes complicated. + // The size of the stack used in emu_main needs to be estimated by looking at + // the location of rsp and the memory map in /proc/self/maps. + // Here is an example code to dump memory map info for determining EMU_MAIN_FUNCTION_STACK + // + // use std::fs::File; + // use std::io::Read; + // let rsp: usize; + // unsafe { + // core::arch::asm!("mov {}, rsp", out(reg) rsp); + // } + // println!("rsp in emu_main_function: {:x}", rsp); + // let file_path = "/proc/self/maps"; + // let mut file = File::open(file_path).unwrap(); + // let mut content = String::new(); + // file.read_to_string(&mut content).unwrap(); + // println!("Memory:\n{}", content); + // + // Results (example): + // rsp in emu_main_function: 7f98529a6ef0 + // ... + // 7f9852656000-7f9852a00000 rw-p 00000000 00:00 0 + // + // we can got emu_main_function_stack size: + // 7f9852a00000 - 7f98529a6ef0 = 59110 + const EMU_MAIN_FUNCTION_STACK: usize = 0x60000; + + td_benchmark::StackProfiling::init( + 0x5aa5_5aa5_5aa5_5aa5, + EMU_STACK_SIZE - EMU_MAIN_FUNCTION_STACK, + ); + emu_main_inner() +} + +#[cfg(not(feature = "test_stack_size"))] +fn emu_main() { + emu_main_inner() +} + +fn emu_main_inner() { + new_logger_from_env().init().unwrap(); + + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + #[cfg(feature = "spdm-mbedtls")] + spdm_emu::crypto::crypto_mbedtls_register_handles(); + + let since_the_epoch = std::time::SystemTime::now() + .duration_since(std::time::UNIX_EPOCH) + .expect("Time went backwards"); + println!("current unit time epoch - {:?}", since_the_epoch.as_secs()); + + let socket = TcpStream::connect("127.0.0.1:2323").expect("Couldn't connect to the server..."); + + let socket: Arc> = Arc::new(Mutex::new(socket)); + + let pcidoe_transport_encap: Arc> = + Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mctp_transport_encap: Arc> = + Arc::new(Mutex::new(MctpTransportEncap {})); + + let transport_encap: Arc> = if USE_PCIDOE { + pcidoe_transport_encap + } else { + mctp_transport_encap + }; + + let transport_type = if USE_PCIDOE { + SOCKET_TRANSPORT_TYPE_PCI_DOE + } else { + SOCKET_TRANSPORT_TYPE_MCTP + }; + + #[cfg(not(feature = "is_sync"))] + block_on(Box::pin(send_receive_hello( + socket.clone(), + transport_encap.clone(), + transport_type, + ))); + + #[cfg(feature = "is_sync")] + send_receive_hello(socket.clone(), transport_encap.clone(), transport_type); + + let socket_io_transport = SocketIoTransport::new(socket.clone()); + let socket_io_transport: Arc> = + Arc::new(Mutex::new(socket_io_transport)); + + let key_iv = Arc::new(Mutex::new(Aes256GcmKeyBuffer { + key: Box::new([0u32; 8]), + iv: Box::new([0u32; 2]), + })); + + #[cfg(not(feature = "is_sync"))] + { + block_on(Box::pin(test_spdm( + socket_io_transport.clone(), + transport_encap.clone(), + ))); + + block_on(Box::pin(test_idekm_tdisp( + socket_io_transport.clone(), + transport_encap.clone(), + key_iv, + ))); + + block_on(Box::pin(send_receive_stop( + socket, + transport_encap, + transport_type, + ))); + } + + #[cfg(feature = "is_sync")] + { + test_spdm(socket_io_transport.clone(), transport_encap.clone()); + + test_idekm_tdisp(socket_io_transport.clone(), transport_encap.clone(), key_iv); + + send_receive_stop(socket, transport_encap, transport_type); + } + #[cfg(feature = "test_stack_size")] + { + let value = td_benchmark::StackProfiling::stack_usage().unwrap(); + println!("max stack usage: {}", value); + } +} + +#[cfg(feature = "test_heap_size")] +#[global_allocator] +static ALLOC: dhat::Alloc = dhat::Alloc; + +fn main() { + use std::thread; + + #[cfg(feature = "test_heap_size")] + let _profiler = dhat::Profiler::builder().testing().build(); + + thread::Builder::new() + .stack_size(EMU_STACK_SIZE) + .spawn(emu_main) + .unwrap() + .join() + .unwrap(); + + #[cfg(feature = "test_heap_size")] + log::info!("max heap usage: {}", dhat::HeapStats::get().max_bytes); +} + +pub const MMIO_RANGE_COUNT: usize = 4; +pub const DEVICE_SPECIFIC_INFO: &[u8; 9] = b"tdisp emu"; +pub const DEVICE_SPECIFIC_INFO_LEN: usize = DEVICE_SPECIFIC_INFO.len(); + +#[derive(Debug, Copy, Clone)] +pub struct TdiReportStructure { + pub interface_info: InterfaceInfo, + pub msi_x_message_control: u16, + pub lnr_control: u16, + pub tph_control: u32, + pub mmio_range_count: u32, + pub mmio_range: [TdispMmioRange; MMIO_RANGE_COUNT], + pub device_specific_info_len: u32, + pub device_specific_info: [u8; DEVICE_SPECIFIC_INFO_LEN], +} + +impl Default for TdiReportStructure { + fn default() -> Self { + Self { + interface_info: InterfaceInfo::default(), + msi_x_message_control: 0u16, + lnr_control: 0u16, + tph_control: 0u32, + mmio_range_count: 0u32, + mmio_range: [TdispMmioRange::default(); MMIO_RANGE_COUNT], + device_specific_info_len: 0u32, + device_specific_info: [0u8; DEVICE_SPECIFIC_INFO_LEN], + } + } +} + +impl Codec for TdiReportStructure { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.interface_info.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.msi_x_message_control.encode(bytes)?; + cnt += self.lnr_control.encode(bytes)?; + cnt += self.tph_control.encode(bytes)?; + cnt += self.mmio_range_count.encode(bytes)?; + for mr in self.mmio_range.iter().take(self.mmio_range_count as usize) { + cnt += mr.encode(bytes)?; + } + cnt += self.device_specific_info_len.encode(bytes)?; + for dsi in self + .device_specific_info + .iter() + .take(self.device_specific_info_len as usize) + { + cnt += dsi.encode(bytes)?; + } + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let interface_info = InterfaceInfo::read(r)?; + u16::read(r)?; + let msi_x_message_control = u16::read(r)?; + let lnr_control = u16::read(r)?; + let tph_control = u32::read(r)?; + let mmio_range_count = u32::read(r)?; + if mmio_range_count as usize > MMIO_RANGE_COUNT { + return None; + } + let mut mmio_range = [TdispMmioRange::default(); MMIO_RANGE_COUNT]; + for mr in mmio_range.iter_mut().take(mmio_range_count as usize) { + *mr = TdispMmioRange::read(r)?; + } + let device_specific_info_len = u32::read(r)?; + if device_specific_info_len as usize > DEVICE_SPECIFIC_INFO_LEN { + return None; + } + let mut device_specific_info = [0u8; DEVICE_SPECIFIC_INFO_LEN]; + for dsi in device_specific_info + .iter_mut() + .take(device_specific_info_len as usize) + { + *dsi = u8::read(r)?; + } + + Some(Self { + interface_info, + msi_x_message_control, + lnr_control, + tph_control, + mmio_range_count, + mmio_range, + device_specific_info_len, + device_specific_info, + }) + } +} diff --git a/test/spdm-responder-emu/Cargo.toml b/test/spdm-responder-emu/Cargo.toml new file mode 100644 index 0000000..e20b1c9 --- /dev/null +++ b/test/spdm-responder-emu/Cargo.toml @@ -0,0 +1,39 @@ +[package] +name = "spdm-responder-emu" +version = "0.1.0" +authors = ["Jiewen Yao "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +spdm-emu = { path = "../spdm-emu", default-features = false } +spdmlib = { path = "../../spdmlib", default-features = false } +idekm = { path = "../../idekm", default-features = false } +tdisp = { path = "../../tdisp", default-features = false } +codec = { path = "../../codec" } +mctp_transport = { path = "../../mctp_transport" } +pcidoe_transport = { path = "../../pcidoe_transport" } +simple_logger = "4.2.0" +log = "0.4.13" +futures = { version = "0.3", default-features = false } +spin = { version = "0.9.8" } +tokio = { version = "1.30.0", features = ["full"] } +executor = { path = "../../executor" } +zeroize = { version = "1.5.0", features = ["zeroize_derive"]} +maybe-async = "0.2.7" +td-benchmark = { git = "https://github.com/confidential-containers/td-shim.git", default-features = false, optional = true } +dhat = { version = "0.3.2", optional = true } + +[features] +default = ["spdm-emu/default", "async-executor"] +mut-auth = ["spdm-emu/mut-auth"] +mandatory-mut-auth = ["mut-auth", "spdm-emu/mandatory-mut-auth"] +spdm-ring = ["spdm-emu/spdm-ring"] +spdm-mbedtls = ["spdm-emu/spdm-mbedtls"] +hashed-transcript-data = ["spdm-emu/hashed-transcript-data"] +async-executor = ["spdm-emu/async-executor"] +async-tokio = ["spdm-emu/async-tokio"] +is_sync = ["spdm-emu/is_sync", "spdmlib/is_sync", "maybe-async/is_sync", "idekm/is_sync", "tdisp/is_sync", "mctp_transport/is_sync", "pcidoe_transport/is_sync"] +test_stack_size = ["td-benchmark"] +test_heap_size = ["dhat"] diff --git a/test/spdm-responder-emu/src/main.rs b/test/spdm-responder-emu/src/main.rs new file mode 100644 index 0000000..2b558e0 --- /dev/null +++ b/test/spdm-responder-emu/src/main.rs @@ -0,0 +1,582 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +mod spdm_device_idekm_example; +use idekm::pci_ide_km_responder::pci_ide_km_rsp_dispatcher; +use idekm::pci_idekm::{vendor_id, IDEKM_PROTOCOL_ID}; +use spdm_device_idekm_example::init_device_idekm_instance; + +mod spdm_device_tdisp_example; +use spdm_device_tdisp_example::init_device_tdisp_instance; + +use log::LevelFilter; +use simple_logger::SimpleLogger; + +#[cfg(not(feature = "is_sync"))] +use spdm_emu::async_runtime::block_on; +use spdm_emu::watchdog_impl_sample::init_watchdog; +use spdmlib::common::{SecuredMessageVersion, SpdmOpaqueSupport}; +use spdmlib::config::{MAX_ROOT_CERT_SUPPORT, RECEIVER_BUFFER_SIZE}; +use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD}; +use spdmlib::message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, VendorDefinedStruct, + VendorIDStruct, +}; +use tdisp::pci_tdisp::{ + FunctionId, InterfaceId, LockInterfaceFlag, TdiState, START_INTERFACE_NONCE_LEN, + TDISP_PROTOCOL_ID, +}; +use tdisp::pci_tdisp_responder::pci_tdisp_rsp_dispatcher; + +use std::net::{TcpListener, TcpStream}; +use std::u32; + +use codec::{Codec, Reader, Writer}; +use common::SpdmTransportEncap; +use core::convert::TryFrom; +use mctp_transport::MctpTransportEncap; +use pcidoe_transport::{ + PciDoeDataObjectType, PciDoeMessageHeader, PciDoeTransportEncap, PciDoeVendorId, +}; +use spdm_emu::crypto_callback::SECRET_ASYM_IMPL_INSTANCE; +use spdm_emu::socket_io_transport::SocketIoTransport; +use spdm_emu::spdm_emu::*; +use spdm_emu::{secret_impl_sample::*, EMU_STACK_SIZE}; +use spdmlib::{common, config, protocol::*, responder}; +use zeroize::Zeroize; + +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; +use std::ops::Deref; + +use crate::spdm_device_tdisp_example::DeviceContext; + +#[maybe_async::maybe_async] +async fn process_socket_message( + stream: Arc>, + transport_encap: Arc>, + buffer: Arc>, + buffer_size: usize, +) -> bool { + if buffer_size < SOCKET_HEADER_LEN { + return false; + } + let buffer_ref = buffer.lock(); + let buffer_ref = buffer_ref.deref(); + let mut reader = Reader::init(&buffer_ref[..SOCKET_HEADER_LEN]); + let socket_header = SpdmSocketHeader::read(&mut reader).unwrap(); + + let res = ( + socket_header.transport_type.to_be(), + socket_header.command.to_be(), + &buffer_ref[SOCKET_HEADER_LEN..], + ); + + match socket_header.command.to_be() { + SOCKET_SPDM_COMMAND_TEST => { + send_hello(stream.clone(), transport_encap.clone(), res.0).await; + true + } + SOCKET_SPDM_COMMAND_STOP => { + send_stop(stream.clone(), transport_encap.clone(), res.0).await; + false + } + SOCKET_SPDM_COMMAND_NORMAL => true, + _ => { + if USE_PCIDOE { + send_pci_discovery( + stream.clone(), + transport_encap.clone(), + res.0, + &buffer_ref[..buffer_size], + ) + .await + } else { + send_unknown(stream, transport_encap, res.0).await; + false + } + } + } +} + +// A new logger enables the user to choose log level by setting a `SPDM_LOG` environment variable. +// Use the `Trace` level by default. +fn new_logger_from_env() -> SimpleLogger { + let level = match std::env::var("SPDM_LOG") { + Ok(x) => match x.to_lowercase().as_str() { + "trace" => LevelFilter::Trace, + "debug" => LevelFilter::Debug, + "info" => LevelFilter::Info, + "warn" => LevelFilter::Warn, + _ => LevelFilter::Error, + }, + _ => LevelFilter::Trace, + }; + + SimpleLogger::new().with_utc_timestamps().with_level(level) +} + +#[cfg(feature = "test_stack_size")] +fn emu_main() { + const EMU_MAIN_FUNCTION_STACK: usize = 0x60000; + + td_benchmark::StackProfiling::init( + 0x5aa5_5aa5_5aa5_5aa5, + EMU_STACK_SIZE - EMU_MAIN_FUNCTION_STACK, // main function stack + ); + emu_main_inner() +} + +#[cfg(not(feature = "test_stack_size"))] +fn emu_main() { + emu_main_inner() +} + +fn emu_main_inner() { + new_logger_from_env().init().unwrap(); + + #[cfg(feature = "spdm-mbedtls")] + spdm_emu::crypto::crypto_mbedtls_register_handles(); + + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + spdmlib::secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let tdisp_rsp_context = DeviceContext { + bus: 0x2a, + device: 0x00, + function: 0x00, + negotiated_version: None, + interface_id: InterfaceId { + function_id: FunctionId { + requester_id: 0x1234, + requester_segment: 0, + requester_segment_valid: false, + }, + }, + dsm_caps: 0, + dev_addr_width: 52, + num_req_this: 1, + num_req_all: 1, + flags: LockInterfaceFlag::empty(), + tdi_state: TdiState::CONFIG_UNLOCKED, + default_stream_id: 0, + mmio_reporting_offset: 0, + bind_p2p_address_mask: 0, + start_interface_nonce: [0u8; START_INTERFACE_NONCE_LEN], + p2p_stream_id: 0, + }; + + let device_context_handle = &tdisp_rsp_context as *const DeviceContext as usize; + spdmlib::message::vendor::register_vendor_defined_struct(VendorDefinedStruct { + vendor_defined_request_handler: pci_idekm_tdisp_rsp_dispatcher, + vdm_handle: device_context_handle, + }); + + let listener = TcpListener::bind("127.0.0.1:2323").expect("Couldn't bind to the server"); + println!("server start!"); + + let pcidoe_transport_encap: Arc> = + Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mctp_transport_encap: Arc> = + Arc::new(Mutex::new(MctpTransportEncap {})); + + for stream in listener.incoming() { + let stream = stream.expect("Read stream error!"); + let stream = Arc::new(Mutex::new(stream)); + println!("new connection!"); + let mut need_continue; + let raw_packet = [0u8; RECEIVER_BUFFER_SIZE]; + let raw_packet = Arc::new(Mutex::new(raw_packet)); + loop { + #[cfg(not(feature = "is_sync"))] + { + let sz = block_on(Box::pin(handle_message( + stream.clone(), + if USE_PCIDOE { + pcidoe_transport_encap.clone() + } else { + mctp_transport_encap.clone() + }, + raw_packet.clone(), + ))); + + need_continue = block_on(Box::pin(process_socket_message( + stream.clone(), + if USE_PCIDOE { + pcidoe_transport_encap.clone() + } else { + mctp_transport_encap.clone() + }, + raw_packet.clone(), + sz, + ))); + } + + #[cfg(feature = "is_sync")] + { + let sz = handle_message( + stream.clone(), + if USE_PCIDOE { + pcidoe_transport_encap.clone() + } else { + mctp_transport_encap.clone() + }, + raw_packet.clone(), + ); + + need_continue = process_socket_message( + stream.clone(), + if USE_PCIDOE { + pcidoe_transport_encap.clone() + } else { + mctp_transport_encap.clone() + }, + raw_packet.clone(), + sz, + ); + } + + if !need_continue { + // TBD: return or break?? + #[cfg(feature = "test_stack_size")] + { + let value = td_benchmark::StackProfiling::stack_usage().unwrap(); + println!("max stack usage: {}", value); + } + return; + } + } + } +} + +#[maybe_async::maybe_async] +async fn handle_message( + stream: Arc>, + transport_encap: Arc>, + raw_packet: Arc>, +) -> usize { + println!("handle_message!"); + let socket_io_transport = SocketIoTransport::new(stream); + let socket_io_transport = Arc::new(Mutex::new(socket_io_transport)); + let rsp_capabilities = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_FRESH_CAP + | SpdmResponseCapabilityFlags::ENCRYPT_CAP + | SpdmResponseCapabilityFlags::MAC_CAP + | SpdmResponseCapabilityFlags::KEY_EX_CAP + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT + | SpdmResponseCapabilityFlags::ENCAP_CAP + | SpdmResponseCapabilityFlags::HBEAT_CAP + | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + // | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP + // | SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP + let rsp_capabilities = if cfg!(feature = "mut-auth") { + rsp_capabilities | SpdmResponseCapabilityFlags::MUT_AUTH_CAP + } else { + rsp_capabilities + }; + + let config_info = common::SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + rsp_capabilities, + rsp_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_hash_algo: SpdmMeasurementHashAlgo::TPM_ALG_SHA_384, + base_asym_algo: if USE_ECDSA { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + }, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: if USE_ECDSA { + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 + }, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32, + max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32, + heartbeat_period: config::HEARTBEAT_PERIOD, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + + let ca_file_path = if USE_ECDSA { + "test_key/ecp384/ca.cert.der" + } else { + "test_key/rsa3072/ca.cert.der" + }; + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = if USE_ECDSA { + "test_key/ecp384/inter.cert.der" + } else { + "test_key/rsa3072/inter.cert.der" + }; + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = if USE_ECDSA { + "test_key/ecp384/end_responder.cert.der" + } else { + "test_key/rsa3072/end_responder.cert.der" + }; + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + println!( + "total cert size - {:?} = {:?} + {:?} + {:?}", + ca_len + inter_len + leaf_len, + ca_len, + inter_len, + leaf_len + ); + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + let provision_info = common::SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: gen_array_clone(None, MAX_ROOT_CERT_SUPPORT), + }; + + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + init_watchdog(); + let mut context = responder::ResponderContext::new( + socket_io_transport, + transport_encap, + config_info, + provision_info, + ); + loop { + let mut raw_packet = raw_packet.lock(); + let raw_packet = raw_packet.deref_mut(); + raw_packet.zeroize(); + let res = context.process_message(false, 0, raw_packet).await; + match res { + Ok(spdm_result) => match spdm_result { + Ok(_) => continue, + Err(status) => panic!("process_message failed with {:?}", status), + }, + Err(used) => { + return used; // not spdm cmd, let caller to handle the received buffer + } + } + } +} + +#[maybe_async::maybe_async] +pub async fn send_hello( + stream: Arc>, + transport_encap: Arc>, + tranport_type: u32, +) { + println!("get hello"); + + let mut payload = [0u8; 1024]; + + let mut transport_encap = transport_encap.lock(); + let transport_encap = transport_encap.deref_mut(); + + let used = transport_encap + .encap( + Arc::new(b"Server Hello!\0"), + Arc::new(Mutex::new(&mut payload[..])), + false, + ) + .await + .unwrap(); + + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream, + tranport_type, + spdm_emu::spdm_emu::SOCKET_SPDM_COMMAND_TEST, + &payload[..used], + ); +} + +#[maybe_async::maybe_async] +pub async fn send_unknown( + stream: Arc>, + transport_encap: Arc>, + transport_type: u32, +) { + println!("get unknown"); + + let mut payload = [0u8; 1024]; + let mut transport_encap = transport_encap.lock(); + let transport_encap = transport_encap.deref_mut(); + let used = transport_encap + .encap(Arc::new(b""), Arc::new(Mutex::new(&mut payload[..])), false) + .await + .unwrap(); + + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream, + transport_type, + spdm_emu::spdm_emu::SOCKET_SPDM_COMMAND_UNKOWN, + &payload[..used], + ); +} + +#[maybe_async::maybe_async] +pub async fn send_stop( + stream: Arc>, + _transport_encap: Arc>, + transport_type: u32, +) { + println!("get stop"); + + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream, + transport_type, + spdm_emu::spdm_emu::SOCKET_SPDM_COMMAND_STOP, + &[], + ); +} + +#[maybe_async::maybe_async] +pub async fn send_pci_discovery( + stream: Arc>, + transport_encap: Arc>, + transport_type: u32, + buffer: &[u8], +) -> bool { + let mut reader = Reader::init(buffer); + let mut unknown_message = false; + match PciDoeMessageHeader::read(&mut reader) { + Some(pcidoe_header) => { + match pcidoe_header.vendor_id { + PciDoeVendorId::PciDoeVendorIdPciSig => {} + _ => unknown_message = true, + } + match pcidoe_header.data_object_type { + PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery => {} + _ => unknown_message = true, + } + } + None => unknown_message = true, + } + + let payload = &mut [1u8, 0u8, 0u8, 0u8]; + + match u8::read(&mut reader) { + None => unknown_message = true, + Some(discovery_index) => match discovery_index { + 0 => { + payload[2] = 0; + payload[3] = 1; + } + 1 => { + payload[2] = 1; + payload[3] = 2; + } + 2 => { + payload[2] = 2; + payload[3] = 0; + } + _ => unknown_message = true, + }, + } + if unknown_message { + send_unknown(stream.clone(), transport_encap, transport_type).await; + return false; + } + + let payload_len = 4; + let mut transport_buffer = [0u8; 1024]; + let mut writer = Writer::init(&mut transport_buffer); + let pcidoe_header = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeDoeDiscovery, + payload_length: 4, + }; + assert!(pcidoe_header.encode(&mut writer).is_ok()); + let header_size = writer.used(); + transport_buffer[header_size..(header_size + payload_len)].copy_from_slice(payload); + let _buffer_size = spdm_emu::spdm_emu::send_message( + stream, + SOCKET_TRANSPORT_TYPE_PCI_DOE, + spdm_emu::spdm_emu::SOCKET_SPDM_COMMAND_NORMAL, + &transport_buffer[..(header_size + payload_len)], + ); + //need continue + true +} + +fn pci_idekm_tdisp_rsp_dispatcher( + vdm_handle: usize, + vendor_id_struct: &VendorIDStruct, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + if vendor_defined_req_payload_struct.req_length < 1 || vendor_id_struct != &vendor_id() { + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + + match vendor_defined_req_payload_struct.vendor_defined_req_payload[0] { + IDEKM_PROTOCOL_ID => pci_ide_km_rsp_dispatcher( + vdm_handle, + vendor_id_struct, + vendor_defined_req_payload_struct, + ), + TDISP_PROTOCOL_ID => pci_tdisp_rsp_dispatcher( + vdm_handle, + vendor_id_struct, + vendor_defined_req_payload_struct, + ), + _ => Err(SPDM_STATUS_INVALID_MSG_FIELD), + } +} + +#[cfg(feature = "test_heap_size")] +#[global_allocator] +static ALLOC: dhat::Alloc = dhat::Alloc; + +fn main() { + use std::thread; + + #[cfg(feature = "test_heap_size")] + let _profiler = dhat::Profiler::builder().testing().build(); + + init_device_idekm_instance(); + init_device_tdisp_instance(); + + thread::Builder::new() + .stack_size(EMU_STACK_SIZE) + .spawn(emu_main) + .unwrap() + .join() + .unwrap(); + + #[cfg(feature = "test_heap_size")] + log::info!("max heap usage: {}", dhat::HeapStats::get().max_bytes); +} diff --git a/test/spdm-responder-emu/src/spdm_device_idekm_example.rs b/test/spdm-responder-emu/src/spdm_device_idekm_example.rs new file mode 100644 index 0000000..91cd1ac --- /dev/null +++ b/test/spdm-responder-emu/src/spdm_device_idekm_example.rs @@ -0,0 +1,89 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use idekm::{ + pci_ide_km_responder::{ + pci_ide_km_rsp_key_prog::{self, PciIdeKmDeviceKeyProg}, + pci_ide_km_rsp_key_set_go::{self, PciIdeKmDeviceKeySetGo}, + pci_ide_km_rsp_key_set_stop::{self, PciIdeKmDeviceKeySetStop}, + pci_ide_km_rsp_query::{self, PciIdeKmDeviceQuery}, + }, + pci_idekm::{Aes256GcmKeyBuffer, KpAckStatus, PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT}, +}; +use spdmlib::error::SpdmResult; + +fn pci_ide_km_device_key_prog( + // IN + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, + key_iv: Aes256GcmKeyBuffer, + // OUT + status: &mut KpAckStatus, +) -> SpdmResult { + *status = KpAckStatus::SUCCESS; + log::info!("{stream_id:X?}, {key_set:X?}, {key_direction:X?}, {key_sub_stream:X?}, {port_index:X?}, {key_iv:X?}, {status:X?}!"); + Ok(()) +} + +fn pci_ide_km_device_key_set_go( + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, +) -> SpdmResult { + log::info!( + "{stream_id:X?}, {key_set:X?}, {key_direction:X?}, {key_sub_stream:X?}, {port_index:X?}!" + ); + Ok(()) +} + +fn pci_ide_km_device_key_set_stop( + stream_id: u8, + key_set: u8, + key_direction: u8, + key_sub_stream: u8, + port_index: u8, +) -> SpdmResult { + log::info!( + "{stream_id:X?}, {key_set:X?}, {key_direction:X?}, {key_sub_stream:X?}, {port_index:X?}!" + ); + Ok(()) +} + +fn pci_ide_km_device_query( + port_index: u8, + dev_func_num: &mut u8, + bus_num: &mut u8, + segment: &mut u8, + max_port_index: &mut u8, + ide_reg_block: &mut [u32; PCI_IDE_KM_IDE_REG_BLOCK_MAX_COUNT], + ide_reg_block_cnt: &mut usize, +) -> SpdmResult { + *dev_func_num = 0; + *bus_num = 0x6a; + *segment = 1; + *max_port_index = 1; + *ide_reg_block_cnt = 2; + log::info!("{port_index:X?}, {dev_func_num:X?}, {bus_num:X?}, {segment:X?}, {max_port_index:X?}, {ide_reg_block:X?}, {ide_reg_block_cnt:X?}!"); + Ok(()) +} + +pub fn init_device_idekm_instance() { + pci_ide_km_rsp_key_prog::register(PciIdeKmDeviceKeyProg { + pci_ide_km_device_key_prog_cb: pci_ide_km_device_key_prog, + }); + pci_ide_km_rsp_key_set_go::register(PciIdeKmDeviceKeySetGo { + pci_ide_km_device_key_set_go_cb: pci_ide_km_device_key_set_go, + }); + pci_ide_km_rsp_key_set_stop::register(PciIdeKmDeviceKeySetStop { + pci_ide_km_device_key_set_stop_cb: pci_ide_km_device_key_set_stop, + }); + pci_ide_km_rsp_query::register(PciIdeKmDeviceQuery { + pci_ide_km_device_query_cb: pci_ide_km_device_query, + }); +} diff --git a/test/spdm-responder-emu/src/spdm_device_tdisp_example.rs b/test/spdm-responder-emu/src/spdm_device_tdisp_example.rs new file mode 100644 index 0000000..14e96c3 --- /dev/null +++ b/test/spdm-responder-emu/src/spdm_device_tdisp_example.rs @@ -0,0 +1,520 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{Codec, Writer}; +use spdmlib::{ + error::SpdmResult, + message::{ + VendorDefinedReqPayloadStruct, VendorDefinedRspPayloadStruct, + MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE, + }, +}; +use tdisp::{ + pci_tdisp::{ + InterfaceId, InterfaceInfo, LockInterfaceFlag, MMIORangeAttribute, TdiState, + TdispErrorCode, TdispMmioRange, TdispVersion, MAX_DEVICE_REPORT_BUFFER, + START_INTERFACE_NONCE_LEN, TDISP_PROTOCOL_ID, + }, + pci_tdisp_responder::{ + pci_tdisp_rsp_bind_p2p_stream_request::{self, PciTdispDeviceBindP2pStream}, + pci_tdisp_rsp_device_interface_report::{self, PciTdispDeviceInterfaceReport}, + pci_tdisp_rsp_device_interface_state::{self, PciTdispDeviceInterfaceState}, + pci_tdisp_rsp_lock_interface_request::{self, PciTdispDeviceLockInterface}, + pci_tdisp_rsp_set_mmio_attribute_request::{self, PciTdispDeviceSetMmioAttribute}, + pci_tdisp_rsp_start_interface_request::{self, PciTdispDeviceStartInterface}, + pci_tdisp_rsp_stop_interface_request::{self, PciTdispDeviceStopInterface}, + pci_tdisp_rsp_tdisp_capabilities::{self, PciTdispDeviceCapabilities}, + pci_tdisp_rsp_tdisp_error::{self, PciTdispDeviceError}, + pci_tdisp_rsp_tdisp_version::{self, PciTdispDeviceVersion}, + pci_tdisp_rsp_unbind_p2p_stream_request::{self, PciTdispDeviceUnBindP2pStream}, + pci_tdisp_rsp_vdm_response::{self, PciTdispDeviceVdmResponse}, + MAX_TDISP_VERSION_COUNT, + }, +}; + +pub const MMIO_RANGE_COUNT: usize = 4; +pub const DEVICE_SPECIFIC_INFO: &[u8; 9] = b"tdisp emu"; +pub const DEVICE_SPECIFIC_INFO_LEN: usize = DEVICE_SPECIFIC_INFO.len(); + +#[derive(Debug, Copy, Clone)] +pub struct TdiReportStructure { + pub interface_info: InterfaceInfo, + pub msi_x_message_control: u16, + pub lnr_control: u16, + pub tph_control: u32, + pub mmio_range_count: u32, + pub mmio_range: [TdispMmioRange; MMIO_RANGE_COUNT], + pub device_specific_info_len: u32, + pub device_specific_info: [u8; DEVICE_SPECIFIC_INFO_LEN], +} + +impl Default for TdiReportStructure { + fn default() -> Self { + Self { + interface_info: InterfaceInfo::default(), + msi_x_message_control: 0u16, + lnr_control: 0u16, + tph_control: 0u32, + mmio_range_count: 0u32, + mmio_range: [TdispMmioRange::default(); MMIO_RANGE_COUNT], + device_specific_info_len: 0u32, + device_specific_info: [0u8; DEVICE_SPECIFIC_INFO_LEN], + } + } +} + +impl Codec for TdiReportStructure { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let mut cnt = 0; + + cnt += self.interface_info.encode(bytes)?; + cnt += 0u16.encode(bytes)?; + cnt += self.msi_x_message_control.encode(bytes)?; + cnt += self.lnr_control.encode(bytes)?; + cnt += self.tph_control.encode(bytes)?; + cnt += self.mmio_range_count.encode(bytes)?; + for mr in self.mmio_range.iter().take(self.mmio_range_count as usize) { + cnt += mr.encode(bytes)?; + } + cnt += self.device_specific_info_len.encode(bytes)?; + for dsi in self + .device_specific_info + .iter() + .take(self.device_specific_info_len as usize) + { + cnt += dsi.encode(bytes)?; + } + + Ok(cnt) + } + + fn read(r: &mut codec::Reader) -> Option { + let interface_info = InterfaceInfo::read(r)?; + u16::read(r)?; + let msi_x_message_control = u16::read(r)?; + let lnr_control = u16::read(r)?; + let tph_control = u32::read(r)?; + let mmio_range_count = u32::read(r)?; + if mmio_range_count as usize > MMIO_RANGE_COUNT { + return None; + } + let mut mmio_range = [TdispMmioRange::default(); MMIO_RANGE_COUNT]; + for mr in mmio_range.iter_mut().take(mmio_range_count as usize) { + *mr = TdispMmioRange::read(r)?; + } + let device_specific_info_len = u32::read(r)?; + if device_specific_info_len as usize > DEVICE_SPECIFIC_INFO_LEN { + return None; + } + let mut device_specific_info = [0u8; DEVICE_SPECIFIC_INFO_LEN]; + for dsi in device_specific_info + .iter_mut() + .take(device_specific_info_len as usize) + { + *dsi = u8::read(r)?; + } + + Some(Self { + interface_info, + msi_x_message_control, + lnr_control, + tph_control, + mmio_range_count, + mmio_range, + device_specific_info_len, + device_specific_info, + }) + } +} + +#[derive(Debug, Clone)] +pub struct DeviceContext { + pub bus: u8, + pub device: u8, + pub function: u8, + pub negotiated_version: Option, + pub interface_id: InterfaceId, + pub dsm_caps: u32, + pub dev_addr_width: u8, + pub num_req_this: u8, + pub num_req_all: u8, + pub flags: LockInterfaceFlag, + pub tdi_state: TdiState, + pub default_stream_id: u8, + pub mmio_reporting_offset: u64, + pub bind_p2p_address_mask: u64, + pub start_interface_nonce: [u8; START_INTERFACE_NONCE_LEN], + pub p2p_stream_id: u8, +} + +#[allow(clippy::too_many_arguments)] +fn pci_tdisp_device_capabilities( + // IN + vdm_handle: usize, + _tsm_caps: u32, + // OUT + interface_id: &mut InterfaceId, + dsm_caps: &mut u32, + req_msgs_supported: &mut [u8; 16], + lock_interface_flags_supported: &mut LockInterfaceFlag, + dev_addr_width: &mut u8, + num_req_this: &mut u8, + num_req_all: &mut u8, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &*device_context as &DeviceContext }; + + *interface_id = device_context.interface_id; + *dsm_caps = device_context.dsm_caps; + req_msgs_supported[0] = 0x7f; + *lock_interface_flags_supported = device_context.flags; + *dev_addr_width = device_context.dev_addr_width; + *num_req_this = device_context.num_req_this; + *num_req_all = device_context.num_req_all; + + *tdisp_error_code = None; + Ok(()) +} + +fn pci_tdisp_device_error( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + *interface_id = device_context.interface_id; + + device_context.tdi_state = TdiState::ERROR; + + Ok(()) +} + +fn pci_tdisp_device_interface_report( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_report: &mut [u8; MAX_DEVICE_REPORT_BUFFER], + tdi_report_size: &mut usize, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::CONFIG_LOCKED + && device_context.tdi_state != TdiState::RUN + { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + } else { + *interface_id = device_context.interface_id; + let report = TdiReportStructure { + interface_info: InterfaceInfo::DEVICE_FIRMWARE_UPDATES_NOT_PERMITTED, + msi_x_message_control: 0u16, + lnr_control: 0u16, + tph_control: 0u32, + mmio_range_count: 1, + mmio_range: [TdispMmioRange { + first_page_with_offset_added: 0x12340000 + device_context.mmio_reporting_offset, + number_of_pages: 32, + range_attributes: MMIORangeAttribute::empty(), + }; MMIO_RANGE_COUNT], + device_specific_info_len: 6, + device_specific_info: [6u8; DEVICE_SPECIFIC_INFO_LEN], + }; + let mut writer = Writer::init(tdi_report); + if let Ok(size) = report.encode(&mut writer) { + *tdi_report_size = size; + *tdisp_error_code = None; + } else { + *tdi_report_size = 0; + *tdisp_error_code = Some(TdispErrorCode::INVALID_DEVICE_CONFIGURATION); + } + } + + Ok(()) +} + +fn pci_tdisp_device_interface_state( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdi_state: &mut TdiState, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + *interface_id = device_context.interface_id; + *tdi_state = device_context.tdi_state; + + *tdisp_error_code = None; + Ok(()) +} + +#[allow(clippy::too_many_arguments)] +fn pci_tdisp_device_lock_interface( + // IN + vdm_handle: usize, + flags: &LockInterfaceFlag, + default_stream_id: u8, + mmio_reporting_offset: u64, + bind_p2p_address_mask: u64, + // OUT + interface_id: &mut InterfaceId, + start_interface_nonce: &mut [u8; START_INTERFACE_NONCE_LEN], + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::CONFIG_UNLOCKED { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + + device_context.flags = *flags; + device_context.default_stream_id = default_stream_id; + device_context.mmio_reporting_offset = mmio_reporting_offset; + device_context.bind_p2p_address_mask = bind_p2p_address_mask; + + if spdmlib::crypto::rand::get_random(start_interface_nonce).is_err() { + *tdisp_error_code = Some(TdispErrorCode::INSUFFICIENT_ENTROPY); + return Ok(()); + } + + device_context + .start_interface_nonce + .copy_from_slice(start_interface_nonce); + + device_context.tdi_state = TdiState::CONFIG_LOCKED; + } + + Ok(()) +} + +fn pci_tdisp_device_start_interface( + //IN + vdm_handle: usize, + start_interface_nonce: &[u8; START_INTERFACE_NONCE_LEN], + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::CONFIG_LOCKED { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + } else if start_interface_nonce != &device_context.start_interface_nonce { + *tdisp_error_code = Some(TdispErrorCode::INVALID_NONCE); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + + device_context.tdi_state = TdiState::RUN; + } + + Ok(()) +} + +fn pci_tdisp_device_stop_interface( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::RUN { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + return Ok(()); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + + device_context.tdi_state = TdiState::CONFIG_UNLOCKED; + } + + Ok(()) +} + +fn pci_tdisp_device_bind_p2p_stream( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::RUN { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + return Ok(()); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + + device_context.p2p_stream_id = p2p_stream_id; + } + + Ok(()) +} + +fn pci_tdisp_device_unbind_p2p_stream( + //IN + vdm_handle: usize, + p2p_stream_id: u8, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::RUN { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + return Ok(()); + } else if p2p_stream_id != device_context.p2p_stream_id { + *tdisp_error_code = Some(TdispErrorCode::INVALID_REQUEST); + return Ok(()); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + + device_context.p2p_stream_id = 0; + } + + Ok(()) +} + +fn pci_tdisp_device_set_mmio_attribute( + //IN + vdm_handle: usize, + _mmio_range: &TdispMmioRange, + //OUT + interface_id: &mut InterfaceId, + tdisp_error_code: &mut Option, +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + if device_context.tdi_state != TdiState::RUN { + *tdisp_error_code = Some(TdispErrorCode::INVALID_INTERFACE_STATE); + return Ok(()); + } else { + *tdisp_error_code = None; + *interface_id = device_context.interface_id; + } + + Ok(()) +} + +fn pci_tdisp_device_vdm_response( + //IN + _vdm_handle: usize, + vendor_defined_req_payload_struct: &VendorDefinedReqPayloadStruct, +) -> SpdmResult { + println!( + "vdm request: {:X?}", + &vendor_defined_req_payload_struct.vendor_defined_req_payload + [..vendor_defined_req_payload_struct.req_length as usize] + ); + + let mut vendor_defined_rsp_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 19, + vendor_defined_rsp_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE], + }; + + vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload[0] = TDISP_PROTOCOL_ID; + vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload[1..19] + .copy_from_slice(b"tdisp vdm response"); + + Ok(vendor_defined_rsp_payload_struct) +} + +fn pci_tdisp_device_version( + // IN + vdm_handle: usize, + // OUT + interface_id: &mut InterfaceId, + version_num_count: &mut u8, + version_num_entry: &mut [TdispVersion; MAX_TDISP_VERSION_COUNT], +) -> SpdmResult { + let device_context = vdm_handle as *mut DeviceContext; + + let device_context = unsafe { &mut *device_context as &mut DeviceContext }; + + *interface_id = device_context.interface_id; + *version_num_count = 1; + version_num_entry[0] = TdispVersion { + major_version: 1, + minor_version: 0, + }; + + device_context.negotiated_version = Some(TdispVersion { + major_version: 1, + minor_version: 0, + }); + + Ok(()) +} + +pub fn init_device_tdisp_instance() { + pci_tdisp_rsp_tdisp_capabilities::register(PciTdispDeviceCapabilities { + pci_tdisp_device_capabilities_cb: pci_tdisp_device_capabilities, + }); + pci_tdisp_rsp_tdisp_error::register(PciTdispDeviceError { + pci_tdisp_device_error_cb: pci_tdisp_device_error, + }); + pci_tdisp_rsp_device_interface_report::register(PciTdispDeviceInterfaceReport { + pci_tdisp_device_interface_report_cb: pci_tdisp_device_interface_report, + }); + pci_tdisp_rsp_device_interface_state::register(PciTdispDeviceInterfaceState { + pci_tdisp_device_interface_state_cb: pci_tdisp_device_interface_state, + }); + pci_tdisp_rsp_lock_interface_request::register(PciTdispDeviceLockInterface { + pci_tdisp_device_lock_interface_cb: pci_tdisp_device_lock_interface, + }); + pci_tdisp_rsp_start_interface_request::register(PciTdispDeviceStartInterface { + pci_tdisp_device_start_interface_cb: pci_tdisp_device_start_interface, + }); + pci_tdisp_rsp_stop_interface_request::register(PciTdispDeviceStopInterface { + pci_tdisp_device_stop_interface_cb: pci_tdisp_device_stop_interface, + }); + pci_tdisp_rsp_tdisp_version::register(PciTdispDeviceVersion { + pci_tdisp_device_version_cb: pci_tdisp_device_version, + }); + pci_tdisp_rsp_bind_p2p_stream_request::register(PciTdispDeviceBindP2pStream { + pci_tdisp_device_bind_p2p_stream_cb: pci_tdisp_device_bind_p2p_stream, + }); + pci_tdisp_rsp_unbind_p2p_stream_request::register(PciTdispDeviceUnBindP2pStream { + pci_tdisp_device_unbind_p2p_stream_cb: pci_tdisp_device_unbind_p2p_stream, + }); + pci_tdisp_rsp_set_mmio_attribute_request::register(PciTdispDeviceSetMmioAttribute { + pci_tdisp_device_set_mmio_attribute_cb: pci_tdisp_device_set_mmio_attribute, + }); + pci_tdisp_rsp_vdm_response::register(PciTdispDeviceVdmResponse { + pci_tdisp_device_vdm_response_cb: pci_tdisp_device_vdm_response, + }); +} diff --git a/test/spdmlib-test/Cargo.toml b/test/spdmlib-test/Cargo.toml new file mode 100644 index 0000000..c37db38 --- /dev/null +++ b/test/spdmlib-test/Cargo.toml @@ -0,0 +1,27 @@ +[package] +name = "spdmlib-test" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +spdmlib = { path = "../../spdmlib", default-features = false, features=["spdm-ring"] } +codec = { path = "../../codec", features = ["alloc"] } +log = "0.4.13" +ring = { version = "0.17.6" } +bytes = { version="1", default-features=false } +futures = { version = "0.3", default-features = false } +async-trait = "0.1.71" +async-recursion = "1.0.4" +spin = { version = "0.9.8" } +executor = { path = "../../executor" } +pcidoe_transport = { path = "../../pcidoe_transport" } + +[dev-dependencies] +env_logger = "*" + +[features] +default = ["hashed-transcript-data", "mut-auth"] +hashed-transcript-data = ["spdmlib/hashed-transcript-data"] +mut-auth = ["spdmlib/mut-auth"] diff --git a/test/spdmlib-test/src/common/crypto_callback.rs b/test/spdmlib-test/src/common/crypto_callback.rs new file mode 100644 index 0000000..02c627f --- /dev/null +++ b/test/spdmlib-test/src/common/crypto_callback.rs @@ -0,0 +1,187 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::crypto::SpdmCertOperation; +use spdmlib::crypto::SpdmCryptoRandom; +use spdmlib::crypto::{SpdmAead, SpdmAsymVerify, SpdmHkdf, SpdmHmac}; +use spdmlib::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL}; +use spdmlib::protocol::*; + +pub static FAKE_HMAC: SpdmHmac = SpdmHmac { + hmac_cb: fake_hmac, + hmac_verify_cb: fake_hmac_verify, +}; + +pub static FAKE_AEAD: SpdmAead = SpdmAead { + encrypt_cb: fake_encrypt, + decrypt_cb: fake_decrypt, +}; + +pub static FAKE_RAND: SpdmCryptoRandom = SpdmCryptoRandom { + get_random_cb: get_random, +}; + +pub static FAKE_ASYM_VERIFY: SpdmAsymVerify = SpdmAsymVerify { + verify_cb: fake_asym_verify, +}; + +pub static FAKE_HKDF: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: fake_hkdf_extract, + hkdf_expand_cb: fake_hkdf_expand, +}; + +pub static FAKE_CERT_OPERATION: SpdmCertOperation = SpdmCertOperation { + get_cert_from_cert_chain_cb: fake_get_cert_from_cert_chain, + verify_cert_chain_cb: fake_verify_cert_chain, +}; + +fn fake_hmac( + _base_hash_algo: SpdmBaseHashAlgo, + _key: &[u8], + _data: &[u8], +) -> Option { + let tag = SpdmDigestStruct { + data_size: 48, + data: Box::new([10u8; SPDM_MAX_HASH_SIZE]), + }; + Some(tag) +} + +fn fake_hmac_verify( + _base_hash_algo: SpdmBaseHashAlgo, + _key: &[u8], + _data: &[u8], + hmac: &SpdmDigestStruct, +) -> SpdmResult { + let SpdmDigestStruct { data_size, .. } = hmac; + match data_size { + 48 => Ok(()), + _ => Err(SPDM_STATUS_VERIF_FAIL), + } +} + +fn fake_encrypt( + _aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)> { + let plain_text_size = plain_text.len(); + let cipher_text_size = cipher_text.len(); + if cipher_text_size != plain_text_size { + panic!("cipher_text len invalid"); + } + cipher_text.copy_from_slice(plain_text); + Ok((plain_text_size, tag.len())) +} + +fn fake_decrypt( + _aead_algo: SpdmAeadAlgo, + _key: &SpdmAeadKeyStruct, + _iv: &SpdmAeadIvStruct, + _aad: &[u8], + cipher_text: &[u8], + _tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult { + let plain_text_size = plain_text.len(); + let cipher_text_size = cipher_text.len(); + if cipher_text_size != plain_text_size { + panic!("plain_text len invalid"); + } + plain_text.copy_from_slice(cipher_text); + Ok(cipher_text_size) +} + +fn get_random(data: &mut [u8]) -> SpdmResult { + #[allow(clippy::needless_range_loop)] + for i in 0..data.len() { + data[i] = 0xff; + } + + Ok(data.len()) +} + +fn fake_asym_verify( + _base_hash_algo: SpdmBaseHashAlgo, + _base_asym_algo: SpdmBaseAsymAlgo, + _public_cert_der: &[u8], + _data: &[u8], + _signature: &SpdmSignatureStruct, +) -> SpdmResult { + Ok(()) +} + +fn fake_hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + _salt: &[u8], + _ikm: &SpdmHkdfInputKeyingMaterial, +) -> Option { + match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA256_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA384_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => Some(SpdmHkdfPseudoRandomKey { + data_size: SHA512_DIGEST_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }), + _ => None, + } +} + +fn fake_hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + _pk: &SpdmHkdfPseudoRandomKey, + _info: &[u8], + out_size: u16, +) -> Option { + if out_size as usize > SPDM_MAX_HKDF_OKM_SIZE { + return None; + } + match hash_algo { + SpdmBaseHashAlgo::TPM_ALG_SHA_256 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: out_size, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_384 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: out_size, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + SpdmBaseHashAlgo::TPM_ALG_SHA_512 => Some(SpdmHkdfOutputKeyingMaterial { + data_size: out_size, + data: Box::new([100u8; SPDM_MAX_HKDF_OKM_SIZE]), + }), + _ => None, + } +} + +fn fake_get_cert_from_cert_chain(cert_chain: &[u8], _index: isize) -> SpdmResult<(usize, usize)> { + return Ok((0, cert_chain.len())); +} + +fn fake_verify_cert_chain(_cert_chain: &[u8]) -> SpdmResult { + Ok(()) +} + +#[test] +// Make sure this is the first test case running by `cargo test` +fn test_0_crypto_init() { + use super::secret_callback::{ + FAKE_SECRET_ASYM_IMPL_INSTANCE, SECRET_MEASUREMENT_IMPL_INSTANCE, + }; + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + spdmlib::crypto::asym_verify::register(FAKE_ASYM_VERIFY.clone()); + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + spdmlib::crypto::rand::register(FAKE_RAND.clone()); + spdmlib::secret::asym_sign::register(FAKE_SECRET_ASYM_IMPL_INSTANCE.clone()); + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); +} diff --git a/test/spdmlib-test/src/common/device_io.rs b/test/spdmlib-test/src/common/device_io.rs new file mode 100644 index 0000000..4d1bc6f --- /dev/null +++ b/test/spdmlib-test/src/common/device_io.rs @@ -0,0 +1,401 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(unused)] + +use async_trait::async_trait; +use spdmlib::common::{SpdmDeviceIo, SpdmTransportEncap, ST1}; +use spdmlib::config::RECEIVER_BUFFER_SIZE; +use spdmlib::error::{SpdmResult, SPDM_STATUS_DECAP_FAIL, SPDM_STATUS_ERROR_PEER}; +use spdmlib::responder; +use std::cell::RefCell; +use std::collections::VecDeque; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use core::borrow::BorrowMut; +use core::ops::DerefMut; + +pub struct MySpdmDeviceIo; + +#[async_trait] +impl SpdmDeviceIo for MySpdmDeviceIo { + async fn send(&mut self, _buffer: Arc<&[u8]>) -> SpdmResult { + todo!() + } + + async fn receive( + &mut self, + _buffer: Arc>, + _timeout: usize, + ) -> Result { + todo!() + } + + async fn flush_all(&mut self) -> SpdmResult { + todo!() + } +} + +pub struct FakeSpdmDeviceIo { + pub data: Arc, + pub responder: Arc>, +} + +impl FakeSpdmDeviceIo { + pub fn new( + data: Arc, + responder: Arc>, + ) -> Self { + FakeSpdmDeviceIo { data, responder } + } +} + +#[async_trait] +impl SpdmDeviceIo for FakeSpdmDeviceIo { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let mut responder = self.responder.lock(); + let mut responder = responder.deref_mut(); + + let len = { + let mut device_io = responder.common.device_io.lock(); + let device_io = device_io.deref_mut(); + device_io.receive(read_buffer.clone(), 0).await.unwrap() + }; + let mut read_buffer = read_buffer.lock(); + let mut read_buffer = read_buffer.to_vec(); + let read_buffer = Arc::new(read_buffer.as_slice()); + self.data.set_buffer_ref(read_buffer.clone()); + println!("requester receive RAW - {:02x?}\n", &read_buffer[0..len]); + + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + self.data.set_buffer_ref(buffer.clone()); + log::info!("requester send RAW - {:02x?}\n", &buffer); + + let mut responder = self.responder.lock(); + let mut responder = responder.deref_mut(); + + { + let mut device_io = responder.common.device_io.lock(); + let device_io = device_io.deref_mut(); + log::info!("0:{:?}", buffer); + device_io.send(buffer).await; + } + + let mut raw_packet = [0u8; RECEIVER_BUFFER_SIZE]; + + if responder + .process_message(false, 0, &mut raw_packet) + .await + .is_err() + { + return Err(SPDM_STATUS_ERROR_PEER); + } + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct SpdmDeviceIoReceve { + data: Arc, + fuzzdata: Arc<[u8]>, +} + +impl SpdmDeviceIoReceve { + pub fn new(data: Arc, fuzzdata: Arc<[u8]>) -> Self { + SpdmDeviceIoReceve { data, fuzzdata } + } +} + +#[async_trait] +impl SpdmDeviceIo for SpdmDeviceIoReceve { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.data.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + log::info!("responder receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + self.data.set_buffer(self.fuzzdata.clone()); + log::info!("responder send RAW - {:02x?}\n", buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct FakeSpdmDeviceIoReceve { + pub data: Arc, +} + +impl FakeSpdmDeviceIoReceve { + pub fn new(data: Arc) -> Self { + FakeSpdmDeviceIoReceve { data } + } +} + +#[async_trait] +impl SpdmDeviceIo for FakeSpdmDeviceIoReceve { + async fn receive( + &mut self, + read_buffer: Arc>, + _timeout: usize, + ) -> Result { + let len = self.data.get_buffer(read_buffer.clone()); + let mut read_buffer = read_buffer.lock(); + let read_buffer = read_buffer.deref_mut(); + println!("responder receive RAW - {:02x?}\n", &read_buffer[0..len]); + Ok(len) + } + + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + self.data.set_buffer_ref(buffer.clone()); + println!("responder send RAW - {:02x?}\n", &buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub struct SharedBuffer { + queue: Arc>>, +} + +impl SharedBuffer { + #[allow(clippy::new_without_default)] + pub fn new() -> Self { + SharedBuffer { + queue: Arc::new(Mutex::new(VecDeque::::new())), + } + } + + pub fn set_buffer_ref(&self, b: Arc<&[u8]>) { + log::info!("send {:02x?}\n", b); + let mut queue = self.queue.lock(); + let queue = queue.deref_mut(); + for i in *b { + queue.push_back(*i); + } + } + + pub fn set_buffer(&self, b: Arc<[u8]>) { + log::info!("send {:02x?}\n", b); + let mut queue = self.queue.lock(); + let queue = queue.deref_mut(); + for i in &*b { + queue.push_back(*i); + } + } + + pub fn get_buffer(&self, b: Arc>) -> usize { + let mut queue = self.queue.lock(); + let queue = queue.deref_mut(); + let mut len = 0usize; + let mut b = b.lock(); + let b = b.deref_mut(); + for i in b.iter_mut() { + if queue.is_empty() { + break; + } + *i = queue.pop_front().unwrap(); + len += 1; + } + log::info!("recieve {:02x?}\n", &b[..len]); + len + } +} + +#[test] +fn test_fake_device_io() { + let future = async { + let buffer = SharedBuffer::new(); + let buffer = Arc::new(buffer); + let mut server = FakeSpdmDeviceIoReceve::new(buffer.clone()); + let mut client = FakeSpdmDeviceIoReceve::new(buffer.clone()); + const SEND_DATA: &[u8] = &[1, 2]; + client.send(Arc::new(SEND_DATA)).await.unwrap(); + let mut rev = [0u8, 64]; + server + .receive(Arc::new(Mutex::new(&mut rev)), ST1) + .await + .unwrap(); + assert_eq!(rev[..=1], *SEND_DATA) + }; + executor::block_on(future); +} + +pub struct TestTransportEncap; +#[async_trait] +impl SpdmTransportEncap for TestTransportEncap { + async fn encap( + &mut self, + spdm_buffer: Arc<&[u8]>, + transport_buffer: Arc>, + secured_message: bool, + ) -> SpdmResult { + // format + // secure_message u8 + let mut transport_buffer = transport_buffer.lock(); + let len = spdm_buffer.len(); + transport_buffer[0] = secured_message as u8; + + if transport_buffer.len() < len + 1 { + return Err(SPDM_STATUS_DECAP_FAIL); + } + transport_buffer[1..(1 + len)].copy_from_slice(&spdm_buffer[..]); + Ok(1 + len) + } + + async fn decap( + &mut self, + transport_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let mut spdm_buffer = spdm_buffer.lock(); + let spdm_buffer_len = transport_buffer.len() - 1; + let secure_message = if transport_buffer[0] == 0 { + false + } else { + true + }; + spdm_buffer[0..spdm_buffer_len].copy_from_slice(&transport_buffer[1..]); + Ok((spdm_buffer_len, secure_message)) + } + + async fn encap_app( + &mut self, + spdm_buffer: Arc<&[u8]>, + app_buffer: Arc>, + _is_app_message: bool, + ) -> SpdmResult { + let mut app_buffer = app_buffer.lock(); + app_buffer[0..spdm_buffer.len()].copy_from_slice(&spdm_buffer); + Ok(spdm_buffer.len()) + } + + async fn decap_app( + &mut self, + app_buffer: Arc<&[u8]>, + spdm_buffer: Arc>, + ) -> SpdmResult<(usize, bool)> { + let mut spdm_buffer = spdm_buffer.lock(); + spdm_buffer[0..app_buffer.len()].copy_from_slice(&app_buffer); + Ok((app_buffer.len(), false)) + } + fn get_sequence_number_count(&mut self) -> u8 { + todo!() + } + + fn get_max_random_count(&mut self) -> u16 { + todo!() + } +} + +pub struct TestSpdmDeviceIo { + pub rx: Arc>>, + pub tx: Arc>>, +} + +impl TestSpdmDeviceIo { + pub fn new(rx: Arc>>, tx: Arc>>) -> Self { + Self { rx, tx } + } +} + +#[async_trait] +impl SpdmDeviceIo for TestSpdmDeviceIo { + async fn receive( + &mut self, + out_buffer: Arc>, + _timeout: usize, + ) -> Result { + let mut rx = self.rx.lock(); + if (rx.len() < 4) { + return Err(0); + } + // Length 4 bytes + let length_buf: Vec = rx.drain(0..4).collect(); + let length = + u32::from_le_bytes([length_buf[0], length_buf[1], length_buf[2], length_buf[3]]); + let length = length as usize; + // Data length bytes + let mut out_buffer = out_buffer.lock(); + if out_buffer.len() < length { + return Err(0); + } + for index in 0..length { + out_buffer[index] = rx.pop_front().unwrap(); + } + println!("RECV RAW - {:02x?}", &out_buffer[..length]); + Ok(length) + } + async fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult { + { + let mut tx = self.tx.lock(); + let length = buffer.len() as u32; + tx.extend(length.to_le_bytes()); + tx.extend(buffer.iter()); + } + println!("SEND RAW - {:02x?}", &buffer); + Ok(()) + } + + async fn flush_all(&mut self) -> SpdmResult { + Ok(()) + } +} + +pub fn test_header_generater_callback(secure: u8, spdm_msg: &[u8]) -> VecDeque { + // This function is used to generate the header + // Note: The same method as device_io and transport encap should be use + // Current implementation is for TestDeviceIo and TestTransportEncap + let mut ret = VecDeque::new(); + let length = (spdm_msg.len() + 1) as u32; + ret.extend(length.to_le_bytes()); + ret.push_back(secure); + ret.extend(spdm_msg); + ret +} + +#[test] +fn test_test_device_io() { + let rx = Arc::new(Mutex::new(VecDeque::::new())); + let tx = Arc::new(Mutex::new(VecDeque::::new())); + let rx_shared = Arc::clone(&rx); + let tx_shared = Arc::clone(&tx); + let future = async { + let mut server = TestSpdmDeviceIo::new(rx, tx); + let _ = server.send(Arc::new(b"hello")).await; + }; + executor::block_on(future); + + let tx = tx_shared.lock(); + let res = tx.as_slices(); + assert_eq!( + res.0, + [0x05, 0x00, 0x00, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f] + ) +} diff --git a/test/spdmlib-test/src/common/mod.rs b/test/spdmlib-test/src/common/mod.rs new file mode 100644 index 0000000..40c32af --- /dev/null +++ b/test/spdmlib-test/src/common/mod.rs @@ -0,0 +1,17 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +// TBD: need test different algorithm combinations +pub const USE_ECDSA: bool = true; + +pub mod util; + +pub mod device_io; + +pub use pcidoe_transport as transport; + +pub mod crypto_callback; +pub mod secret_callback; diff --git a/test/spdmlib-test/src/common/secret_callback.rs b/test/spdmlib-test/src/common/secret_callback.rs new file mode 100644 index 0000000..a1918b1 --- /dev/null +++ b/test/spdmlib-test/src/common/secret_callback.rs @@ -0,0 +1,347 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(dead_code)] +#![allow(unused_variables)] +use crate::common::util::get_test_key_directory; +use codec::{u24, Codec, Writer}; +use spdmlib::common::key_schedule::SpdmKeySchedule; +use spdmlib::config; +use spdmlib::crypto; +use spdmlib::crypto::hash; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::secret::{SpdmSecretAsymSign, SpdmSecretMeasurement, SpdmSecretPsk}; + +pub static SECRET_MEASUREMENT_IMPL_INSTANCE: SpdmSecretMeasurement = SpdmSecretMeasurement { + measurement_collection_cb: measurement_collection_impl, + generate_measurement_summary_hash_cb: generate_measurement_summary_hash_impl, +}; + +pub static SECRET_PSK_IMPL_INSTANCE: SpdmSecretPsk = SpdmSecretPsk { + handshake_secret_hkdf_expand_cb: handshake_secret_hkdf_expand_impl, + master_secret_hkdf_expand_cb: master_secret_hkdf_expand_impl, +}; + +pub static SECRET_ASYM_IMPL_INSTANCE: SpdmSecretAsymSign = + SpdmSecretAsymSign { sign_cb: asym_sign }; +pub static FAKE_SECRET_ASYM_IMPL_INSTANCE: SpdmSecretAsymSign = SpdmSecretAsymSign { + sign_cb: fake_asym_sign, +}; + +#[allow(clippy::field_reassign_with_default)] +fn measurement_collection_impl( + spdm_version: SpdmVersion, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_index: usize, +) -> Option { + if measurement_specification != SpdmMeasurementSpecification::DMTF { + None + } else { + let base_hash_algo = match measurement_hash_algo { + SpdmMeasurementHashAlgo::TPM_ALG_SHA_256 => SpdmBaseHashAlgo::TPM_ALG_SHA_256, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384 => SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_512 => SpdmBaseHashAlgo::TPM_ALG_SHA_512, + SpdmMeasurementHashAlgo::RAW_BIT_STREAM + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_256 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_384 + | SpdmMeasurementHashAlgo::TPM_ALG_SHA3_512 + | SpdmMeasurementHashAlgo::TPM_ALG_SM3 => return None, + _ => return None, + }; + let hashsize = base_hash_algo.get_size(); + if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber.get_u8() as usize + { + let mut dummy_spdm_measurement_record_structure = + SpdmMeasurementRecordStructure::default(); + dummy_spdm_measurement_record_structure.number_of_blocks = 1; + Some(dummy_spdm_measurement_record_structure) + } else if measurement_index + == SpdmMeasurementOperation::SpdmMeasurementRequestAll.get_u8() as usize + { + let mut firmware1: [u8; 8] = [0; 8]; + let mut firmware2: [u8; 8] = [0; 8]; + let mut firmware3: [u8; 8] = [0; 8]; + let mut firmware4: [u8; 8] = [0; 8]; + let mut firmware5: [u8; 8] = [0; 8]; + let mut firmware6: [u8; 8] = [0; 8]; + let mut firmware7: [u8; 8] = [0; 8]; + let mut firmware8: [u8; 8] = [0; 8]; + let mut firmware9: [u8; 8] = [0; 8]; + let mut firmware10: [u8; 8] = [0; 8]; + firmware1.copy_from_slice("deadbeef".as_bytes()); + firmware2.copy_from_slice("eadbeefd".as_bytes()); + firmware3.copy_from_slice("adbeefde".as_bytes()); + firmware4.copy_from_slice("dbeefdea".as_bytes()); + firmware5.copy_from_slice("beefdead".as_bytes()); + firmware6.copy_from_slice("deadbeef".as_bytes()); + firmware7.copy_from_slice("eadbeefd".as_bytes()); + firmware8.copy_from_slice("adbeefde".as_bytes()); + firmware9.copy_from_slice("dbeefdea".as_bytes()); + firmware10.copy_from_slice("beefdead".as_bytes()); + let digest1 = hash::hash_all(base_hash_algo, &firmware1).expect("hash_all failed!"); + let digest2 = hash::hash_all(base_hash_algo, &firmware2).expect("hash_all failed!"); + let digest3 = hash::hash_all(base_hash_algo, &firmware3).expect("hash_all failed!"); + let digest4 = hash::hash_all(base_hash_algo, &firmware4).expect("hash_all failed!"); + let digest5 = hash::hash_all(base_hash_algo, &firmware5).expect("hash_all failed!"); + let digest6 = hash::hash_all(base_hash_algo, &firmware6).expect("hash_all failed!"); + let digest7 = hash::hash_all(base_hash_algo, &firmware7).expect("hash_all failed!"); + let digest8 = hash::hash_all(base_hash_algo, &firmware8).expect("hash_all failed!"); + let digest9 = hash::hash_all(base_hash_algo, &firmware9).expect("hash_all failed!"); + let digest10 = hash::hash_all(base_hash_algo, &firmware10).expect("hash_all failed!"); + let mut digest_value1: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value2: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value3: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value4: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value5: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value6: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value7: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value8: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value9: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + let mut digest_value10: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value1[..64].copy_from_slice(digest1.data.as_ref()); + digest_value2[..64].copy_from_slice(digest2.data.as_ref()); + digest_value3[..64].copy_from_slice(digest3.data.as_ref()); + digest_value4[..64].copy_from_slice(digest4.data.as_ref()); + digest_value5[..64].copy_from_slice(digest5.data.as_ref()); + digest_value6[..64].copy_from_slice(digest6.data.as_ref()); + digest_value7[..64].copy_from_slice(digest7.data.as_ref()); + digest_value8[..64].copy_from_slice(digest8.data.as_ref()); + digest_value9[..64].copy_from_slice(digest9.data.as_ref()); + digest_value10[..64].copy_from_slice(digest10.data.as_ref()); + + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification, + measurement_size: digest1.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest1.data_size, + value: digest_value1, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + for i in 0..10 { + spdm_measurement_block_structure.encode(&mut writer).ok()?; + spdm_measurement_block_structure.index += 1; + } + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 10, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } else if measurement_index > 10 { + None + } else { + let mut firmware: [u8; 8] = [0; 8]; + firmware.copy_from_slice("deadbeef".as_bytes()); + + let digest = hash::hash_all(base_hash_algo, &firmware)?; + + let mut digest_value: [u8; config::MAX_SPDM_MEASUREMENT_VALUE_LEN] = + [0; config::MAX_SPDM_MEASUREMENT_VALUE_LEN]; + digest_value[(measurement_index) * SPDM_MAX_HASH_SIZE + ..(measurement_index + 1) * SPDM_MAX_HASH_SIZE] + .copy_from_slice(digest.data.as_ref()); + + let spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: measurement_index as u8, + measurement_specification, + measurement_size: digest.data_size + 3, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: digest.data_size, + value: digest_value, + }, + }; + + let mut measurement_record_data = [0u8; config::MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut writer = Writer::init(&mut measurement_record_data); + spdm_measurement_block_structure.encode(&mut writer).ok()?; + + Some(SpdmMeasurementRecordStructure { + number_of_blocks: 1, + measurement_record_length: u24::new(writer.used() as u32), + measurement_record_data, + }) + } + } +} + +fn generate_measurement_summary_hash_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + measurement_specification: SpdmMeasurementSpecification, + measurement_hash_algo: SpdmMeasurementHashAlgo, + measurement_summary_hash_type: SpdmMeasurementSummaryHashType, +) -> Option { + match measurement_summary_hash_type { + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll => { + let mut dummyall: [u8; 8] = [0; 8]; + dummyall.copy_from_slice("dummyall".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummyall)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb => { + let mut dummytcb: [u8; 8] = [0; 8]; + dummytcb.copy_from_slice("dummytcb".as_bytes()); + let digest = hash::hash_all(base_hash_algo, &dummytcb)?; + Some(digest) + } + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone => None, + _ => None, + } +} + +const MAX_BIN_CONCAT_BUF_SIZE: usize = 2 + 8 + 12 + SPDM_MAX_HASH_SIZE; +const SALT_0: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const ZERO_FILLED: [u8; SPDM_MAX_HASH_SIZE] = [0u8; SPDM_MAX_HASH_SIZE]; +const BIN_STR0_LABEL: &[u8] = b"derived"; + +fn handshake_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, info, base_hash_algo.get_size()) +} + +fn master_secret_hkdf_expand_impl( + spdm_version: SpdmVersion, + base_hash_algo: SpdmBaseHashAlgo, + psk_hint: &SpdmPskHintStruct, + info: &[u8], +) -> Option { + let mut psk_key: SpdmDheFinalKeyStruct = SpdmDheFinalKeyStruct { + data_size: b"TestPskData\0".len() as u16, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskData\0"); + + let buffer = &mut [0; MAX_BIN_CONCAT_BUF_SIZE]; + let bin_str0 = SpdmKeySchedule::binconcat( + &SpdmKeySchedule, + base_hash_algo.get_size(), + spdm_version, + BIN_STR0_LABEL, + None, + buffer, + )?; + + let hs_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + &SALT_0[0..base_hash_algo.get_size() as usize], + &SpdmHkdfInputKeyingMaterial::SpdmDheFinalKey(&psk_key), + )?; + let salt_1 = + crypto::hkdf::hkdf_expand(base_hash_algo, &hs_sec, bin_str0, base_hash_algo.get_size())?; + + let mst_sec = crypto::hkdf::hkdf_extract( + base_hash_algo, + salt_1.as_ref(), + &SpdmHkdfInputKeyingMaterial::SpdmZeroFilled(&SpdmZeroFilledStruct { + data_size: base_hash_algo.get_size(), + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }), + )?; + crypto::hkdf::hkdf_expand(base_hash_algo, &mst_sec, info, base_hash_algo.get_size()) +} + +fn asym_sign( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + data: &[u8], +) -> Option { + match (base_hash_algo, base_asym_algo) { + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256) => { + sign_ecdsa_asym_algo(&ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING, data) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384) => { + sign_ecdsa_asym_algo(&ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING, data) + } + _ => { + panic!(); + } + } +} + +fn sign_ecdsa_asym_algo( + algorithm: &'static ring::signature::EcdsaSigningAlgorithm, + data: &[u8], +) -> Option { + let crate_dir = get_test_key_directory(); + let key_file_path = crate_dir.join("test_key/ecp384/end_responder.key.p8"); + let der_file = std::fs::read(key_file_path).expect("unable to read key der!"); + let key_bytes = der_file.as_slice(); + + let rng = ring::rand::SystemRandom::new(); + let key_pair: ring::signature::EcdsaKeyPair = + ring::signature::EcdsaKeyPair::from_pkcs8(algorithm, key_bytes, &rng).unwrap(); + + let rng = ring::rand::SystemRandom::new(); + + let signature = key_pair.sign(&rng, data).unwrap(); + let signature = signature.as_ref(); + + let mut full_signature: [u8; SPDM_MAX_ASYM_KEY_SIZE] = [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + full_signature[..signature.len()].copy_from_slice(signature); + + Some(SpdmSignatureStruct { + data_size: signature.len() as u16, + data: full_signature, + }) +} + +fn fake_asym_sign( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + data: &[u8], +) -> Option { + match (base_hash_algo, base_asym_algo) { + (SpdmBaseHashAlgo::TPM_ALG_SHA_256, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256) => { + Some(SpdmSignatureStruct { + data_size: 64, + data: [0x5a; SPDM_MAX_ASYM_KEY_SIZE], + }) + } + (SpdmBaseHashAlgo::TPM_ALG_SHA_384, SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384) => { + Some(SpdmSignatureStruct { + data_size: 96, + data: [0x5a; SPDM_MAX_ASYM_KEY_SIZE], + }) + } + _ => { + panic!(); + } + } +} diff --git a/test/spdmlib-test/src/common/util.rs b/test/spdmlib-test/src/common/util.rs new file mode 100644 index 0000000..d846db1 --- /dev/null +++ b/test/spdmlib-test/src/common/util.rs @@ -0,0 +1,533 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(unused)] + +use super::device_io::TestSpdmDeviceIo; +use super::USE_ECDSA; +use crate::common::device_io::{MySpdmDeviceIo, TestTransportEncap}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::{ + SecuredMessageVersion, SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmDeviceIo, SpdmOpaqueSupport, + SpdmProvisionInfo, SpdmTransportEncap, DMTF_SECURE_SPDM_VERSION_10, + DMTF_SECURE_SPDM_VERSION_11, MAX_SECURE_SPDM_VERSION_COUNT, ST1, +}; +use spdmlib::config::{MAX_ROOT_CERT_SUPPORT, MAX_SPDM_MSG_SIZE}; +use spdmlib::crypto; +use spdmlib::message::SpdmMessage; +use spdmlib::protocol::*; +use spdmlib::{config, responder}; +use std::fs::File; +use std::io::Read; +use std::path::PathBuf; + +use spin::Mutex; +extern crate alloc; +use alloc::boxed::Box; +use alloc::collections::VecDeque; +use alloc::sync::Arc; +use core::ops::DerefMut; + +pub fn create_info() -> (SpdmConfigInfo, SpdmProvisionInfo) { + let config_info = SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + rsp_capabilities: SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_FRESH_CAP + | SpdmResponseCapabilityFlags::ENCRYPT_CAP + | SpdmResponseCapabilityFlags::MAC_CAP + | SpdmResponseCapabilityFlags::KEY_EX_CAP + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT + | SpdmResponseCapabilityFlags::ENCAP_CAP + | SpdmResponseCapabilityFlags::HBEAT_CAP + | SpdmResponseCapabilityFlags::KEY_UPD_CAP + | SpdmResponseCapabilityFlags::MUT_AUTH_CAP + | SpdmResponseCapabilityFlags::ENCAP_CAP, + req_capabilities: SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::ENCRYPT_CAP + | SpdmRequestCapabilityFlags::MAC_CAP + | SpdmRequestCapabilityFlags::KEY_EX_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::HBEAT_CAP + | SpdmRequestCapabilityFlags::KEY_UPD_CAP + | SpdmRequestCapabilityFlags::MUT_AUTH_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP, + rsp_ct_exponent: 0, + req_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_hash_algo: SpdmMeasurementHashAlgo::TPM_ALG_SHA_384, + base_asym_algo: SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: SpdmReqAsymAlgo::TPM_ALG_RSAPSS_2048, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: 0x1200, + max_spdm_msg_size: 0x1200, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + let mut peer_root_cert_data = SpdmCertChainData { + ..Default::default() + }; + + let crate_dir = get_test_key_directory(); + let ca_file_path = crate_dir.join("test_key/ecp384/ca.cert.der"); + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = crate_dir.join("test_key/ecp384/inter.cert.der"); + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = crate_dir.join("test_key/ecp384/end_responder.cert.der"); + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + peer_root_cert_data.data_size = (ca_len) as u16; + peer_root_cert_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + + let mut peer_root_cert_data_list = gen_array_clone(None, MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(peer_root_cert_data); + + let provision_info = SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data.clone()), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + }; + + (config_info, provision_info) +} + +pub fn new_context( + my_spdm_device_io: Arc>, + pcidoe_transport_encap: Arc>, +) -> SpdmContext { + let (config_info, provision_info) = create_info(); + let mut context = SpdmContext::new( + my_spdm_device_io, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + context +} + +pub fn new_spdm_message(value: SpdmMessage, mut context: SpdmContext) -> SpdmMessage { + let u8_slice = &mut [0u8; 1000]; + let mut writer = Writer::init(u8_slice); + value.spdm_encode(&mut context, &mut writer); + let mut reader = Reader::init(u8_slice); + let spdm_message: SpdmMessage = SpdmMessage::spdm_read(&mut context, &mut reader).unwrap(); + spdm_message +} + +pub fn req_create_info() -> (SpdmConfigInfo, SpdmProvisionInfo) { + let req_capabilities = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::CHAL_CAP + | SpdmRequestCapabilityFlags::ENCRYPT_CAP + | SpdmRequestCapabilityFlags::MAC_CAP + | SpdmRequestCapabilityFlags::KEY_EX_CAP + | SpdmRequestCapabilityFlags::PSK_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP + | SpdmRequestCapabilityFlags::HBEAT_CAP + // | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP + // | SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP + | SpdmRequestCapabilityFlags::KEY_UPD_CAP; + let req_capabilities = if cfg!(feature = "mut-auth") { + req_capabilities | SpdmRequestCapabilityFlags::MUT_AUTH_CAP + } else { + req_capabilities + }; + let config_info = SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + req_capabilities: req_capabilities, + req_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + base_asym_algo: if USE_ECDSA { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + }, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: if USE_ECDSA { + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 + }, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32, + max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut peer_root_cert_data = SpdmCertChainData { + ..Default::default() + }; + + let crate_dir = get_test_key_directory(); + let ca_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/ca.cert.der") + } else { + crate_dir.join("test_key/rsa3072/ca.cert.der") + }; + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/inter.cert.der") + } else { + crate_dir.join("test_key/rsa3072/inter.cert.der") + }; + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/end_responder.cert.der") + } else { + crate_dir.join("test_key/rsa3072/end_responder.cert.der") + }; + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + log::info!( + "total cert size - {:?} = {:?} + {:?} + {:?}", + ca_len + inter_len + leaf_len, + ca_len, + inter_len, + leaf_len + ); + peer_root_cert_data.data_size = (ca_len) as u16; + peer_root_cert_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + + let mut peer_root_cert_data_list = gen_array_clone(None, MAX_ROOT_CERT_SUPPORT); + peer_root_cert_data_list[0] = Some(peer_root_cert_data); + + let provision_info = if cfg!(feature = "mut-auth") { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + } else { + SpdmProvisionInfo { + my_cert_chain_data: [None, None, None, None, None, None, None, None], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: peer_root_cert_data_list, + } + }; + + (config_info, provision_info) +} + +pub fn rsp_create_info() -> (SpdmConfigInfo, SpdmProvisionInfo) { + let rsp_capabilities = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_FRESH_CAP + | SpdmResponseCapabilityFlags::ENCRYPT_CAP + | SpdmResponseCapabilityFlags::MAC_CAP + | SpdmResponseCapabilityFlags::KEY_EX_CAP + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT + | SpdmResponseCapabilityFlags::ENCAP_CAP + | SpdmResponseCapabilityFlags::HBEAT_CAP + // | SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP + // | SpdmResponseCapabilityFlags::PUB_KEY_ID_CAP + | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + let rsp_capabilities = if cfg!(feature = "mut-auth") { + rsp_capabilities | SpdmResponseCapabilityFlags::MUT_AUTH_CAP + } else { + rsp_capabilities + }; + let config_info = SpdmConfigInfo { + spdm_version: [ + Some(SpdmVersion::SpdmVersion10), + Some(SpdmVersion::SpdmVersion11), + Some(SpdmVersion::SpdmVersion12), + ], + rsp_capabilities: rsp_capabilities, + rsp_ct_exponent: 0, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_hash_algo: SpdmMeasurementHashAlgo::TPM_ALG_SHA_384, + base_asym_algo: if USE_ECDSA { + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmBaseAsymAlgo::TPM_ALG_RSASSA_3072 + }, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + dhe_algo: SpdmDheAlgo::SECP_384_R1, + aead_algo: SpdmAeadAlgo::AES_256_GCM, + req_asym_algo: if USE_ECDSA { + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + } else { + SpdmReqAsymAlgo::TPM_ALG_RSASSA_3072 + }, + key_schedule_algo: SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + opaque_support: SpdmOpaqueSupport::OPAQUE_DATA_FMT1, + data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32, + max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32, + heartbeat_period: config::HEARTBEAT_PERIOD, + secure_spdm_version: [ + Some(SecuredMessageVersion::try_from(0x10u8).unwrap()), + Some(SecuredMessageVersion::try_from(0x11u8).unwrap()), + ], + ..Default::default() + }; + + let mut my_cert_chain_data = SpdmCertChainData { + ..Default::default() + }; + + let crate_dir = get_test_key_directory(); + let ca_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/ca.cert.der") + } else { + crate_dir.join("test_key/rsa3072/ca.cert.der") + }; + log::info!("{}", ca_file_path.display()); + let ca_cert = std::fs::read(ca_file_path).expect("unable to read ca cert!"); + let inter_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/inter.cert.der") + } else { + crate_dir.join("test_key/rsa3072/inter.cert.der") + }; + let inter_cert = std::fs::read(inter_file_path).expect("unable to read inter cert!"); + let leaf_file_path = if USE_ECDSA { + crate_dir.join("test_key/ecp384/end_responder.cert.der") + } else { + crate_dir.join("test_key/rsa3072/end_responder.cert.der") + }; + let leaf_cert = std::fs::read(leaf_file_path).expect("unable to read leaf cert!"); + + let ca_len = ca_cert.len(); + let inter_len = inter_cert.len(); + let leaf_len = leaf_cert.len(); + log::info!( + "total cert size - {:?} = {:?} + {:?} + {:?}", + ca_len + inter_len + leaf_len, + ca_len, + inter_len, + leaf_len + ); + my_cert_chain_data.data_size = (ca_len + inter_len + leaf_len) as u16; + my_cert_chain_data.data[0..ca_len].copy_from_slice(ca_cert.as_ref()); + my_cert_chain_data.data[ca_len..(ca_len + inter_len)].copy_from_slice(inter_cert.as_ref()); + my_cert_chain_data.data[(ca_len + inter_len)..(ca_len + inter_len + leaf_len)] + .copy_from_slice(leaf_cert.as_ref()); + + let provision_info = SpdmProvisionInfo { + my_cert_chain_data: [ + Some(my_cert_chain_data), + None, + None, + None, + None, + None, + None, + None, + ], + my_cert_chain: [None, None, None, None, None, None, None, None], + peer_root_cert_data: gen_array_clone(None, MAX_ROOT_CERT_SUPPORT), + }; + + (config_info, provision_info) +} + +pub fn get_test_key_directory() -> PathBuf { + let crate_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR")); + let crate_dir = crate_dir + .parent() + .expect("can't find parent dir") + .parent() + .expect("can't find parent dir"); + crate_dir.to_path_buf() +} + +pub fn get_rsp_cert_chain_buff() -> SpdmCertChainBuffer { + let hash_algo = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let cert_chain = include_bytes!("../../../../test_key/ecp384/bundle_responder.certchain.der"); + + let (root_cert_begin, root_cert_end) = + crypto::cert_operation::get_cert_from_cert_chain(cert_chain, 0) + .expect("Get provisioned root cert failed"); + + let root_cert_hash = + crypto::hash::hash_all(hash_algo, &cert_chain[root_cert_begin..root_cert_end]) + .expect("Must provide hash algo"); + SpdmCertChainBuffer::new(cert_chain, root_cert_hash.as_ref()) + .expect("Create format certificate chain failed.") +} + +#[derive(Debug, PartialEq, Eq)] +pub struct TestSpdmMessage { + pub message: crate::protocol::Message, + pub secure: u8, // secure message +} + +#[derive(Debug, PartialEq, Eq)] +pub struct TestCase { + pub input: Vec, + pub expected: Vec, +} + +impl TestCase { + pub fn config() -> (SpdmConfigInfo, SpdmProvisionInfo) { + create_info() + } + + pub fn input_to_vec(&self, cb: fn(secure: u8, bufer: &[u8]) -> VecDeque) -> VecDeque { + let mut ret = VecDeque::new(); + for data in &self.input { + let mut buffer = vec![0u8; MAX_SPDM_MSG_SIZE]; + let writer = &mut Writer::init(&mut buffer[..]); + let len = data + .message + .encode(writer) + .expect("Error to encode input message"); + ret.extend((cb)(data.secure, &buffer[..len]).iter()) + } + ret + } + pub fn expected_to_vec( + &self, + cb: fn(secure: u8, bufer: &[u8]) -> VecDeque, + ) -> VecDeque { + let mut ret = VecDeque::new(); + for data in &self.expected { + let mut buffer = vec![0u8; MAX_SPDM_MSG_SIZE]; + let writer = &mut Writer::init(&mut buffer[..]); + let len = data + .message + .encode(writer) + .expect("Error to encode input message"); + ret.extend((cb)(data.secure, &buffer[..len]).iter()) + } + ret + } + + pub fn get_certificate_chain_buffer( + hash_algo: SpdmBaseHashAlgo, + cert_chain: &[u8], + ) -> SpdmCertChainBuffer { + let (root_cert_begin, root_cert_end) = + crypto::cert_operation::get_cert_from_cert_chain(cert_chain, 0) + .expect("Get provisioned root cert failed"); + + let root_cert_hash = + crypto::hash::hash_all(hash_algo, &cert_chain[root_cert_begin..root_cert_end]) + .expect("Must provide hash algo"); + SpdmCertChainBuffer::new(cert_chain, root_cert_hash.as_ref()) + .expect("Create format certificate chain failed.") + } +} + +pub struct ResponderRunner; +impl ResponderRunner { + pub fn run(case: TestCase, cb: fn(secure: u8, bufer: &[u8]) -> VecDeque) -> bool { + use super::secret_callback::FAKE_SECRET_ASYM_IMPL_INSTANCE; + use crate::common::crypto_callback::{FAKE_AEAD, FAKE_ASYM_VERIFY, FAKE_RAND}; + spdmlib::crypto::aead::register(FAKE_AEAD.clone()); + spdmlib::crypto::rand::register(FAKE_RAND.clone()); + spdmlib::crypto::asym_verify::register(FAKE_ASYM_VERIFY.clone()); + spdmlib::secret::asym_sign::register(FAKE_SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut output = Arc::new(Mutex::new(VecDeque::::new())); + let mut rx = Arc::new(Mutex::new(case.input_to_vec(cb))); + let mut output_ref = Arc::clone(&output); + log::debug!("intput : {:02x?}", rx.lock().make_contiguous()); + let future = async { + let mut device_io = TestSpdmDeviceIo::new(rx, output_ref); + let mut transport_encap = TestTransportEncap; + let (config_info, provision_info) = TestCase::config(); + let mut context = responder::ResponderContext::new( + Arc::new(Mutex::new(device_io)), + Arc::new(Mutex::new(transport_encap)), + config_info, + provision_info, + ); + let raw_packet = &mut [0u8; spdmlib::config::RECEIVER_BUFFER_SIZE]; + loop { + let result = context.process_message(false, 0, raw_packet).await; + match result { + Err(nread) => { + if nread == 0 { + break; + } + } + Ok(_) => continue, + } + } + }; + executor::block_on(future); + // Check Result + // output and case.expected + let mut expected = case.expected_to_vec(cb); + let mut output = output.lock(); + let output = output.make_contiguous(); + let expected = expected.make_contiguous(); + log::debug!("output : {:02x?}\n", output); + log::debug!("expected: {:02x?}\n", expected); + output == expected + } +} diff --git a/test/spdmlib-test/src/lib.rs b/test/spdmlib-test/src/lib.rs new file mode 100644 index 0000000..d094d79 --- /dev/null +++ b/test/spdmlib-test/src/lib.rs @@ -0,0 +1,22 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +pub mod common; +pub mod protocol; + +#[cfg(test)] +mod test_client_server; +#[cfg(test)] +mod test_library; + +#[cfg(test)] +mod requester_tests; + +#[cfg(test)] +mod responder_tests; + +#[cfg(test)] +mod watchdog_impl_sample; diff --git a/test/spdmlib-test/src/protocol/algorithm.rs b/test/spdmlib-test/src/protocol/algorithm.rs new file mode 100644 index 0000000..131b6a9 --- /dev/null +++ b/test/spdmlib-test/src/protocol/algorithm.rs @@ -0,0 +1,174 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; + +const ALG_STRUCT_SIZE: usize = 4usize; + +#[derive(Debug, PartialEq, Eq)] +pub struct NEGOTIATE_ALGORITHMS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Length: u16, + pub MeasurementSpecification: u8, + pub OtherParamsSupport: u8, + pub BaseAsymAlgo: u32, + pub BaseHashAlgo: u32, + pub _Reserved1: [u8; 12], + pub ExtAsymCount: u8, + pub ExtHashCount: u8, + pub _Reserved2: [u8; 2], + pub ExtAsym: Vec, + pub Exthash: Vec, + pub AlgStruct: Vec<[u8; ALG_STRUCT_SIZE]>, +} + +#[derive(Debug, PartialEq, Eq)] +pub struct ALGORITHMS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, // number of AlgStruct + pub Param2: u8, + pub Length: u16, + pub MeasurementSpecification: u8, + pub OtherParamsSupport: u8, + // Response have this extra(MeasurementHashAlgo) field than the requester + pub MeasurementHashAlgo: u32, + pub BaseAsymAlgo: u32, + pub BaseHashAlgo: u32, + pub _Reserved1: [u8; 12], + pub ExtAsymCount: u8, + pub ExtHashCount: u8, + pub _Reserved2: [u8; 2], + pub ExtAsym: Vec, + pub Exthash: Vec, + pub AlgStruct: Vec<[u8; ALG_STRUCT_SIZE]>, +} + +impl Codec for NEGOTIATE_ALGORITHMS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.Length.encode(bytes)?; + let _ = self.MeasurementSpecification.encode(bytes)?; + let _ = self.OtherParamsSupport.encode(bytes)?; + let _ = self.BaseAsymAlgo.encode(bytes)?; + let _ = self.BaseHashAlgo.encode(bytes)?; + let _ = self._Reserved1.encode(bytes)?; + let _ = self.ExtAsymCount.encode(bytes)?; + let _ = self.ExtHashCount.encode(bytes)?; + let _ = self._Reserved2.encode(bytes)?; + let _ = self.ExtAsym.encode(bytes)?; + let _ = self.Exthash.encode(bytes)?; + let _ = self.AlgStruct.encode(bytes)?; + assert_eq!(bytes.used() - used, self.Length as usize); + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let Length = u16::read(reader)?; + let MeasurementSpecification = u8::read(reader)?; + let OtherParamsSupport = u8::read(reader)?; + let BaseAsymAlgo = u32::read(reader)?; + let BaseHashAlgo = u32::read(reader)?; + let _Reserved1 = <[u8; 12]>::read(reader)?; + let ExtAsymCount = u8::read(reader)?; + let ExtHashCount = u8::read(reader)?; + let _Reserved2 = <[u8; 2]>::read(reader)?; + let ExtAsym: Vec = Vec::::read_vec(reader, ExtAsymCount as usize * 4)?; + let Exthash: Vec = Vec::::read_vec(reader, ExtAsymCount as usize * 4)?; + let AlgStruct = Vec::<[u8; ALG_STRUCT_SIZE]>::read_vec(reader, Param1 as usize)?; + Some(NEGOTIATE_ALGORITHMS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Length, + MeasurementSpecification, + OtherParamsSupport, + BaseAsymAlgo, + BaseHashAlgo, + _Reserved1, + ExtAsymCount, + ExtHashCount, + _Reserved2, + ExtAsym, + Exthash, + AlgStruct, + }) + } +} + +impl Codec for ALGORITHMS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.Length.encode(bytes)?; + let _ = self.MeasurementSpecification.encode(bytes)?; + let _ = self.OtherParamsSupport.encode(bytes)?; + let _ = self.MeasurementHashAlgo.encode(bytes)?; + let _ = self.BaseAsymAlgo.encode(bytes)?; + let _ = self.BaseHashAlgo.encode(bytes)?; + let _ = self._Reserved1.encode(bytes)?; + let _ = self.ExtAsymCount.encode(bytes)?; + let _ = self.ExtHashCount.encode(bytes)?; + let _ = self._Reserved2.encode(bytes)?; + let _ = self.ExtAsym.encode(bytes)?; + let _ = self.Exthash.encode(bytes)?; + let _ = self.AlgStruct.encode(bytes)?; + assert_eq!(bytes.used() - used, self.Length as usize); + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let Length = u16::read(reader)?; + let MeasurementSpecification = u8::read(reader)?; + let OtherParamsSupport = u8::read(reader)?; + let MeasurementHashAlgo = u32::read(reader)?; + let BaseAsymAlgo = u32::read(reader)?; + let BaseHashAlgo = u32::read(reader)?; + let _Reserved1 = <[u8; 12]>::read(reader)?; + let ExtAsymCount = u8::read(reader)?; + let ExtHashCount = u8::read(reader)?; + let _Reserved2 = <[u8; 2]>::read(reader)?; + let ExtAsym: Vec = Vec::::read_vec(reader, ExtAsymCount as usize * 4)?; + let Exthash: Vec = Vec::::read_vec(reader, ExtAsymCount as usize * 4)?; + let AlgStruct = Vec::<[u8; ALG_STRUCT_SIZE]>::read_vec(reader, Param1 as usize)?; + Some(ALGORITHMS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Length, + MeasurementSpecification, + OtherParamsSupport, + MeasurementHashAlgo, + BaseAsymAlgo, + BaseHashAlgo, + _Reserved1, + ExtAsymCount, + ExtHashCount, + _Reserved2, + ExtAsym, + Exthash, + AlgStruct, + }) + } +} diff --git a/test/spdmlib-test/src/protocol/capability.rs b/test/spdmlib-test/src/protocol/capability.rs new file mode 100644 index 0000000..9755c98 --- /dev/null +++ b/test/spdmlib-test/src/protocol/capability.rs @@ -0,0 +1,117 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; + +#[derive(Debug, PartialEq, Eq)] +pub struct GET_CAPABILITIES { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub _Reserved: u8, + pub CTExponent: u8, + pub _Reserved2: u16, + pub Flags: u32, + pub DataTransferSize: u32, + pub MaxSPDMmsgSize: u32, +} + +#[derive(Debug, PartialEq, Eq)] +pub struct CAPABILITIES { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub _Reserved: u8, + pub CTExponent: u8, + pub _Reserved2: u16, + pub Flags: u32, + pub DataTransferSize: u32, + pub MaxSPDMmsgSize: u32, +} + +impl Codec for GET_CAPABILITIES { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self._Reserved.encode(bytes)?; + let _ = self.CTExponent.encode(bytes)?; + let _ = self._Reserved2.encode(bytes)?; + let _ = self.Flags.encode(bytes)?; + let _ = self.DataTransferSize.encode(bytes)?; + let _ = self.MaxSPDMmsgSize.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let _Reserved = u8::read(reader)?; + let CTExponent = u8::read(reader)?; + let _Reserved2 = u16::read(reader)?; + let Flags = u32::read(reader)?; + let DataTransferSize = u32::read(reader)?; + let MaxSPDMmsgSize = u32::read(reader)?; + Some(GET_CAPABILITIES { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + _Reserved, + CTExponent, + _Reserved2, + Flags, + DataTransferSize, + MaxSPDMmsgSize, + }) + } +} + +impl Codec for CAPABILITIES { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self._Reserved.encode(bytes)?; + let _ = self.CTExponent.encode(bytes)?; + let _ = self._Reserved2.encode(bytes)?; + let _ = self.Flags.encode(bytes)?; + let _ = self.DataTransferSize.encode(bytes)?; + let _ = self.MaxSPDMmsgSize.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let _Reserved = u8::read(reader)?; + let CTExponent = u8::read(reader)?; + let _Reserved2 = u16::read(reader)?; + let Flags = u32::read(reader)?; + let DataTransferSize = u32::read(reader)?; + let MaxSPDMmsgSize = u32::read(reader)?; + Some(CAPABILITIES { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + _Reserved, + CTExponent, + _Reserved2, + Flags, + DataTransferSize, + MaxSPDMmsgSize, + }) + } +} diff --git a/test/spdmlib-test/src/protocol/certificate.rs b/test/spdmlib-test/src/protocol/certificate.rs new file mode 100644 index 0000000..d1ca084 --- /dev/null +++ b/test/spdmlib-test/src/protocol/certificate.rs @@ -0,0 +1,90 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; + +#[derive(Debug, PartialEq, Eq)] +pub struct GET_CERTIFICATE { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Offset: u16, + pub Length: u16, +} + +impl Codec for GET_CERTIFICATE { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.Offset.encode(bytes)?; + let _ = self.Length.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let Offset = u16::read(reader)?; + let Length = u16::read(reader)?; + Some(GET_CERTIFICATE { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Offset, + Length, + }) + } +} + +#[derive(Debug, PartialEq, Eq)] +pub struct CERTIFICATE { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub PortionLength: u16, + pub RemainderLength: u16, + pub CertChain: Vec, +} + +impl Codec for CERTIFICATE { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.PortionLength.encode(bytes)?; + let _ = self.RemainderLength.encode(bytes)?; + let _ = self.CertChain.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let PortionLength = u16::read(reader)?; + let RemainderLength = u16::read(reader)?; + let CertChain = Vec::::read_vec(reader, PortionLength as usize)?; + + Some(CERTIFICATE { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + PortionLength, + RemainderLength, + CertChain, + }) + } +} diff --git a/test/spdmlib-test/src/protocol/challenge.rs b/test/spdmlib-test/src/protocol/challenge.rs new file mode 100644 index 0000000..3045036 --- /dev/null +++ b/test/spdmlib-test/src/protocol/challenge.rs @@ -0,0 +1,105 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; + +#[derive(Debug, PartialEq, Eq)] +pub struct CHALLENGE { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Nonce: [u8; 32], +} + +impl Codec for CHALLENGE { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.Nonce.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let Nonce = <[u8; 32]>::read(reader)?; + Some(CHALLENGE { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Nonce, + }) + } +} + +#[derive(Debug, PartialEq, Eq)] +pub struct CHALLENGE_AUTH { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub CertChainHash: Vec, // Size(bytes) H + pub Nonce: [u8; 32], + pub MeasurementSummaryHash: Vec, + pub OpaqueDataLength: u16, + pub OpaqueData: Vec, + pub Signature: Vec, // Size(bytes) SigLen +} + +impl CHALLENGE_AUTH { + pub fn new(reader: &mut codec::Reader, H: usize, SigLen: usize) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let CertChainHash: Vec = Vec::::read_vec(reader, H)?; + let Nonce = <[u8; 32]>::read(reader)?; + let MeasurementSummaryHash: Vec = Vec::::read_vec(reader, H)?; + let OpaqueDataLength = u16::read(reader)?; + let OpaqueData: Vec = Vec::::read_vec(reader, OpaqueDataLength as usize)?; + let Signature: Vec = Vec::::read_vec(reader, SigLen as usize)?; + + Some(CHALLENGE_AUTH { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + CertChainHash, + Nonce, + MeasurementSummaryHash, + OpaqueDataLength, + OpaqueData, + Signature, + }) + } +} + +impl Codec for CHALLENGE_AUTH { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.CertChainHash.encode(bytes)?; + let _ = self.Nonce.encode(bytes)?; + let _ = self.MeasurementSummaryHash.encode(bytes)?; + let _ = self.OpaqueDataLength.encode(bytes)?; + let _ = self.OpaqueData.encode(bytes)?; + let _ = self.Signature.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(_: &mut codec::Reader) -> Option { + // We don't know the size of H and SigLen in current context + panic!("Not support, use CHALLENGE_AUTH::new instead!") + } +} diff --git a/test/spdmlib-test/src/protocol/digest.rs b/test/spdmlib-test/src/protocol/digest.rs new file mode 100644 index 0000000..937bf46 --- /dev/null +++ b/test/spdmlib-test/src/protocol/digest.rs @@ -0,0 +1,98 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::Codec; +#[derive(Debug, PartialEq, Eq)] +pub struct GET_DIGESTS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, +} + +impl Codec for GET_DIGESTS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + Some(GET_DIGESTS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + }) + } +} + +#[derive(Debug, PartialEq, Eq)] +pub struct DIGESTS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Digest: Vec>, +} + +impl DIGESTS { + pub fn new(reader: &mut codec::Reader, H: usize) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let count = Param2.count_ones(); + let mut Digest = Vec::new(); + for _ in 0..count { + let CertChainHash: Vec = Vec::::read_vec(reader, H)?; + Digest.push(CertChainHash); + } + + Some(DIGESTS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Digest, + }) + } +} + +impl Codec for DIGESTS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + for d in self.Digest.as_slice() { + let _ = d.encode(bytes)?; + } + Ok(bytes.used() - used) + } + + fn read(_: &mut codec::Reader) -> Option { + // We don't know the size of H and SigLen in current context + panic!("Not support, use CHALLENGE_AUTH::new instead!") + } +} + +#[test] +fn test() { + let number: u8 = 0b1010_1100; // Example u8 with 8 bits + + // Iterate over each bit from right to left + for i in (0..8).rev() { + let bit = (number >> i) & 1; + println!("Bit {} is {}", i, bit); + } +} diff --git a/test/spdmlib-test/src/protocol/measurement.rs b/test/spdmlib-test/src/protocol/measurement.rs new file mode 100644 index 0000000..761a34a --- /dev/null +++ b/test/spdmlib-test/src/protocol/measurement.rs @@ -0,0 +1,125 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use codec::{u24, Codec}; + +#[derive(Debug, PartialEq, Eq)] +pub struct GET_MEASUREMENTS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Nonce: Option>, + pub SlotIDParam: Option, +} + +const NONCE_LEN: usize = 32; + +impl Codec for GET_MEASUREMENTS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + if self.Param1 & 0b1 == 0b1 { + let _ = self.Nonce.as_ref().ok_or(codec::EncodeErr)?.encode(bytes)?; + let _ = self.SlotIDParam.ok_or(codec::EncodeErr)?.encode(bytes)?; + } + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let (Nonce, SlotIDParam) = if Param1 & 0b1 == 0b1 { + // This field is only present if Bit [0] of Param1 is 1 + ( + Some(Vec::::read_vec(reader, NONCE_LEN)?), + Some(u8::read(reader)?), + ) + } else { + (None, None) + }; + + Some(GET_MEASUREMENTS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Nonce, + SlotIDParam, + }) + } +} + +#[derive(Debug, PartialEq, Eq)] +pub struct MEASUREMENTS { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub NumberOfBlocks: u8, + pub MeasurementRecordLength: u32, // This field size is 3 bytes + pub MeasurementRecordData: Vec, + pub Nonce: [u8; 32], + pub OpaqueDataLength: u16, + pub OpaqueData: Vec, + pub Signature: Vec, +} + +impl MEASUREMENTS { + pub fn new(reader: &mut codec::Reader, SigLen: usize) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let NumberOfBlocks = u8::read(reader)?; + let MeasurementRecordLength = u24::read(reader)?.get(); + let MeasurementRecordData: Vec = + Vec::::read_vec(reader, MeasurementRecordLength as usize)?; + let Nonce = <[u8; NONCE_LEN]>::read(reader)?; + let OpaqueDataLength = u16::read(reader)?; + let OpaqueData: Vec = Vec::::read_vec(reader, OpaqueDataLength as usize)?; + let Signature: Vec = Vec::::read_vec(reader, SigLen)?; + + Some(MEASUREMENTS { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + NumberOfBlocks, + MeasurementRecordLength, + MeasurementRecordData, + Nonce, + OpaqueDataLength, + OpaqueData, + Signature, + }) + } +} + +impl Codec for MEASUREMENTS { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.NumberOfBlocks.encode(bytes)?; + let _ = u24::new(self.MeasurementRecordLength).encode(bytes)?; + let _ = self.MeasurementRecordData.encode(bytes)?; + let _ = self.Nonce.encode(bytes)?; + let _ = self.OpaqueDataLength.encode(bytes)?; + let _ = self.OpaqueData.encode(bytes)?; + let _ = self.Signature.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(_reader: &mut codec::Reader) -> Option { + panic!("Not support, use MEASUREMENTS::new instead!") + } +} diff --git a/test/spdmlib-test/src/protocol/mod.rs b/test/spdmlib-test/src/protocol/mod.rs new file mode 100644 index 0000000..91fb224 --- /dev/null +++ b/test/spdmlib-test/src/protocol/mod.rs @@ -0,0 +1,86 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +// The naming rules are ignored here to align with spdmspec +#![allow(non_snake_case)] +#![allow(non_camel_case_types)] + +use codec::Codec; + +pub mod algorithm; +pub mod capability; +pub mod certificate; +pub mod challenge; +pub mod digest; +pub mod measurement; +pub mod version; + +#[derive(Debug, PartialEq, Eq)] +pub enum Message { + GET_VERSION(version::GET_VERSION), + VERSION(version::VERSION), + GET_CAPABILITIES(capability::GET_CAPABILITIES), + CAPABILITIES(capability::CAPABILITIES), + NEGOTIATE_ALGORITHMS(algorithm::NEGOTIATE_ALGORITHMS), + ALGORITHMS(algorithm::ALGORITHMS), + GET_CERTIFICATE(certificate::GET_CERTIFICATE), + CERTIFICATE(certificate::CERTIFICATE), + CHALLENGE(challenge::CHALLENGE), + CHALLENGE_AUTH(challenge::CHALLENGE_AUTH), + GET_DIGESTS(digest::GET_DIGESTS), + DIGESTS(digest::DIGESTS), + GET_MEASUREMENTS(measurement::GET_MEASUREMENTS), + MEASUREMENTS(measurement::MEASUREMENTS), +} + +impl Codec for Message { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + match self { + Message::GET_VERSION(m) => m.encode(bytes), + Message::VERSION(m) => m.encode(bytes), + Message::GET_CAPABILITIES(m) => m.encode(bytes), + Message::CAPABILITIES(m) => m.encode(bytes), + Message::NEGOTIATE_ALGORITHMS(m) => m.encode(bytes), + Message::ALGORITHMS(m) => m.encode(bytes), + Message::GET_CERTIFICATE(m) => m.encode(bytes), + Message::CERTIFICATE(m) => m.encode(bytes), + Message::CHALLENGE(m) => m.encode(bytes), + Message::CHALLENGE_AUTH(m) => m.encode(bytes), + Message::GET_DIGESTS(m) => m.encode(bytes), + Message::DIGESTS(m) => m.encode(bytes), + Message::GET_MEASUREMENTS(m) => m.encode(bytes), + Message::MEASUREMENTS(m) => m.encode(bytes), + } + } + + fn read(reader: &mut codec::Reader) -> Option { + let header = reader.rest(); + if header.len() < 4 { + return None; + } + let reader = &mut codec::Reader::init(header); + let RequestResponseCode = header[1]; + match RequestResponseCode { + 0x84 => Some(Message::GET_VERSION(version::GET_VERSION::read(reader)?)), + 0x04 => Some(Message::VERSION(version::VERSION::read(reader)?)), + 0xE1 => Some(Message::GET_CAPABILITIES( + capability::GET_CAPABILITIES::read(reader)?, + )), + 0x61 => Some(Message::CAPABILITIES(capability::CAPABILITIES::read( + reader, + )?)), + 0xE3 => Some(Message::NEGOTIATE_ALGORITHMS( + algorithm::NEGOTIATE_ALGORITHMS::read(reader)?, + )), + 0x63 => Some(Message::ALGORITHMS(algorithm::ALGORITHMS::read(reader)?)), + 0x82 => Some(Message::GET_CERTIFICATE( + certificate::GET_CERTIFICATE::read(reader)?, + )), + 0x02 => Some(Message::CERTIFICATE(certificate::CERTIFICATE::read( + reader, + )?)), + _ => panic!("not support type"), + } + } +} diff --git a/test/spdmlib-test/src/protocol/version.rs b/test/spdmlib-test/src/protocol/version.rs new file mode 100644 index 0000000..c52369f --- /dev/null +++ b/test/spdmlib-test/src/protocol/version.rs @@ -0,0 +1,82 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +// Follow SPDM spec field name. +use codec::Codec; + +#[derive(Debug, PartialEq, Eq)] +pub struct GET_VERSION { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, +} + +#[derive(Debug, PartialEq, Eq)] +pub struct VERSION { + pub SPDMVersion: u8, + pub RequestResponseCode: u8, + pub Param1: u8, + pub Param2: u8, + pub Reserved: u8, + pub VersionNumberEntryCount: u8, + pub VersionNumberEntry: Vec, +} + +impl Codec for GET_VERSION { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + Some(GET_VERSION { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + }) + } +} + +impl Codec for VERSION { + fn encode(&self, bytes: &mut codec::Writer) -> Result { + let used = bytes.used(); + let _ = self.SPDMVersion.encode(bytes)?; + let _ = self.RequestResponseCode.encode(bytes)?; + let _ = self.Param1.encode(bytes)?; + let _ = self.Param2.encode(bytes)?; + let _ = self.Reserved.encode(bytes)?; + let _ = self.VersionNumberEntryCount.encode(bytes)?; + let _ = self.VersionNumberEntry.encode(bytes)?; + Ok(bytes.used() - used) + } + + fn read(reader: &mut codec::Reader) -> Option { + let SPDMVersion = u8::read(reader)?; + let RequestResponseCode = u8::read(reader)?; + let Param1 = u8::read(reader)?; + let Param2 = u8::read(reader)?; + let Reserved = u8::read(reader)?; + let VersionNumberEntryCount = u8::read(reader)?; + let VersionNumberEntry = Vec::::read_vec(reader, VersionNumberEntryCount as usize)?; + Some(VERSION { + SPDMVersion, + RequestResponseCode, + Param1, + Param2, + Reserved, + VersionNumberEntryCount, + VersionNumberEntry, + }) + } +} diff --git a/test/spdmlib-test/src/requester_tests/challenge_req.rs b/test/spdmlib-test/src/requester_tests/challenge_req.rs new file mode 100644 index 0000000..2a28593 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/challenge_req.rs @@ -0,0 +1,107 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_RAND; +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, get_rsp_cert_chain_buff}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{config, crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_send_receive_spdm_challenge() { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = PciDoeTransportEncap {}; + let pcidoe_transport_encap = Arc::new(Mutex::new(pcidoe_transport_encap)); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::rand::register(FAKE_RAND.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.reset_runtime_info(); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.runtime_info.need_measurement_summary_hash = true; + + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = PciDoeTransportEncap {}; + let pcidoe_transport_encap2 = Arc::new(Mutex::new(pcidoe_transport_encap2)); + let responder = Arc::new(Mutex::new(responder)); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + responder, + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.reset_runtime_info(); + + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + requester.common.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.runtime_info.need_measurement_summary_hash = true; + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let task = async move { + let status = requester + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + log::info!("{:?}", status); + }; + executor::block_on(task); +} diff --git a/test/spdmlib-test/src/requester_tests/context.rs b/test/spdmlib-test/src/requester_tests/context.rs new file mode 100644 index 0000000..7da3091 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/context.rs @@ -0,0 +1,374 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use crate::watchdog_impl_sample::init_watchdog; +use codec::Writer; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmCodec; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{config, protocol, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_start_session() { + init_watchdog(); + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let mut transcript_vca = None; + let status = requester.init_connection(&mut transcript_vca).await.is_ok(); + assert!(status); + + let status = requester.send_receive_spdm_digest(None).await.is_ok(); + assert!(status); + + let status = requester + .send_receive_spdm_certificate(None, 0) + .await + .is_ok(); + assert!(status); + + #[cfg(feature = "mut-auth")] + { + requester.common.negotiate_info.req_asym_sel = + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + } + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert!(result.is_ok()); + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert!(result.is_ok()); + + let result = requester + .start_session( + true, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert!(result.is_ok()); + }; + executor::block_on(future); +} + +#[test] +fn test_case0_get_next_half_session() { + let future = async { + init_watchdog(); + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let mut transcript_vca = None; + let status = requester.init_connection(&mut transcript_vca).await.is_ok(); + assert!(status); + + let status = requester.send_receive_spdm_digest(None).await.is_ok(); + assert!(status); + + let status = requester + .send_receive_spdm_certificate(None, 0) + .await + .is_ok(); + assert!(status); + + #[cfg(feature = "mut-auth")] + { + requester.common.negotiate_info.req_asym_sel = + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + } + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert_eq!(result.unwrap(), 0xfffdfffd); + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert_eq!(result.unwrap(), 0xfffcfffc); + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert_eq!(result.unwrap(), 0xfffbfffb); + + let result = requester + .start_session( + true, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert_eq!(result.unwrap(), 0xfffafffa); + + let result = requester.end_session(0xfffbfffb).await; + assert!(result.is_ok()); + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert_eq!(result.unwrap(), 0xfffbfffb); + + let result = requester + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + ) + .await; + assert!(result.is_err()); + }; + executor::block_on(future); +} + +#[test] +fn test_case0_receive_secured_message() { + let future = async { + init_watchdog(); + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.base_hash_sel = protocol::SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(session_id).unwrap(); + responder.common.session[0].set_crypto_param( + protocol::SpdmBaseHashAlgo::TPM_ALG_SHA_384, + protocol::SpdmDheAlgo::SECP_384_R1, + protocol::SpdmAeadAlgo::AES_256_GCM, + protocol::SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(responder.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + responder.common.session[0] + .set_session_state(spdmlib::common::session::SpdmSessionState::SpdmSessionEstablished); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = protocol::SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(session_id).unwrap(); + requester.common.session[0].set_crypto_param( + protocol::SpdmBaseHashAlgo::TPM_ALG_SHA_384, + protocol::SpdmDheAlgo::SECP_384_R1, + protocol::SpdmAeadAlgo::AES_256_GCM, + protocol::SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(requester.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + requester.common.session[0] + .set_session_state(spdmlib::common::session::SpdmSessionState::SpdmSessionEstablished); + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + + let request = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion11, + request_response_code: SpdmRequestResponseCode::SpdmRequestEndSession, + }, + payload: SpdmMessagePayload::SpdmEndSessionRequest(SpdmEndSessionRequestPayload { + end_session_request_attributes: SpdmEndSessionRequestAttributes::empty(), + }), + }; + assert!(request + .spdm_encode(&mut requester.common, &mut writer) + .is_ok()); + let used = writer.used(); + + let status = requester + .send_message(Some(session_id), &send_buffer[..used], false) + .await + .is_ok(); + assert!(status); + + let mut receive_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + + let status = requester + .receive_message(Some(session_id), &mut receive_buffer, false) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/encap_certificate.rs b/test/spdmlib-test/src/requester_tests/encap_certificate.rs new file mode 100644 index 0000000..b83cb05 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/encap_certificate.rs @@ -0,0 +1,89 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{message::*, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +const CERT_PORTION_LEN: usize = 512; + +#[test] +fn test_encap_handle_get_certificate() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 1024u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_request = &mut [0u8; 1024]; + let mut writer = Writer::init(encap_request); + let get_cert = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }, + payload: SpdmMessagePayload::SpdmGetCertificateRequest(SpdmGetCertificateRequestPayload { + slot_id: 0, + offset: 0, + length: CERT_PORTION_LEN as u16, + }), + }; + assert!(get_cert + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + let encap_response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_response); + + context.encap_handle_get_certificate(encap_request, &mut writer); + let mut reader = Reader::init(encap_response); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let cert_rsp = + SpdmCertificateResponsePayload::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCertificate + ); + assert_eq!(cert_rsp.portion_length, 512); + assert_eq!(cert_rsp.remainder_length, 512); + assert_eq!(cert_rsp.slot_id, 0); +} diff --git a/test/spdmlib-test/src/requester_tests/encap_digest.rs b/test/spdmlib-test/src/requester_tests/encap_digest.rs new file mode 100644 index 0000000..a92b664 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/encap_digest.rs @@ -0,0 +1,80 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::{message::*, requester, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_encap_handle_get_digest() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_request = &mut [0u8; 1024]; + let mut writer = Writer::init(encap_request); + let get_digest = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }, + payload: SpdmMessagePayload::SpdmGetDigestsRequest(SpdmGetDigestsRequestPayload {}), + }; + assert!(get_digest + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + let encap_response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_response); + + context.encap_handle_get_digest(encap_request, &mut writer); + let mut reader = Reader::init(encap_response); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let digest_rsp = + SpdmDigestsResponsePayload::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseDigests + ); + assert_eq!(digest_rsp.slot_mask, 1); +} diff --git a/test/spdmlib-test/src/requester_tests/encap_error.rs b/test/spdmlib-test/src/requester_tests/encap_error.rs new file mode 100644 index 0000000..8ffc05f --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/encap_error.rs @@ -0,0 +1,50 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::{message::*, requester}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_encode_encap_error_response() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = requester::RequesterContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let encap_response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_response); + context.encode_encap_error_response(SpdmErrorCode::SpdmErrorInvalidRequest, 0xa, &mut writer); + + let mut reader = Reader::init(encap_response); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let error_rsp = SpdmErrorResponsePayload::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(reader.used(), 4); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseError + ); + assert_eq!(error_rsp.error_code, SpdmErrorCode::SpdmErrorInvalidRequest); + assert_eq!(error_rsp.error_data, 0xa); +} diff --git a/test/spdmlib-test/src/requester_tests/encap_req.rs b/test/spdmlib-test/src/requester_tests/encap_req.rs new file mode 100644 index 0000000..5a9c98c --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/encap_req.rs @@ -0,0 +1,332 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_HMAC; +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::session::{self, SpdmSession}; +use spdmlib::common::{ + SpdmCodec, SpdmConfigInfo, SpdmConnectionState, SpdmDeviceIo, SpdmProvisionInfo, + SpdmTransportEncap, +}; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{crypto, message::*, secret}; + +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +const SESSION_ID: u32 = 4294901758; +const CERT_PORTION_LEN: usize = 512; + +#[test] +fn test_send_get_encapsulated_request() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = PciDoeTransportEncap {}; + let pcidoe_transport_encap = Arc::new(Mutex::new(pcidoe_transport_encap)); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + assert!(context + .send_get_encapsulated_request(SESSION_ID) + .await + .is_ok()); + + // Get data sent by requester and decode the secured message + let receive: &mut [u8] = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + + let request = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], request) + .await + .unwrap(); + + let mut reader = Reader::init(&request[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmGetEncapsulatedRequestPayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest + ); + assert!(payload.is_some()); + }; + executor::block_on(future); +} + +#[test] +fn test_receive_encapsulated_request() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + // Encode the spdm message sent by responder + let response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(response); + let header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmResponseEncapsulatedRequest, + }; + assert!(header.encode(&mut writer).is_ok()); + let payload = SpdmEncapsulatedRequestPayload { request_id: 0xa }; + assert!(payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + let encap_header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetDigests, + }; + assert!(encap_header.encode(&mut writer).is_ok()); + let encap_payload = SpdmGetDigestsRequestPayload {}; + assert!(encap_payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + // Set the data from responder to device io and encode as secured message + let send = &mut [0u8; config::SENDER_BUFFER_SIZE]; + let size = context + .common + .encode_secured_message(SESSION_ID, writer.used_slice(), send, true, false) + .await + .unwrap(); + + { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + assert!(device_io.send(Arc::new(&send[..size])).await.is_ok()); + } + + assert!(context + .receive_encapsulated_request(SESSION_ID) + .await + .is_ok()); + + // Get data sent by requester and decode the secured message + let receive: &mut [u8] = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + + let request = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], request) + .await + .unwrap(); + + // Verify the message sent by requester + let mut reader = Reader::init(&request[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmDeliverEncapsulatedResponsePayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse + ); + assert_eq!(payload.request_id, 0xa); + + let encap_header = SpdmMessageHeader::read(&mut reader).unwrap(); + let encap_payload = SpdmDigestsResponsePayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(encap_header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + encap_header.request_response_code, + SpdmRequestResponseCode::SpdmResponseDigests + ); + assert!(encap_payload.is_some()); + }; + executor::block_on(future); +} + +#[test] +fn test_receive_encapsulated_response_ack() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + assert!(context.common.construct_my_cert_chain().is_ok()); + + // Encode the spdm message sent by responder + let response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(response); + let header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmResponseEncapsulatedResponseAck, + }; + assert!(header.encode(&mut writer).is_ok()); + let payload = SpdmEncapsulatedResponseAckPayload { + request_id: 0xa, + payload_type: SpdmEncapsulatedResponseAckPayloadType::Present, + ack_request_id: 0xa, + }; + assert!(payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + let encap_header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }; + assert!(encap_header.encode(&mut writer).is_ok()); + let encap_payload = SpdmGetCertificateRequestPayload { + slot_id: 0, + offset: 0, + length: CERT_PORTION_LEN as u16, + }; + assert!(encap_payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + // Set the data from responder to device io and encode as secured message + let send = &mut [0u8; config::SENDER_BUFFER_SIZE]; + let size = context + .common + .encode_secured_message(SESSION_ID, writer.used_slice(), send, true, false) + .await + .unwrap(); + + { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + assert!(device_io.send(Arc::new(&send[..size])).await.is_ok()); + } + + assert!(context + .receive_encapsulated_response_ack(SESSION_ID) + .await + .is_ok()); + + // Get data sent by requester and decode the secured message + let receive: &mut [u8] = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + let request = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], request) + .await + .unwrap(); + + // Verify the message sent by requester + let mut reader = Reader::init(&request[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmDeliverEncapsulatedResponsePayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse + ); + assert_eq!(payload.request_id, 0xa); + + let encap_header = SpdmMessageHeader::read(&mut reader).unwrap(); + let encap_payload = + SpdmCertificateResponsePayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(encap_header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + encap_header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCertificate + ); + assert!(encap_payload.is_some()); + }; + executor::block_on(future); +} + +fn setup_test_context_and_session( + device_io: Arc>, + transport_encap: Arc>, + config_info: SpdmConfigInfo, + provision_info: SpdmProvisionInfo, +) -> RequesterContext { + let mut context = + RequesterContext::new(device_io, transport_encap, config_info, provision_info); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::ENCAP_CAP | SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::ENCAP_CAP | SpdmResponseCapabilityFlags::CERT_CAP; + + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCertificate); + + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(SESSION_ID).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(session::SpdmSessionState::SpdmSessionEstablished); + + context +} diff --git a/test/spdmlib-test/src/requester_tests/end_session_req.rs b/test/spdmlib-test/src/requester_tests/end_session_req.rs new file mode 100644 index 0000000..1985529 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/end_session_req.rs @@ -0,0 +1,138 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_end_session() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(session_id).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(responder.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + responder.common.session[0] + .set_session_state(spdmlib::common::session::SpdmSessionState::SpdmSessionEstablished); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(session_id).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(requester.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + requester.common.session[0] + .set_session_state(spdmlib::common::session::SpdmSessionState::SpdmSessionEstablished); + + let status = requester.end_session(session_id).await.is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/finish_req.rs b/test/spdmlib-test/src/requester_tests/finish_req.rs new file mode 100644 index 0000000..6e878fb --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/finish_req.rs @@ -0,0 +1,335 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, get_rsp_cert_chain_buff}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_send_receive_spdm_finish() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.req_ct_exponent_sel = 0; + responder.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + responder.common.negotiate_info.rsp_ct_exponent_sel = 0; + responder.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + responder.common.reset_runtime_info(); + + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(4294901758).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + responder + .common + .runtime_info + .set_last_session_id(Some(4294901758)); + responder.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(responder.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = responder.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = responder.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = responder.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + requester.common.reset_runtime_info(); + + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(4294901758).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(requester.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = requester.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = requester.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = requester.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let status = requester + .send_receive_spdm_finish(None, 4294901758) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case1_send_receive_spdm_finish() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.req_ct_exponent_sel = 0; + responder.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + responder.common.negotiate_info.rsp_ct_exponent_sel = 0; + responder.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + responder.common.reset_runtime_info(); + + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(4294901758).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + responder + .common + .runtime_info + .set_last_session_id(Some(4294901758)); + responder.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(responder.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let dhe_secret = SpdmDheFinalKeyStruct { + // different dhe secret will cause finish fail + data_size: 48, + data: Box::new([1; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = responder.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = responder.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = responder.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + requester.common.reset_runtime_info(); + + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(4294901758).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(requester.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = requester.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = requester.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = requester.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let status = requester + .send_receive_spdm_finish(None, 4294901758) + .await + .is_ok(); + assert_eq!(status, false); + + for session in requester.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/get_capabilities_req.rs b/test/spdmlib-test/src/requester_tests/get_capabilities_req.rs new file mode 100644 index 0000000..501e7ef --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/get_capabilities_req.rs @@ -0,0 +1,68 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::SpdmConnectionState; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_capability() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterVersion); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.reset_runtime_info(); + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + + let status = requester.send_receive_spdm_capability().await.is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/get_certificate_req.rs b/test/spdmlib-test/src/requester_tests/get_certificate_req.rs new file mode 100644 index 0000000..16dbfcc --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/get_certificate_req.rs @@ -0,0 +1,246 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, get_rsp_cert_chain_buff}; +use spdmlib::common::SpdmConnectionState; +use spdmlib::config::{MAX_SPDM_CERT_CHAIN_DATA_SIZE, MAX_SPDM_MSG_SIZE}; +use spdmlib::error::{SpdmResult, SPDM_STATUS_ERROR_PEER, SPDM_STATUS_INVALID_MSG_FIELD}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_send_receive_spdm_certificate() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.reset_runtime_info(); + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + + let status = requester + .send_receive_spdm_certificate(None, 0) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_handle_spdm_certificate_partial_response() { + struct Tc<'a> { + name: &'a str, + slot_id: u8, + total_size: u16, + offset: u16, + length: u16, + receive_buffer: &'a [u8], + expected_result: SpdmResult<(u16, u16)>, + } + let tt: [Tc; 8] = [ + Tc { + name: "invalid certificate partial resp", + slot_id: 0u8, + total_size: 0u16, + offset: 0u16, + length: 0u16, + receive_buffer: &[0x12, 0x82, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00], + expected_result: Err(SPDM_STATUS_ERROR_PEER), + }, + Tc { + name: "zero length portion", + slot_id: 0u8, + total_size: 2048u16, + offset: 0u16, + length: 2048u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x00, 0x00, // portion + 0x00, 0x08, // remainder + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "portion larger than remainder", + slot_id: 0u8, + total_size: 10u16, + offset: 7u16, + length: 3u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x00, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "portion larger than max cert chain size", + slot_id: 0u8, + total_size: MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16, + offset: (MAX_SPDM_CERT_CHAIN_DATA_SIZE - 3) as u16, + length: 3u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x00, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "zero remainder but certificate is incomplete", + slot_id: 0u8, + total_size: 100u16, + offset: 90u16, + length: 10u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x00, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "remainder larger than max cert chain size", + slot_id: 0u8, + total_size: MAX_SPDM_CERT_CHAIN_DATA_SIZE as u16, + offset: (MAX_SPDM_CERT_CHAIN_DATA_SIZE - 10) as u16, + length: 10u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x06, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "wrong certificate slot id", + slot_id: 7u8, + total_size: 100u16, + offset: 90u16, + length: 10u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x05, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "positive", + slot_id: 0u8, + total_size: 100u16, + offset: 90u16, + length: 10u16, + receive_buffer: &[ + 0x12, 0x02, 0x00, 0x00, // + 0x05, 0x00, // portion + 0x05, 0x00, // remainder + 0x05, 0x00, 0x00, 0x00, 0x00, + ], + expected_result: Ok((5, 5)), + }, + ]; + for tc in tt { + executor::add_task(async move { + let (req_config_info, req_provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let device_io = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + SharedBuffer::new(), + )))); + let mut requester = RequesterContext::new( + device_io, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + let session_id = None; + let send_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let result = requester.handle_spdm_certificate_partial_response( + session_id, + tc.slot_id, + tc.total_size, + tc.offset, + tc.length, + &send_buffer, + tc.receive_buffer, + ); + assert!( + result == tc.expected_result, + "tc '{}' expect {:?} got {:?}", + tc.name, + tc.expected_result, + result + ); + }) + } + executor::poll_tasks(); +} diff --git a/test/spdmlib-test/src/requester_tests/get_digests_req.rs b/test/spdmlib-test/src/requester_tests/get_digests_req.rs new file mode 100644 index 0000000..3e8534d --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/get_digests_req.rs @@ -0,0 +1,312 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::SpdmConnectionState; +use spdmlib::error::SPDM_STATUS_ERROR_PEER; +use spdmlib::message::{SpdmMeasurementAttributes, SpdmMeasurementOperation}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{config, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_send_receive_spdm_digest() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + let status = requester.send_receive_spdm_digest(None).await.is_ok(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn issue_other_request_before_vca_negotiated() { + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + // issue GET_DIGESTS + executor::add_task(async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + let result = requester.send_receive_spdm_digest(None).await; + assert!( + result == Err(SPDM_STATUS_ERROR_PEER), + "issue GET_DIGESTS got {:?}", + result + ) + }); + // issue GET_CERTIFICATE + executor::add_task(async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + let result = requester.send_receive_spdm_certificate(None, 0).await; + assert!( + result == Err(SPDM_STATUS_ERROR_PEER), + "issue GET_CERTIFICATE got {:?}", + result + ) + }); + // issue CHALLENGE + executor::add_task(async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + let result = requester + .send_receive_spdm_challenge( + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + assert!( + result == Err(SPDM_STATUS_ERROR_PEER), + "issue CHALLENGE got {:?}", + result + ) + }); + // issue GET_MEASUREMENTS + executor::add_task(async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let result = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await; + assert!( + result == Err(SPDM_STATUS_ERROR_PEER), + "issue GET_MEASUREMENTS got {:?}", + result + ) + }); + executor::poll_tasks(); +} diff --git a/test/spdmlib-test/src/requester_tests/get_measurements_req.rs b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs new file mode 100644 index 0000000..9be24e9 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs @@ -0,0 +1,816 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, get_rsp_cert_chain_buff}; +use ring::signature; +use spdmlib::common::{ManagedBufferL1L2, SpdmConnectionState}; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_MSG_FIELD}; +use spdmlib::message::{SpdmMeasurementAttributes, SpdmMeasurementOperation}; +use spdmlib::requester::RequesterContext; +use spdmlib::{config, responder, secret}; +use spdmlib::{crypto, protocol::*}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_measurement() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.req_ct_exponent_sel = 0; + responder.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + responder.common.negotiate_info.rsp_ct_exponent_sel = 0; + responder.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + + responder + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + #[cfg(not(feature = "hashed-transcript-data"))] + let message_m = &[0]; + #[cfg(not(feature = "hashed-transcript-data"))] + responder + .common + .runtime_info + .message_m + .append_message(message_m); + responder.common.reset_runtime_info(); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.reset_runtime_info(); + + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementRequestAll; + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let measurement_operation = SpdmMeasurementOperation::Unknown(1); + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let measurement_operation = SpdmMeasurementOperation::Unknown(5); + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_err(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +fn test_handle_spdm_measurement_record_response() { + struct Tc<'a> { + name: &'a str, + request_slot_id: u8, + attributes: SpdmMeasurementAttributes, + operation: SpdmMeasurementOperation, + receive_buffer: Box<[u8]>, + expected_result: SpdmResult, + } + let fixed_block: &[u8] = &[ + 0xFE, 0x01, 0x33, 0x00, 0x01, 0x30, 0x00, 0x90, 0x6D, 0x9F, 0xE9, 0x2A, 0x5E, 0x0A, 0xD7, + 0xE0, 0x20, 0x84, 0x21, 0x27, 0xF7, 0x97, 0x0B, 0x7D, 0x2A, 0xDF, 0xF3, 0xA9, 0x11, 0x06, + 0x92, 0x7B, 0x59, 0x2C, 0xF1, 0x57, 0x63, 0x3D, 0x86, 0xD0, 0xBE, 0x6A, 0xB7, 0x8F, 0x5D, + 0x39, 0x8E, 0x53, 0xF7, 0x05, 0x64, 0x3C, 0xCB, 0xFB, 0x78, + ]; + let tt: [Tc; 8] = [ + Tc { + name: "requested total number and success", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00]; + v.extend_from_slice(&[0xFF; 32]); // Nonce + v.extend_from_slice(&[0x10, 0x00]); // OpaqueDataLength + v.extend_from_slice(&[0x02; 16]); // OpaqueData + v.into_boxed_slice() + })(), + expected_result: Ok(5), + }, + Tc { + name: "requested total number but attached record", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x01, 0x00, 0x01, 0x37, 0x00, 0x00]; + v.extend_from_slice(fixed_block); // MeasurementRecordData + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "requested certain index (0x05) but returned mismatch (0xFE)", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::Unknown(0x05), + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x01, 0x00, 0x01, 0x37, 0x00, 0x00]; + v.extend_from_slice(fixed_block); + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Ok(1), // should expect Err? + }, + Tc { + name: "requested certain index but returned many", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::Unknown(0x05), + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x00, 0x00, 0x02, 0x6E, 0x00, 0x00]; + v.extend_from_slice(fixed_block); + v.extend_from_slice(fixed_block); + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + Tc { + name: "requested certain index and success", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::Unknown(0xFF), + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x01, 0x00, 0x01, 0x37, 0x00, 0x00]; + v.extend_from_slice(fixed_block); + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Ok(1), + }, + Tc { + name: "request all without signature and success", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::SpdmMeasurementRequestAll, + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x01, 0x00, 0x01, 0x37, 0x00, 0x00]; + v.extend_from_slice(fixed_block); + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Ok(1), + }, + Tc { + name: "request all and no measurements returned", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::RAW_BIT_STREAM_REQUESTED, + operation: SpdmMeasurementOperation::SpdmMeasurementRequestAll, + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.into_boxed_slice() + })(), + expected_result: Ok(0), + }, + Tc { + name: "request all but returned blocks have the same index", + request_slot_id: 0u8, + attributes: SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + operation: SpdmMeasurementOperation::SpdmMeasurementRequestAll, + receive_buffer: (|| -> Box<[u8]> { + let mut v = vec![0x12, 0x60, 0x00, 0x00, 0x02, 0x6E, 0x00, 0x00]; + v.extend_from_slice(fixed_block); + v.extend_from_slice(fixed_block); + v.extend_from_slice(&[0xFF; 32]); + v.extend_from_slice(&[0x10, 0x00]); + v.extend_from_slice(&[0x02; 16]); + v.extend_from_slice(&[0xFF; 96]); // Signature + v.into_boxed_slice() + })(), + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), + }, + ]; + for tc in tt { + executor::add_task(async move { + let (req_config_info, req_provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let device_io = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + SharedBuffer::new(), + )))); + let mut requester = RequesterContext::new( + device_io, + pcidoe_transport_encap, + req_config_info, + req_provision_info, + ); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = + SpdmRequestCapabilityFlags::CERT_CAP; + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.reset_runtime_info(); + + let session_id = None; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let send_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut content_changed = None; + let mut transcript_meas = None; + let result = requester.handle_spdm_measurement_record_response( + session_id, + tc.request_slot_id, + tc.attributes, + tc.operation, + &mut content_changed, + &mut spdm_measurement_record_structure, + &send_buffer, + &*tc.receive_buffer, + &mut transcript_meas, + ); + assert!( + result == tc.expected_result, + "tc '{}' expect {:?} got {:?}", + tc.name, + tc.expected_result, + result + ); + }) + } + executor::poll_tasks(); +} + +#[test] +fn test_case1_send_receive_spdm_measurement() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.req_ct_exponent_sel = 0; + responder.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + responder.common.negotiate_info.rsp_ct_exponent_sel = 0; + responder.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + + responder + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + #[cfg(not(feature = "hashed-transcript-data"))] + let message_m = &[0]; + #[cfg(not(feature = "hashed-transcript-data"))] + responder + .common + .runtime_info + .message_m + .append_message(message_m); + responder.common.reset_runtime_info(); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + responder + .common + .append_message_a(b"transcript_vca") + .unwrap(); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.reset_runtime_info(); + requester + .common + .append_message_a(b"transcript_vca") + .unwrap(); + + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementRequestAll; + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let transcript_meas = transcript_meas.unwrap(); + let transcript_meas_len = transcript_meas.as_ref().len(); + let mut message_l1l2 = ManagedBufferL1L2::default(); + message_l1l2.append_message(b"transcript_vca").unwrap(); + message_l1l2 + .append_message(&transcript_meas.as_ref()[..transcript_meas_len - 96]) + .unwrap(); + let mut spdm_signature_struct = SpdmSignatureStruct::default(); + spdm_signature_struct.data_size = 96; + spdm_signature_struct.data[..96] + .copy_from_slice(&transcript_meas.as_ref()[transcript_meas_len - 96..]); + let message_l1l2_hash = + crypto::hash::hash_all(SpdmBaseHashAlgo::TPM_ALG_SHA_384, message_l1l2.as_ref()) + .unwrap(); + message_l1l2.reset_message(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .unwrap(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .unwrap(); + message_l1l2 + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .unwrap(); + message_l1l2 + .append_message(message_l1l2_hash.as_ref()) + .unwrap(); + + let cert_chain_data = &requester.common.peer_info.peer_cert_chain[0 as usize] + .as_ref() + .unwrap() + .data[(4usize + + requester.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(requester.common.peer_info.peer_cert_chain[0 as usize] + .as_ref() + .unwrap() + .data_size as usize)]; + + let result = crypto::asym_verify::verify( + requester.common.negotiate_info.base_hash_sel, + requester.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_l1l2.as_ref(), + &spdm_signature_struct, + ); + + assert!(result.is_ok()); + }; + executor::block_on(future); +} + +#[test] +fn test_case3_send_receive_spdm_measurement() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.req_ct_exponent_sel = 0; + responder.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + responder.common.negotiate_info.rsp_ct_exponent_sel = 0; + responder.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + + responder + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + #[cfg(not(feature = "hashed-transcript-data"))] + let message_m = &[0]; + #[cfg(not(feature = "hashed-transcript-data"))] + responder + .common + .runtime_info + .message_m + .append_message(message_m); + responder.common.reset_runtime_info(); + responder.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + responder + .common + .append_message_a(b"transcript_vca") + .unwrap(); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.req_ct_exponent_sel = 0; + requester.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + requester.common.negotiate_info.rsp_ct_exponent_sel = 0; + requester.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::CERT_CAP; + requester + .common + .negotiate_info + .measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.reset_runtime_info(); + requester + .common + .append_message_a(b"transcript_vca") + .unwrap(); + + let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; + let mut total_number: u8 = 0; + let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut content_changed = None; + let mut transcript_meas = None; + + let status = requester + .send_receive_spdm_measurement( + None, + 0, + SpdmMeasurementAttributes::SIGNATURE_REQUESTED, + measurement_operation, + &mut content_changed, + &mut total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + assert!(status); + + let mut content_changed = None; + let mut transcript_meas = None; + let mut dummy_total_number = 0; + + let mut counter = 0; + for i in 0..255 { + let status = requester + .send_receive_spdm_measurement( + None, + 0, + if counter == total_number - 1 { + SpdmMeasurementAttributes::SIGNATURE_REQUESTED + } else { + SpdmMeasurementAttributes::empty() + }, + SpdmMeasurementOperation::Unknown(i), + &mut content_changed, + &mut dummy_total_number, + &mut spdm_measurement_record_structure, + &mut transcript_meas, + ) + .await + .is_ok(); + + if status { + counter += 1; + } else { + continue; + } + + if counter == total_number { + let transcript_meas = transcript_meas.clone().unwrap(); + let transcript_meas_len = transcript_meas.as_ref().len(); + let mut message_l1l2 = ManagedBufferL1L2::default(); + message_l1l2.append_message(b"transcript_vca").unwrap(); + message_l1l2 + .append_message(&transcript_meas.as_ref()[..transcript_meas_len - 96]) + .unwrap(); + let mut spdm_signature_struct = SpdmSignatureStruct::default(); + spdm_signature_struct.data_size = 96; + spdm_signature_struct.data[..96] + .copy_from_slice(&transcript_meas.as_ref()[transcript_meas_len - 96..]); + let message_l1l2_hash = crypto::hash::hash_all( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + message_l1l2.as_ref(), + ) + .unwrap(); + message_l1l2.reset_message(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) + .unwrap(); + message_l1l2 + .append_message(&SPDM_VERSION_1_2_SIGNING_CONTEXT_ZEROPAD_6) + .unwrap(); + message_l1l2 + .append_message(&SPDM_MEASUREMENTS_SIGN_CONTEXT) + .unwrap(); + message_l1l2 + .append_message(message_l1l2_hash.as_ref()) + .unwrap(); + + let cert_chain_data = &requester.common.peer_info.peer_cert_chain[0 as usize] + .as_ref() + .unwrap() + .data[(4usize + + requester.common.negotiate_info.base_hash_sel.get_size() as usize) + ..(requester.common.peer_info.peer_cert_chain[0 as usize] + .as_ref() + .unwrap() + .data_size as usize)]; + + let result = crypto::asym_verify::verify( + requester.common.negotiate_info.base_hash_sel, + requester.common.negotiate_info.base_asym_sel, + cert_chain_data, + message_l1l2.as_ref(), + &spdm_signature_struct, + ); + + assert!(result.is_ok()); + break; + } else { + continue; + } + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/get_version_req.rs b/test/spdmlib-test/src/requester_tests/get_version_req.rs new file mode 100644 index 0000000..2c3b2bc --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/get_version_req.rs @@ -0,0 +1,54 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_version() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let status = requester.send_receive_spdm_version().await.is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/heartbeat_req.rs b/test/spdmlib-test/src/requester_tests/heartbeat_req.rs new file mode 100644 index 0000000..c4a92f4 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/heartbeat_req.rs @@ -0,0 +1,139 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_heartbeat() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let rsp_session_id = 0x11u16; + let session_id = (0x11u32 << 16) + rsp_session_id as u32; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(session_id).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(responder.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(responder.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let rsp_session_id = 0x11u16; + let session_id = (0x11u32 << 16) + rsp_session_id as u32; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(session_id).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(requester.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(requester.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let status = requester + .send_receive_spdm_heartbeat(session_id) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/key_exchange_req.rs b/test/spdmlib-test/src/requester_tests/key_exchange_req.rs new file mode 100644 index 0000000..d8ffe85 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/key_exchange_req.rs @@ -0,0 +1,239 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, get_rsp_cert_chain_buff}; +use spdmlib::common::SpdmOpaqueSupport; +use spdmlib::common::{session, SpdmConnectionState}; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_key_exchange() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + responder.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + #[cfg(feature = "mut-auth")] + { + responder.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + responder.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + } + + responder.common.reset_runtime_info(); + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + #[cfg(feature = "mut-auth")] + { + requester.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + requester.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + } + + requester.common.reset_runtime_info(); + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + let measurement_summary_hash_type = + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone; + let status = requester + .send_receive_spdm_key_exchange(0, measurement_summary_hash_type) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_send_receive_spdm_key_exchange() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + responder.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; // different dhe algo will cause key negotiate fail + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + #[cfg(feature = "mut-auth")] + { + responder.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + responder.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + } + + responder.common.reset_runtime_info(); + + responder.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1; + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + #[cfg(feature = "mut-auth")] + { + requester.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + requester.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + } + + requester.common.reset_runtime_info(); + + requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff()); + + let measurement_summary_hash_type = + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone; + let status = requester + .send_receive_spdm_key_exchange(0, measurement_summary_hash_type) + .await + .is_ok(); + assert_eq!(status, false); + + for session in requester.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/key_update_req.rs b/test/spdmlib-test/src/requester_tests/key_update_req.rs new file mode 100644 index 0000000..01a7b1a --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/key_update_req.rs @@ -0,0 +1,130 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::message::key_update::SpdmKeyUpdateOperation; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_key_update() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(session_id).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = responder.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = responder.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = responder.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(session_id).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = requester.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = requester.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = requester.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let measurement_summary_hash_type = SpdmKeyUpdateOperation::SpdmUpdateAllKeys; + let status = requester + .send_receive_spdm_key_update(session_id, measurement_summary_hash_type) + .await + .is_ok(); + assert!(status); + + let measurement_summary_hash_type = SpdmKeyUpdateOperation::Unknown(0); + let status = requester + .send_receive_spdm_key_update(session_id, measurement_summary_hash_type) + .await + .is_err(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/mod.rs b/test/spdmlib-test/src/requester_tests/mod.rs new file mode 100644 index 0000000..7d7baa8 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/mod.rs @@ -0,0 +1,49 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +mod challenge_req; + +mod context; + +mod end_session_req; + +#[cfg(feature = "mut-auth")] +mod encap_certificate; + +#[cfg(feature = "mut-auth")] +mod encap_digest; + +#[cfg(feature = "mut-auth")] +mod encap_error; + +#[cfg(feature = "mut-auth")] +mod encap_req; + +mod finish_req; + +mod get_capabilities_req; + +mod get_certificate_req; + +mod get_digests_req; + +mod get_measurements_req; + +mod get_version_req; + +mod heartbeat_req; + +mod key_exchange_req; + +mod key_update_req; + +mod negotiate_algorithms_req; + +mod psk_exchange_req; + +mod psk_finish_req; + +mod vendor_req; diff --git a/test/spdmlib-test/src/requester_tests/negotiate_algorithms_req.rs b/test/spdmlib-test/src/requester_tests/negotiate_algorithms_req.rs new file mode 100644 index 0000000..a069a94 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/negotiate_algorithms_req.rs @@ -0,0 +1,59 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::SpdmConnectionState; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_algorithm() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCapabilities); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let status = requester.send_receive_spdm_algorithm().await.is_ok(); + assert!(status); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/psk_exchange_req.rs b/test/spdmlib-test/src/requester_tests/psk_exchange_req.rs new file mode 100644 index 0000000..61d86d9 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/psk_exchange_req.rs @@ -0,0 +1,151 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::SpdmConnectionState; +use spdmlib::config::MAX_SPDM_PSK_HINT_SIZE; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_receive_spdm_psk_exchange() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + let measurement_summary_hash_type = + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone; + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let mut psk_key = SpdmPskHintStruct { + data_size: b"TestPskHint\0".len() as u16, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskHint\0"); + + let status = requester + .send_receive_spdm_psk_exchange(measurement_summary_hash_type, Some(&psk_key)) + .await + .is_ok(); + assert!(status); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_send_receive_spdm_psk_exchange() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_256; // different base hash algo will cause key negotiate fail + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + responder + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + let measurement_summary_hash_type = + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone; + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + + let mut psk_key = SpdmPskHintStruct { + data_size: b"TestPskHint\0".len() as u16, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }; + psk_key.data[0..(psk_key.data_size as usize)].copy_from_slice(b"TestPskHint\0"); + + let status = requester + .send_receive_spdm_psk_exchange(measurement_summary_hash_type, Some(&psk_key)) + .await + .is_ok(); + assert_eq!(status, false); + + for session in requester.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/psk_finish_req.rs b/test/spdmlib-test/src/requester_tests/psk_finish_req.rs new file mode 100644 index 0000000..a0c2df3 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/psk_finish_req.rs @@ -0,0 +1,254 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::*; +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::common::session::{self, SpdmSession}; +use spdmlib::config::MAX_SPDM_PSK_HINT_SIZE; +use spdmlib::protocol::*; +use spdmlib::requester::RequesterContext; +use spdmlib::{crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_send_receive_spdm_psk_finish() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + + // let rsp_session_id = 0x11u16; + // let session_id = (0x11u32 << 16) + rsp_session_id as u32; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(4294901758).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + responder.common.session[0].set_use_psk(true); + responder.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct { + data_size: 5, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }); + responder.common.session[0] + .set_session_state(session::SpdmSessionState::SpdmSessionHandshaking); + responder.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(responder.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let _ = responder.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }, + ); + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + + // let rsp_session_id = 0x11u16; + // let session_id = (0x11u32 << 16) + rsp_session_id as u32; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(4294901758).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_use_psk(true); + requester.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct { + data_size: 5, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }); + requester.common.session[0] + .set_session_state(session::SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(requester.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let _ = requester.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }, + ); + + let status = requester.send_receive_spdm_psk_finish(4294901758).await; + assert!(status.is_ok()); + }; + executor::block_on(future); +} + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case1_send_receive_spdm_psk_finish() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let mut responder = responder::ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + responder.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + responder.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + responder.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + + // let rsp_session_id = 0x11u16; + // let session_id = (0x11u32 << 16) + rsp_session_id as u32; + responder.common.session = gen_array_clone(SpdmSession::new(), 4); + responder.common.session[0].setup(4294901758).unwrap(); + responder.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + responder.common.session[0].set_use_psk(true); + responder.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct { + data_size: 5, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }); + responder.common.session[0] + .set_session_state(session::SpdmSessionState::SpdmSessionHandshaking); + responder.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(responder.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let _ = responder.common.session[0].generate_handshake_secret( + // different handshake will cause psk finish fail + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([1u8; SPDM_MAX_HASH_SIZE]), + }, + ); + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + requester.common.negotiate_info.base_asym_sel = + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM; + + // let rsp_session_id = 0x11u16; + // let session_id = (0x11u32 << 16) + rsp_session_id as u32; + requester.common.session = gen_array_clone(SpdmSession::new(), 4); + requester.common.session[0].setup(4294901758).unwrap(); + requester.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + requester.common.session[0].set_use_psk(true); + requester.common.session[0].runtime_info.psk_hint = Some(SpdmPskHintStruct { + data_size: 5, + data: [0u8; MAX_SPDM_PSK_HINT_SIZE], + }); + requester.common.session[0] + .set_session_state(session::SpdmSessionState::SpdmSessionHandshaking); + requester.common.session[0].runtime_info.digest_context_th = Some( + crypto::hash::hash_ctx_init(requester.common.negotiate_info.base_hash_sel).unwrap(), + ); + + let _ = requester.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([0u8; SPDM_MAX_HASH_SIZE]), + }, + ); + + let status = requester + .send_receive_spdm_psk_finish(4294901758) + .await + .is_ok(); + assert_eq!(status, false); + + for session in requester.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/requester_tests/vendor_req.rs b/test/spdmlib-test/src/requester_tests/vendor_req.rs new file mode 100644 index 0000000..2cbf382 --- /dev/null +++ b/test/spdmlib-test/src/requester_tests/vendor_req.rs @@ -0,0 +1,78 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::message::{ + RegistryOrStandardsBodyID, VendorDefinedReqPayloadStruct, VendorIDStruct, + MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN, +}; +use spdmlib::requester::RequesterContext; +use spdmlib::responder::ResponderContext; +use spdmlib::{config, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_spdm_vendor_defined_request() { + let future = async { + let (rsp_config_info, rsp_provision_info) = create_info(); + let (req_config_info, req_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let responder = ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder)), + ))); + + let mut requester = RequesterContext::new( + device_io_requester, + pcidoe_transport_encap2, + req_config_info, + req_provision_info, + ); + + let session_id: u32 = 0xff; + let standard_id: RegistryOrStandardsBodyID = RegistryOrStandardsBodyID::DMTF; + let vendor_idstruct: VendorIDStruct = VendorIDStruct { + len: 0, + vendor_id: [0u8; MAX_SPDM_VENDOR_DEFINED_VENDOR_ID_LEN], + }; + let req_payload_struct: VendorDefinedReqPayloadStruct = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0u8; config::MAX_SPDM_MSG_SIZE - 7 - 2], + }; + + let status = requester + .send_spdm_vendor_defined_request( + Some(session_id), + standard_id, + vendor_idstruct, + req_payload_struct, + ) + .await + .is_ok(); + assert_eq!(status, false); //since vendor defined response payload is not implemented, so false is expected here. + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/algorithm_rsp.rs b/test/spdmlib-test/src/responder_tests/algorithm_rsp.rs new file mode 100644 index 0000000..f808cff --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/algorithm_rsp.rs @@ -0,0 +1,283 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, TestSpdmMessage}; +use codec::{Codec, Reader, Writer}; +use log::debug; +use spdmlib::common::*; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_algorithm() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCapabilities); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion11, + request_response_code: SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + }; + assert!(value.encode(&mut writer).is_ok()); + + let negotiate_algorithms = &mut [0u8; 1024]; + let mut writer = Writer::init(negotiate_algorithms); + let value = SpdmNegotiateAlgorithmsRequestPayload { + measurement_specification: SpdmMeasurementSpecification::DMTF, + other_params_support: SpdmOpaqueSupport::empty(), + base_asym_algo: SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384, + base_hash_algo: SpdmBaseHashAlgo::TPM_ALG_SHA_384, + alg_struct_count: 4, + alg_struct: [ + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeDHE, + alg_supported: SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeAEAD, + alg_supported: SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, + alg_supported: SpdmAlg::SpdmAlgoReqAsym( + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256, + ), + }, + SpdmAlgStruct { + alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, + alg_supported: SpdmAlg::SpdmAlgoKeySchedule( + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ), + }, + ], + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&negotiate_algorithms[0..1022]); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + context.handle_spdm_algorithm(bytes, &mut writer); + + let data = context.common.runtime_info.message_a.as_ref(); + let u8_slice = &mut [0u8; 2048]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut reader = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut reader).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms + ); + debug!("u8_slice: {:02X?}\n", u8_slice); + let u8_slice = &u8_slice[2..]; + debug!("u8_slice: {:02X?}\n", u8_slice); + let mut reader = Reader::init(u8_slice); + let spdm_sturct_data = + SpdmNegotiateAlgorithmsRequestPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!( + spdm_sturct_data.measurement_specification, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + spdm_sturct_data.base_asym_algo, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + ); + assert_eq!( + spdm_sturct_data.base_hash_algo, + SpdmBaseHashAlgo::TPM_ALG_SHA_384 + ); + assert_eq!(spdm_sturct_data.alg_struct_count, 4); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_type, + SpdmAlgType::SpdmAlgTypeDHE + ); + assert_eq!( + spdm_sturct_data.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::SECP_256_R1) + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_type, + SpdmAlgType::SpdmAlgTypeAEAD + ); + assert_eq!( + spdm_sturct_data.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::AES_128_GCM) + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + spdm_sturct_data.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P256,) + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + spdm_sturct_data.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,) + ); + + let u8_slice = &u8_slice[46..]; + debug!("u8_slice: {:02X?}\n", u8_slice); + let mut reader = Reader::init(u8_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseAlgorithms + ); + if let SpdmMessagePayload::SpdmAlgorithmsResponse(payload) = &spdm_message.payload { + assert_eq!( + payload.measurement_specification_sel, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + payload.measurement_hash_algo, + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384 + ); + assert_eq!( + payload.base_asym_sel, + SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384 + ); + assert_eq!(payload.base_hash_sel, SpdmBaseHashAlgo::TPM_ALG_SHA_384); + assert_eq!(payload.alg_struct_count, 4); + + assert_eq!(payload.alg_struct[0].alg_type, SpdmAlgType::SpdmAlgTypeDHE); + assert_eq!( + payload.alg_struct[0].alg_supported, + SpdmAlg::SpdmAlgoDhe(SpdmDheAlgo::empty()) + ); + + assert_eq!(payload.alg_struct[1].alg_type, SpdmAlgType::SpdmAlgTypeAEAD); + assert_eq!( + payload.alg_struct[1].alg_supported, + SpdmAlg::SpdmAlgoAead(SpdmAeadAlgo::empty()) + ); + + assert_eq!( + payload.alg_struct[2].alg_type, + SpdmAlgType::SpdmAlgTypeReqAsym + ); + assert_eq!( + payload.alg_struct[2].alg_supported, + SpdmAlg::SpdmAlgoReqAsym(SpdmReqAsymAlgo::empty()) + ); + + assert_eq!( + payload.alg_struct[3].alg_type, + SpdmAlgType::SpdmAlgTypeKeySchedule + ); + assert_eq!( + payload.alg_struct[3].alg_supported, + SpdmAlg::SpdmAlgoKeySchedule(SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE) + ); + } + }; + + executor::block_on(future); +} + +pub fn consturct_algorithm_positive() -> (TestSpdmMessage, TestSpdmMessage) { + use crate::protocol; + let (config_info, provision_info) = create_info(); + let negotiate_algorithm_msg = TestSpdmMessage { + message: protocol::Message::NEGOTIATE_ALGORITHMS( + protocol::algorithm::NEGOTIATE_ALGORITHMS { + SPDMVersion: 0x12, + RequestResponseCode: 0xE3, + Param1: 4, + Param2: 0, + Length: 48, + MeasurementSpecification: config_info.measurement_specification.bits(), + OtherParamsSupport: config_info.opaque_support.bits(), + BaseAsymAlgo: config_info.base_asym_algo.bits(), + BaseHashAlgo: config_info.base_hash_algo.bits(), + _Reserved1: [0u8; 12], + ExtAsymCount: 0, + ExtHashCount: 0, + _Reserved2: [0u8; 2], + ExtAsym: Vec::new(), + Exthash: Vec::new(), + AlgStruct: vec![ + [0x02, 0x20, 0x10, 0x00], + [0x03, 0x20, 0x02, 0x00], + [0x04, 0x20, 0x02, 0x00], + [0x05, 0x20, 0x01, 0x00], + ], + }, + ), + secure: 0, + }; + + let algorithm_msg = TestSpdmMessage { + message: protocol::Message::ALGORITHMS(protocol::algorithm::ALGORITHMS { + SPDMVersion: 0x12, + RequestResponseCode: 0x63, + Param1: 4, + Param2: 0, + Length: 52, + MeasurementSpecification: config_info.measurement_specification.bits(), + OtherParamsSupport: config_info.opaque_support.bits(), + MeasurementHashAlgo: config_info.measurement_hash_algo.bits(), + BaseAsymAlgo: config_info.base_asym_algo.bits(), + BaseHashAlgo: config_info.base_hash_algo.bits(), + _Reserved1: [0u8; 12], + ExtAsymCount: 0, + ExtHashCount: 0, + _Reserved2: [0u8; 2], + ExtAsym: Vec::new(), + Exthash: Vec::new(), + AlgStruct: vec![ + [0x02, 0x20, 0x10, 0x00], + [0x03, 0x20, 0x02, 0x00], + [0x04, 0x20, 0x02, 0x00], + [0x05, 0x20, 0x01, 0x00], + ], + }), + secure: 0, + }; + (negotiate_algorithm_msg, algorithm_msg) +} diff --git a/test/spdmlib-test/src/responder_tests/capability_rsp.rs b/test/spdmlib-test/src/responder_tests/capability_rsp.rs new file mode 100644 index 0000000..87f5b5d --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/capability_rsp.rs @@ -0,0 +1,150 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, TestSpdmMessage}; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::*; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_capability() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterVersion); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion11, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCapabilities, + }; + assert!(value.encode(&mut writer).is_ok()); + let capabilities = &mut [0u8; 1024]; + let mut writer = Writer::init(capabilities); + let value = SpdmGetCapabilitiesRequestPayload { + ct_exponent: 7, + flags: SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP, + data_transfer_size: 0, + max_spdm_msg_size: 0, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&capabilities[0..1022]); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + context.handle_spdm_capability(bytes, &mut writer); + + let rsp_capabilities = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::MEAS_FRESH_CAP + | SpdmResponseCapabilityFlags::ENCRYPT_CAP + | SpdmResponseCapabilityFlags::MAC_CAP + | SpdmResponseCapabilityFlags::KEY_EX_CAP + | SpdmResponseCapabilityFlags::PSK_CAP_WITH_CONTEXT + | SpdmResponseCapabilityFlags::ENCAP_CAP + | SpdmResponseCapabilityFlags::MUT_AUTH_CAP + | SpdmResponseCapabilityFlags::HBEAT_CAP + | SpdmResponseCapabilityFlags::KEY_UPD_CAP; + let data = context.common.runtime_info.message_a.as_ref(); + let u8_slice = &mut [0u8; 2048]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + let mut reader = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut reader).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCapabilities + ); + let capabilities_slice = &u8_slice[2..]; + let mut reader = Reader::init(capabilities_slice); + let capabilities_request = + SpdmGetCapabilitiesRequestPayload::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!(capabilities_request.ct_exponent, 7); + assert_eq!( + capabilities_request.flags, + SpdmRequestCapabilityFlags::CERT_CAP | SpdmRequestCapabilityFlags::CHAL_CAP + ); + let spdm_message_slice = &u8_slice[12..]; + let mut reader = Reader::init(spdm_message_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCapabilities + ); + if let SpdmMessagePayload::SpdmCapabilitiesResponse(payload) = &spdm_message.payload { + assert_eq!(payload.ct_exponent, 0); + assert_eq!(payload.flags, rsp_capabilities); + } + }; + executor::block_on(future); +} + +pub fn consturct_capability_positive() -> (TestSpdmMessage, TestSpdmMessage) { + use crate::protocol; + let (config_info, provision_info) = create_info(); + let get_capabilities_msg = TestSpdmMessage { + message: protocol::Message::GET_CAPABILITIES(protocol::capability::GET_CAPABILITIES { + SPDMVersion: 0x12, + RequestResponseCode: 0xE1, + Param1: 0, + Param2: 0, + _Reserved: 0, + CTExponent: config_info.req_ct_exponent, + _Reserved2: 0, + Flags: config_info.req_capabilities.bits(), + DataTransferSize: config_info.data_transfer_size, + MaxSPDMmsgSize: config_info.max_spdm_msg_size, + }), + secure: 0, + }; + + let capabilities_msg = TestSpdmMessage { + message: protocol::Message::CAPABILITIES(protocol::capability::CAPABILITIES { + SPDMVersion: 0x12, + RequestResponseCode: 0x61, + Param1: 0, + Param2: 0, + _Reserved: 0, + CTExponent: config_info.rsp_ct_exponent, + _Reserved2: 0, + Flags: config_info.rsp_capabilities.bits(), + DataTransferSize: config_info.data_transfer_size, + MaxSPDMmsgSize: config_info.max_spdm_msg_size, + }), + secure: 0, + }; + (get_capabilities_msg, capabilities_msg) +} diff --git a/test/spdmlib-test/src/responder_tests/certificate_rsp.rs b/test/spdmlib-test/src/responder_tests/certificate_rsp.rs new file mode 100644 index 0000000..12384a2 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/certificate_rsp.rs @@ -0,0 +1,216 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{self, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, ResponderRunner, TestCase, TestSpdmMessage}; +use codec::{Codec, Writer}; +use spdmlib::common::*; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{config, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_handle_spdm_certificate() { + use spdmlib::config::MAX_SPDM_MSG_SIZE; + + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetCertificate, + }; + assert!(value.encode(&mut writer).is_ok()); + let certificates_req = &mut [0u8; 1024]; + let mut writer = Writer::init(certificates_req); + let value = SpdmGetCertificateRequestPayload { + slot_id: 0, + offset: 0, + length: 200, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&certificates_req[0..1022]); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + assert!(context + .handle_spdm_certificate(bytes, None, &mut writer) + .0 + .is_ok()); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + use codec::Reader; + let data = context.common.runtime_info.message_b.as_ref(); + let u8_slice = &mut [0u8; 2048]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut message_header_slice = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut message_header_slice).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCertificate + ); + + let spdm_struct_slice = &u8_slice[2..]; + let mut reader = Reader::init(spdm_struct_slice); + let spdm_get_certificate_request_payload = + SpdmGetCertificateRequestPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!(spdm_get_certificate_request_payload.slot_id, 100); + assert_eq!(spdm_get_certificate_request_payload.offset, 100); + assert_eq!(spdm_get_certificate_request_payload.length, 600); + + let spdm_message_slice = &u8_slice[8..]; + let mut reader = Reader::init(spdm_message_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseCertificate + ); + if let SpdmMessagePayload::SpdmCertificateResponse(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 100); + assert_eq!(payload.portion_length, 412); + assert_eq!(payload.remainder_length, 0); + for i in 0..412 { + assert_eq!(payload.cert_chain[i], 0u8); + } + } + } + }; + executor::block_on(future); +} + +pub fn construct_certificate_positive() -> (Vec, Vec) { + use crate::protocol; + let (config_info, provision_info) = create_info(); + + let mut input = Vec::new(); + let mut expected = Vec::new(); + let cert_chain = provision_info.my_cert_chain_data[0].as_ref(); + let spdm_certificate_chain = TestCase::get_certificate_chain_buffer( + config_info.base_hash_algo, + cert_chain.unwrap().as_ref(), + ); + let spdm_certificate_chain_len = spdm_certificate_chain.as_ref().len(); + + const PORTION_LENGTH: usize = 0x200; + let count = (spdm_certificate_chain.as_ref().len() + PORTION_LENGTH - 1) / PORTION_LENGTH; + for index in 0..count { + let offset = index * PORTION_LENGTH; + let remainder_length = spdm_certificate_chain_len - offset; + let portion_length = if remainder_length > PORTION_LENGTH { + PORTION_LENGTH + } else { + spdm_certificate_chain_len - (index * PORTION_LENGTH) + }; + + let get_certificate_msg = TestSpdmMessage { + message: protocol::Message::GET_CERTIFICATE(protocol::certificate::GET_CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x82, + Param1: 0, + Param2: 0, + Offset: offset as u16, + Length: portion_length as u16, + }), + secure: 0, + }; + + let certificate_msg = TestSpdmMessage { + message: protocol::Message::CERTIFICATE(protocol::certificate::CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x02, + Param1: 0, + Param2: 0, + PortionLength: portion_length as u16, + RemainderLength: (remainder_length - portion_length) as u16, + CertChain: spdm_certificate_chain.as_ref()[offset..(offset + portion_length)] + .to_vec(), + }), + secure: 0, + }; + + input.push(get_certificate_msg); + expected.push(certificate_msg); + } + (input, expected) +} + +#[test] +fn test_case1_handle_spdm_certificate() { + let mut input = Vec::new(); + let mut expected = Vec::new(); + + let (get_version_msg, version_msg) = super::version_rsp::construct_version_positive(); + let (get_capabilities_msg, capabilities_msg) = + super::capability_rsp::consturct_capability_positive(); + let (negotiate_algorithm_msg, algorithm_msg) = + super::algorithm_rsp::consturct_algorithm_positive(); + + input.push(get_version_msg); + expected.push(version_msg); + input.push(get_capabilities_msg); + expected.push(capabilities_msg); + input.push(negotiate_algorithm_msg); + expected.push(algorithm_msg); + + let (get_certificate_msg, certificate_msg) = construct_certificate_positive(); + input.extend(get_certificate_msg); + expected.extend(certificate_msg); + + let case = TestCase { input, expected }; + assert!(ResponderRunner::run( + case, + device_io::test_header_generater_callback + )); +} diff --git a/test/spdmlib-test/src/responder_tests/challenge_rsp.rs b/test/spdmlib-test/src/responder_tests/challenge_rsp.rs new file mode 100644 index 0000000..46fbb10 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/challenge_rsp.rs @@ -0,0 +1,307 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![allow(unused)] + +use crate::common::crypto_callback::FAKE_RAND; +use crate::common::device_io::{self, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, ResponderRunner, TestCase, TestSpdmMessage}; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::*; +use spdmlib::message::SpdmChallengeRequestPayload; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{config, crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_handle_spdm_challenge() { + use spdmlib::config::MAX_SPDM_MSG_SIZE; + + use crate::common::secret_callback::SECRET_MEASUREMENT_IMPL_INSTANCE; + + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + crypto::rand::register(FAKE_RAND.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: (4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE) as u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.runtime_info.need_measurement_summary_hash = true; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::CERT_CAP + | SpdmResponseCapabilityFlags::CHAL_CAP + | SpdmResponseCapabilityFlags::MEAS_CAP_SIG + | SpdmResponseCapabilityFlags::ENCRYPT_CAP + | SpdmResponseCapabilityFlags::MAC_CAP + | SpdmResponseCapabilityFlags::KEY_EX_CAP + | SpdmResponseCapabilityFlags::HBEAT_CAP + | SpdmResponseCapabilityFlags::KEY_UPD_CAP + | SpdmResponseCapabilityFlags::ENCAP_CAP; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP + | SpdmRequestCapabilityFlags::ENCRYPT_CAP + | SpdmRequestCapabilityFlags::MAC_CAP + | SpdmRequestCapabilityFlags::KEY_EX_CAP + | SpdmRequestCapabilityFlags::HBEAT_CAP + | SpdmRequestCapabilityFlags::KEY_UPD_CAP + | SpdmRequestCapabilityFlags::ENCAP_CAP; + + let spdm_message_header = &mut [0u8; 2]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 2 + SPDM_NONCE_SIZE]; + let mut writer = Writer::init(challenge); + let value = SpdmChallengeRequestPayload { + slot_id: 0, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 4 + SPDM_NONCE_SIZE]; + bytes[0..2].copy_from_slice(&spdm_message_header[0..]); + bytes[2..4 + SPDM_NONCE_SIZE].copy_from_slice(&challenge[0..2 + SPDM_NONCE_SIZE]); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + assert!(context.handle_spdm_challenge(bytes, &mut writer).0.is_ok()); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + let data = context.common.runtime_info.message_c.as_ref(); + let u8_slice = &mut [0u8; 4 + + SPDM_MAX_HASH_SIZE + + SPDM_NONCE_SIZE + + SPDM_MAX_HASH_SIZE + + 2 + + MAX_SPDM_OPAQUE_SIZE + + SPDM_MAX_ASYM_KEY_SIZE]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut message_header_slice = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut message_header_slice).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + + let spdm_struct_slice = &u8_slice[2..]; + let mut reader = Reader::init(spdm_struct_slice); + let spdm_challenge_request_payload = + SpdmChallengeRequestPayload::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!(spdm_challenge_request_payload.slot_id, 100); + assert_eq!( + spdm_challenge_request_payload.measurement_summary_hash_type, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll + ); + for i in 0..SPDM_NONCE_SIZE { + assert_eq!(spdm_challenge_request_payload.nonce.data[i], 100u8); + } + + let spdm_message_slice = &u8_slice[4 + SPDM_NONCE_SIZE..]; + let mut reader = Reader::init(spdm_message_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion11); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseChallengeAuth + ); + + let cert_chain_hash = crypto::hash::hash_all( + context.common.negotiate_info.base_hash_sel, + context + .common + .provision_info + .my_cert_chain + .unwrap() + .as_ref(), + ) + .unwrap(); + + if let SpdmMessagePayload::SpdmChallengeAuthResponse(payload) = &spdm_message.payload { + assert_eq!(payload.slot_id, 0x0); + assert_eq!(payload.slot_mask, 0x1); + assert_eq!( + payload.challenge_auth_attribute, + SpdmChallengeAuthAttribute::empty() + ); + assert_eq!( + payload.measurement_summary_hash.data_size, + SHA384_DIGEST_SIZE + ); + assert_eq!(payload.opaque.data_size, 0); + assert_eq!(payload.signature.data_size, SECP_384_R1_KEY_SIZE); + for i in 0..SHA384_DIGEST_SIZE { + assert_eq!(payload.measurement_summary_hash.data[i], 0xaau8); + } + for (i, data) in cert_chain_hash.data.iter().enumerate() { + assert_eq!(payload.cert_chain_hash.data[i], *data); + } + } + } + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_challenge() { + use crate::protocol; + + let mut input = Vec::new(); + let mut expected = Vec::new(); + + let (config_info, provision_info) = create_info(); + let (get_version_msg, version_msg) = super::version_rsp::construct_version_positive(); + let (get_capabilities_msg, capabilities_msg) = + super::capability_rsp::consturct_capability_positive(); + let (negotiate_algorithm_msg, algorithm_msg) = + super::algorithm_rsp::consturct_algorithm_positive(); + + input.push(get_version_msg); + expected.push(version_msg); + input.push(get_capabilities_msg); + expected.push(capabilities_msg); + input.push(negotiate_algorithm_msg); + expected.push(algorithm_msg); + + let cert_chain = provision_info.my_cert_chain_data[0].as_ref(); + let spdm_certificate_chain = TestCase::get_certificate_chain_buffer( + config_info.base_hash_algo, + cert_chain.unwrap().as_ref(), + ); + let spdm_certificate_chain_len = spdm_certificate_chain.as_ref().len(); + + const PORTION_LENGTH: usize = 0x200; + let count = (spdm_certificate_chain.as_ref().len() + PORTION_LENGTH - 1) / PORTION_LENGTH; + for index in 0..count { + let offset = index * PORTION_LENGTH; + let remainder_length = spdm_certificate_chain_len - offset; + let portion_length = if remainder_length > PORTION_LENGTH { + PORTION_LENGTH + } else { + spdm_certificate_chain_len - (index * PORTION_LENGTH) + }; + + let get_certificate_msg = TestSpdmMessage { + message: protocol::Message::GET_CERTIFICATE(protocol::certificate::GET_CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x82, + Param1: 0, + Param2: 0, + Offset: offset as u16, + Length: portion_length as u16, + }), + secure: 0, + }; + + let certificate_msg = TestSpdmMessage { + message: protocol::Message::CERTIFICATE(protocol::certificate::CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x02, + Param1: 0, + Param2: 0, + PortionLength: portion_length as u16, + RemainderLength: (remainder_length - portion_length) as u16, + CertChain: spdm_certificate_chain.as_ref()[offset..(offset + portion_length)] + .to_vec(), + }), + secure: 0, + }; + + input.push(get_certificate_msg); + expected.push(certificate_msg); + } + + let challenge_msg = TestSpdmMessage { + message: protocol::Message::CHALLENGE(protocol::challenge::CHALLENGE { + SPDMVersion: 0x12, + RequestResponseCode: 0x83, + Param1: 0, + Param2: 0, + Nonce: [0u8; 32], + }), + secure: 0, + }; + + let sig_len = config_info.base_asym_algo.get_size() as usize; + let challenge_auth_msg = TestSpdmMessage { + message: protocol::Message::CHALLENGE_AUTH(protocol::challenge::CHALLENGE_AUTH { + SPDMVersion: 0x12, + RequestResponseCode: 0x3, + Param1: 0, + Param2: 1, + CertChainHash: { + let cert_chain_digest = spdmlib::crypto::hash::hash_all( + config_info.base_hash_algo, + spdm_certificate_chain.as_ref(), + ) + .expect("Must provide hash algo"); + cert_chain_digest.as_ref().to_vec() + }, + Nonce: [0xFF; 32], + MeasurementSummaryHash: Vec::new(), + OpaqueDataLength: 0, + OpaqueData: Vec::new(), + Signature: vec![0x5a; sig_len], + }), + secure: 0, + }; + + input.push(challenge_msg); + expected.push(challenge_auth_msg); + + let case = TestCase { input, expected }; + assert!(ResponderRunner::run( + case, + device_io::test_header_generater_callback + )); +} diff --git a/test/spdmlib-test/src/responder_tests/context.rs b/test/spdmlib-test/src/responder_tests/context.rs new file mode 100644 index 0000000..29233e9 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/context.rs @@ -0,0 +1,554 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::*; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::*; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{config, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_secured_message() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = FakeSpdmDeviceIoReceve::new(&shared_buffer); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = responder::ResponderContext::new( + &mut socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + let value = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmResponseKeyUpdateAck, + }, + payload: SpdmMessagePayload::SpdmKeyUpdateResponse(SpdmKeyUpdateResponsePayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }), + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + let used = writer.used(); + let status = context + .send_secured_message(session_id, &send_buffer[0..used], false) + .is_ok(); + assert!(status); +} +#[test] +fn test_case1_send_secured_message() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = FakeSpdmDeviceIoReceve::new(&shared_buffer); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + &mut socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + + let mut send_buffer = [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut send_buffer); + let value = SpdmMessage { + header: SpdmMessageHeader::default(), + payload: SpdmMessagePayload::SpdmKeyUpdateResponse(SpdmKeyUpdateResponsePayload::default()), + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + let used = writer.used(); + let status = context + .send_secured_message(session_id, &send_buffer[0..used], false) + .is_err(); + assert!(status); +} +#[test] +fn test_case0_receive_message() { + let receive_buffer = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let mut writer = Writer::init(receive_buffer); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeSecuredSpdm, + payload_length: 100, + }; + assert!(value.encode(&mut writer).is_ok()); + + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + let shared_buffer = SharedBuffer::new(); + shared_buffer.set_buffer(receive_buffer); + + let socket_io_transport = FakeSpdmDeviceIoReceve::new(&shared_buffer); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + &mut socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let mut receive_buffer = [0u8; config::RECEIVER_BUFFER_SIZE]; + let status = context + .receive_message(&mut receive_buffer[..], ST1) + .is_ok(); + assert!(status); +} +#[test] +fn test_case0_process_message() { + let receive_buffer = &mut [0u8; 1024]; + let mut writer = Writer::init(receive_buffer); + let value = PciDoeMessageHeader { + vendor_id: PciDoeVendorId::PciDoeVendorIdPciSig, + data_object_type: PciDoeDataObjectType::PciDoeDataObjectTypeSecuredSpdm, + payload_length: 100, + }; + assert!(value.encode(&mut writer).is_ok()); + + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + let shared_buffer = SharedBuffer::new(); + shared_buffer.set_buffer(receive_buffer); + + let socket_io_transport = FakeSpdmDeviceIoReceve::new(&shared_buffer); + let mut context = responder::ResponderContext::new( + &mut socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + + let status = context.process_message(false, &[0]).is_err(); + assert!(status); +} +#[test] +fn test_case0_dispatch_secured_message() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = &mut PciDoeTransportEncap {}; + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = FakeSpdmDeviceIoReceve::new(&shared_buffer); + + let mut context = responder::ResponderContext::new( + &mut socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + let patch_context = |context: &mut SpdmContext| { + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + context.negotiate_info.measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + context.session = gen_array_clone(SpdmSession::new(), 4); + context.session[0].setup(session_id).unwrap(); + context.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + }; + + let mut i = 0; + loop { + let (request_response_code, connection_state) = dispatch_data(i, true); + if request_response_code == SpdmRequestResponseCode::Unknown(0) { + break; + } + context + .common + .runtime_info + .set_connection_state(connection_state); + let bytes = &mut [0u8; 4]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code, + }; + // version request will reset spdm context. + // negotiate need be done successfully before sending some request(digest). + // patch spdm context for it. + patch_context(&mut context.common); + assert!(value.encode(&mut writer).is_ok()); + let status = context.dispatch_message(bytes); + assert!(status.is_ok()); + i += 1; + } + let mut i = 0; + loop { + let (request_response_code, connection_state) = dispatch_data(i, false); + if request_response_code == SpdmRequestResponseCode::Unknown(0) { + break; + } + context + .common + .runtime_info + .set_connection_state(connection_state); + let bytes = &mut [0u8; 4]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code, + }; + assert!(value.encode(&mut writer).is_ok()); + let status = context.dispatch_message(bytes); + assert!(status.is_ok()); + // TBD: check if error message is turned. + i += 1; + } + + let mut i = 0; + loop { + let (request_response_code, connection_state, session_state) = + dispatch_secured_data(i, true); + if request_response_code == SpdmRequestResponseCode::Unknown(0) { + break; + } + context + .common + .runtime_info + .set_connection_state(connection_state); + context.common.session[0].set_session_state(session_state); + let bytes = &mut [0u8; 4]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code, + }; + assert!(value.encode(&mut writer).is_ok()); + let status_secured = context.dispatch_secured_message(session_id, bytes); + assert!(status_secured.is_ok()); + i += 1; + } + let mut i = 0; + loop { + let (request_response_code, connection_state, session_state) = + dispatch_secured_data(i, false); + if request_response_code == SpdmRequestResponseCode::Unknown(0) { + break; + } + context + .common + .runtime_info + .set_connection_state(connection_state); + context.common.session[0].set_session_state(session_state); + let bytes = &mut [0u8; 4]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code, + }; + assert!(value.encode(&mut writer).is_ok()); + let status_secured = context.dispatch_secured_message(session_id, bytes); + assert!(status_secured.is_err()); + i += 1; + } +} + +fn dispatch_secured_data( + num: usize, + status: bool, +) -> ( + SpdmRequestResponseCode, + SpdmConnectionState, + SpdmSessionState, +) { + let response_true = [ + ( + SpdmRequestResponseCode::SpdmRequestFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetDigests, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCertificate, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestHeartbeat, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestEndSession, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::Unknown(0), + SpdmConnectionState::SpdmConnectionNotStarted, + SpdmSessionState::SpdmSessionNotStarted, + ), + ]; + let response_flase = [ + ( + SpdmRequestResponseCode::SpdmRequestGetVersion, + SpdmConnectionState::SpdmConnectionNotStarted, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + SpdmConnectionState::SpdmConnectionAfterVersion, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + SpdmConnectionState::SpdmConnectionAfterCapabilities, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestChallenge, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetDigests, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCertificate, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestHeartbeat, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestEndSession, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionHandshaking, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetVersion, + SpdmConnectionState::SpdmConnectionNotStarted, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + SpdmConnectionState::SpdmConnectionAfterVersion, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + SpdmConnectionState::SpdmConnectionAfterCapabilities, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestChallenge, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + SpdmSessionState::SpdmSessionEstablished, + ), + ( + SpdmRequestResponseCode::Unknown(0), + SpdmConnectionState::SpdmConnectionNotStarted, + SpdmSessionState::SpdmSessionNotStarted, + ), + ]; + if status { + response_true[num] + } else { + response_flase[num] + } +} +fn dispatch_data(num: usize, status: bool) -> (SpdmRequestResponseCode, SpdmConnectionState) { + let response_true = [ + ( + SpdmRequestResponseCode::SpdmRequestGetVersion, + SpdmConnectionState::SpdmConnectionNotStarted, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCapabilities, + SpdmConnectionState::SpdmConnectionAfterVersion, + ), + ( + SpdmRequestResponseCode::SpdmRequestNegotiateAlgorithms, + SpdmConnectionState::SpdmConnectionAfterCapabilities, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetDigests, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetCertificate, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestChallenge, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestGetMeasurements, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskExchange, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::Unknown(0), + SpdmConnectionState::SpdmConnectionNotStarted, + ), + ]; + let response_flase = [ + ( + SpdmRequestResponseCode::SpdmRequestFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestPskFinish, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestHeartbeat, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestKeyUpdate, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::SpdmRequestEndSession, + SpdmConnectionState::SpdmConnectionNegotiated, + ), + ( + SpdmRequestResponseCode::Unknown(0), + SpdmConnectionState::SpdmConnectionNotStarted, + ), + ]; + if status { + response_true[num] + } else { + response_flase[num] + } +} diff --git a/test/spdmlib-test/src/responder_tests/digest_rsp.rs b/test/spdmlib-test/src/responder_tests/digest_rsp.rs new file mode 100644 index 0000000..900ec46 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/digest_rsp.rs @@ -0,0 +1,183 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{self, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, ResponderRunner, TestCase, TestSpdmMessage}; +use codec::{Codec, Writer}; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{config, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case0_handle_spdm_digest() { + use spdmlib::{common::SpdmConnectionState, config::MAX_SPDM_MSG_SIZE}; + + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.provision_info.my_cert_chain = [ + Some(SpdmCertChainBuffer { + data_size: 512u16, + data: [0u8; 4 + SPDM_MAX_HASH_SIZE + config::MAX_SPDM_CERT_CHAIN_DATA_SIZE], + }), + None, + None, + None, + None, + None, + None, + None, + ]; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let bytes = &mut [0u8; 1024]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + assert!(context + .handle_spdm_digest(bytes, None, &mut writer) + .0 + .is_ok()); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_digest() { + use crate::protocol; + + let mut input = Vec::new(); + let mut expected = Vec::new(); + + let (config_info, provision_info) = create_info(); + let (get_version_msg, version_msg) = super::version_rsp::construct_version_positive(); + let (get_capabilities_msg, capabilities_msg) = + super::capability_rsp::consturct_capability_positive(); + let (negotiate_algorithm_msg, algorithm_msg) = + super::algorithm_rsp::consturct_algorithm_positive(); + + input.push(get_version_msg); + expected.push(version_msg); + input.push(get_capabilities_msg); + expected.push(capabilities_msg); + input.push(negotiate_algorithm_msg); + expected.push(algorithm_msg); + + let cert_chain = provision_info.my_cert_chain_data[0].as_ref(); + let spdm_certificate_chain = TestCase::get_certificate_chain_buffer( + config_info.base_hash_algo, + cert_chain.unwrap().as_ref(), + ); + let spdm_certificate_chain_len = spdm_certificate_chain.as_ref().len(); + + const PORTION_LENGTH: usize = 0x200; + let count = (spdm_certificate_chain.as_ref().len() + PORTION_LENGTH - 1) / PORTION_LENGTH; + for index in 0..count { + let offset = index * PORTION_LENGTH; + let remainder_length = spdm_certificate_chain_len - offset; + let portion_length = if remainder_length > PORTION_LENGTH { + PORTION_LENGTH + } else { + spdm_certificate_chain_len - (index * PORTION_LENGTH) + }; + + let get_certificate_msg = TestSpdmMessage { + message: protocol::Message::GET_CERTIFICATE(protocol::certificate::GET_CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x82, + Param1: 0, + Param2: 0, + Offset: offset as u16, + Length: portion_length as u16, + }), + secure: 0, + }; + + let certificate_msg = TestSpdmMessage { + message: protocol::Message::CERTIFICATE(protocol::certificate::CERTIFICATE { + SPDMVersion: 0x12, + RequestResponseCode: 0x02, + Param1: 0, + Param2: 0, + PortionLength: portion_length as u16, + RemainderLength: (remainder_length - portion_length) as u16, + CertChain: spdm_certificate_chain.as_ref()[offset..(offset + portion_length)] + .to_vec(), + }), + secure: 0, + }; + + input.push(get_certificate_msg); + expected.push(certificate_msg); + } + + let get_digest_msg = TestSpdmMessage { + message: protocol::Message::GET_DIGESTS(protocol::digest::GET_DIGESTS { + SPDMVersion: 0x12, + RequestResponseCode: 0x81, + Param1: 0x0, + Param2: 0x0, + }), + secure: 0, + }; + + let digest_msg = TestSpdmMessage { + message: protocol::Message::DIGESTS(protocol::digest::DIGESTS { + SPDMVersion: 0x12, + RequestResponseCode: 0x01, + Param1: 0x0, + Param2: 0x1, + Digest: { + let mut digests = Vec::new(); + let cert_chain_digest = spdmlib::crypto::hash::hash_all( + config_info.base_hash_algo, + spdm_certificate_chain.as_ref(), + ) + .expect("Must provide hash algo"); + digests.push(cert_chain_digest.as_ref().to_vec()); + digests + }, + }), + secure: 0, + }; + + input.push(get_digest_msg); + expected.push(digest_msg); + + let case = TestCase { input, expected }; + assert!(ResponderRunner::run( + case, + device_io::test_header_generater_callback + )); +} diff --git a/test/spdmlib-test/src/responder_tests/encap_get_certificate.rs b/test/spdmlib-test/src/responder_tests/encap_get_certificate.rs new file mode 100644 index 0000000..37f0c15 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/encap_get_certificate.rs @@ -0,0 +1,168 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::responder::ResponderContext; +use spdmlib::{message::*, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +const CERT_PORTION_LEN: usize = 512; + +#[test] +fn test_encode_encap_requst_get_certificate() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_request = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_request); + + assert!(context + .encode_encap_requst_get_certificate(&mut writer) + .is_ok()); + let mut reader = Reader::init(writer.used_slice()); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmGetCertificateRequestPayload::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert!(context.common.peer_info.peer_cert_chain_temp.is_some()); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCertificate + ); + assert_eq!(payload.length, CERT_PORTION_LEN as u16); + assert_eq!(payload.offset, 0); + assert_eq!(payload.slot_id, 0); +} + +#[test] +fn test_handle_encap_response_certificate() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_response); + let mut cert_rsp = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmResponseCertificate, + }, + payload: SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: 0, + portion_length: CERT_PORTION_LEN as u16, + remainder_length: 0x600, + cert_chain: [0xa; CERT_PORTION_LEN], + }), + }; + assert!(cert_rsp + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + // peer_cert_chain_temp is not initialized, error is expected + assert!(context + .handle_encap_response_certificate(encap_response) + .is_err()); + + if context.common.peer_info.peer_cert_chain_temp.is_none() { + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + } + let result = context + .handle_encap_response_certificate(encap_response) + .unwrap(); + + // remainder_length is not zero, continue expected + assert!(result); + let offset = context + .common + .peer_info + .peer_cert_chain_temp + .as_mut() + .unwrap() + .data_size; + assert_eq!(offset, CERT_PORTION_LEN as u16); + assert_eq!(context.common.encap_context.encap_cert_size, offset + 0x600); + + let mut writer = Writer::init(encap_response); + cert_rsp.payload = + SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: 0xa, + portion_length: CERT_PORTION_LEN as u16, + remainder_length: 0x400, + cert_chain: [0xa; CERT_PORTION_LEN], + }); + assert!(cert_rsp + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + // slot_id does not match the req_slot_id, error is expected + assert!(context + .handle_encap_response_certificate(encap_response) + .is_err()); + + let mut writer = Writer::init(encap_response); + cert_rsp.payload = + SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: 0, + portion_length: CERT_PORTION_LEN as u16, + remainder_length: 0x400, + cert_chain: [0xa; CERT_PORTION_LEN], + }); + assert!(cert_rsp + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + assert!(context + .handle_encap_response_certificate(encap_response) + .is_ok()); + let offset = context + .common + .peer_info + .peer_cert_chain_temp + .as_mut() + .unwrap() + .data_size; + assert_eq!(offset, 0x400 as u16); + assert_eq!(context.common.encap_context.encap_cert_size, offset + 0x400); +} diff --git a/test/spdmlib-test/src/responder_tests/encap_get_digest.rs b/test/spdmlib-test/src/responder_tests/encap_get_digest.rs new file mode 100644 index 0000000..7e4653f --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/encap_get_digest.rs @@ -0,0 +1,101 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::config; +use spdmlib::protocol::*; +use spdmlib::responder::ResponderContext; +use spdmlib::{message::*, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_encode_encap_requst_get_digest() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_request = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_request); + + assert!(context.encode_encap_request_get_digest(&mut writer).is_ok()); + assert_eq!(writer.used(), 4); + + let mut reader = Reader::init(writer.used_slice()); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let _ = SpdmGetDigestsRequestPayload::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetDigests + ); +} + +#[test] +fn test_handle_encap_response_digest() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut context = ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.req_capabilities_sel |= SpdmRequestCapabilityFlags::CERT_CAP; + + let encap_response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(encap_response); + let digests_rsp = SpdmMessage { + header: SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmResponseDigests, + }, + payload: SpdmMessagePayload::SpdmDigestsResponse(SpdmDigestsResponsePayload { + slot_mask: 1, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: SpdmBaseHashAlgo::TPM_ALG_SHA_384.get_size(), + data: Box::new([0xffu8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }), + }; + assert!(digests_rsp + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + assert!(context.handle_encap_response_digest(encap_response).is_ok()); +} diff --git a/test/spdmlib-test/src/responder_tests/encap_rsp.rs b/test/spdmlib-test/src/responder_tests/encap_rsp.rs new file mode 100644 index 0000000..012d59f --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/encap_rsp.rs @@ -0,0 +1,380 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_HMAC; +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::{ + SpdmCodec, SpdmConfigInfo, SpdmConnectionState, SpdmDeviceIo, SpdmProvisionInfo, + SpdmTransportEncap, +}; +use spdmlib::config::{self, MAX_SPDM_MSG_SIZE}; +use spdmlib::error::{SpdmResult, SPDM_STATUS_BUFFER_FULL}; +use spdmlib::protocol::*; +use spdmlib::responder::ResponderContext; +use spdmlib::{crypto, message::*, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; +use core::ops::DerefMut; + +const CERT_PORTION_LEN: usize = 512; +const SESSION_ID: u32 = 4294901758; + +#[test] +fn test_handle_get_encapsulated_request() { + let task = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let request = &mut [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(request); + let header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestGetEncapsulatedRequest, + }; + assert!(header.encode(&mut writer).is_ok()); + + let payload = SpdmGetEncapsulatedRequestPayload {}; + assert!(payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_get_encapsulated_request(request, &mut writer); + assert!(status.is_ok()); + assert!(send_buffer.is_some()); + + assert!(context + .send_message(Some(SESSION_ID), send_buffer.unwrap(), false) + .await + .is_ok()); + + let receive = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + + let response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], response) + .await + .unwrap(); + + assert_eq!(size, 8); // Encapsulated Request + Get Digest + + let mut reader = Reader::init(&response[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = SpdmEncapsulatedRequestPayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseEncapsulatedRequest + ); + assert!(payload.is_some()); + + let encap_header = SpdmMessageHeader::read(&mut reader).unwrap(); + let encap_payload = + SpdmGetDigestsRequestPayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(encap_header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + encap_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetDigests + ); + assert!(encap_payload.is_some()); + }; + + executor::block_on(task); +} + +#[test] +fn test_handle_deliver_encapsulated_reponse_digest() { + let task = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let request = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(request); + let header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse, + }; + assert!(header.encode(&mut writer).is_ok()); + + let payload = SpdmDeliverEncapsulatedResponsePayload { request_id: 0xa }; + assert!(payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + assert!(write_spdm_get_digest_response(&mut context, &mut writer).is_ok()); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = + context.handle_deliver_encapsulated_reponse(request, &mut writer); + assert!(status.is_ok()); + assert!(send_buffer.is_some()); + + assert!(context + .send_message(Some(SESSION_ID), send_buffer.unwrap(), false) + .await + .is_ok()); + + // Get data sent by responder and decode the secured message + let receive = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + + let response = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], response) + .await + .unwrap(); + + // Verify the message sent by responder + let mut reader = Reader::init(&response[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmEncapsulatedResponseAckPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseEncapsulatedResponseAck + ); + assert_eq!(payload.ack_request_id, 0xa); + + let encap_header = SpdmMessageHeader::read(&mut reader).unwrap(); + let encap_payload = SpdmDigestsResponsePayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(encap_header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + encap_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCertificate + ); + assert!(encap_payload.is_some()); + }; + + executor::block_on(task); +} + +#[test] +fn test_handle_deliver_encapsulated_reponse_cert() { + let task = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = setup_test_context_and_session( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + if context.common.peer_info.peer_cert_chain_temp.is_none() { + context.common.peer_info.peer_cert_chain_temp = Some(SpdmCertChainBuffer::default()); + } + + let request = &mut [0u8; config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(request); + let header = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestDeliverEncapsulatedResponse, + }; + assert!(header.encode(&mut writer).is_ok()); + + let payload = SpdmDeliverEncapsulatedResponsePayload { request_id: 0xa }; + assert!(payload + .spdm_encode(&mut context.common, &mut writer) + .is_ok()); + + assert!(write_spdm_get_certificate_response(&mut context, &mut writer).is_ok()); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = + context.handle_deliver_encapsulated_reponse(request, &mut writer); + assert!(status.is_ok()); + assert!(send_buffer.is_some()); + + assert!(context + .send_message(Some(SESSION_ID), send_buffer.unwrap(), false) + .await + .is_ok()); + + let receive: &mut [u8] = &mut [0u8; config::RECEIVER_BUFFER_SIZE]; + let receive_size = { + let mut device_io = context.common.device_io.lock(); + let device_io = device_io.deref_mut(); + + device_io + .receive(Arc::new(Mutex::new(receive)), 0) + .await + .unwrap() + }; + + let mut response = [0u8; config::MAX_SPDM_MSG_SIZE]; + let size = context + .common + .decode_secured_message(SESSION_ID, &receive[..receive_size], &mut response) + .await + .unwrap(); + + // Verify the message sent by responder + let mut reader = Reader::init(&response[..size]); + let header = SpdmMessageHeader::read(&mut reader).unwrap(); + let payload = + SpdmEncapsulatedResponseAckPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!(header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + header.request_response_code, + SpdmRequestResponseCode::SpdmResponseEncapsulatedResponseAck + ); + assert_eq!(payload.ack_request_id, 0xa); + + let encap_header = SpdmMessageHeader::read(&mut reader).unwrap(); + let encap_payload = SpdmDigestsResponsePayload::spdm_read(&mut context.common, &mut reader); + assert_eq!(encap_header.version, SpdmVersion::SpdmVersion12); + assert_eq!( + encap_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestGetCertificate + ); + assert!(encap_payload.is_some()); + }; + + executor::block_on(task); +} + +fn setup_test_context_and_session( + device_io: Arc>, + transport_encap: Arc>, + config_info: SpdmConfigInfo, + provision_info: SpdmProvisionInfo, +) -> ResponderContext { + let mut context = + ResponderContext::new(device_io, transport_encap, config_info, provision_info); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::ENCAP_CAP; + context.common.negotiate_info.rsp_capabilities_sel = SpdmResponseCapabilityFlags::ENCAP_CAP; + + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionAfterCertificate); + + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(SESSION_ID).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + context +} + +fn write_spdm_get_digest_response( + context: &mut ResponderContext, + writer: &mut Writer, +) -> SpdmResult { + let digest_size = context.common.negotiate_info.base_hash_sel.get_size(); + let slot_mask = 1; + + let response = SpdmMessage { + header: SpdmMessageHeader { + version: context.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseDigests, + }, + payload: SpdmMessagePayload::SpdmDigestsResponse(SpdmDigestsResponsePayload { + slot_mask, + digests: gen_array_clone( + SpdmDigestStruct { + data_size: digest_size, + data: Box::new([0xffu8; SPDM_MAX_HASH_SIZE]), + }, + SPDM_MAX_SLOT_NUMBER, + ), + }), + }; + let _ = response + .spdm_encode(&mut context.common, writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + Ok(()) +} + +fn write_spdm_get_certificate_response( + context: &mut ResponderContext, + writer: &mut Writer, +) -> SpdmResult { + let response = SpdmMessage { + header: SpdmMessageHeader { + version: context.common.negotiate_info.spdm_version_sel, + request_response_code: SpdmRequestResponseCode::SpdmResponseCertificate, + }, + payload: SpdmMessagePayload::SpdmCertificateResponse(SpdmCertificateResponsePayload { + slot_id: 0, + portion_length: CERT_PORTION_LEN as u16, + remainder_length: 0x200, + cert_chain: [0xffu8; CERT_PORTION_LEN], + }), + }; + let _ = response + .spdm_encode(&mut context.common, writer) + .map_err(|_| SPDM_STATUS_BUFFER_FULL)?; + + Ok(()) +} diff --git a/test/spdmlib-test/src/responder_tests/end_session_rsp.rs b/test/spdmlib-test/src/responder_tests/end_session_rsp.rs new file mode 100644 index 0000000..759b850 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/end_session_rsp.rs @@ -0,0 +1,102 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmCodec; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_end_session() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let session_request = &mut [0u8; 1024]; + let mut writer = Writer::init(session_request); + let value = SpdmEndSessionRequestPayload { + end_session_request_attributes: + SpdmEndSessionRequestAttributes::PRESERVE_NEGOTIATED_STATE, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(context.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(context.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(context.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&session_request[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_end_session(session_id, bytes, &mut writer); + assert!(status.is_ok()); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/error_rsp.rs b/test/spdmlib-test/src/responder_tests/error_rsp.rs new file mode 100644 index 0000000..6cbc0e1 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/error_rsp.rs @@ -0,0 +1,42 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::Writer; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_send_spdm_error() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let future = async move { + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + context.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, &mut writer); + }; + + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/finish_rsp.rs b/test/spdmlib-test/src/responder_tests/finish_rsp.rs new file mode 100644 index 0000000..a64f79e --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/finish_rsp.rs @@ -0,0 +1,265 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_HMAC; +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmCodec; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(not(feature = "hashed-transcript-data"))] +fn test_case0_handle_spdm_finish() { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let future = async move { + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 1024]; + let mut writer = Writer::init(challenge); + let value = SpdmChallengeRequestPayload { + slot_id: 0, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + nonce: SpdmNonceStruct { data: [100u8; 32] }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let finish_slic: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(finish_slic); + let value = SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::empty(), + req_slot_id: 0, + signature: SpdmSignatureStruct { + data_size: 512, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: 48, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&finish_slic[0..1022]); + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_finish(4294901758, bytes, &mut writer); + }; + executor::block_on(future); +} +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case1_handle_spdm_finish() { + use spdmlib::config::MAX_SPDM_MSG_SIZE; + + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].runtime_info.digest_context_th = + Some(crypto::hash::hash_ctx_init(context.common.negotiate_info.base_hash_sel).unwrap()); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 1024]; + let mut writer = Writer::init(challenge); + let value: SpdmChallengeRequestPayload = SpdmChallengeRequestPayload { + slot_id: 0, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + nonce: SpdmNonceStruct { data: [100u8; 32] }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let finish_slic: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(finish_slic); + let value = SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::SIGNATURE_INCLUDED, + req_slot_id: 0, + signature: SpdmSignatureStruct { + data_size: 96, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: 48, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&finish_slic[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_finish(4294901758, bytes, &mut writer); +} + +#[test] +#[cfg(feature = "hashed-transcript-data")] +fn test_case2_handle_spdm_finish() { + use spdmlib::config::MAX_SPDM_MSG_SIZE; + + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.req_capabilities_sel = SpdmRequestCapabilityFlags::CERT_CAP; + context.common.negotiate_info.rsp_capabilities_sel = + SpdmResponseCapabilityFlags::HANDSHAKE_IN_THE_CLEAR_CAP; + + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + context.common.session[0].runtime_info.digest_context_th = + Some(crypto::hash::hash_ctx_init(context.common.negotiate_info.base_hash_sel).unwrap()); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 1024]; + let mut writer = Writer::init(challenge); + let value: SpdmChallengeRequestPayload = SpdmChallengeRequestPayload { + slot_id: 0, + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + nonce: SpdmNonceStruct { data: [100u8; 32] }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let finish_slic: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(finish_slic); + let value = SpdmFinishRequestPayload { + finish_request_attributes: SpdmFinishRequestAttributes::SIGNATURE_INCLUDED, + req_slot_id: 0, + signature: SpdmSignatureStruct { + data_size: 96, + data: [0xa5u8; SPDM_MAX_ASYM_KEY_SIZE], + }, + verify_data: SpdmDigestStruct { + data_size: 48, + data: Box::new([0x5au8; SPDM_MAX_HASH_SIZE]), + }, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&finish_slic[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_finish(4294901758, bytes, &mut writer); + + for session in context.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } +} diff --git a/test/spdmlib-test/src/responder_tests/heartbeat_rsp.rs b/test/spdmlib-test/src/responder_tests/heartbeat_rsp.rs new file mode 100644 index 0000000..86160bb --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/heartbeat_rsp.rs @@ -0,0 +1,88 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_heartbeat() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let rsp_session_id = 0xffu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + assert!(context.common.session[0] + .set_dhe_secret( + SpdmVersion::SpdmVersion12, + SpdmDheFinalKeyStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_DHE_KEY_SIZE]) + } + ) + .is_ok()); + assert!(context.common.session[0] + .generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + assert!(context.common.session[0] + .generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 5, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]) + } + ) + .is_ok()); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + + let bytes = &mut [0u8; 1024]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_heartbeat(session_id, bytes, &mut writer); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/key_exchange_rsp.rs b/test/spdmlib-test/src/responder_tests/key_exchange_rsp.rs new file mode 100644 index 0000000..e6fe1db --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/key_exchange_rsp.rs @@ -0,0 +1,209 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_HMAC; +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use bytes::BytesMut; +use codec::{Codec, Writer}; +use spdmlib::common::opaque::*; +use spdmlib::common::SpdmCodec; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(not(feature = "hashed-transcript-data"))] +fn test_case0_handle_spdm_key_exchange() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + let _ = value.encode(&mut writer); + + let rng = ring::rand::SystemRandom::new(); + let private_key = + ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::ECDH_P256, &rng) + .ok() + .unwrap(); + let public_key_old = private_key.compute_public_key().ok().unwrap(); + let public_key = BytesMut::from(&public_key_old.as_ref()[1..]); + + let key_exchange: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(key_exchange); + let mut value = SpdmKeyExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb, + slot_id: 100u8, + req_session_id: 0xffu16, + session_policy: 1, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct::from(public_key), + opaque: SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut context.common, + &SMSupportedVerListOpaque { + secured_message_version_list: SecuredMessageVersionList { + version_count: 2, + versions_list: [ + SecuredMessageVersion { + major_version: 1, + minor_version: 0, + update_version_number: 0, + alpha: 0, + }, + SecuredMessageVersion { + major_version: 1, + minor_version: 1, + update_version_number: 0, + alpha: 0, + }, + ], + }, + }, + ) + .unwrap(), + }; + let _ = value.spdm_encode(&mut context.common, &mut writer); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&key_exchange[0..1022]); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_key_exchange(bytes, &mut writer); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_key_exchange() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_256_R1; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion12, + request_response_code: SpdmRequestResponseCode::SpdmRequestKeyExchange, + }; + let _ = value.encode(&mut writer); + + let rng = ring::rand::SystemRandom::new(); + let private_key = + ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::ECDH_P256, &rng) + .ok() + .unwrap(); + let public_key_old = private_key.compute_public_key().ok().unwrap(); + let public_key = BytesMut::from(&public_key_old.as_ref()[1..]); + + let key_exchange: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(key_exchange); + let mut value = SpdmKeyExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeTcb, + slot_id: 0u8, + req_session_id: 0xffu16, + session_policy: 1, + random: SpdmRandomStruct { + data: [100u8; SPDM_RANDOM_SIZE], + }, + exchange: SpdmDheExchangeStruct::from(public_key), + opaque: SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut context.common, + &SMSupportedVerListOpaque { + secured_message_version_list: SecuredMessageVersionList { + version_count: 2, + versions_list: [ + SecuredMessageVersion { + major_version: 1, + minor_version: 0, + update_version_number: 0, + alpha: 0, + }, + SecuredMessageVersion { + major_version: 1, + minor_version: 1, + update_version_number: 0, + alpha: 0, + }, + ], + }, + }, + ) + .unwrap(), + }; + let _ = value.spdm_encode(&mut context.common, &mut writer); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&key_exchange[0..1022]); + + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_key_exchange(bytes, &mut writer); + + for session in context.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/key_update_rsp.rs b/test/spdmlib-test/src/responder_tests/key_update_rsp.rs new file mode 100644 index 0000000..ca6937d --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/key_update_rsp.rs @@ -0,0 +1,168 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmCodec; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_key_update() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = context.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = context.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = context.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let key_exchange: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(key_exchange); + let value = SpdmKeyUpdateRequestPayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateSingleKey, + tag: 100u8, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&key_exchange[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_key_update(session_id, bytes, &mut writer); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_key_update() { + let future = async { + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let (config_info, provision_info) = create_info(); + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let rsp_session_id = 0xFFFEu16; + let session_id = (0xffu32 << 16) + rsp_session_id as u32; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(session_id).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionHandshaking); + let dhe_secret = SpdmDheFinalKeyStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]), + }; + let _ = context.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret); + let _ = context.common.session[0].generate_handshake_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let _ = context.common.session[0].generate_data_secret( + SpdmVersion::SpdmVersion12, + &SpdmDigestStruct { + data_size: 48, + data: Box::new([0; SPDM_MAX_HASH_SIZE]), + }, + ); + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let key_exchange: &mut [u8; 1024] = &mut [0u8; 1024]; + let mut writer = Writer::init(key_exchange); + let value = SpdmKeyUpdateRequestPayload { + key_update_operation: SpdmKeyUpdateOperation::SpdmUpdateAllKeys, + tag: 100u8, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&key_exchange[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_key_update(session_id, bytes, &mut writer); + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/measurement_rsp.rs b/test/spdmlib-test/src/responder_tests/measurement_rsp.rs new file mode 100644 index 0000000..6c3a0e9 --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/measurement_rsp.rs @@ -0,0 +1,317 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{self, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, ResponderRunner, TestCase, TestSpdmMessage}; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::SpdmCodec; +use spdmlib::common::SpdmConnectionState; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_measurement() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.measurement_specification_sel = + SpdmMeasurementSpecification::DMTF; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let measurements_struct = &mut [0u8; 1024]; + let mut writer = Writer::init(measurements_struct); + let value = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::empty(), + measurement_operation: SpdmMeasurementOperation::Unknown(1), + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + slot_id: 0, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&measurements_struct[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_measurement(None, bytes, &mut writer); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + let data = context.common.runtime_info.message_m.as_ref(); + let u8_slice = &mut [0u8; 2048]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut message_header_slice = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut message_header_slice).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + + let spdm_struct_slice = &u8_slice[2..]; + let mut reader = Reader::init(spdm_struct_slice); + let get_measurements = + SpdmGetMeasurementsRequestPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!( + get_measurements.measurement_attributes, + SpdmMeasurementAttributes::empty() + ); + assert_eq!( + get_measurements.measurement_operation, + SpdmMeasurementOperation::Unknown(1) + ); + + let spdm_message_slice = &u8_slice[4..]; + let mut reader = Reader::init(spdm_message_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseMeasurements + ); + if let SpdmMessagePayload::SpdmMeasurementsResponse(payload) = &spdm_message.payload { + //assert_eq!(payload.number_of_measurement, 0); + assert_eq!(payload.slot_id, 0); + assert_eq!(payload.measurement_record.number_of_blocks, 1); + } + } + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_measurement() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion10; + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.measurement_hash_sel = + SpdmMeasurementHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.measurement_specification_sel = + SpdmMeasurementSpecification::DMTF; + context + .common + .runtime_info + .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let measurements_struct = &mut [0u8; 1024]; + let mut writer = Writer::init(measurements_struct); + let value = SpdmGetMeasurementsRequestPayload { + measurement_attributes: SpdmMeasurementAttributes::empty(), + measurement_operation: SpdmMeasurementOperation::SpdmMeasurementRequestAll, + nonce: SpdmNonceStruct { + data: [100u8; SPDM_NONCE_SIZE], + }, + slot_id: 0, + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&measurements_struct[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_measurement(None, bytes, &mut writer); + + #[cfg(not(feature = "hashed-transcript-data"))] + { + let data = context.common.runtime_info.message_m.as_ref(); + let u8_slice = &mut [0u8; 2048]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut message_header_slice = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut message_header_slice).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + + let spdm_struct_slice = &u8_slice[2..]; + let mut reader = Reader::init(spdm_struct_slice); + let get_measurements = + SpdmGetMeasurementsRequestPayload::spdm_read(&mut context.common, &mut reader) + .unwrap(); + assert_eq!( + get_measurements.measurement_attributes, + SpdmMeasurementAttributes::empty() + ); + assert_eq!( + get_measurements.measurement_operation, + SpdmMeasurementOperation::SpdmMeasurementRequestAll + ); + + let spdm_message_slice = &u8_slice[4..]; + let mut reader = Reader::init(spdm_message_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseMeasurements + ); + + if let SpdmMessagePayload::SpdmMeasurementsResponse(payload) = &spdm_message.payload { + //assert_eq!(payload.number_of_measurement, 10); + //if measurement_attributes == 0, it means responder donot need append signature, + //and slot_id should be 0. + assert_eq!(payload.slot_id, 0); + assert_eq!(payload.measurement_record.number_of_blocks, 10); + } + } + }; + executor::block_on(future); +} + +fn test_handle_spdm_measurement_runner( + get_measurement_msg: TestSpdmMessage, + measurement_msg: TestSpdmMessage, +) { + let mut input = Vec::new(); + let mut expected = Vec::new(); + + let (get_version_msg, version_msg) = super::version_rsp::construct_version_positive(); + let (get_capabilities_msg, capabilities_msg) = + super::capability_rsp::consturct_capability_positive(); + let (negotiate_algorithm_msg, algorithm_msg) = + super::algorithm_rsp::consturct_algorithm_positive(); + let (get_certificate_msg, certificate_msg) = + super::certificate_rsp::construct_certificate_positive(); + + input.push(get_version_msg); + expected.push(version_msg); + input.push(get_capabilities_msg); + expected.push(capabilities_msg); + input.push(negotiate_algorithm_msg); + expected.push(algorithm_msg); + input.extend(get_certificate_msg); + expected.extend(certificate_msg); + + input.push(get_measurement_msg); + expected.push(measurement_msg); + + let case = TestCase { input, expected }; + assert!(ResponderRunner::run( + case, + device_io::test_header_generater_callback + )); +} + +#[test] +fn test_case2_handle_spdm_measurements() { + use crate::common::secret_callback::SECRET_MEASUREMENT_IMPL_INSTANCE; + use crate::protocol; + spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone()); + + let get_measurement_msg = TestSpdmMessage { + message: protocol::Message::GET_MEASUREMENTS(protocol::measurement::GET_MEASUREMENTS { + SPDMVersion: 0x12, + RequestResponseCode: 0xE0, + Param1: 0, + Param2: 0x0, // shall query the Responder for the total number of measurement blocks avaiable + Nonce: None, + SlotIDParam: None, + }), + secure: 0, + }; + + let (config_info, _provision_info) = create_info(); + let measurement_record_structure = secret::measurement::measurement_collection( + SpdmVersion::SpdmVersion12, + SpdmMeasurementSpecification::DMTF, + config_info.measurement_hash_algo, + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber.get_u8() as usize, + ) + .unwrap(); + + let siglen = config_info.base_asym_algo.get_size() as usize; + let measurement_msg = TestSpdmMessage { + message: protocol::Message::MEASUREMENTS(protocol::measurement::MEASUREMENTS { + SPDMVersion: 0x12, + RequestResponseCode: 0x60, + Param1: measurement_record_structure.number_of_blocks, + Param2: 0, + NumberOfBlocks: 0, + MeasurementRecordLength: measurement_record_structure.measurement_record_length.get(), + MeasurementRecordData: measurement_record_structure.measurement_record_data + [0..(measurement_record_structure.measurement_record_length.get() as usize)] + .to_vec(), + Nonce: [0xffu8; 32], + OpaqueDataLength: 0, + OpaqueData: Vec::new(), + Signature: Vec::new(), + }), + secure: 0, + }; + + test_handle_spdm_measurement_runner(get_measurement_msg, measurement_msg); +} diff --git a/test/spdmlib-test/src/responder_tests/mod.rs b/test/spdmlib-test/src/responder_tests/mod.rs new file mode 100644 index 0000000..130c82c --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/mod.rs @@ -0,0 +1,51 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +#![forbid(unsafe_code)] + +mod challenge_rsp; + +mod algorithm_rsp; + +mod capability_rsp; + +mod certificate_rsp; + +// Disable context here because some test cases use private function, +// may need keep those test cases located in spdmlib/src/responder/context.rs +// +// mod context; + +mod digest_rsp; + +#[cfg(feature = "mut-auth")] +mod encap_get_certificate; + +#[cfg(feature = "mut-auth")] +mod encap_get_digest; + +#[cfg(feature = "mut-auth")] +mod encap_rsp; + +mod end_session_rsp; + +mod error_rsp; + +mod finish_rsp; + +mod heartbeat_rsp; + +mod key_exchange_rsp; + +mod key_update_rsp; + +mod measurement_rsp; + +mod psk_exchange_rsp; + +mod psk_finish_rsp; + +mod vendor_rsp; + +mod version_rsp; diff --git a/test/spdmlib-test/src/responder_tests/psk_exchange_rsp.rs b/test/spdmlib-test/src/responder_tests/psk_exchange_rsp.rs new file mode 100644 index 0000000..c3c124d --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/psk_exchange_rsp.rs @@ -0,0 +1,186 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::opaque; +use spdmlib::common::opaque::*; +use spdmlib::common::SpdmCodec; +use spdmlib::config::{MAX_SPDM_MSG_SIZE, MAX_SPDM_PSK_CONTEXT_SIZE, MAX_SPDM_PSK_HINT_SIZE}; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_psk_exchange() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 1024]; + let mut writer = Writer::init(challenge); + let mut value = SpdmPskExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + req_session_id: 100u16, + psk_hint: SpdmPskHintStruct { + data_size: 32, + data: [100u8; MAX_SPDM_PSK_HINT_SIZE], + }, + psk_context: SpdmPskContextStruct { + data_size: 64, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut context.common, + &SMSupportedVerListOpaque { + secured_message_version_list: SecuredMessageVersionList { + version_count: 2, + versions_list: [ + SecuredMessageVersion { + major_version: 1, + minor_version: 0, + update_version_number: 0, + alpha: 0, + }, + SecuredMessageVersion { + major_version: 1, + minor_version: 1, + update_version_number: 0, + alpha: 0, + }, + ], + }, + }, + ) + .unwrap(), + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&challenge[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_exchange(bytes, &mut writer); + }; + executor::block_on(future); +} + +#[test] +fn test_case1_handle_spdm_psk_exchange() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let challenge = &mut [0u8; 1024]; + let mut writer = Writer::init(challenge); + let mut value = SpdmPskExchangeRequestPayload { + measurement_summary_hash_type: + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeAll, + req_session_id: 100u16, + psk_hint: SpdmPskHintStruct { + data_size: 32, + data: [100u8; MAX_SPDM_PSK_HINT_SIZE], + }, + psk_context: SpdmPskContextStruct { + data_size: 64, + data: [100u8; MAX_SPDM_PSK_CONTEXT_SIZE], + }, + opaque: SpdmOpaqueStruct::from_sm_supported_ver_list_opaque( + &mut context.common, + &SMSupportedVerListOpaque { + secured_message_version_list: SecuredMessageVersionList { + version_count: 2, + versions_list: [ + SecuredMessageVersion { + major_version: 1, + minor_version: 0, + update_version_number: 0, + alpha: 0, + }, + SecuredMessageVersion { + major_version: 1, + minor_version: 1, + update_version_number: 0, + alpha: 0, + }, + ], + }, + }, + ) + .unwrap(), + }; + assert!(value.spdm_encode(&mut context.common, &mut writer).is_ok()); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&challenge[0..1022]); + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_exchange(bytes, &mut writer); + + for session in context.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/psk_finish_rsp.rs b/test/spdmlib-test/src/responder_tests/psk_finish_rsp.rs new file mode 100644 index 0000000..ea35e5c --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/psk_finish_rsp.rs @@ -0,0 +1,147 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::crypto_callback::FAKE_HMAC; +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use codec::{Codec, Writer}; +use spdmlib::common::session::{SpdmSession, SpdmSessionState}; +use spdmlib::common::SpdmCodec; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{crypto, responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +#[cfg(not(feature = "hashed-transcript-data"))] +fn test_case0_handle_spdm_psk_finish() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + let _ = value.encode(&mut writer); + + let psk_finish = &mut [0u8; 1024]; + let mut writer = Writer::init(psk_finish); + let value = SpdmPskFinishRequestPayload { + verify_data: SpdmDigestStruct { + data_size: 48, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + let _ = value.spdm_encode(&mut context.common, &mut writer); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&psk_finish[0..1022]); + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_finish(4294901758, bytes, &mut writer); + }; + executor::block_on(future); +} + +#[test] +#[cfg(not(feature = "hashed-transcript-data"))] +fn test_case1_handle_spdm_psk_finish() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + secret::psk::register(SECRET_PSK_IMPL_INSTANCE.clone()); + crypto::hmac::register(FAKE_HMAC.clone()); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; + context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + context.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM; + context.common.session = gen_array_clone(SpdmSession::new(), 4); + context.common.session[0].setup(4294901758).unwrap(); + context.common.session[0].set_crypto_param( + SpdmBaseHashAlgo::TPM_ALG_SHA_384, + SpdmDheAlgo::SECP_384_R1, + SpdmAeadAlgo::AES_256_GCM, + SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, + ); + context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); + + let spdm_message_header = &mut [0u8; 1024]; + let mut writer = Writer::init(spdm_message_header); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + let _ = value.encode(&mut writer); + + let psk_finish = &mut [0u8; 1024]; + let mut writer = Writer::init(psk_finish); + let value = SpdmPskFinishRequestPayload { + verify_data: SpdmDigestStruct { + data_size: 48, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }, + }; + let _ = value.spdm_encode(&mut context.common, &mut writer); + + let bytes = &mut [0u8; 1024]; + bytes.copy_from_slice(&spdm_message_header[0..]); + bytes[2..].copy_from_slice(&psk_finish[0..1022]); + let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + let (status, send_buffer) = context.handle_spdm_psk_finish(4294901758, bytes, &mut writer); + + for session in context.common.session.iter() { + assert_eq!( + session.get_session_id(), + spdmlib::common::INVALID_SESSION_ID + ); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/responder_tests/vendor_rsp.rs b/test/spdmlib-test/src/responder_tests/vendor_rsp.rs new file mode 100644 index 0000000..12dc3ae --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/vendor_rsp.rs @@ -0,0 +1,78 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::*; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::create_info; +use spdmlib::error::SpdmResult; +use spdmlib::message::VendorDefinedReqPayloadStruct; +use spdmlib::message::*; +use spdmlib::responder::ResponderContext; +use spdmlib::{config, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_vendor_defined_request() { + let (rsp_config_info, rsp_provision_info) = create_info(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let mut responder = ResponderContext::new( + device_io_responder, + pcidoe_transport_encap, + rsp_config_info, + rsp_provision_info, + ); + + let req = VendorDefinedReqPayloadStruct { + req_length: 0, + vendor_defined_req_payload: [0; config::MAX_SPDM_MSG_SIZE - 7 - 2], + }; + + let vendor_defined_func: for<'r> fn( + usize, + &VendorIDStruct, + &'r vendor::VendorDefinedReqPayloadStruct, + ) -> Result<_, _> = |_: usize, + _: &VendorIDStruct, + _vendor_defined_req_payload_struct| + -> SpdmResult { + let mut vendor_defined_res_payload_struct = VendorDefinedRspPayloadStruct { + rsp_length: 0, + vendor_defined_rsp_payload: [0; config::MAX_SPDM_MSG_SIZE - 7 - 2], + }; + vendor_defined_res_payload_struct.rsp_length = 8; + vendor_defined_res_payload_struct.vendor_defined_rsp_payload[0..8] + .clone_from_slice(b"deadbeef"); + Ok(vendor_defined_res_payload_struct) + }; + + register_vendor_defined_struct(VendorDefinedStruct { + vendor_defined_request_handler: vendor_defined_func, + vdm_handle: 0, + }); + + if let Ok(vendor_defined_res_payload_struct) = responder.respond_to_vendor_defined_request( + &req, + &VendorIDStruct::default(), + vendor_defined_request_handler, + ) { + assert_eq!(vendor_defined_res_payload_struct.rsp_length, 8); + assert_eq!( + vendor_defined_res_payload_struct.vendor_defined_rsp_payload[0], + b'd' + ); + } else { + assert!(false, "Not expected result!"); + } +} diff --git a/test/spdmlib-test/src/responder_tests/version_rsp.rs b/test/spdmlib-test/src/responder_tests/version_rsp.rs new file mode 100644 index 0000000..0000a1f --- /dev/null +++ b/test/spdmlib-test/src/responder_tests/version_rsp.rs @@ -0,0 +1,122 @@ +// Copyright (c) 2020 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{create_info, TestSpdmMessage}; +use codec::{Codec, Reader, Writer}; +use spdmlib::common::*; +use spdmlib::config::MAX_SPDM_MSG_SIZE; +use spdmlib::message::*; +use spdmlib::protocol::*; +use spdmlib::{responder, secret}; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_handle_spdm_version() { + let future = async { + let (config_info, provision_info) = create_info(); + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + + let shared_buffer = SharedBuffer::new(); + let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + + let mut context = responder::ResponderContext::new( + socket_io_transport, + pcidoe_transport_encap, + config_info, + provision_info, + ); + + let bytes = &mut [0u8; 1024]; + let mut writer = Writer::init(bytes); + let value = SpdmMessageHeader { + version: SpdmVersion::SpdmVersion10, + request_response_code: SpdmRequestResponseCode::SpdmRequestChallenge, + }; + assert!(value.encode(&mut writer).is_ok()); + + let mut response_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut writer = Writer::init(&mut response_buffer); + context.handle_spdm_version(bytes, &mut writer); + + let data = context.common.runtime_info.message_a.as_ref(); + let u8_slice = &mut [0u8; 1024]; + for (i, data) in data.iter().enumerate() { + u8_slice[i] = *data; + } + + let mut reader = Reader::init(u8_slice); + let spdm_message_header = SpdmMessageHeader::read(&mut reader).unwrap(); + assert_eq!(spdm_message_header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message_header.request_response_code, + SpdmRequestResponseCode::SpdmRequestChallenge + ); + + let u8_slice = &u8_slice[4..]; + let mut reader = Reader::init(u8_slice); + let spdm_message: SpdmMessage = + SpdmMessage::spdm_read(&mut context.common, &mut reader).unwrap(); + + assert_eq!(spdm_message.header.version, SpdmVersion::SpdmVersion10); + assert_eq!( + spdm_message.header.request_response_code, + SpdmRequestResponseCode::SpdmResponseVersion + ); + if let SpdmMessagePayload::SpdmVersionResponse(payload) = &spdm_message.payload { + assert_eq!(payload.version_number_entry_count, 0x03); + assert_eq!(payload.versions[0].update, 0); + assert_eq!(payload.versions[0].version, SpdmVersion::SpdmVersion10); + assert_eq!(payload.versions[1].update, 0); + assert_eq!(payload.versions[1].version, SpdmVersion::SpdmVersion11); + assert_eq!(payload.versions[2].update, 0); + assert_eq!(payload.versions[2].version, SpdmVersion::SpdmVersion12); + } + }; + executor::block_on(future); +} + +pub fn construct_version_positive() -> (TestSpdmMessage, TestSpdmMessage) { + use crate::protocol; + let get_version_msg = TestSpdmMessage { + message: protocol::Message::GET_VERSION(protocol::version::GET_VERSION { + SPDMVersion: 0x10, + RequestResponseCode: 0x84, + Param1: 0, + Param2: 0, + }), + secure: 0, + }; + let (config_info, provision_info) = create_info(); + let mut VersionNumberEntryCount = 0; + let mut VersionNumberEntry: [u16; MAX_SPDM_VERSION_COUNT] = gen_array_clone( + u8::from(SpdmVersion::default()) as u16, + MAX_SPDM_VERSION_COUNT, + ); + for (_, v) in config_info.spdm_version.iter().flatten().enumerate() { + VersionNumberEntry[VersionNumberEntryCount] = (u8::from(*v) as u16) << 8; + VersionNumberEntryCount += 1; + } + let version_msg = TestSpdmMessage { + message: protocol::Message::VERSION(protocol::version::VERSION { + SPDMVersion: 0x10, + RequestResponseCode: 0x04, + Param1: 0, + Param2: 0, + Reserved: 0, + VersionNumberEntryCount: VersionNumberEntryCount as u8, + VersionNumberEntry: VersionNumberEntry.to_vec(), + }), + secure: 0, + }; + (get_version_msg, version_msg) +} diff --git a/test/spdmlib-test/src/test_client_server.rs b/test/spdmlib-test/src/test_client_server.rs new file mode 100644 index 0000000..2e57c9c --- /dev/null +++ b/test/spdmlib-test/src/test_client_server.rs @@ -0,0 +1,140 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::{FakeSpdmDeviceIo, FakeSpdmDeviceIoReceve, SharedBuffer}; +use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::{get_rsp_cert_chain_buff, req_create_info, rsp_create_info}; +use crate::watchdog_impl_sample::init_watchdog; +use spdmlib::protocol::{ + SpdmMeasurementSummaryHashType, SpdmReqAsymAlgo, SpdmRequestCapabilityFlags, + SpdmResponseCapabilityFlags, +}; +use spdmlib::requester; +use spdmlib::responder; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn intergration_client_server() { + let future = async { + spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); + init_watchdog(); + + let shared_buffer = SharedBuffer::new(); + let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( + shared_buffer, + )))); + let transport_encap_responder = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let (config_info, provision_info) = rsp_create_info(); + let mut responder_context = responder::ResponderContext::new( + device_io_responder, + transport_encap_responder, + config_info, + provision_info, + ); + + #[cfg(feature = "mut-auth")] + { + responder_context.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + responder_context.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + } + + let shared_buffer = SharedBuffer::new(); + let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new( + Arc::new(shared_buffer), + Arc::new(Mutex::new(responder_context)), + ))); + let transport_encap_requester = Arc::new(Mutex::new(PciDoeTransportEncap {})); + + let (config_info, provision_info) = req_create_info(); + let mut requester_context = requester::RequesterContext::new( + device_io_requester, + transport_encap_requester, + config_info, + provision_info, + ); + + let mut transcript_vca = None; + assert!(!requester_context + .init_connection(&mut transcript_vca) + .await + .is_err()); + + assert!(!requester_context + .send_receive_spdm_digest(None) + .await + .is_err()); + + assert!(!requester_context + .send_receive_spdm_certificate(None, 0) + .await + .is_err()); + + #[cfg(feature = "mut-auth")] + { + requester_context.common.negotiate_info.rsp_capabilities_sel |= + SpdmResponseCapabilityFlags::MUT_AUTH_CAP; + requester_context.common.negotiate_info.req_capabilities_sel |= + SpdmRequestCapabilityFlags::MUT_AUTH_CAP; + requester_context.common.negotiate_info.req_asym_sel = + SpdmReqAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384; + requester_context.common.provision_info.my_cert_chain = [ + Some(get_rsp_cert_chain_buff()), + None, + None, + None, + None, + None, + None, + None, + ]; + } + + let result = requester_context + .start_session( + false, + 0, + SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone, + ) + .await; + assert!(result.is_ok()); + if let Ok(session_id) = result { + log::info!( + "\nSession established ... session_id is {:0x?}\n", + session_id + ); + log::info!("Key Information ...\n"); + + let session = requester_context + .common + .get_session_via_id(session_id) + .expect("get session failed!"); + let (request_direction, response_direction) = session.export_keys(); + log::info!( + "request_direction.encryption_key {:0x?}\n", + request_direction.encryption_key.as_ref() + ); + log::info!( + "request_direction.salt {:0x?}\n", + request_direction.salt.as_ref() + ); + log::info!( + "response_direction.encryption_key {:0x?}\n", + response_direction.encryption_key.as_ref() + ); + log::info!( + "response_direction.salt {:0x?}\n", + response_direction.salt.as_ref() + ); + } else { + log::info!("\nSession session_id not got ????? \n"); + } + }; + executor::block_on(future); +} diff --git a/test/spdmlib-test/src/test_library.rs b/test/spdmlib-test/src/test_library.rs new file mode 100644 index 0000000..d38fc7d --- /dev/null +++ b/test/spdmlib-test/src/test_library.rs @@ -0,0 +1,299 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::common::device_io::MySpdmDeviceIo; +use crate::common::transport::PciDoeTransportEncap; +use crate::common::util::new_context; +use codec::{u24, Codec, Reader, Writer}; +use spdmlib::common::opaque::*; +use spdmlib::common::SpdmCodec; +use spdmlib::config::{MAX_SPDM_MEASUREMENT_RECORD_SIZE, MAX_SPDM_MEASUREMENT_VALUE_LEN}; +use spdmlib::protocol::*; +use spin::Mutex; +extern crate alloc; +use alloc::sync::Arc; + +#[test] +fn test_case0_spdm_opaque_struct() { + let u8_slice = &mut [0u8; 2 + MAX_SPDM_OPAQUE_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmOpaqueStruct { + data_size: MAX_SPDM_OPAQUE_SIZE as u16, + data: [100u8; MAX_SPDM_OPAQUE_SIZE], + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(2 + MAX_SPDM_OPAQUE_SIZE, reader.left()); + let spdm_opaque_struct = SpdmOpaqueStruct::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_opaque_struct.data_size, MAX_SPDM_OPAQUE_SIZE as u16); + for i in 0..MAX_SPDM_OPAQUE_SIZE { + assert_eq!(spdm_opaque_struct.data[i], 100); + } + assert_eq!(0, reader.left()); +} + +#[test] +fn test_case0_spdm_digest_struct() { + let u8_slice = &mut [0u8; SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmDigestStruct { + data_size: SPDM_MAX_HASH_SIZE as u16, + data: Box::new([100u8; SPDM_MAX_HASH_SIZE]), + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_512; + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_digest_struct = SpdmDigestStruct::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_digest_struct.data_size, SPDM_MAX_HASH_SIZE as u16); + for i in 0..SPDM_MAX_HASH_SIZE { + assert_eq!(spdm_digest_struct.data[i], 100u8); + } + assert_eq!(0, reader.left()); +} +#[test] +fn test_case0_spdm_signature_struct() { + let u8_slice = &mut [0u8; SPDM_MAX_ASYM_KEY_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmSignatureStruct { + data_size: SPDM_MAX_ASYM_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_ASYM_KEY_SIZE], + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_RSASSA_4096; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_MAX_ASYM_KEY_SIZE, reader.left()); + let spdm_signature_struct = SpdmSignatureStruct::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_signature_struct.data_size, RSASSA_4096_KEY_SIZE as u16); + for i in 0..RSASSA_4096_KEY_SIZE { + assert_eq!(spdm_signature_struct.data[i], 100); + } +} +#[test] +fn test_case0_spdm_measurement_record_structure() { + let u8_slice = &mut [0u8; 512]; + let mut writer = Writer::init(u8_slice); + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_size: 3 + SHA512_DIGEST_SIZE as u16, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: SHA512_DIGEST_SIZE as u16, + value: [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN], + }, + }; + let mut measurement_record_data = [0u8; MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut measurement_record_data_writer = Writer::init(&mut measurement_record_data); + + for _i in 0..5 { + assert!(spdm_measurement_block_structure + .encode(&mut measurement_record_data_writer) + .is_ok()); + spdm_measurement_block_structure.index += 1; + } + + let value = SpdmMeasurementRecordStructure { + number_of_blocks: 5, + measurement_record_length: u24::new(measurement_record_data_writer.used() as u32), + measurement_record_data, + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11; + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + context.negotiate_info.measurement_specification_sel = SpdmMeasurementSpecification::DMTF; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(512, reader.left()); + let measurement_record = + SpdmMeasurementRecordStructure::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(measurement_record.number_of_blocks, 5); +} + +#[test] +fn test_case1_spdm_measurement_record_structure() { + let u8_slice = &mut [0u8; 512]; + let mut writer = Writer::init(u8_slice); + let mut spdm_measurement_block_structure = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_size: 3 + SHA512_DIGEST_SIZE as u16, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: SHA512_DIGEST_SIZE as u16, + value: [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN], + }, + }; + let mut measurement_record_data = [0u8; MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + let mut measurement_record_data_writer = Writer::init(&mut measurement_record_data); + + for _i in 0..5 { + assert!(spdm_measurement_block_structure + .encode(&mut measurement_record_data_writer) + .is_ok()); + spdm_measurement_block_structure.index += 1; + } + + let value = SpdmMeasurementRecordStructure { + number_of_blocks: 5, + measurement_record_length: u24::new(measurement_record_data_writer.used() as u32), + measurement_record_data, + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); +} +#[test] +fn test_case0_spdm_dhe_exchange_struct() { + let u8_slice = &mut [0u8; SPDM_MAX_DHE_KEY_SIZE]; + let mut writer = Writer::init(u8_slice); + SpdmDheExchangeStruct::default(); + let value = SpdmDheExchangeStruct { + data_size: SPDM_MAX_DHE_KEY_SIZE as u16, + data: [100u8; SPDM_MAX_DHE_KEY_SIZE], + }; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(SPDM_MAX_DHE_KEY_SIZE, reader.left()); + let spdm_dhe_exchange_struct = + SpdmDheExchangeStruct::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!( + spdm_dhe_exchange_struct.data_size, + ECDSA_ECC_NIST_P384_KEY_SIZE as u16 + ); + for i in 0..ECDSA_ECC_NIST_P384_KEY_SIZE { + assert_eq!(spdm_dhe_exchange_struct.data[i], 100); + } + assert_eq!(0, reader.left()); +} +#[test] +fn test_case0_spdm_dmtf_measurement_structure() { + let mut value = SpdmDmtfMeasurementStructure::default(); + let r#type = [ + SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmware, + SpdmDmtfMeasurementType::SpdmDmtfMeasurementHardwareConfig, + SpdmDmtfMeasurementType::SpdmDmtfMeasurementFirmwareConfig, + SpdmDmtfMeasurementType::SpdmDmtfMeasurementManifest, + ]; + let representation = [ + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementRawBit, + ]; + value.value_size = SHA512_DIGEST_SIZE as u16; + value.value = [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN]; + + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + + for i in 0..5 { + value.r#type = r#type[i]; + if i < 2 { + value.representation = representation[i]; + } + let u8_slice = &mut [0u8; 3 + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(3 + SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_dmtf_measurement_structure = + SpdmDmtfMeasurementStructure::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_dmtf_measurement_structure.r#type, r#type[i]); + if i < 2 { + assert_eq!( + spdm_dmtf_measurement_structure.representation, + representation[i] + ); + } + assert_eq!( + spdm_dmtf_measurement_structure.value_size, + SHA512_DIGEST_SIZE as u16 + ); + for j in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_dmtf_measurement_structure.value[j], 100); + } + assert_eq!(0, reader.left()); + } +} +#[test] +fn test_case0_spdm_measurement_block_structure() { + let u8_slice = &mut [0u8; 4 + 3 + SPDM_MAX_HASH_SIZE]; + let mut writer = Writer::init(u8_slice); + let value = SpdmMeasurementBlockStructure { + index: 1u8, + measurement_specification: SpdmMeasurementSpecification::DMTF, + measurement_size: 3 + SHA512_DIGEST_SIZE as u16, + measurement: SpdmDmtfMeasurementStructure { + r#type: SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom, + representation: SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest, + value_size: SHA512_DIGEST_SIZE as u16, + value: [100u8; MAX_SPDM_MEASUREMENT_VALUE_LEN], + }, + }; + let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); + let my_spdm_device_io = Arc::new(Mutex::new(MySpdmDeviceIo)); + let mut context = new_context(my_spdm_device_io, pcidoe_transport_encap); + context.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_512; + + assert!(value.spdm_encode(&mut context, &mut writer).is_ok()); + let mut reader = Reader::init(u8_slice); + assert_eq!(4 + 3 + SPDM_MAX_HASH_SIZE, reader.left()); + let spdm_block_structure = + SpdmMeasurementBlockStructure::spdm_read(&mut context, &mut reader).unwrap(); + assert_eq!(spdm_block_structure.index, 1); + assert_eq!( + spdm_block_structure.measurement_specification, + SpdmMeasurementSpecification::DMTF + ); + assert_eq!( + spdm_block_structure.measurement_size, + 3 + SHA512_DIGEST_SIZE as u16 + ); + assert_eq!( + spdm_block_structure.measurement.r#type, + SpdmDmtfMeasurementType::SpdmDmtfMeasurementRom + ); + assert_eq!( + spdm_block_structure.measurement.representation, + SpdmDmtfMeasurementRepresentation::SpdmDmtfMeasurementDigest + ); + assert_eq!( + spdm_block_structure.measurement.value_size, + SHA512_DIGEST_SIZE as u16 + ); + for i in 0..SHA512_DIGEST_SIZE { + assert_eq!(spdm_block_structure.measurement.value[i], 100); + } + assert_eq!(0, reader.left()); +} diff --git a/test/spdmlib-test/src/watchdog_impl_sample.rs b/test/spdmlib-test/src/watchdog_impl_sample.rs new file mode 100644 index 0000000..089c712 --- /dev/null +++ b/test/spdmlib-test/src/watchdog_impl_sample.rs @@ -0,0 +1,32 @@ +// Copyright (c) 2023 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use spdmlib::watchdog::SpdmWatchDog; + +fn start_watchdog(session_id: u32, seconds: u16) { + if seconds == 0 { + log::info!("seconds is 0, watch dog is set to idle all the time."); + } + log::info!( + "Starting watch dog with session id: {:X?}, seconds: {:X?}", + session_id, + seconds + ); +} + +fn stop_watchdog(session_id: u32) { + log::info!("Stoping watch dog with session id: {:X?}", session_id); +} + +fn reset_watchdog(session_id: u32) { + log::info!("Resetting watch dog with session id: {:X?}", session_id); +} + +pub fn init_watchdog() { + spdmlib::watchdog::register(SpdmWatchDog { + start_watchdog_cb: start_watchdog, + stop_watchdog_cb: stop_watchdog, + reset_watchdog_cb: reset_watchdog, + }); +} diff --git a/test_key/crypto_chains/bundle_cert.der b/test_key/crypto_chains/bundle_cert.der new file mode 100644 index 0000000..b120f59 Binary files /dev/null and b/test_key/crypto_chains/bundle_cert.der differ diff --git a/test_key/crypto_chains/bundle_two_level_cert.der b/test_key/crypto_chains/bundle_two_level_cert.der new file mode 100644 index 0000000..e1eb324 Binary files /dev/null and b/test_key/crypto_chains/bundle_two_level_cert.der differ diff --git a/test_key/crypto_chains/ca_selfsigned.crt.der b/test_key/crypto_chains/ca_selfsigned.crt.der new file mode 100644 index 0000000..346c0dc Binary files /dev/null and b/test_key/crypto_chains/ca_selfsigned.crt.der differ diff --git a/test_key/crypto_chains/generate.sh b/test_key/crypto_chains/generate.sh new file mode 100644 index 0000000..74d6d32 --- /dev/null +++ b/test_key/crypto_chains/generate.sh @@ -0,0 +1,26 @@ + +openssl genrsa -out ca.key 2048 +openssl req -extensions v3_ca -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=intel test RSA CA" +openssl x509 -in ca.crt -out ca.crt.der -outform DER + +openssl req -nodes -newkey rsa:2048 -keyout inter0.key -out inter0.req -sha256 -batch -subj "/CN=intel test RSA intermediate cert0" +openssl x509 -req -in inter0.req -out inter0.crt -CA ca.crt -CAkey ca.key -sha256 -days 3650 -set_serial 2 -extfile ./openssl.cnf -extensions v3_inter +openssl x509 -in inter0.crt -out inter0.crt.der -outform DER + +openssl req -nodes -newkey rsa:2048 -keyout inter1.key -out inter1.req -sha256 -batch -subj "/CN=intel test RSA intermediate cert1" +openssl x509 -req -in inter1.req -out inter1.crt -CA inter0.crt -CAkey inter0.key -sha256 -days 3650 -set_serial 3 -extfile ./openssl.cnf -extensions v3_inter1 +openssl x509 -in inter1.crt -out inter1.crt.der -outform DER + +openssl req -nodes -newkey rsa:2048 -keyout end.key -out end.req -sha256 -batch -subj "/CN=intel test RSA end" +openssl x509 -req -in end.req -out end.crt -CA inter1.crt -CAkey inter1.key -sha256 -days 3650 -set_serial 4 -extfile ./openssl.cnf -extensions v3_end +openssl x509 -in end.crt -out end.crt.der -outform DER + +cat ca.crt.der inter0.crt.der inter1.crt.der end.crt.der > bundle_cert.der + +openssl req -nodes -newkey rsa:2048 -keyout end_two_level.key -out end_two_level.req -sha256 -batch -subj "/CN=intel test RSA two level cert" +openssl x509 -req -in end_two_level.req -out end_two_level.crt -CA ca.crt -CAkey ca.key -sha256 -days 3650 -set_serial 2 -extfile ./openssl.cnf -extensions v3_end +openssl x509 -in end_two_level.crt -out end_two_level.crt.der -outform DER +cat ca.crt.der end_two_level.crt.der > bundle_two_level_cert.der + +openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj "/CN=intel test RSA" -keyout ca_selfsigned.key -out ca_selfsigned.crt -config openssl.cnf -extensions v3_selfsigned +openssl x509 -in ca_selfsigned.crt -out ca_selfsigned.crt.der -outform DER diff --git a/test_key/crypto_chains/openssl.cnf b/test_key/crypto_chains/openssl.cnf new file mode 100644 index 0000000..8e5e603 --- /dev/null +++ b/test_key/crypto_chains/openssl.cnf @@ -0,0 +1,25 @@ +### REF: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html + +[ v3_end ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +subjectAltName = otherName:1.3.6.1.4.1.412.274.1;UTF8:ACME:WIDGET:1234567890 +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning + +[ v3_inter ] +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth + +[ v3_inter1 ] +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth + +[ v3_selfsigned ] +subjectKeyIdentifier = hash +subjectAltName = otherName:1.3.6.1.4.1.412.274.1;UTF8:ACME:WIDGET:1234567890 +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning diff --git a/test_key/ecp256/bundle_requester.certchain.der b/test_key/ecp256/bundle_requester.certchain.der new file mode 100644 index 0000000..1aaee74 Binary files /dev/null and b/test_key/ecp256/bundle_requester.certchain.der differ diff --git a/test_key/ecp256/bundle_requester.certchain1.der b/test_key/ecp256/bundle_requester.certchain1.der new file mode 100644 index 0000000..8622c60 Binary files /dev/null and b/test_key/ecp256/bundle_requester.certchain1.der differ diff --git a/test_key/ecp256/bundle_responder.certchain.der b/test_key/ecp256/bundle_responder.certchain.der new file mode 100644 index 0000000..bef56cf Binary files /dev/null and b/test_key/ecp256/bundle_responder.certchain.der differ diff --git a/test_key/ecp256/bundle_responder.certchain1.der b/test_key/ecp256/bundle_responder.certchain1.der new file mode 100644 index 0000000..6b2fc33 Binary files /dev/null and b/test_key/ecp256/bundle_responder.certchain1.der differ diff --git a/test_key/ecp256/bundle_responder.certchain_alias.der b/test_key/ecp256/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..561da1e Binary files /dev/null and b/test_key/ecp256/bundle_responder.certchain_alias.der differ diff --git a/test_key/ecp256/ca.cert b/test_key/ecp256/ca.cert new file mode 100644 index 0000000..396aca1 --- /dev/null +++ b/test_key/ecp256/ca.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUO54ShmBluWNNmh4f1z7Ys9JeljEwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDI1NiBDQTAeFw0yMzA0MDMwNTU0 +NDJaFw0zMzAzMzEwNTU0NDJaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1Ay +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ/y0vyglgSPkAN3tIN7Gef +poFy3T8MNWuNklB8f7KxFWU/GGqFXDFb6mhMt1XiqKh62Q17/YmrYuy8tiZLf6Wp +o1MwUTAdBgNVHQ4EFgQUKRDx+t14lAcRkgqfYr+0gqkCxl0wHwYDVR0jBBgwFoAU +KRDx+t14lAcRkgqfYr+0gqkCxl0wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiBGvfCLPdYjQk+7ZdtQMMV8bfb8v6rI/A2v0KXBBZXLbAIhAJsttGtP +OMZ8N8hJecwHLx5Fwp/iG6PB/4CRFB5aM2jA +-----END CERTIFICATE----- diff --git a/test_key/ecp256/ca.cert.der b/test_key/ecp256/ca.cert.der new file mode 100644 index 0000000..653fb84 Binary files /dev/null and b/test_key/ecp256/ca.cert.der differ diff --git a/test_key/ecp256/ca.key b/test_key/ecp256/ca.key new file mode 100644 index 0000000..90f450d --- /dev/null +++ b/test_key/ecp256/ca.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg7dBmbNCgW3lgYexg +i4dKO5Eno1sOIoLonjIStZn8bs+hRANCAAQ/y0vyglgSPkAN3tIN7GefpoFy3T8M +NWuNklB8f7KxFWU/GGqFXDFb6mhMt1XiqKh62Q17/YmrYuy8tiZLf6Wp +-----END PRIVATE KEY----- diff --git a/test_key/ecp256/ca.key.der b/test_key/ecp256/ca.key.der new file mode 100644 index 0000000..619cb8e Binary files /dev/null and b/test_key/ecp256/ca.key.der differ diff --git a/test_key/ecp256/ca1.cert b/test_key/ecp256/ca1.cert new file mode 100644 index 0000000..4fb22c9 --- /dev/null +++ b/test_key/ecp256/ca1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUVx6XP3vUs623HBHZ8lm10O0VxTswCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDI1NiBDQTAeFw0yMzA0MDMwNTU1 +MDdaFw0zMzAzMzEwNTU1MDdaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1Ay +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQdN21UpwNNRz5wyiOjMWPt +B5BRMeyYihVCsWLe4XIAm3TZS1KwMvI4/UGq+XBjM9P6/zu/ZTnJ4VxqRLlqnTlX +o1MwUTAdBgNVHQ4EFgQUyQ0KMgyqmwui/Req4lnOVUvMdSwwHwYDVR0jBBgwFoAU +yQ0KMgyqmwui/Req4lnOVUvMdSwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiA07Hd2bicuEQsh3zqpH6rJMPBYB+pILHwo4VLJSVglJgIhAJ/0buqm +IbVKmWQJPtWaCZpNM8rMeKhWN+LtkbZDtar7 +-----END CERTIFICATE----- diff --git a/test_key/ecp256/ca1.cert.der b/test_key/ecp256/ca1.cert.der new file mode 100644 index 0000000..1cc201e Binary files /dev/null and b/test_key/ecp256/ca1.cert.der differ diff --git a/test_key/ecp256/ca1.key b/test_key/ecp256/ca1.key new file mode 100644 index 0000000..a96882d --- /dev/null +++ b/test_key/ecp256/ca1.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg+7n8VKnT2+zE6bji +dbBoMAyOkTFfUm9LVOL6TIrzgN+hRANCAAQdN21UpwNNRz5wyiOjMWPtB5BRMeyY +ihVCsWLe4XIAm3TZS1KwMvI4/UGq+XBjM9P6/zu/ZTnJ4VxqRLlqnTlX +-----END PRIVATE KEY----- diff --git a/test_key/ecp256/ca1.key.der b/test_key/ecp256/ca1.key.der new file mode 100644 index 0000000..c55a7c5 Binary files /dev/null and b/test_key/ecp256/ca1.key.der differ diff --git a/test_key/ecp256/end_requester.cert b/test_key/ecp256/end_requester.cert new file mode 100644 index 0000000..26463af --- /dev/null +++ b/test_key/ecp256/end_requester.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBTCCAaugAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTQ0M1oX +DTMzMDMzMTA1NTQ0M1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O +BBYEFMvdAqHlhpdMz/hMYPgbq6kSx6SzMDEGA1UdEQQqMCigJgYKKwYBBAGDHIIS +AaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMc +ghICMAoGCCqGSM49BAMCA0gAMEUCIHNZhu5CmolueWlzFr5Bn8rTqShmEPe2U18X +FKavb/OpAiEAixhDhKxnU1T5Q5kRRSDLIjsDrdR7jhi9JB/Ri8l1mwk= +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester.cert.der b/test_key/ecp256/end_requester.cert.der new file mode 100644 index 0000000..7af6710 Binary files /dev/null and b/test_key/ecp256/end_requester.cert.der differ diff --git a/test_key/ecp256/end_requester.key b/test_key/ecp256/end_requester.key new file mode 100644 index 0000000..eab7f4a --- /dev/null +++ b/test_key/ecp256/end_requester.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMVEQla/D7/d04Poa +JPbaSPhthj7LBu/T2jKBo+31LkKhRANCAATqhbozb2jXbIzTz/E7DzxVJnAowo8b +kEJ+LTFhKHFANxJkQzzo1c3foxbsJzMZ2/jWuZaA+hDkWYptpjL06MoX +-----END PRIVATE KEY----- diff --git a/test_key/ecp256/end_requester.key.der b/test_key/ecp256/end_requester.key.der new file mode 100644 index 0000000..79924f4 Binary files /dev/null and b/test_key/ecp256/end_requester.key.der differ diff --git a/test_key/ecp256/end_requester.key.p8 b/test_key/ecp256/end_requester.key.p8 new file mode 100644 index 0000000..e765402 Binary files /dev/null and b/test_key/ecp256/end_requester.key.p8 differ diff --git a/test_key/ecp256/end_requester.key.pub b/test_key/ecp256/end_requester.key.pub new file mode 100644 index 0000000..894dc72 --- /dev/null +++ b/test_key/ecp256/end_requester.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6oW6M29o12yM08/xOw88VSZwKMKP +G5BCfi0xYShxQDcSZEM86NXN36MW7CczGdv41rmWgPoQ5FmKbaYy9OjKFw== +-----END PUBLIC KEY----- diff --git a/test_key/ecp256/end_requester.key.pub.der b/test_key/ecp256/end_requester.key.pub.der new file mode 100644 index 0000000..01c5c4f Binary files /dev/null and b/test_key/ecp256/end_requester.key.pub.der differ diff --git a/test_key/ecp256/end_requester.req b/test_key/ecp256/end_requester.req new file mode 100644 index 0000000..a9f7ae7 --- /dev/null +++ b/test_key/ecp256/end_requester.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHoMIGPAgEAMC0xKzApBgNVBAMMIkRNVEYgbGlic3BkbSBFQ1AyNTYgcmVxdXNl +dGVyIGNlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATqhbozb2jXbIzTz/E7 +DzxVJnAowo8bkEJ+LTFhKHFANxJkQzzo1c3foxbsJzMZ2/jWuZaA+hDkWYptpjL0 +6MoXoAAwCgYIKoZIzj0EAwIDSAAwRQIhAI2tXnEBmEeVTmn+AZm24wnxUse4D8yW +Nh4mnZG1wDKPAiAEhpKtAdlAMJLlwQafDiiTPsNBB/2FFPTYf+Eou9waew== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp256/end_requester1.cert b/test_key/ecp256/end_requester1.cert new file mode 100644 index 0000000..ddcbe44 --- /dev/null +++ b/test_key/ecp256/end_requester1.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAaugAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTUwOFoX +DTMzMDMzMTA1NTUwOFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O +BBYEFMvdAqHlhpdMz/hMYPgbq6kSx6SzMDEGA1UdEQQqMCigJgYKKwYBBAGDHIIS +AaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMc +ghICMAoGCCqGSM49BAMCA0kAMEYCIQC90NAhn21Jc3yIn+5xyseWRXnX07+XZNb5 +fMAtW6uvtwIhAK/IFXjvXfcakrOFJRfYrzA/hXYKCvv/qDk9lD6RHUIK +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester1.cert.der b/test_key/ecp256/end_requester1.cert.der new file mode 100644 index 0000000..4b71746 Binary files /dev/null and b/test_key/ecp256/end_requester1.cert.der differ diff --git a/test_key/ecp256/end_requester_ca_false.cert b/test_key/ecp256/end_requester_ca_false.cert new file mode 100644 index 0000000..86e9fa8 --- /dev/null +++ b/test_key/ecp256/end_requester_ca_false.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBzCCAa6gAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA2MjYwNloX +DTMzMDMzMTA2MjYwNlowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejgbswgbgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCBeAwHQYD +VR0OBBYEFMvdAqHlhpdMz/hMYPgbq6kSx6SzMDEGA1UdEQQqMCigJgYKKwYBBAGD +HIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEE +AYMcghICMAoGCCqGSM49BAMCA0cAMEQCICGaITfGfh4VKlGCIPLlkxx6QEg4seKY +d/1OuwHHA7GoAiBw1hyRo8l01yUNGjrW05J8aHL8sVGJXIJahDrfrQF3XA== +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester_ca_false.cert.der b/test_key/ecp256/end_requester_ca_false.cert.der new file mode 100644 index 0000000..eccd355 Binary files /dev/null and b/test_key/ecp256/end_requester_ca_false.cert.der differ diff --git a/test_key/ecp256/end_requester_with_spdm_req_eku.cert b/test_key/ecp256/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..b8b992f --- /dev/null +++ b/test_key/ecp256/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAWagAwIBAgIBBTAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDc0MloX +DTMzMDQxNzAxMDc0MlowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBTL3QKh5YaXTM/4TGD4G6upEsekszA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYI +KwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIEMAoGCCqGSM49BAMCA0cAMEQC +ICnFc76mtJe7Tw8o2KuRXDvrWf7dxZkn7E+rUxKgahEfAiAnrXzqMWiXqPh3p066 +61zUV97FHKJkZxm36m0mnZwUvw== +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester_with_spdm_req_eku.cert.der b/test_key/ecp256/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..f266cbf Binary files /dev/null and b/test_key/ecp256/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert b/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..4157ae3 --- /dev/null +++ b/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBzTCCAXOgAwIBAgIBBDAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDc0MFoX +DTMzMDQxNzAxMDc0MFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejgYAwfjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4E +FgQUy90CoeWGl0zP+Exg+BurqRLHpLMwQgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEG +CCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAwYKKwYBBAGDHIISBDAKBggq +hkjOPQQDAgNIADBFAiEAj8Ir5uEH5Qf9xRM8UA4a/fts+243OfwYJ4FNpM3VINMC +IGiwAhbyRXAPdKHUgr+5jS8p21Oc0PwG3QEIRigs5szz +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..82ab14b Binary files /dev/null and b/test_key/ecp256/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert b/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..d5fd518 --- /dev/null +++ b/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwTCCAWagAwIBAgIBBjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDc0NVoX +DTMzMDQxNzAxMDc0NVowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBTL3QKh5YaXTM/4TGD4G6upEsekszA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYI +KwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIDMAoGCCqGSM49BAMCA0kAMEYC +IQDEsS0sCuseY5YYEeVb9Yvw/7FtVTh+4vSC+qoFrpWflAIhAJW2CgtyenRZQO46 +E4dtuNaK1EYPiFW+2cElvXZq9408 +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert.der b/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..66bf81f Binary files /dev/null and b/test_key/ecp256/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp256/end_requester_without_basic_constraint.cert b/test_key/ecp256/end_requester_without_basic_constraint.cert new file mode 100644 index 0000000..c0620ee --- /dev/null +++ b/test_key/ecp256/end_requester_without_basic_constraint.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9zCCAZ2gAwIBAgIBAjAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA3MjcxMFoX +DTMzMDMzMTA3MjcxMFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXF1c2V0ZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOqFujNvaNds +jNPP8TsPPFUmcCjCjxuQQn4tMWEocUA3EmRDPOjVzd+jFuwnMxnb+Na5loD6EORZ +im2mMvToyhejgaowgacwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTL3QKh5YaXTM/4 +TGD4G6upEsekszAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURH +RVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIG +CCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjAKBggqhkjOPQQD +AgNIADBFAiEArRwAnZg1dyszdvVEJY+Wl73g+GirivOuGZml68ufd3oCICKyqnqp +6h/Hx5EkCZ+Oh/CIGw4KEtjC0/vjiJGqxU8i +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_requester_without_basic_constraint.cert.der b/test_key/ecp256/end_requester_without_basic_constraint.cert.der new file mode 100644 index 0000000..72d01d1 Binary files /dev/null and b/test_key/ecp256/end_requester_without_basic_constraint.cert.der differ diff --git a/test_key/ecp256/end_responder.cert b/test_key/ecp256/end_responder.cert new file mode 100644 index 0000000..bda6f67 --- /dev/null +++ b/test_key/ecp256/end_responder.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAaugAwIBAgIBAzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTQ0M1oX +DTMzMDMzMTA1NTQ0M1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O +BBYEFMhYAoLmoSgWXd4kyKZSxatUHOBRMDEGA1UdEQQqMCigJgYKKwYBBAGDHIIS +AaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMc +ghICMAoGCCqGSM49BAMCA0kAMEYCIQDV8MXfWXDxi/CHKjD00I7Gwz3yhnZERZAP +UnXngZ06XQIhAPX8ovQ0za+SzqGxA2HgqXGDgMPxeVIDWwCVm1WlQfo+ +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder.cert.der b/test_key/ecp256/end_responder.cert.der new file mode 100644 index 0000000..2332120 Binary files /dev/null and b/test_key/ecp256/end_responder.cert.der differ diff --git a/test_key/ecp256/end_responder.key b/test_key/ecp256/end_responder.key new file mode 100644 index 0000000..b5e1f61 --- /dev/null +++ b/test_key/ecp256/end_responder.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrXw6OupG4MFNabjV +b4YjzDe1YbaMpEhiMqOQDneAPYqhRANCAAQN9G5NZfpS/s6wvaBZQEmge41n/GGR +rn56pWCTeJfiq0KQKMo+clEebdcb6xoTEaUdNk8n34BmlkFz6lHdVPmV +-----END PRIVATE KEY----- diff --git a/test_key/ecp256/end_responder.key.der b/test_key/ecp256/end_responder.key.der new file mode 100644 index 0000000..7f613d4 Binary files /dev/null and b/test_key/ecp256/end_responder.key.der differ diff --git a/test_key/ecp256/end_responder.key.p8 b/test_key/ecp256/end_responder.key.p8 new file mode 100644 index 0000000..9fd719c Binary files /dev/null and b/test_key/ecp256/end_responder.key.p8 differ diff --git a/test_key/ecp256/end_responder.key.pub b/test_key/ecp256/end_responder.key.pub new file mode 100644 index 0000000..88426f6 --- /dev/null +++ b/test_key/ecp256/end_responder.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDfRuTWX6Uv7OsL2gWUBJoHuNZ/xh +ka5+eqVgk3iX4qtCkCjKPnJRHm3XG+saExGlHTZPJ9+AZpZBc+pR3VT5lQ== +-----END PUBLIC KEY----- diff --git a/test_key/ecp256/end_responder.key.pub.der b/test_key/ecp256/end_responder.key.pub.der new file mode 100644 index 0000000..7a00b04 Binary files /dev/null and b/test_key/ecp256/end_responder.key.pub.der differ diff --git a/test_key/ecp256/end_responder.req b/test_key/ecp256/end_responder.req new file mode 100644 index 0000000..9af4c94 --- /dev/null +++ b/test_key/ecp256/end_responder.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHpMIGPAgEAMC0xKzApBgNVBAMMIkRNVEYgbGlic3BkbSBFQ1AyNTYgcmVzcG9u +ZGVyIGNlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQN9G5NZfpS/s6wvaBZ +QEmge41n/GGRrn56pWCTeJfiq0KQKMo+clEebdcb6xoTEaUdNk8n34BmlkFz6lHd +VPmVoAAwCgYIKoZIzj0EAwIDSQAwRgIhAMPadiC5KtsAExnb1KdycwgamfJiZWTT +5jKtUSqd+y/WAiEAiUvvyFdyRDaKcfSvytvllXAp9jXm8vHip8amVxYJSEw= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp256/end_responder1.cert b/test_key/ecp256/end_responder1.cert new file mode 100644 index 0000000..167fdae --- /dev/null +++ b/test_key/ecp256/end_responder1.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBTCCAaugAwIBAgIBAzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTUwOFoX +DTMzMDMzMTA1NTUwOFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O +BBYEFMhYAoLmoSgWXd4kyKZSxatUHOBRMDEGA1UdEQQqMCigJgYKKwYBBAGDHIIS +AaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMc +ghICMAoGCCqGSM49BAMCA0gAMEUCIEebwzYJ6DoTtTcd5+c7TvDBkUZfoKB29//+ +4JIx2gCRAiEA4lHQMGnRCaZtg1rJq/kmf4egSqJ8oTMPyrXSMUdulgU= +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder1.cert.der b/test_key/ecp256/end_responder1.cert.der new file mode 100644 index 0000000..bcb67f2 Binary files /dev/null and b/test_key/ecp256/end_responder1.cert.der differ diff --git a/test_key/ecp256/end_responder_alias.cert b/test_key/ecp256/end_responder_alias.cert new file mode 100644 index 0000000..0509b21 --- /dev/null +++ b/test_key/ecp256/end_responder_alias.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7DCCAZKgAwIBAgIBAzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjEzMFoX +DTMzMDYwMzA4MjEzMFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjgZ8wgZwwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCBeAwHQYD +VR0OBBYEFMhYAoLmoSgWXd4kyKZSxatUHOBRMDEGA1UdEQQqMCigJgYKKwYBBAGD +HIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwCgYIKoZIzj0EAwIDSAAwRQIhANCf +JR8f9NX/9wfJ2lFnCDHVqemvxM2CJm5vNOBeMAtJAiAb25SFGyrUNRyQv/WxLriV +U3HvArxHW055npm1Cott4w== +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder_alias.cert.der b/test_key/ecp256/end_responder_alias.cert.der new file mode 100644 index 0000000..307a717 Binary files /dev/null and b/test_key/ecp256/end_responder_alias.cert.der differ diff --git a/test_key/ecp256/end_responder_with_spdm_req_eku.cert b/test_key/ecp256/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..55c6951 --- /dev/null +++ b/test_key/ecp256/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvzCCAWagAwIBAgIBCDAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDc1N1oX +DTMzMDQxNzAxMDc1N1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBTIWAKC5qEoFl3eJMimUsWrVBzgUTA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYI +KwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIEMAoGCCqGSM49BAMCA0cAMEQC +IAiXnEpgzTQ9Wb8Q0/ZP2c572J5dtTdOOCzcGmhqE9u2AiASGYNF2/tQJjxl5bsi +YtPwx8As4rE4GIV41rw+I3GXvQ== +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder_with_spdm_req_eku.cert.der b/test_key/ecp256/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..65e0dab Binary files /dev/null and b/test_key/ecp256/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert b/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..cb9a42b --- /dev/null +++ b/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBzDCCAXOgAwIBAgIBBzAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDc1NVoX +DTMzMDQxNzAxMDc1NVowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjgYAwfjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4E +FgQUyFgCguahKBZd3iTIplLFq1Qc4FEwQgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEG +CCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAwYKKwYBBAGDHIISBDAKBggq +hkjOPQQDAgNHADBEAiBKtPb0UDGgw+M0xJoe0WlWazbSZwfyvFeQggcGfyIhgQIg +YQUdhKhrt6wXEvE2kCvo2+eker++jJh9fTfUoAjhbsE= +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..d31ba9f Binary files /dev/null and b/test_key/ecp256/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert b/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..b6f69df --- /dev/null +++ b/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwTCCAWagAwIBAgIBCTAKBggqhkjOPQQDAjAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMjU2IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDgwMFoX +DTMzMDQxNzAxMDgwMFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiBy +ZXNwb25kZXIgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA30bk1l+lL+ +zrC9oFlASaB7jWf8YZGufnqlYJN4l+KrQpAoyj5yUR5t1xvrGhMRpR02TyffgGaW +QXPqUd1U+ZWjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBTIWAKC5qEoFl3eJMimUsWrVBzgUTA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYI +KwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIDMAoGCCqGSM49BAMCA0kAMEYC +IQDjibqoN1+qsUDiIc2d4sDwwnFXc7EzXE5z6utPmKi5QQIhAIh3tO1E0sfHkCbL +96ijS2Zrp+lgAqGIHImmgJL/d2BJ +-----END CERTIFICATE----- diff --git a/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert.der b/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..e183228 Binary files /dev/null and b/test_key/ecp256/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp256/inter.cert b/test_key/ecp256/inter.cert new file mode 100644 index 0000000..643e751 --- /dev/null +++ b/test_key/ecp256/inter.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBnzCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMjU2IENBMB4XDTIzMDQwMzA1NTQ0M1oXDTMzMDMzMTA1NTQ0M1ow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDI1NiBpbnRlcm1lZGlhdGUgY2Vy +dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOmKJI3zi3kRRndAhzu8mQOThRvz +q09oUrK6gcVfnQWbhmQ2STCTJY0p6sf9EYq123hDRLzNY14SseLPexzrqC6jXjBc +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBSSmf5zRfvmQlpa +z1u+aQVCgRksXDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYI +KoZIzj0EAwIDSQAwRgIhANWCgR/7EVlJLRGSo2TRrOCzr8zYxeK8gR2R6cDZpIW+ +AiEAuoQ9X+HyEQwflZndUeONlxmTtjNjHtRbApGRpzR3Z0s= +-----END CERTIFICATE----- diff --git a/test_key/ecp256/inter.cert.der b/test_key/ecp256/inter.cert.der new file mode 100644 index 0000000..850d390 Binary files /dev/null and b/test_key/ecp256/inter.cert.der differ diff --git a/test_key/ecp256/inter.key b/test_key/ecp256/inter.key new file mode 100644 index 0000000..e3cfd83 --- /dev/null +++ b/test_key/ecp256/inter.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdtS5wKgf6GfjmQa+ +BXBjwpG+PzG6y2aqvHlgB4Pp7SChRANCAATpiiSN84t5EUZ3QIc7vJkDk4Ub86tP +aFKyuoHFX50Fm4ZkNkkwkyWNKerH/RGKtdt4Q0S8zWNeErHiz3sc66gu +-----END PRIVATE KEY----- diff --git a/test_key/ecp256/inter.req b/test_key/ecp256/inter.req new file mode 100644 index 0000000..60f2c1c --- /dev/null +++ b/test_key/ecp256/inter.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHqMIGSAgEAMDAxLjAsBgNVBAMMJURNVEYgbGlic3BkbSBFQ1AyNTYgaW50ZXJt +ZWRpYXRlIGNlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpiiSN84t5EUZ3 +QIc7vJkDk4Ub86tPaFKyuoHFX50Fm4ZkNkkwkyWNKerH/RGKtdt4Q0S8zWNeErHi +z3sc66guoAAwCgYIKoZIzj0EAwIDRwAwRAIgSIgXaLxA0Ih8e2jjB9srRxTg9POh +pyvgNIP4qZ43jkECICRdcYlWnTZsQd909ocTv7uLBPIkizTcN2NIBg4hc5f/ +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp256/inter1.cert b/test_key/ecp256/inter1.cert new file mode 100644 index 0000000..5385a70 --- /dev/null +++ b/test_key/ecp256/inter1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMjU2IENBMB4XDTIzMDQwMzA1NTUwOFoXDTMzMDMzMTA1NTUwOFow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDI1NiBpbnRlcm1lZGlhdGUgY2Vy +dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOmKJI3zi3kRRndAhzu8mQOThRvz +q09oUrK6gcVfnQWbhmQ2STCTJY0p6sf9EYq123hDRLzNY14SseLPexzrqC6jXjBc +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBSSmf5zRfvmQlpa +z1u+aQVCgRksXDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYI +KoZIzj0EAwIDSAAwRQIhALmLB0AQfxCXYWD8zyIKZg8XQd+q593ZjOXmClYTAhBd +AiBNFbs0cNCqQo86EqV7kuIJkHHC8UrK4QNTnf8k1EZOWw== +-----END CERTIFICATE----- diff --git a/test_key/ecp256/inter1.cert.der b/test_key/ecp256/inter1.cert.der new file mode 100644 index 0000000..a8f7aac Binary files /dev/null and b/test_key/ecp256/inter1.cert.der differ diff --git a/test_key/ecp256/param.pem b/test_key/ecp256/param.pem new file mode 100644 index 0000000..fa06ad1 --- /dev/null +++ b/test_key/ecp256/param.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- diff --git a/test_key/ecp384/bundle_requester.certchain.der b/test_key/ecp384/bundle_requester.certchain.der new file mode 100644 index 0000000..decff93 Binary files /dev/null and b/test_key/ecp384/bundle_requester.certchain.der differ diff --git a/test_key/ecp384/bundle_requester.certchain1.der b/test_key/ecp384/bundle_requester.certchain1.der new file mode 100644 index 0000000..7eb782e Binary files /dev/null and b/test_key/ecp384/bundle_requester.certchain1.der differ diff --git a/test_key/ecp384/bundle_responder.certchain.der b/test_key/ecp384/bundle_responder.certchain.der new file mode 100644 index 0000000..eeffa24 Binary files /dev/null and b/test_key/ecp384/bundle_responder.certchain.der differ diff --git a/test_key/ecp384/bundle_responder.certchain1.der b/test_key/ecp384/bundle_responder.certchain1.der new file mode 100644 index 0000000..f65e551 Binary files /dev/null and b/test_key/ecp384/bundle_responder.certchain1.der differ diff --git a/test_key/ecp384/bundle_responder.certchain_alias.der b/test_key/ecp384/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..b146e7a Binary files /dev/null and b/test_key/ecp384/bundle_responder.certchain_alias.der differ diff --git a/test_key/ecp384/ca.cert b/test_key/ecp384/ca.cert new file mode 100644 index 0000000..db22911 --- /dev/null +++ b/test_key/ecp384/ca.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1DCCAVqgAwIBAgIUIUHdTuz4GWIkLn7WrmTLKV3EkFEwCgYIKoZIzj0EAwMw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDM4NCBDQTAeFw0yMzA0MjAwMTEz +NTRaFw0zMzA0MTcwMTEzNTRaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1Az +ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQVHAtB+4fVIOB6+Fhn78DtYa9Y +v5JSM66HqX9Gi9S276osWw+EGaCMEJuBTNdkfjJuAsX8PSV8o7y1yqbOBBGNvboZ +c5KYVsyZJEgX77L7VD/wMR20owTq3CLKyJot/fyjUzBRMB0GA1UdDgQWBBRK4qQK +wF2uojCq0Fdw0FFYX1yjUjAfBgNVHSMEGDAWgBRK4qQKwF2uojCq0Fdw0FFYX1yj +UjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMCoylSz/qh8zUm9s +/UBy/xeJbgNfu0IDxG4XhqqYqMEgEtkEfBbqH66K74URQVff/AIxAKhMuZBLL2pP +wo7YI62B3kxRUAsnF49GJok7n/nOSODuKP0/BuGzTY9sSBwqlKnQ3g== +-----END CERTIFICATE----- diff --git a/test_key/ecp384/ca.cert.der b/test_key/ecp384/ca.cert.der new file mode 100644 index 0000000..8c6f525 Binary files /dev/null and b/test_key/ecp384/ca.cert.der differ diff --git a/test_key/ecp384/ca.key b/test_key/ecp384/ca.key new file mode 100644 index 0000000..fa5663f --- /dev/null +++ b/test_key/ecp384/ca.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDUzTV25Rc8Ou+1sAFQ +qB8Zs59p+lLTyfRss/sIAxrYJJ9mOeoSd/L5eE6XtMxB7lehZANiAAQVHAtB+4fV +IOB6+Fhn78DtYa9Yv5JSM66HqX9Gi9S276osWw+EGaCMEJuBTNdkfjJuAsX8PSV8 +o7y1yqbOBBGNvboZc5KYVsyZJEgX77L7VD/wMR20owTq3CLKyJot/fw= +-----END PRIVATE KEY----- diff --git a/test_key/ecp384/ca.key.der b/test_key/ecp384/ca.key.der new file mode 100644 index 0000000..d1f46f5 Binary files /dev/null and b/test_key/ecp384/ca.key.der differ diff --git a/test_key/ecp384/ca1.cert b/test_key/ecp384/ca1.cert new file mode 100644 index 0000000..c3845b2 --- /dev/null +++ b/test_key/ecp384/ca1.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1TCCAVqgAwIBAgIUb5PDZSA2lcaIPnKndq6c9etylVcwCgYIKoZIzj0EAwMw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDM4NCBDQTAeFw0yMzA1MzAxNDQz +MjNaFw0zMzA1MjcxNDQzMjNaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1Az +ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQfkY10tlizRsFO6/EvamMnCZDz +OXPxlrbGXqX5S8Vk/4W265PwLktJfW/mMx8LvIDn7fVJYpaBDyG8OzL9sVfMtN8Y +aGgkDV65RNFHQDFL+eCZICc+9FQ03UYOTA/tLtqjUzBRMB0GA1UdDgQWBBQY6hyv +U3eTXZQnE7I8eOv1SidT4TAfBgNVHSMEGDAWgBQY6hyvU3eTXZQnE7I8eOv1SidT +4TAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2kAMGYCMQDbs2pd9sUXEnvN +p0+p6aB7A+CPJ28xIuVIeHPbr3vjC/lARxcXePG3UqcvHcUfM7gCMQD1oIxuoGfx +6uc/l5eV9kguyh9RrWGpdwtsoqchMtebc3New0T2QWeV53EeHvXYJMs= +-----END CERTIFICATE----- diff --git a/test_key/ecp384/ca1.cert.der b/test_key/ecp384/ca1.cert.der new file mode 100644 index 0000000..030eb48 Binary files /dev/null and b/test_key/ecp384/ca1.cert.der differ diff --git a/test_key/ecp384/ca1.key b/test_key/ecp384/ca1.key new file mode 100644 index 0000000..ee7e328 --- /dev/null +++ b/test_key/ecp384/ca1.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8Yhm+8Oo2FHIGRt+3 +oIXBRzIPLCOBOonu+4KFfUXKgNikJx6xPtfc1D1oxhke28ShZANiAAQfkY10tliz +RsFO6/EvamMnCZDzOXPxlrbGXqX5S8Vk/4W265PwLktJfW/mMx8LvIDn7fVJYpaB +DyG8OzL9sVfMtN8YaGgkDV65RNFHQDFL+eCZICc+9FQ03UYOTA/tLto= +-----END PRIVATE KEY----- diff --git a/test_key/ecp384/ca1.key.der b/test_key/ecp384/ca1.key.der new file mode 100644 index 0000000..fd7459c Binary files /dev/null and b/test_key/ecp384/ca1.key.der differ diff --git a/test_key/ecp384/end_requester.cert b/test_key/ecp384/end_requester.cert new file mode 100644 index 0000000..017d04a --- /dev/null +++ b/test_key/ecp384/end_requester.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQTCCAcigAwIBAgIBAjAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQwN1oX +DTMzMDQxNzAxMTQwN1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXF1c2V0ZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD2tkNa6RLB55t/J +KDtusLbAhYH8CrOmGloBSS5xGbr8VyML0V+i1VVdoXPQ97xMWbryqobmsA+6MRoL +OJcV5imbeycfiOl2qaVFf/tHHMDh3iGknFhC+c+u32wNne/Mh6OBuDCBtTAMBgNV +HRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUwRXV8bc22+GP6iO2Y1Tr +7URd0sQwMQYDVR0RBCowKKAmBgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEy +MzQ1Njc4OTAwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEF +BQcDCTAaBgorBgEEAYMcghIGBAwGCisGAQQBgxyCEgIwCgYIKoZIzj0EAwMDZwAw +ZAIwabajhKFMQSO12pxkGZTcpQOekoeFWCO4FLN+P5TmyUnrjFpo919uhqtpvaLZ +OoLSAjBFhnsCWngH2kIkVrC+Qqh7rbWAItu4CMdi28EXkgEakK8admjhWrdoXy/X +7cG17cY= +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_requester.cert.der b/test_key/ecp384/end_requester.cert.der new file mode 100644 index 0000000..95652e9 Binary files /dev/null and b/test_key/ecp384/end_requester.cert.der differ diff --git a/test_key/ecp384/end_requester.key b/test_key/ecp384/end_requester.key new file mode 100644 index 0000000..fceb89a --- /dev/null +++ b/test_key/ecp384/end_requester.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCLUgj5Owmflm8z81KZ +2yoy8UISyfRySHfDf1wz7XFm3knTob/7yCXT3j0UTBi+8SKhZANiAAQ9rZDWukSw +eebfySg7brC2wIWB/AqzphpaAUkucRm6/FcjC9FfotVVXaFz0Pe8TFm68qqG5rAP +ujEaCziXFeYpm3snH4jpdqmlRX/7RxzA4d4hpJxYQvnPrt9sDZ3vzIc= +-----END PRIVATE KEY----- diff --git a/test_key/ecp384/end_requester.key.der b/test_key/ecp384/end_requester.key.der new file mode 100644 index 0000000..844a340 Binary files /dev/null and b/test_key/ecp384/end_requester.key.der differ diff --git a/test_key/ecp384/end_requester.key.p8 b/test_key/ecp384/end_requester.key.p8 new file mode 100644 index 0000000..2383621 Binary files /dev/null and b/test_key/ecp384/end_requester.key.p8 differ diff --git a/test_key/ecp384/end_requester.key.pub b/test_key/ecp384/end_requester.key.pub new file mode 100644 index 0000000..3d73c0a --- /dev/null +++ b/test_key/ecp384/end_requester.key.pub @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPa2Q1rpEsHnm38koO26wtsCFgfwKs6Ya +WgFJLnEZuvxXIwvRX6LVVV2hc9D3vExZuvKqhuawD7oxGgs4lxXmKZt7Jx+I6Xap +pUV/+0ccwOHeIaScWEL5z67fbA2d78yH +-----END PUBLIC KEY----- diff --git a/test_key/ecp384/end_requester.key.pub.der b/test_key/ecp384/end_requester.key.pub.der new file mode 100644 index 0000000..3d779cc Binary files /dev/null and b/test_key/ecp384/end_requester.key.pub.der differ diff --git a/test_key/ecp384/end_requester.req b/test_key/ecp384/end_requester.req new file mode 100644 index 0000000..f30be49 --- /dev/null +++ b/test_key/ecp384/end_requester.req @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBJTCBrAIBADAtMSswKQYDVQQDDCJETVRGIGxpYnNwZG0gRUNQMzg0IHJlcXVz +ZXRlciBjZXJ0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPa2Q1rpEsHnm38koO26w +tsCFgfwKs6YaWgFJLnEZuvxXIwvRX6LVVV2hc9D3vExZuvKqhuawD7oxGgs4lxXm +KZt7Jx+I6XappUV/+0ccwOHeIaScWEL5z67fbA2d78yHoAAwCgYIKoZIzj0EAwMD +aAAwZQIxAPF6pf4QL+chD/NcHS4THInhMJuGXm4O4ZxNHv7ZTJPD7MLcx0eQayTf +goY6gRHKCQIwZqxdFjgG+grLAEE+HdNOuvc3xQyq05nBQN+21CfrNC8UFyVSbye0 +M1GlrOnnvoF4 +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp384/end_requester1.cert b/test_key/ecp384/end_requester1.cert new file mode 100644 index 0000000..35e97df --- /dev/null +++ b/test_key/ecp384/end_requester1.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQjCCAcigAwIBAgIBAjAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDUzMDE0NDMyM1oX +DTMzMDUyNzE0NDMyM1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXF1c2V0ZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD2tkNa6RLB55t/J +KDtusLbAhYH8CrOmGloBSS5xGbr8VyML0V+i1VVdoXPQ97xMWbryqobmsA+6MRoL +OJcV5imbeycfiOl2qaVFf/tHHMDh3iGknFhC+c+u32wNne/Mh6OBuDCBtTAMBgNV +HRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUwRXV8bc22+GP6iO2Y1Tr +7URd0sQwMQYDVR0RBCowKKAmBgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEy +MzQ1Njc4OTAwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEF +BQcDCTAaBgorBgEEAYMcghIGBAwGCisGAQQBgxyCEgIwCgYIKoZIzj0EAwMDaAAw +ZQIxAJST+dUm+Yzh0zTTLeCDmN3N8cUZE5mciduWNNAWsGTOAo1Asvx0GkT8KSR+ +iPhENgIwHdydc2gt02skj/9u1As3TMhNUApLDmm/jz+C3s+Tb20aD7wAtBdSXFWP +khL854BM +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_requester1.cert.der b/test_key/ecp384/end_requester1.cert.der new file mode 100644 index 0000000..0575a3c Binary files /dev/null and b/test_key/ecp384/end_requester1.cert.der differ diff --git a/test_key/ecp384/end_requester_with_spdm_req_eku.cert b/test_key/ecp384/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..400fbf4 --- /dev/null +++ b/test_key/ecp384/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYOgAwIBAgIBBTAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ0MloX +DTMzMDQxNzAxMTQ0MlowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXF1c2V0ZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD2tkNa6RLB55t/J +KDtusLbAhYH8CrOmGloBSS5xGbr8VyML0V+i1VVdoXPQ97xMWbryqobmsA+6MRoL +OJcV5imbeycfiOl2qaVFf/tHHMDh3iGknFhC+c+u32wNne/Mh6N0MHIwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFMEV1fG3Ntvhj+ojtmNU6+1E +XdLEMDYGA1UdJQEB/wQsMCoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkG +CisGAQQBgxyCEgQwCgYIKoZIzj0EAwMDaAAwZQIxAI9UgP4rE2BBdotDz/lvKsWt +yk0dgbrnMryXKm/WHeJWcH+Ng+1yvLlKHqGLSlEOugIwSM14H5DI0CmDAGx1x5Ey +b8p3E1wcsokwk/X2DgInoNtgWInZ/QZjSBRZbHp6l83f +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_requester_with_spdm_req_eku.cert.der b/test_key/ecp384/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..9316f3e Binary files /dev/null and b/test_key/ecp384/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert b/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..4aaf0e1 --- /dev/null +++ b/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCjCCAZCgAwIBAgIBBDAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ0MFoX +DTMzMDQxNzAxMTQ0MFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXF1c2V0ZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD2tkNa6RLB55t/J +KDtusLbAhYH8CrOmGloBSS5xGbr8VyML0V+i1VVdoXPQ97xMWbryqobmsA+6MRoL +OJcV5imbeycfiOl2qaVFf/tHHMDh3iGknFhC+c+u32wNne/Mh6OBgDB+MAwGA1Ud +EwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTBFdXxtzbb4Y/qI7ZjVOvt +RF3SxDBCBgNVHSUBAf8EODA2BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJ +BgorBgEEAYMcghIDBgorBgEEAYMcghIEMAoGCCqGSM49BAMDA2gAMGUCMQD7bfVF +FG5xj3PWJTPvFbPVDs0RXglI5bQhjDMIXOCxcl+5HxR+oPIZyvZMlpwqT5ECMA44 +YbRIo/qe6/SQABbvy/dG8jH6PuTlwKUiemZncjqlyWGcvkcoVbx4S58YeuZTPQ== +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..e853661 Binary files /dev/null and b/test_key/ecp384/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert b/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..d8067a1 --- /dev/null +++ b/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/DCCAYOgAwIBAgIBBjAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ0NFoX +DTMzMDQxNzAxMTQ0NFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXF1c2V0ZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD2tkNa6RLB55t/J +KDtusLbAhYH8CrOmGloBSS5xGbr8VyML0V+i1VVdoXPQ97xMWbryqobmsA+6MRoL +OJcV5imbeycfiOl2qaVFf/tHHMDh3iGknFhC+c+u32wNne/Mh6N0MHIwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFMEV1fG3Ntvhj+ojtmNU6+1E +XdLEMDYGA1UdJQEB/wQsMCoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkG +CisGAQQBgxyCEgMwCgYIKoZIzj0EAwMDZwAwZAIwPNzOG0OM/tyWVKE5x5vSn8Xd +JJSneWPxmzm18Jk64lqomE1r/N8Ha/Ot4sDqonArAjArcOVe+XLHxv5FK7TPogrY +yq64Yp3NDTLyWuYjqSV4p5liFxDiT7cVAK2ItAGM4Zw= +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert.der b/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..a9f9379 Binary files /dev/null and b/test_key/ecp384/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp384/end_responder.cert b/test_key/ecp384/end_responder.cert new file mode 100644 index 0000000..185b68b --- /dev/null +++ b/test_key/ecp384/end_responder.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQzCCAcigAwIBAgIBAzAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQwOVoX +DTMzMDQxNzAxMTQwOVowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaOBuDCBtTAMBgNV +HRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUFDxPZsfXYEB/Z8GVaLOH +KD7FI4MwMQYDVR0RBCowKKAmBgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEy +MzQ1Njc4OTAwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEF +BQcDCTAaBgorBgEEAYMcghIGBAwGCisGAQQBgxyCEgIwCgYIKoZIzj0EAwMDaQAw +ZgIxAP7eet+KJy4uYqUFLu9JbYHgqVE75lB6h8JkEEZXp14y0/HhMyNMhKpPdlam +zYmgbwIxAPGd/YTPn9X/InwGv+XDGxncqgKDbKcf54sxLrfKb0q6sRyvmilOWOQT +AbHgkWF/YQ== +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder.cert.der b/test_key/ecp384/end_responder.cert.der new file mode 100644 index 0000000..d9b48e9 Binary files /dev/null and b/test_key/ecp384/end_responder.cert.der differ diff --git a/test_key/ecp384/end_responder.key b/test_key/ecp384/end_responder.key new file mode 100644 index 0000000..56d3f0d --- /dev/null +++ b/test_key/ecp384/end_responder.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC9hQJUEUbsnlPKKgx0 +CtzYXaBVu4FI+C3+mjKCbORouTx21sNKZUyYYJGbvZGWlwahZANiAAQNHLkgHNzt +yGTpcKNiEtrU/lmUzr2u19KU5OMRiHi5iMDtW+FBSt8o20kPOIFSaLVMahELWLGc +wU1HQRQfbdZXrKOf0blk3gcR6DF43nU6tywVVur1IGOTDzOpcaN+eBk= +-----END PRIVATE KEY----- diff --git a/test_key/ecp384/end_responder.key.der b/test_key/ecp384/end_responder.key.der new file mode 100644 index 0000000..8dcaa6c Binary files /dev/null and b/test_key/ecp384/end_responder.key.der differ diff --git a/test_key/ecp384/end_responder.key.p8 b/test_key/ecp384/end_responder.key.p8 new file mode 100644 index 0000000..651d176 Binary files /dev/null and b/test_key/ecp384/end_responder.key.p8 differ diff --git a/test_key/ecp384/end_responder.key.pub b/test_key/ecp384/end_responder.key.pub new file mode 100644 index 0000000..6e0e3d7 --- /dev/null +++ b/test_key/ecp384/end_responder.key.pub @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDRy5IBzc7chk6XCjYhLa1P5ZlM69rtfS +lOTjEYh4uYjA7VvhQUrfKNtJDziBUmi1TGoRC1ixnMFNR0EUH23WV6yjn9G5ZN4H +EegxeN51OrcsFVbq9SBjkw8zqXGjfngZ +-----END PUBLIC KEY----- diff --git a/test_key/ecp384/end_responder.key.pub.der b/test_key/ecp384/end_responder.key.pub.der new file mode 100644 index 0000000..3e0200c Binary files /dev/null and b/test_key/ecp384/end_responder.key.pub.der differ diff --git a/test_key/ecp384/end_responder.req b/test_key/ecp384/end_responder.req new file mode 100644 index 0000000..8945ff0 --- /dev/null +++ b/test_key/ecp384/end_responder.req @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBJjCBrAIBADAtMSswKQYDVQQDDCJETVRGIGxpYnNwZG0gRUNQMzg0IHJlc3Bv +bmRlciBjZXJ0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDRy5IBzc7chk6XCjYhLa +1P5ZlM69rtfSlOTjEYh4uYjA7VvhQUrfKNtJDziBUmi1TGoRC1ixnMFNR0EUH23W +V6yjn9G5ZN4HEegxeN51OrcsFVbq9SBjkw8zqXGjfngZoAAwCgYIKoZIzj0EAwMD +aQAwZgIxAPd+tnqS1vdgenViD+fODIUkslglRtiMVzsDl2gCdx4SQ/7Kwjp3LaVf +asH2PIFLzQIxAJhpx7t02elBmmo+u1QDp7P5nX3Evu5jnfNj9FN5D28AXRDsMLs7 +5YayD7FsGRTqng== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp384/end_responder1.cert b/test_key/ecp384/end_responder1.cert new file mode 100644 index 0000000..4425970 --- /dev/null +++ b/test_key/ecp384/end_responder1.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQjCCAcigAwIBAgIBAzAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDUzMDE0NDMyNFoX +DTMzMDUyNzE0NDMyNFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaOBuDCBtTAMBgNV +HRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUFDxPZsfXYEB/Z8GVaLOH +KD7FI4MwMQYDVR0RBCowKKAmBgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEy +MzQ1Njc4OTAwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEF +BQcDCTAaBgorBgEEAYMcghIGBAwGCisGAQQBgxyCEgIwCgYIKoZIzj0EAwMDaAAw +ZQIxAIjDZ5/FrnadNdD54T67mmSc8u/l6tglugR0imgzKjzH9o4ckhl7Ow7lr3aJ +UjsihQIwH5Ci9IWLwW+WScZuaLTW32bXIzQHGW9D2QbTY5Lt8fbKy0aShHppFTy7 +mSzB+c6G +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder1.cert.der b/test_key/ecp384/end_responder1.cert.der new file mode 100644 index 0000000..1f80f2f Binary files /dev/null and b/test_key/ecp384/end_responder1.cert.der differ diff --git a/test_key/ecp384/end_responder_alias.cert b/test_key/ecp384/end_responder_alias.cert new file mode 100644 index 0000000..84130b9 --- /dev/null +++ b/test_key/ecp384/end_responder_alias.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICKTCCAa+gAwIBAgIBAzAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjE1M1oX +DTMzMDYwMzA4MjE1M1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaOBnzCBnDAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUFDxPZsfXYEB/Z8GV +aLOHKD7FI4MwMQYDVR0RBCowKKAmBgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VU +OjEyMzQ1Njc4OTAwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggr +BgEFBQcDCTAKBggqhkjOPQQDAwNoADBlAjEA+BhdZgZC+LLP+C2qKMwzJjnuRsxA +NqVaTrTdLQySFVgSIKLpkOEkKATRoXuBxS2hAjBUZ4hfkkRzltII2Q6FsvRuaPh0 +0Jh7rt8xTeIdy1kPQ8rM8aNz/ohBuxLXIxDiD68= +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder_alias.cert.der b/test_key/ecp384/end_responder_alias.cert.der new file mode 100644 index 0000000..641111b Binary files /dev/null and b/test_key/ecp384/end_responder_alias.cert.der differ diff --git a/test_key/ecp384/end_responder_with_spdm_req_eku.cert b/test_key/ecp384/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..16d37b5 --- /dev/null +++ b/test_key/ecp384/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYOgAwIBAgIBCDAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ1NVoX +DTMzMDQxNzAxMTQ1NVowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaN0MHIwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFBQ8T2bH12BAf2fBlWizhyg+ +xSODMDYGA1UdJQEB/wQsMCoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkG +CisGAQQBgxyCEgQwCgYIKoZIzj0EAwMDaAAwZQIxAJ4Inotz/ElxGglksHcCiZ3d +/LGQ5bV/BKA64q392WOqB9WvJhLJuLcZTyD33WM90QIwWplTYN3uA0oVWJeYYW3X +VKLNxKdEyqMZJgP43PZ8Pgsu9nKD32YwsCtu7Hdpiizo +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder_with_spdm_req_eku.cert.der b/test_key/ecp384/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..e7a5ba0 Binary files /dev/null and b/test_key/ecp384/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert b/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..0896961 --- /dev/null +++ b/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCzCCAZCgAwIBAgIBBzAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ1M1oX +DTMzMDQxNzAxMTQ1M1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaOBgDB+MAwGA1Ud +EwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQUPE9mx9dgQH9nwZVos4co +PsUjgzBCBgNVHSUBAf8EODA2BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJ +BgorBgEEAYMcghIDBgorBgEEAYMcghIEMAoGCCqGSM49BAMDA2kAMGYCMQDRolEK +eLoh6A3qKBpl+1vawnOwojwpY8pUt76XOo8WJQmRzARQFZ4PKhw8lOLva4UCMQC9 +yvrhtsWcYsyuje2RKyqGlB0u0135Su6YxcbTm5MI066UiGgvMx2tGE2vYOCsc5k= +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..6a985a5 Binary files /dev/null and b/test_key/ecp384/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert b/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..f2493a2 --- /dev/null +++ b/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYOgAwIBAgIBCTAKBggqhkjOPQQDAzAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQMzg0IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTQ1N1oX +DTMzMDQxNzAxMTQ1N1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDM4NCBy +ZXNwb25kZXIgY2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0cuSAc3O3IZOlw +o2IS2tT+WZTOva7X0pTk4xGIeLmIwO1b4UFK3yjbSQ84gVJotUxqEQtYsZzBTUdB +FB9t1leso5/RuWTeBxHoMXjedTq3LBVW6vUgY5MPM6lxo354GaN0MHIwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFBQ8T2bH12BAf2fBlWizhyg+ +xSODMDYGA1UdJQEB/wQsMCoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkG +CisGAQQBgxyCEgMwCgYIKoZIzj0EAwMDaAAwZQIxAIW/N9gSAtAWvD3fIho+a8WP +0vN7ev/3N//9fH3bOYawO2NtlG/z6U6vTw4q48mb8gIwBBgtL5t477LeSHDh7le3 +dsQs4n6MSkm0JUxlyCV9EuDMd2+e+8JeNBfsuko2r5Ya +-----END CERTIFICATE----- diff --git a/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert.der b/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..0861660 Binary files /dev/null and b/test_key/ecp384/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp384/inter.cert b/test_key/ecp384/inter.cert new file mode 100644 index 0000000..b65175b --- /dev/null +++ b/test_key/ecp384/inter.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAWGgAwIBAgIBATAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMzg0IENBMB4XDTIzMDQyMDAxMTQwNVoXDTMzMDQxNzAxMTQwNVow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDM4NCBpbnRlcm1lZGlhdGUgY2Vy +dDB2MBAGByqGSM49AgEGBSuBBAAiA2IABDF9AUEa9+nqXDkeN2oWjSxu2X7qGSXF +l0Dczjl/kkbL+0tE2Pc920emRL9VdwI10TcnaKToBE6HdY9ZV6mAuLQ8l8r6GxOo +UNwNer4TPTFb/dif1vyqJzO4klxbuAwkyqNeMFwwDAYDVR0TBAUwAwEB/zALBgNV +HQ8EBAMCAf4wHQYDVR0OBBYEFAAPb6drHzQDDlohxzjr8aVX1VfNMCAGA1UdJQEB +/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQDAwNpADBmAjEAmQNk +R2ZsMGq3ndNamSForglQb+u0/e9pC8+yVk+2jx9DEQze9v13/ak0JYF+l2RMAjEA ++cdcVD1DkpowPWEaHvhlUdTVIJDShfBE3kCF6jRh3Wv+YL0KwNs9Qyyt1MTp+iIz +-----END CERTIFICATE----- diff --git a/test_key/ecp384/inter.cert.der b/test_key/ecp384/inter.cert.der new file mode 100644 index 0000000..b819986 Binary files /dev/null and b/test_key/ecp384/inter.cert.der differ diff --git a/test_key/ecp384/inter.key b/test_key/ecp384/inter.key new file mode 100644 index 0000000..ecdcd27 --- /dev/null +++ b/test_key/ecp384/inter.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBOAHCEa7bfmQL6zov5 +JAoa4utCtGGFvhIAODWJFkYnLh9aYnPDtmfDDd6v0c0aI0KhZANiAAQxfQFBGvfp +6lw5HjdqFo0sbtl+6hklxZdA3M45f5JGy/tLRNj3PdtHpkS/VXcCNdE3J2ik6ARO +h3WPWVepgLi0PJfK+hsTqFDcDXq+Ez0xW/3Yn9b8qiczuJJcW7gMJMo= +-----END PRIVATE KEY----- diff --git a/test_key/ecp384/inter.req b/test_key/ecp384/inter.req new file mode 100644 index 0000000..7052224 --- /dev/null +++ b/test_key/ecp384/inter.req @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBKDCBrwIBADAwMS4wLAYDVQQDDCVETVRGIGxpYnNwZG0gRUNQMzg0IGludGVy +bWVkaWF0ZSBjZXJ0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMX0BQRr36epcOR43 +ahaNLG7ZfuoZJcWXQNzOOX+SRsv7S0TY9z3bR6ZEv1V3AjXRNydopOgETod1j1lX +qYC4tDyXyvobE6hQ3A16vhM9MVv92J/W/KonM7iSXFu4DCTKoAAwCgYIKoZIzj0E +AwMDaAAwZQIwG863CmIK7n7BwMqdWvBABDzHwlUQCrgRBLTJD9Rjid8TpV/oga5O +eQ7+9vjLPQ/4AjEAm1WWxyqB2+/Xre3aJX6T0ws9D4G4qx87V77yGNoES4ub6mSc +tXmEDpCbsTAHODH1 +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp384/inter1.cert b/test_key/ecp384/inter1.cert new file mode 100644 index 0000000..1010a58 --- /dev/null +++ b/test_key/ecp384/inter1.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAWGgAwIBAgIBATAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMzg0IENBMB4XDTIzMDUzMDE0NDMyM1oXDTMzMDUyNzE0NDMyM1ow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDM4NCBpbnRlcm1lZGlhdGUgY2Vy +dDB2MBAGByqGSM49AgEGBSuBBAAiA2IABDF9AUEa9+nqXDkeN2oWjSxu2X7qGSXF +l0Dczjl/kkbL+0tE2Pc920emRL9VdwI10TcnaKToBE6HdY9ZV6mAuLQ8l8r6GxOo +UNwNer4TPTFb/dif1vyqJzO4klxbuAwkyqNeMFwwDAYDVR0TBAUwAwEB/zALBgNV +HQ8EBAMCAf4wHQYDVR0OBBYEFAAPb6drHzQDDlohxzjr8aVX1VfNMCAGA1UdJQEB +/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQDAwNpADBmAjEA27QL +zqJFYcIOvBfcovOJ+Gd6KNsxoSEquHkgy0C4xBeG/m75OEz0GyPt3kDPuUyfAjEA +wlziYJdDiTvr6LMixuWPgxxOM+gkXB8Mb3l9DQxAuWIjgm6l+6QaaaS6VlB/DuDw +-----END CERTIFICATE----- diff --git a/test_key/ecp384/inter1.cert.der b/test_key/ecp384/inter1.cert.der new file mode 100644 index 0000000..56769da Binary files /dev/null and b/test_key/ecp384/inter1.cert.der differ diff --git a/test_key/ecp384/param.pem b/test_key/ecp384/param.pem new file mode 100644 index 0000000..93b799c --- /dev/null +++ b/test_key/ecp384/param.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- diff --git a/test_key/ecp521/bundle_requester.certchain.der b/test_key/ecp521/bundle_requester.certchain.der new file mode 100644 index 0000000..298ccd5 Binary files /dev/null and b/test_key/ecp521/bundle_requester.certchain.der differ diff --git a/test_key/ecp521/bundle_requester.certchain1.der b/test_key/ecp521/bundle_requester.certchain1.der new file mode 100644 index 0000000..63eb61e Binary files /dev/null and b/test_key/ecp521/bundle_requester.certchain1.der differ diff --git a/test_key/ecp521/bundle_responder.certchain.der b/test_key/ecp521/bundle_responder.certchain.der new file mode 100644 index 0000000..9708511 Binary files /dev/null and b/test_key/ecp521/bundle_responder.certchain.der differ diff --git a/test_key/ecp521/bundle_responder.certchain1.der b/test_key/ecp521/bundle_responder.certchain1.der new file mode 100644 index 0000000..ed55cf4 Binary files /dev/null and b/test_key/ecp521/bundle_responder.certchain1.der differ diff --git a/test_key/ecp521/bundle_responder.certchain_alias.der b/test_key/ecp521/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..b9974e0 Binary files /dev/null and b/test_key/ecp521/bundle_responder.certchain_alias.der differ diff --git a/test_key/ecp521/ca.cert b/test_key/ecp521/ca.cert new file mode 100644 index 0000000..ffb00c1 --- /dev/null +++ b/test_key/ecp521/ca.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHTCCAYCgAwIBAgIUOz55PvQDRKoTCdfPE7VnJjSwM48wCgYIKoZIzj0EAwQw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDUyMSBDQTAeFw0yMzA0MjAwMTE2 +MjNaFw0zMzA0MTcwMTE2MjNaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1A1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABlAvKaH6gAXgupy4+7upmE +acm+W7MO3nLzsR0/04q/ZKpKX4hk3q623snhAvcSMlwQ/unLYiTvyC56X1rNdHxy +AwCSUJTOYL1py4JoD3zx2F/UNy7A92IbjoYlsPFrwTLHfU8VXRXMPbT9ynDFXKFf +Mc00rK2XAdJPMZm1aHgD3bCCvqNTMFEwHQYDVR0OBBYEFANJ6DBmW6ZWtlXdI1F6 +Nw4PpmlkMB8GA1UdIwQYMBaAFANJ6DBmW6ZWtlXdI1F6Nw4PpmlkMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwQDgYoAMIGGAkFrnkV5PApvxoR6EBYfLiy6SyvQ +FXtjLbiConCnHFolrXkcLTIF/5M0P7uQWqEEnqGRPvnZSjXrdQpkASwgrBFi6AJB +NIwuUeMBvdXAzFA35hbxzLlF1dcy4neCrEWVEB8exIWZ/hlHCMqw2GLVYeCcgqFE +O7yxxriJQkCzHySV+gprMGI= +-----END CERTIFICATE----- diff --git a/test_key/ecp521/ca.cert.der b/test_key/ecp521/ca.cert.der new file mode 100644 index 0000000..6c54799 Binary files /dev/null and b/test_key/ecp521/ca.cert.der differ diff --git a/test_key/ecp521/ca.key b/test_key/ecp521/ca.key new file mode 100644 index 0000000..c534359 --- /dev/null +++ b/test_key/ecp521/ca.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAMNf4K3Isx2aLo+yL +otkG/CNWKe/XJNfRB45PGm3H/kSb00UtK3PvJ3xrrP0GQDDjWGbeEDlVDfrPuIXY +cbbNQK6hgYkDgYYABABlAvKaH6gAXgupy4+7upmEacm+W7MO3nLzsR0/04q/ZKpK +X4hk3q623snhAvcSMlwQ/unLYiTvyC56X1rNdHxyAwCSUJTOYL1py4JoD3zx2F/U +Ny7A92IbjoYlsPFrwTLHfU8VXRXMPbT9ynDFXKFfMc00rK2XAdJPMZm1aHgD3bCC +vg== +-----END PRIVATE KEY----- diff --git a/test_key/ecp521/ca.key.der b/test_key/ecp521/ca.key.der new file mode 100644 index 0000000..91ed2bc Binary files /dev/null and b/test_key/ecp521/ca.key.der differ diff --git a/test_key/ecp521/ca1.cert b/test_key/ecp521/ca1.cert new file mode 100644 index 0000000..b6b1cc4 --- /dev/null +++ b/test_key/ecp521/ca1.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAYCgAwIBAgIURm85HySsqG+C2U6MlvhdNCkJOHcwCgYIKoZIzj0EAwQw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDUyMSBDQTAeFw0yMzA1MzAxNDQz +NDlaFw0zMzA1MjcxNDQzNDlaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1A1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFCDYGHCdg32DKwogr2j2YV +TNJicrOQX9ZKjEh9No+GkvBNNO6G+fkOBK5P8O7miUz0HFXAahZR0NJep/+30rBH +TQCF951kMPibOUcjA0gOKdtt9KholM8VGy/bTGMPAp9/Pcc5YV9NrvEQRh9OH7Lf +05kuqhzjlFM/zmlAFKolQGIZBqNTMFEwHQYDVR0OBBYEFKVw3MoYRHJiCdCUL1vD +Dhi2H4rbMB8GA1UdIwQYMBaAFKVw3MoYRHJiCdCUL1vDDhi2H4rbMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwQDgYsAMIGHAkIBpTLeD+5HVEfnf04XnSSQuwpG +f4CgAo/J4x/upA8CniptrAa/EE8U439Sd+c+z4ceS88hyLNLgWiWTx+6fUAo+dsC +QWzPzFkPr9A7FvleU+fBltJS15HkYd1aElLJoW8uyPd7CxwOsV6bAoLa+OBcnUFK +OWZPFDlVXkzuU5w5+zSmwHaS +-----END CERTIFICATE----- diff --git a/test_key/ecp521/ca1.cert.der b/test_key/ecp521/ca1.cert.der new file mode 100644 index 0000000..36462e6 Binary files /dev/null and b/test_key/ecp521/ca1.cert.der differ diff --git a/test_key/ecp521/ca1.key b/test_key/ecp521/ca1.key new file mode 100644 index 0000000..4222cff --- /dev/null +++ b/test_key/ecp521/ca1.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA40/Zal6IB3bywyXW +gkR57VznCGhsmRS70dkK7sfe5oXO4mePjfFGPAeqUhBH/sBslLJxlXKfz/BK2BID +hZSnCPuhgYkDgYYABAFCDYGHCdg32DKwogr2j2YVTNJicrOQX9ZKjEh9No+GkvBN +NO6G+fkOBK5P8O7miUz0HFXAahZR0NJep/+30rBHTQCF951kMPibOUcjA0gOKdtt +9KholM8VGy/bTGMPAp9/Pcc5YV9NrvEQRh9OH7Lf05kuqhzjlFM/zmlAFKolQGIZ +Bg== +-----END PRIVATE KEY----- diff --git a/test_key/ecp521/ca1.key.der b/test_key/ecp521/ca1.key.der new file mode 100644 index 0000000..70ec0f9 Binary files /dev/null and b/test_key/ecp521/ca1.key.der differ diff --git a/test_key/ecp521/end_requester.cert b/test_key/ecp521/end_requester.cert new file mode 100644 index 0000000..2c01073 --- /dev/null +++ b/test_key/ecp521/end_requester.cert @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAe6gAwIBAgIBAjAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTYzOFoX +DTMzMDQxNzAxMTYzOFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXF1c2V0ZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAPMnCiZXCTyg +4v7RHYVj1z1F+rZH8PAPg98DZdCCMIlpvkHNu6LweP0vt4KrXA+iFDQJeSb8lm1K +9h2xQEDhQMXdAJWlyGUhVei5uqej9B3uIM8sgcHw0IktyzhwwCKWYFAkg3UPGihV +Z02oxlXf5Gfaz7r8ypyq0tkG4iduec16xTJ9o4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQsNXo8mDBKm5ph+s6h6GWjP1VmNTAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAKBggqhkjOPQQDBAOBjAAwgYgCQgExJLdi +vkDs3J0h3ptq3FqNdi+YBTA8wVCAaYPKUe/SOvOzMfBkIO8VeJ8JTZ66WlkVo4Ao +8Nh+iq1ihSaDDO+6KQJCATauGL46KYc6qJJ4oJfea0sSHfOJN2elvwPe2JFXddYB +rAarPC7rtobRXQ/2yEDYx/vVwp+Di+p0N8Wlf2ltMSnw +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_requester.cert.der b/test_key/ecp521/end_requester.cert.der new file mode 100644 index 0000000..45486fd Binary files /dev/null and b/test_key/ecp521/end_requester.cert.der differ diff --git a/test_key/ecp521/end_requester.key b/test_key/ecp521/end_requester.key new file mode 100644 index 0000000..9e20b5b --- /dev/null +++ b/test_key/ecp521/end_requester.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAeNn+/Zh6R1oAhGnW +W4VnDdwLaiotNQE5/zPUg50daSnBc4Shtx41FRBpu/jF3dkvr/9qBJRuaekMTCw3 +Ukq2c/GhgYkDgYYABADzJwomVwk8oOL+0R2FY9c9Rfq2R/DwD4PfA2XQgjCJab5B +zbui8Hj9L7eCq1wPohQ0CXkm/JZtSvYdsUBA4UDF3QCVpchlIVXoubqno/Qd7iDP +LIHB8NCJLcs4cMAilmBQJIN1DxooVWdNqMZV3+Rn2s+6/MqcqtLZBuInbnnNesUy +fQ== +-----END PRIVATE KEY----- diff --git a/test_key/ecp521/end_requester.key.der b/test_key/ecp521/end_requester.key.der new file mode 100644 index 0000000..55c5f50 Binary files /dev/null and b/test_key/ecp521/end_requester.key.der differ diff --git a/test_key/ecp521/end_requester.key.p8 b/test_key/ecp521/end_requester.key.p8 new file mode 100644 index 0000000..72eb4e1 Binary files /dev/null and b/test_key/ecp521/end_requester.key.p8 differ diff --git a/test_key/ecp521/end_requester.key.pub b/test_key/ecp521/end_requester.key.pub new file mode 100644 index 0000000..4d66195 --- /dev/null +++ b/test_key/ecp521/end_requester.key.pub @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA8ycKJlcJPKDi/tEdhWPXPUX6tkfw +8A+D3wNl0IIwiWm+Qc27ovB4/S+3gqtcD6IUNAl5JvyWbUr2HbFAQOFAxd0AlaXI +ZSFV6Lm6p6P0He4gzyyBwfDQiS3LOHDAIpZgUCSDdQ8aKFVnTajGVd/kZ9rPuvzK +nKrS2QbiJ255zXrFMn0= +-----END PUBLIC KEY----- diff --git a/test_key/ecp521/end_requester.key.pub.der b/test_key/ecp521/end_requester.key.pub.der new file mode 100644 index 0000000..44a35e2 Binary files /dev/null and b/test_key/ecp521/end_requester.key.pub.der differ diff --git a/test_key/ecp521/end_requester.req b/test_key/ecp521/end_requester.req new file mode 100644 index 0000000..62af0c9 --- /dev/null +++ b/test_key/ecp521/end_requester.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBcDCB0gIBADAtMSswKQYDVQQDDCJETVRGIGxpYnNwZG0gRUNQNTIxIHJlcXVz +ZXRlciBjZXJ0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA8ycKJlcJPKDi/tEd +hWPXPUX6tkfw8A+D3wNl0IIwiWm+Qc27ovB4/S+3gqtcD6IUNAl5JvyWbUr2HbFA +QOFAxd0AlaXIZSFV6Lm6p6P0He4gzyyBwfDQiS3LOHDAIpZgUCSDdQ8aKFVnTajG +Vd/kZ9rPuvzKnKrS2QbiJ255zXrFMn2gADAKBggqhkjOPQQDBAOBjAAwgYgCQgF4 +iWb8oxgUxG2oIh65l/U0l+6IY+XybVB3OMhy+PmXS9nJMKe/V12EvLZtMsIL7+xC +OHNVJ++7TENOvJQc9PbikwJCAO8z5aGVkBFvpIe+/43xtyegIwyjwdNHa9uKX74B +NBhN8fD90lqu0wSp1GD399sX8CdsrvkcpjgOz4S//Mta+xRc +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp521/end_requester1.cert b/test_key/ecp521/end_requester1.cert new file mode 100644 index 0000000..872e734 --- /dev/null +++ b/test_key/ecp521/end_requester1.cert @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAe6gAwIBAgIBAjAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDUzMDE0NDM1MFoX +DTMzMDUyNzE0NDM1MFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXF1c2V0ZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAPMnCiZXCTyg +4v7RHYVj1z1F+rZH8PAPg98DZdCCMIlpvkHNu6LweP0vt4KrXA+iFDQJeSb8lm1K +9h2xQEDhQMXdAJWlyGUhVei5uqej9B3uIM8sgcHw0IktyzhwwCKWYFAkg3UPGihV +Z02oxlXf5Gfaz7r8ypyq0tkG4iduec16xTJ9o4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQsNXo8mDBKm5ph+s6h6GWjP1VmNTAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAKBggqhkjOPQQDBAOBjAAwgYgCQgE6vzcW +O7xpxWpjECJ2odwdKGFkVV+2fZ9+J94sQbHkcEhM+lto7ne4OC5k3LijeJO+c+8K +bbrW5eyHyTUgy/f9ZAJCAIzMcG/8i0+tso+j3WncDA94wtc10ICa0+rA/VdIyJnU +HBJl0PngJMiX3pdfoTIGyt2LUs2eolSlG281uw6M3eQk +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_requester1.cert.der b/test_key/ecp521/end_requester1.cert.der new file mode 100644 index 0000000..1be8cb3 Binary files /dev/null and b/test_key/ecp521/end_requester1.cert.der differ diff --git a/test_key/ecp521/end_requester_with_spdm_req_eku.cert b/test_key/ecp521/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..ed00659 --- /dev/null +++ b/test_key/ecp521/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSDCCAamgAwIBAgIBBTAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTcyMFoX +DTMzMDQxNzAxMTcyMFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXF1c2V0ZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAPMnCiZXCTyg +4v7RHYVj1z1F+rZH8PAPg98DZdCCMIlpvkHNu6LweP0vt4KrXA+iFDQJeSb8lm1K +9h2xQEDhQMXdAJWlyGUhVei5uqej9B3uIM8sgcHw0IktyzhwwCKWYFAkg3UPGihV +Z02oxlXf5Gfaz7r8ypyq0tkG4iduec16xTJ9o3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQULDV6PJgwSpuaYfrOoehloz9VZjUwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +BDAKBggqhkjOPQQDBAOBjAAwgYgCQgG97UU99eISvGfpAYSMWpJqvzrNG5O6BRjN +5cooDUlHaRueI/e4qafxIZOaZXq+sJkSx/7hGoWZ5nvIdRZjc/oG0AJCAXuRX00N +pTTdPurTq46sAAJu4CUIFHhsVk3yZhwI61OPnVn+eUNAYeKGuclY7JgWGhqFnkU9 +cCDyTC5mQfHWpIyn +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_requester_with_spdm_req_eku.cert.der b/test_key/ecp521/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..8c70c2a Binary files /dev/null and b/test_key/ecp521/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert b/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..13c3d4f --- /dev/null +++ b/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICVTCCAbagAwIBAgIBBDAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTcxN1oX +DTMzMDQxNzAxMTcxN1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXF1c2V0ZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAPMnCiZXCTyg +4v7RHYVj1z1F+rZH8PAPg98DZdCCMIlpvkHNu6LweP0vt4KrXA+iFDQJeSb8lm1K +9h2xQEDhQMXdAJWlyGUhVei5uqej9B3uIM8sgcHw0IktyzhwwCKWYFAkg3UPGihV +Z02oxlXf5Gfaz7r8ypyq0tkG4iduec16xTJ9o4GAMH4wDAYDVR0TAQH/BAIwADAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFCw1ejyYMEqbmmH6zqHoZaM/VWY1MEIGA1Ud +JQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyC +EgMGCisGAQQBgxyCEgQwCgYIKoZIzj0EAwQDgYwAMIGIAkIBBDulnHBgnj0BaHa7 +F2VfzJa4FlHVHv0q0+P1eeGtH0nZqye6A13KZ+crp/Kb8xN/vF3IJSmgfiyXZY3H +3wxsfRcCQgDamVYN3TgZxMiaKN4bgzMuaN9VFf8nOVTo1XwHGbLZNo0uGPoyXwaT +YI2AulaKp5fGBhgVoz0au3qMpxWaKszmTQ== +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..495762e Binary files /dev/null and b/test_key/ecp521/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert b/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..320afd0 --- /dev/null +++ b/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSDCCAamgAwIBAgIBBjAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTcyM1oX +DTMzMDQxNzAxMTcyM1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXF1c2V0ZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAPMnCiZXCTyg +4v7RHYVj1z1F+rZH8PAPg98DZdCCMIlpvkHNu6LweP0vt4KrXA+iFDQJeSb8lm1K +9h2xQEDhQMXdAJWlyGUhVei5uqej9B3uIM8sgcHw0IktyzhwwCKWYFAkg3UPGihV +Z02oxlXf5Gfaz7r8ypyq0tkG4iduec16xTJ9o3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQULDV6PJgwSpuaYfrOoehloz9VZjUwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +AzAKBggqhkjOPQQDBAOBjAAwgYgCQgHatt+y1dv9WDWTp7i62Yb+AkrPoi7tFzbr +qfgAMqqFQdTaq3Uhjn9wuar+CNHj6cOOBjee6zhlAcOWReXxQMZk/QJCAb8T4o/W +tTuhvgXhECEpT01f/4dgPFvTyf89K2aFbfkDNUGe970UF9t2FQZ1j2Cv6QEHY68d +m88se3QQ7zaM2Exy +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert.der b/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..487d294 Binary files /dev/null and b/test_key/ecp521/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp521/end_responder.cert b/test_key/ecp521/end_responder.cert new file mode 100644 index 0000000..a76be66 --- /dev/null +++ b/test_key/ecp521/end_responder.cert @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAe6gAwIBAgIBAzAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTY0MVoX +DTMzMDQxNzAxMTY0MVowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTkvNdIldOnvSMK0qRpQcO+bVyRzDAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAKBggqhkjOPQQDBAOBjAAwgYgCQgCMmkUB +0oJgveVreIH7rvIF+GDxrxe1+ZRWfDx1nWMb0gEspH3KI8CtJSdAVbfnbKB2kAqJ +13ZyUR1RKRXlgHiVcQJCAYRtntkJiO1T0jQiK70KGwyL1dkZSgPpfXcNkovPzH90 +Uouasbjh5VLjjrLvqe6tdhb8mv1W/IqILPcpN/tpJhIH +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder.cert.der b/test_key/ecp521/end_responder.cert.der new file mode 100644 index 0000000..fb1eddb Binary files /dev/null and b/test_key/ecp521/end_responder.cert.der differ diff --git a/test_key/ecp521/end_responder.key b/test_key/ecp521/end_responder.key new file mode 100644 index 0000000..25dcc15 --- /dev/null +++ b/test_key/ecp521/end_responder.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBKmFuSiH1KmVuKoI4 +d9FeCUmEMjw6VbHNJUejits6ilZ7aR3KFb4mx61Cq/VhHAXZUaAUT6+uJdaWfLVT +J7D4IxOhgYkDgYYABACryMwXhhxKnuTZelNi67+4NfwVBKFaojZcHNrLHZJ4Fzel +FvWOWGklJ4nVthIJyEMJRIKzQBoZqcA13wbIaNaVDQHL03D6i13oy7UNq+4r1pN9 +3wWlR7/ebzuSI6/tep06ciwt27qEZjSZqmH1/BaSZSrlEUK4ayj5nonQSqY8HEW0 +eg== +-----END PRIVATE KEY----- diff --git a/test_key/ecp521/end_responder.key.der b/test_key/ecp521/end_responder.key.der new file mode 100644 index 0000000..a2b2ba4 Binary files /dev/null and b/test_key/ecp521/end_responder.key.der differ diff --git a/test_key/ecp521/end_responder.key.p8 b/test_key/ecp521/end_responder.key.p8 new file mode 100644 index 0000000..a82df3a Binary files /dev/null and b/test_key/ecp521/end_responder.key.p8 differ diff --git a/test_key/ecp521/end_responder.key.pub b/test_key/ecp521/end_responder.key.pub new file mode 100644 index 0000000..a30277c --- /dev/null +++ b/test_key/ecp521/end_responder.key.pub @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAq8jMF4YcSp7k2XpTYuu/uDX8FQSh +WqI2XBzayx2SeBc3pRb1jlhpJSeJ1bYSCchDCUSCs0AaGanANd8GyGjWlQ0By9Nw ++otd6Mu1DavuK9aTfd8FpUe/3m87kiOv7XqdOnIsLdu6hGY0maph9fwWkmUq5RFC +uGso+Z6J0EqmPBxFtHo= +-----END PUBLIC KEY----- diff --git a/test_key/ecp521/end_responder.key.pub.der b/test_key/ecp521/end_responder.key.pub.der new file mode 100644 index 0000000..c90218f Binary files /dev/null and b/test_key/ecp521/end_responder.key.pub.der differ diff --git a/test_key/ecp521/end_responder.req b/test_key/ecp521/end_responder.req new file mode 100644 index 0000000..f2f27fc --- /dev/null +++ b/test_key/ecp521/end_responder.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBcDCB0gIBADAtMSswKQYDVQQDDCJETVRGIGxpYnNwZG0gRUNQNTIxIHJlc3Bv +bmRlciBjZXJ0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAq8jMF4YcSp7k2XpT +Yuu/uDX8FQShWqI2XBzayx2SeBc3pRb1jlhpJSeJ1bYSCchDCUSCs0AaGanANd8G +yGjWlQ0By9Nw+otd6Mu1DavuK9aTfd8FpUe/3m87kiOv7XqdOnIsLdu6hGY0maph +9fwWkmUq5RFCuGso+Z6J0EqmPBxFtHqgADAKBggqhkjOPQQDBAOBjAAwgYgCQgH8 +ApuX2a/Legky5vtSYhmjL7Aku4T5lYhR66EGY+lRJUaYc6oI6slqCFTtpG3BoEBf +7+Q7mMRmsm5arlY6c36oWgJCAMfEwKmZpqpyarCTCExcS/GR5andQ8SVUchN8ldo +1tMDTzrXwECTJ1W0U2SQCUpmSBzqCSczre5Pc0/VYk4XediA +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp521/end_responder1.cert b/test_key/ecp521/end_responder1.cert new file mode 100644 index 0000000..6499ee9 --- /dev/null +++ b/test_key/ecp521/end_responder1.cert @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjDCCAe6gAwIBAgIBAzAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDUzMDE0NDM1MFoX +DTMzMDUyNzE0NDM1MFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTkvNdIldOnvSMK0qRpQcO+bVyRzDAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAKBggqhkjOPQQDBAOBiwAwgYcCQQuOc3NI +Nsa4bb36Edr7cD3NzJPjOKNOzTGo1R6/8aK0BWM9NjJSdZlSAAufDBTfM4J58Pvl +yjITDkqK/a98oTP+AkIBtZV/VOVJ3xtsZniW2j6YH5YeEzqLOsxQlE+wk/dsIwcX +R599RHLhnBag7tfnzuBjTu9nzToBSXzuorA6rGav4LA= +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder1.cert.der b/test_key/ecp521/end_responder1.cert.der new file mode 100644 index 0000000..bb369b5 Binary files /dev/null and b/test_key/ecp521/end_responder1.cert.der differ diff --git a/test_key/ecp521/end_responder_alias.cert b/test_key/ecp521/end_responder_alias.cert new file mode 100644 index 0000000..aae63d4 --- /dev/null +++ b/test_key/ecp521/end_responder_alias.cert @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICdDCCAdWgAwIBAgIBAzAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjIxNFoX +DTMzMDYwMzA4MjIxNFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o4GfMIGcMA8GA1UdEwEB/wQFMAMB +Af8wCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTkvNdIldOnvSMK0qRpQcO+bVyRzDAx +BgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5 +MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMAoG +CCqGSM49BAMEA4GMADCBiAJCAPLatNp5ydHcG5SL413dHqkWhlWCVjyUhSpCdVpT +AUbjrX9sxpZiYjCZJLpfIEzeErh1REiIaX/Il0GtHdDEJrmVAkIAhdr3VAMafWI7 +TbZoprgOYB5T/T0Q1JalY04Gbf/q3ewtNzEOy9wcxQS2qVchrRzY2z8AWxQkORxY +6zqkI+ugViA= +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder_alias.cert.der b/test_key/ecp521/end_responder_alias.cert.der new file mode 100644 index 0000000..e1964ab Binary files /dev/null and b/test_key/ecp521/end_responder_alias.cert.der differ diff --git a/test_key/ecp521/end_responder_with_spdm_req_eku.cert b/test_key/ecp521/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..001a5fd --- /dev/null +++ b/test_key/ecp521/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSDCCAamgAwIBAgIBCDAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTczNloX +DTMzMDQxNzAxMTczNlowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQU5LzXSJXTp70jCtKkaUHDvm1ckcwwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +BDAKBggqhkjOPQQDBAOBjAAwgYgCQgEdvCkHsHFt2d4GFD6y9gyZJx1rcplGTyga +nQa0GH0DM8dhiF9eITVvKrMB6k1rSD3aMtsNKqbjAls/DtlHhM4uZwJCAPE0oqd0 +snI1a1vl6lRsVsz75pQxYpVMtomRYtmwdneapd12BnjIQpLYGOTpS7w5ymFH84sW +twY1awslQIU07nx8 +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder_with_spdm_req_eku.cert.der b/test_key/ecp521/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..c43c95c Binary files /dev/null and b/test_key/ecp521/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert b/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..7bba4f5 --- /dev/null +++ b/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICVTCCAbagAwIBAgIBBzAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTczM1oX +DTMzMDQxNzAxMTczM1owLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o4GAMH4wDAYDVR0TAQH/BAIwADAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOS810iV06e9IwrSpGlBw75tXJHMMEIGA1Ud +JQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyC +EgMGCisGAQQBgxyCEgQwCgYIKoZIzj0EAwQDgYwAMIGIAkIBoY5X9g7uOtA8Ix5a +hVcVJqaRsRmwF2daFozhyramxreDYvciBT0su0OPTLmO15aR+yrelI+c3a+1ymXW +G7QRQfoCQgCMUdAqKrz0s5BYsk26cWYaNT0M3H/j2PHh6L8TN8h7XGsI9zDYkVPb +xg8spfEg4Q7o9zAM6C13T/BOM+iN2XhrGA== +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..e67f3ee Binary files /dev/null and b/test_key/ecp521/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert b/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..a48961e --- /dev/null +++ b/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRzCCAamgAwIBAgIBCTAKBggqhkjOPQQDBDAwMS4wLAYDVQQDDCVETVRGIGxp +YnNwZG0gRUNQNTIxIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMTczOFoX +DTMzMDQxNzAxMTczOFowLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDUyMSBy +ZXNwb25kZXIgY2VydDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKvIzBeGHEqe +5Nl6U2Lrv7g1/BUEoVqiNlwc2ssdkngXN6UW9Y5YaSUnidW2EgnIQwlEgrNAGhmp +wDXfBsho1pUNAcvTcPqLXejLtQ2r7ivWk33fBaVHv95vO5Ijr+16nTpyLC3buoRm +NJmqYfX8FpJlKuURQrhrKPmeidBKpjwcRbR6o3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQU5LzXSJXTp70jCtKkaUHDvm1ckcwwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +AzAKBggqhkjOPQQDBAOBiwAwgYcCQgF0HDv0Z3GiBDkUxTEErSWMpW838AGtB0zq +7fmISiLm1qKHKzVQ1HfeSPlFp5uLz/YogwpZRmu3KMlHjbN0RXfttwJBGAieVdtH +6OeQB9zFln8jbtPhEI9NvwcEhNtiqp/Np7ZIvYjx++QbRlYe4E+Ai/R7kpd/bm47 +iZe0IPh1opBwD5Y= +-----END CERTIFICATE----- diff --git a/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert.der b/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..d5baaa4 Binary files /dev/null and b/test_key/ecp521/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ecp521/inter.cert b/test_key/ecp521/inter.cert new file mode 100644 index 0000000..ba6624b --- /dev/null +++ b/test_key/ecp521/inter.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICJjCCAYegAwIBAgIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQNTIxIENBMB4XDTIzMDQyMDAxMTYzNloXDTMzMDQxNzAxMTYzNlow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDUyMSBpbnRlcm1lZGlhdGUgY2Vy +dDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAR8zDGPwXAP9epKClwTj6S4PooIb +3toLfldSMDRRcksG8KU5f37GuzNp/OQV6yBZDC9S+lwqM+8sNNrKxJqcPIdsAasc +6o+zMSlvfco0Sv6c2Urle5JgO7QtaU861A0Ylz84dZzVyFpK4ET105eJPC1vGRvC ++Xu3tqOb+ftY0T1cZ6GRo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAd +BgNVHQ4EFgQUn6xRfjRl1ZkCcCYwruckyTcDna4wIAYDVR0lAQH/BBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMAoGCCqGSM49BAMEA4GMADCBiAJCALyTY0qzhbg8rKKp +NOubYxGnCmGGxktNfRoefbgo6zIeteVu/Kub43A9MoqMc1cXIJKyi1SNqI4Ym2gX +wDgmBjnbAkIAm61MrMvOKfYCbjDBBV9PYCk0sxrtAz+1yafh/5Zl/u8htMTDtnNC +frmDm2nvVn8E2dz2gYY7uGoeIDMPVeM0Fo8= +-----END CERTIFICATE----- diff --git a/test_key/ecp521/inter.cert.der b/test_key/ecp521/inter.cert.der new file mode 100644 index 0000000..5ac17e1 Binary files /dev/null and b/test_key/ecp521/inter.cert.der differ diff --git a/test_key/ecp521/inter.key b/test_key/ecp521/inter.key new file mode 100644 index 0000000..e7630a3 --- /dev/null +++ b/test_key/ecp521/inter.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAsgSy28F4ob/10nCv +9588PsbgauDdgUdhuLQQZlJBEYqD4nY63P8DO3/3wjbb3T3VdWkoZmfA1WfQV3r7 +87y+b/WhgYkDgYYABAEfMwxj8FwD/XqSgpcE4+kuD6KCG97aC35XUjA0UXJLBvCl +OX9+xrszafzkFesgWQwvUvpcKjPvLDTaysSanDyHbAGrHOqPszEpb33KNEr+nNlK +5XuSYDu0LWlPOtQNGJc/OHWc1chaSuBE9dOXiTwtbxkbwvl7t7ajm/n7WNE9XGeh +kQ== +-----END PRIVATE KEY----- diff --git a/test_key/ecp521/inter.req b/test_key/ecp521/inter.req new file mode 100644 index 0000000..73f1c27 --- /dev/null +++ b/test_key/ecp521/inter.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBczCB1QIBADAwMS4wLAYDVQQDDCVETVRGIGxpYnNwZG0gRUNQNTIxIGludGVy +bWVkaWF0ZSBjZXJ0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBHzMMY/BcA/16 +koKXBOPpLg+ighve2gt+V1IwNFFySwbwpTl/fsa7M2n85BXrIFkML1L6XCoz7yw0 +2srEmpw8h2wBqxzqj7MxKW99yjRK/pzZSuV7kmA7tC1pTzrUDRiXPzh1nNXIWkrg +RPXTl4k8LW8ZG8L5e7e2o5v5+1jRPVxnoZGgADAKBggqhkjOPQQDBAOBjAAwgYgC +QgCheHom9doOZw4K6aL8acJBMsP/w8Vs6G7nNYn8g4cpEVgpEipq/1UNwEmVcBwi +93Z6qU9EFvt96vkff5PcILUe8QJCALre1si7SK0H/pjyJIhZbVQW41lOOuUUUEkn +VQ1zbVKWLrxIVT5rolL5CgV0dOukvtJkdnfbpVEgCCNaQTVottHo +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ecp521/inter1.cert b/test_key/ecp521/inter1.cert new file mode 100644 index 0000000..57fbbbc --- /dev/null +++ b/test_key/ecp521/inter1.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICJTCCAYegAwIBAgIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQNTIxIENBMB4XDTIzMDUzMDE0NDM1MFoXDTMzMDUyNzE0NDM1MFow +MDEuMCwGA1UEAwwlRE1URiBsaWJzcGRtIEVDUDUyMSBpbnRlcm1lZGlhdGUgY2Vy +dDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAR8zDGPwXAP9epKClwTj6S4PooIb +3toLfldSMDRRcksG8KU5f37GuzNp/OQV6yBZDC9S+lwqM+8sNNrKxJqcPIdsAasc +6o+zMSlvfco0Sv6c2Urle5JgO7QtaU861A0Ylz84dZzVyFpK4ET105eJPC1vGRvC ++Xu3tqOb+ftY0T1cZ6GRo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAd +BgNVHQ4EFgQUn6xRfjRl1ZkCcCYwruckyTcDna4wIAYDVR0lAQH/BBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMAoGCCqGSM49BAMEA4GLADCBhwJCALXmdYVVHKqeRZUV +R9S1QdjJQNGB4bE5v4adU7fcUF+2a6sdpXHP3ERU4pb+99Nwj+10nlj3EOI8E93T +JzlvNNN2AkFaI6wipwaEWPxxb+tcIpa3Ld1F0lrSn9vTeCF4cTBftmcnMqoDNF7f +fQWk5WIuZSVvwXTl3GHQVKgdijlfMHUe/g== +-----END CERTIFICATE----- diff --git a/test_key/ecp521/inter1.cert.der b/test_key/ecp521/inter1.cert.der new file mode 100644 index 0000000..f2702bc Binary files /dev/null and b/test_key/ecp521/inter1.cert.der differ diff --git a/test_key/ecp521/param.pem b/test_key/ecp521/param.pem new file mode 100644 index 0000000..3acf6da --- /dev/null +++ b/test_key/ecp521/param.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- diff --git a/test_key/ed25519/bundle_requester.certchain.der b/test_key/ed25519/bundle_requester.certchain.der new file mode 100644 index 0000000..634379c Binary files /dev/null and b/test_key/ed25519/bundle_requester.certchain.der differ diff --git a/test_key/ed25519/bundle_requester.certchain1.der b/test_key/ed25519/bundle_requester.certchain1.der new file mode 100644 index 0000000..e65eaa9 Binary files /dev/null and b/test_key/ed25519/bundle_requester.certchain1.der differ diff --git a/test_key/ed25519/bundle_responder.certchain.der b/test_key/ed25519/bundle_responder.certchain.der new file mode 100644 index 0000000..a2405ae Binary files /dev/null and b/test_key/ed25519/bundle_responder.certchain.der differ diff --git a/test_key/ed25519/bundle_responder.certchain1.der b/test_key/ed25519/bundle_responder.certchain1.der new file mode 100644 index 0000000..b2e494c Binary files /dev/null and b/test_key/ed25519/bundle_responder.certchain1.der differ diff --git a/test_key/ed25519/bundle_responder.certchain_alias.der b/test_key/ed25519/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..a9d3cf6 Binary files /dev/null and b/test_key/ed25519/bundle_responder.certchain_alias.der differ diff --git a/test_key/ed25519/ca.cert b/test_key/ed25519/ca.cert new file mode 100644 index 0000000..48fc07d --- /dev/null +++ b/test_key/ed25519/ca.cert @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWTCCAQugAwIBAgIUOROj+98neELWptG58SNpbVFbHfAwBQYDK2VwMCIxIDAe +BgNVBAMMF0RNVEYgbGlic3BkbSBFRDI1NTE5IENBMB4XDTIzMDQwMzA1NTg0NloX +DTMzMDMzMTA1NTg0NlowIjEgMB4GA1UEAwwXRE1URiBsaWJzcGRtIEVEMjU1MTkg +Q0EwKjAFBgMrZXADIQBzbV9MvIURqXJftwlLYPngK5A3uMc68Ug4FfGvR6L54KNT +MFEwHQYDVR0OBBYEFKlC6atInVoxOewq0cZ/xdHwklFwMB8GA1UdIwQYMBaAFKlC +6atInVoxOewq0cZ/xdHwklFwMA8GA1UdEwEB/wQFMAMBAf8wBQYDK2VwA0EAsFfF +ytUCS4Mx4orKZ5DBVeg8RNveBGmJpA35NLZEe5FbBn8pdrmWBG3glFmuHhlfRaBo +swzO68QdDs3KXnjbBg== +-----END CERTIFICATE----- diff --git a/test_key/ed25519/ca.cert.der b/test_key/ed25519/ca.cert.der new file mode 100644 index 0000000..6e134d7 Binary files /dev/null and b/test_key/ed25519/ca.cert.der differ diff --git a/test_key/ed25519/ca.key b/test_key/ed25519/ca.key new file mode 100644 index 0000000..ebfa2fd --- /dev/null +++ b/test_key/ed25519/ca.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKAa3kxbu3Z37RPuCNrKSQXv6aRu9vYS1qjVDS2HBe2w +-----END PRIVATE KEY----- diff --git a/test_key/ed25519/ca1.cert b/test_key/ed25519/ca1.cert new file mode 100644 index 0000000..1392ee8 --- /dev/null +++ b/test_key/ed25519/ca1.cert @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWTCCAQugAwIBAgIUc5DwhPF3sU1d7cqXKIn0KlyI6wMwBQYDK2VwMCIxIDAe +BgNVBAMMF0RNVEYgbGlic3BkbSBFRDI1NTE5IENBMB4XDTIzMDQwMzA1NTkwMVoX +DTMzMDMzMTA1NTkwMVowIjEgMB4GA1UEAwwXRE1URiBsaWJzcGRtIEVEMjU1MTkg +Q0EwKjAFBgMrZXADIQAzzVirHamZ37+8FFpilAMmf+JKQFBCQ4e/FyHUAEsO8qNT +MFEwHQYDVR0OBBYEFPvQ2b9WCJlCb55z5XCtm9TXqo3SMB8GA1UdIwQYMBaAFPvQ +2b9WCJlCb55z5XCtm9TXqo3SMA8GA1UdEwEB/wQFMAMBAf8wBQYDK2VwA0EALfX9 +wFX9wiaPHx6899uhpfsKc3C/mhRTGKq+VwQePbxn0EL17sfk1VIsdJtshxyRncxN +q0KwPgYDwDlD2Cb3Bg== +-----END CERTIFICATE----- diff --git a/test_key/ed25519/ca1.cert.der b/test_key/ed25519/ca1.cert.der new file mode 100644 index 0000000..7daa532 Binary files /dev/null and b/test_key/ed25519/ca1.cert.der differ diff --git a/test_key/ed25519/ca1.key b/test_key/ed25519/ca1.key new file mode 100644 index 0000000..a94f9b4 --- /dev/null +++ b/test_key/ed25519/ca1.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIMqC7CUNGhKxWq1wVIvb+LABu3DasnyhfPA97LIxFgWf +-----END PRIVATE KEY----- diff --git a/test_key/ed25519/ca1.key.der b/test_key/ed25519/ca1.key.der new file mode 100644 index 0000000..886b5e7 Binary files /dev/null and b/test_key/ed25519/ca1.key.der differ diff --git a/test_key/ed25519/end_requester.cert b/test_key/ed25519/end_requester.cert new file mode 100644 index 0000000..1e3cfbf --- /dev/null +++ b/test_key/ed25519/end_requester.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxzCCAXmgAwIBAgIBAjAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDAzMDU1ODQ2WhcNMzMw +MzMxMDU1ODQ2WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXF1 +c2V0ZXIgY2VydDAqMAUGAytlcAMhADjnojGa7B7QQQT168sTPoYvoNdUwgV4df7f +VVsOzj7Co4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBQduJlppkStwr6JLHFIaPFGuq2mPjAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGg +GAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcD +AQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIIS +AjAFBgMrZXADQQDgMT0qFl13owbdikYpr3MQ1h6oLsbu4p9yVYXhVw1rRy150HwU +jRBg3iXg/ppKmjNZFoNGTKesDPvoXyFsR+wB +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_requester.cert.der b/test_key/ed25519/end_requester.cert.der new file mode 100644 index 0000000..4c6cd9f Binary files /dev/null and b/test_key/ed25519/end_requester.cert.der differ diff --git a/test_key/ed25519/end_requester.key b/test_key/ed25519/end_requester.key new file mode 100644 index 0000000..9658104 --- /dev/null +++ b/test_key/ed25519/end_requester.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIH5zHOLt5jVuixzjO3VuVoxlIfq3JGporyrdzeY+8oD4 +-----END PRIVATE KEY----- diff --git a/test_key/ed25519/end_requester.key.der b/test_key/ed25519/end_requester.key.der new file mode 100644 index 0000000..6eb4f85 Binary files /dev/null and b/test_key/ed25519/end_requester.key.der differ diff --git a/test_key/ed25519/end_requester.key.p8 b/test_key/ed25519/end_requester.key.p8 new file mode 100644 index 0000000..6eb4f85 Binary files /dev/null and b/test_key/ed25519/end_requester.key.p8 differ diff --git a/test_key/ed25519/end_requester.key.pub b/test_key/ed25519/end_requester.key.pub new file mode 100644 index 0000000..ee8a717 --- /dev/null +++ b/test_key/ed25519/end_requester.key.pub @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAOOeiMZrsHtBBBPXryxM+hi+g11TCBXh1/t9VWw7OPsI= +-----END PUBLIC KEY----- diff --git a/test_key/ed25519/end_requester.key.pub.der b/test_key/ed25519/end_requester.key.pub.der new file mode 100644 index 0000000..ef411e8 Binary files /dev/null and b/test_key/ed25519/end_requester.key.pub.der differ diff --git a/test_key/ed25519/end_requester.req b/test_key/ed25519/end_requester.req new file mode 100644 index 0000000..aba26f1 --- /dev/null +++ b/test_key/ed25519/end_requester.req @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIGtMGECAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIEVEMjU1MTkgcmVxdXNl +dGVyIGNlcnQwKjAFBgMrZXADIQA456Ixmuwe0EEE9evLEz6GL6DXVMIFeHX+31Vb +Ds4+wqAAMAUGAytlcANBAHBSDxu599BTl1AAmRe0sTgwXbRnftDBnBzJq60W0hAB +k+exPivBmFwJmgFZjiVRmzxa1bFwfoPrTnBt5bwG4QA= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed25519/end_requester1.cert b/test_key/ed25519/end_requester1.cert new file mode 100644 index 0000000..07ef1db --- /dev/null +++ b/test_key/ed25519/end_requester1.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxzCCAXmgAwIBAgIBAjAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDAzMDU1OTAyWhcNMzMw +MzMxMDU1OTAyWjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXF1 +c2V0ZXIgY2VydDAqMAUGAytlcAMhADjnojGa7B7QQQT168sTPoYvoNdUwgV4df7f +VVsOzj7Co4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBQduJlppkStwr6JLHFIaPFGuq2mPjAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGg +GAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcD +AQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIIS +AjAFBgMrZXADQQAOIYD8GqtZKaPFBqSRMIx92DXBh9Z2lLpC+Z1w0eizWIta5Hci +wikApI8NXDcVr0gTXqUOYxRbvUSMPLJH11UE +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_requester1.cert.der b/test_key/ed25519/end_requester1.cert.der new file mode 100644 index 0000000..88b5175 Binary files /dev/null and b/test_key/ed25519/end_requester1.cert.der differ diff --git a/test_key/ed25519/end_requester_with_spdm_req_eku.cert b/test_key/ed25519/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..8cbfb11 --- /dev/null +++ b/test_key/ed25519/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgjCCATSgAwIBAgIBBTAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTA4WhcNMzMw +NDE3MDEyMTA4WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXF1 +c2V0ZXIgY2VydDAqMAUGAytlcAMhADjnojGa7B7QQQT168sTPoYvoNdUwgV4df7f +VVsOzj7Co3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU +HbiZaaZErcK+iSxxSGjxRrqtpj4wNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsG +AQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISBDAFBgMrZXADQQBrjyykDYEsNK30 +7YOmyjnnZKN+GDroihITrkF3LaP+dw9sswpXgtRlxC4M6D4EIL/wcGwdwcoWaPn6 +qIpPwTwC +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_requester_with_spdm_req_eku.cert.der b/test_key/ed25519/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..a9ee68e Binary files /dev/null and b/test_key/ed25519/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert b/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..e4fc533 --- /dev/null +++ b/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBjzCCAUGgAwIBAgIBBDAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTA1WhcNMzMw +NDE3MDEyMTA1WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXF1 +c2V0ZXIgY2VydDAqMAUGAytlcAMhADjnojGa7B7QQQT168sTPoYvoNdUwgV4df7f +VVsOzj7Co4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE +FB24mWmmRK3CvokscUho8Ua6raY+MEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwBQYDK2Vw +A0EAD9LcTi/XDQKpzMl2SrudtBLiMHGI977/aq9KC5C2cLyasven8mBC7LQh5zUQ +vybPcVlK0SI/xzk2J0oS8S2mDg== +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..27f8462 Binary files /dev/null and b/test_key/ed25519/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert b/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..6b34a03 --- /dev/null +++ b/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgjCCATSgAwIBAgIBBjAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTExWhcNMzMw +NDE3MDEyMTExWjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXF1 +c2V0ZXIgY2VydDAqMAUGAytlcAMhADjnojGa7B7QQQT168sTPoYvoNdUwgV4df7f +VVsOzj7Co3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU +HbiZaaZErcK+iSxxSGjxRrqtpj4wNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsG +AQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAzAFBgMrZXADQQCb37Sq41xxjhRs +/l1RYisLNTlMRWo2pI9hlueVf7tyuULUdUxxm8YzYJVR1OF5IeqbMFSBp/G5GTPW +yFN0c74K +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert.der b/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..e56034d Binary files /dev/null and b/test_key/ed25519/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ed25519/end_responder.cert b/test_key/ed25519/end_responder.cert new file mode 100644 index 0000000..88e457b --- /dev/null +++ b/test_key/ed25519/end_responder.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxzCCAXmgAwIBAgIBAzAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDAzMDU1ODQ3WhcNMzMw +MzMxMDU1ODQ3WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBQc591+8B4cWkdsZmFZPxHnFAQ0HDAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGg +GAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcD +AQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIIS +AjAFBgMrZXADQQA9ipGS3kWB0jz8h0QB129kVNe6Q9k+Qkka4fsurWZN8pBFl5w3 +HCV0EN/FWDY95MPDeqrTe5Z9KbNSaxF+s2UK +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder.cert.der b/test_key/ed25519/end_responder.cert.der new file mode 100644 index 0000000..0d92e8f Binary files /dev/null and b/test_key/ed25519/end_responder.cert.der differ diff --git a/test_key/ed25519/end_responder.key b/test_key/ed25519/end_responder.key new file mode 100644 index 0000000..0066a0e --- /dev/null +++ b/test_key/ed25519/end_responder.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIAmmcJPmBWdpqvn4z3Z36Jbu/vA05z3YSdqEPTZUBGJO +-----END PRIVATE KEY----- diff --git a/test_key/ed25519/end_responder.key.der b/test_key/ed25519/end_responder.key.der new file mode 100644 index 0000000..db2a97e Binary files /dev/null and b/test_key/ed25519/end_responder.key.der differ diff --git a/test_key/ed25519/end_responder.key.p8 b/test_key/ed25519/end_responder.key.p8 new file mode 100644 index 0000000..db2a97e Binary files /dev/null and b/test_key/ed25519/end_responder.key.p8 differ diff --git a/test_key/ed25519/end_responder.key.pub b/test_key/ed25519/end_responder.key.pub new file mode 100644 index 0000000..6b0de99 --- /dev/null +++ b/test_key/ed25519/end_responder.key.pub @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEA+qS5N22gfY0mur46ELCmGDwbUC2p//RHDZVGn2Oo0Gk= +-----END PUBLIC KEY----- diff --git a/test_key/ed25519/end_responder.key.pub.der b/test_key/ed25519/end_responder.key.pub.der new file mode 100644 index 0000000..ecd1f78 Binary files /dev/null and b/test_key/ed25519/end_responder.key.pub.der differ diff --git a/test_key/ed25519/end_responder.req b/test_key/ed25519/end_responder.req new file mode 100644 index 0000000..345fece --- /dev/null +++ b/test_key/ed25519/end_responder.req @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIGtMGECAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIEVEMjU1MTkgcmVzcG9u +ZGVyIGNlcnQwKjAFBgMrZXADIQD6pLk3baB9jSa6vjoQsKYYPBtQLan/9EcNlUaf +Y6jQaaAAMAUGAytlcANBANiIXambOwDGW7NwSlq2avMO7SajrOeFC3px7GlQIa/r +W9ZRzjT1rNbYOKjI3YzGRSnI+T277RDd66GGsOEPhgc= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed25519/end_responder1.cert b/test_key/ed25519/end_responder1.cert new file mode 100644 index 0000000..d08c20b --- /dev/null +++ b/test_key/ed25519/end_responder1.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxzCCAXmgAwIBAgIBAzAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDAzMDU1OTAyWhcNMzMw +MzMxMDU1OTAyWjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQW +BBQc591+8B4cWkdsZmFZPxHnFAQ0HDAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGg +GAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcD +AQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIIS +AjAFBgMrZXADQQA+uKCTWfDMgU4WJBI0UYSgGPc6ld7gwhIYUveo5ch5pEQfEBjc +9vNmZUkj43X0wNXZYw9n5+Z/S8oU4skPhCEG +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder1.cert.der b/test_key/ed25519/end_responder1.cert.der new file mode 100644 index 0000000..bc9cec3 Binary files /dev/null and b/test_key/ed25519/end_responder1.cert.der differ diff --git a/test_key/ed25519/end_responder_alias.cert b/test_key/ed25519/end_responder_alias.cert new file mode 100644 index 0000000..c30a2be --- /dev/null +++ b/test_key/ed25519/end_responder_alias.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBrjCCAWCgAwIBAgIBAzAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNjA2MDgyNTMxWhcNMzMw +NjAzMDgyNTMxWjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo4GfMIGcMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgXgMB0GA1Ud +DgQWBBQc591+8B4cWkdsZmFZPxHnFAQ0HDAxBgNVHREEKjAooCYGCisGAQQBgxyC +EgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEF +BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMAUGAytlcANBAM2uJlUUDZgr1JemZxpE +xhxusOubR9yVZZiHG2HYdL4LvWNefb2ebQscjMyAkPilBvKkloJ04TUWavMZ7vlq +BgA= +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder_alias.cert.der b/test_key/ed25519/end_responder_alias.cert.der new file mode 100644 index 0000000..5e559e1 Binary files /dev/null and b/test_key/ed25519/end_responder_alias.cert.der differ diff --git a/test_key/ed25519/end_responder_with_spdm_req_eku.cert b/test_key/ed25519/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..24373bd --- /dev/null +++ b/test_key/ed25519/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgjCCATSgAwIBAgIBCDAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTI0WhcNMzMw +NDE3MDEyMTI0WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU +HOfdfvAeHFpHbGZhWT8R5xQENBwwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsG +AQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISBDAFBgMrZXADQQDTAqmHzZgsndaY +2PTmzcrQc/x/9G0IDuX/7pBM4m8/z1VbzazguB/N2v2Vh/znq8bOhqJKp76X3ssp +BgM7UisJ +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder_with_spdm_req_eku.cert.der b/test_key/ed25519/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..72f87b4 Binary files /dev/null and b/test_key/ed25519/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert b/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..3f94b98 --- /dev/null +++ b/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBjzCCAUGgAwIBAgIBBzAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTIxWhcNMzMw +NDE3MDEyMTIxWjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE +FBzn3X7wHhxaR2xmYVk/EecUBDQcMEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwBQYDK2Vw +A0EAzPmKXm5xBjgIH4xccYg4NE/pSFXDblhaWGZtsksUWu/oEgp7dFfTto1B3MaJ +Th4nf+VQzgSka/sUDZeuYXiNDw== +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..0306fe7 Binary files /dev/null and b/test_key/ed25519/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert b/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..01e8123 --- /dev/null +++ b/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgjCCATSgAwIBAgIBCTAFBgMrZXAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRt +IEVEMjU1MTkgaW50ZXJtZWRpYXRlIGNlcnQwHhcNMjMwNDIwMDEyMTI2WhcNMzMw +NDE3MDEyMTI2WjAuMSwwKgYDVQQDDCNETVRGIGxpYnNwZG0gRUQyNTUxOSByZXNw +b25kZXIgY2VydDAqMAUGAytlcAMhAPqkuTdtoH2NJrq+OhCwphg8G1Atqf/0Rw2V +Rp9jqNBpo3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU +HOfdfvAeHFpHbGZhWT8R5xQENBwwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsG +AQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAzAFBgMrZXADQQBkbRN6e0IGXkpM +JN9aatsr4lFi6QAVB3L7+paF6maCChatDHtkZ2WFhrw7eY7KPadiLYNwydDqGPua +ri2HDZQD +-----END CERTIFICATE----- diff --git a/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert.der b/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..eef4203 Binary files /dev/null and b/test_key/ed25519/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ed25519/inter.cert b/test_key/ed25519/inter.cert new file mode 100644 index 0000000..a55c299 --- /dev/null +++ b/test_key/ed25519/inter.cert @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBYDCCARKgAwIBAgIBATAFBgMrZXAwIjEgMB4GA1UEAwwXRE1URiBsaWJzcGRt +IEVEMjU1MTkgQ0EwHhcNMjMwNDAzMDU1ODQ2WhcNMzMwMzMxMDU1ODQ2WjAxMS8w +LQYDVQQDDCZETVRGIGxpYnNwZG0gRUQyNTUxOSBpbnRlcm1lZGlhdGUgY2VydDAq +MAUGAytlcAMhACiLs8xCNeS39WyYBCJHSgqYas+GZFfgZ0vhfLGp2AMgo14wXDAM +BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUiKf1605EX2PbhFg2 +0xNEvjzqfLgwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAUGAytl +cANBABRsfiJup8ZJJnWxOw5gbXtJCtmDRxz6EIv1QQgHQnDDokLd64JKu84P3TqF +bloqmB12wWUGQrlNhFLdrC1idgQ= +-----END CERTIFICATE----- diff --git a/test_key/ed25519/inter.cert.der b/test_key/ed25519/inter.cert.der new file mode 100644 index 0000000..8acd0e3 Binary files /dev/null and b/test_key/ed25519/inter.cert.der differ diff --git a/test_key/ed25519/inter.key b/test_key/ed25519/inter.key new file mode 100644 index 0000000..3d61f20 --- /dev/null +++ b/test_key/ed25519/inter.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEID2U0Q3toaZotFc6+ar8dhxvBSRJcARzVoI18I+uLOZH +-----END PRIVATE KEY----- diff --git a/test_key/ed25519/inter.req b/test_key/ed25519/inter.req new file mode 100644 index 0000000..ff761d5 --- /dev/null +++ b/test_key/ed25519/inter.req @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIGwMGQCAQAwMTEvMC0GA1UEAwwmRE1URiBsaWJzcGRtIEVEMjU1MTkgaW50ZXJt +ZWRpYXRlIGNlcnQwKjAFBgMrZXADIQAoi7PMQjXkt/VsmAQiR0oKmGrPhmRX4GdL +4XyxqdgDIKAAMAUGAytlcANBADdZjb69bK6YmcZfLLZETxnY52avIA09b+fiGgZV +r9MWbUP9OZH8zQpe7ob15zxOLPMWA+ixQ8Bg8QheZhhfyQA= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed25519/inter1.cert b/test_key/ed25519/inter1.cert new file mode 100644 index 0000000..5ad75d4 --- /dev/null +++ b/test_key/ed25519/inter1.cert @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBYDCCARKgAwIBAgIBATAFBgMrZXAwIjEgMB4GA1UEAwwXRE1URiBsaWJzcGRt +IEVEMjU1MTkgQ0EwHhcNMjMwNDAzMDU1OTAxWhcNMzMwMzMxMDU1OTAxWjAxMS8w +LQYDVQQDDCZETVRGIGxpYnNwZG0gRUQyNTUxOSBpbnRlcm1lZGlhdGUgY2VydDAq +MAUGAytlcAMhACiLs8xCNeS39WyYBCJHSgqYas+GZFfgZ0vhfLGp2AMgo14wXDAM +BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUiKf1605EX2PbhFg2 +0xNEvjzqfLgwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAUGAytl +cANBAIgHw6En+kkT1xLtHbLg3JkA6mC/mYvAwsU9wJ2/Cj8xFHf7s5J68BZ/WM6a +OGbzZJLLGWPsyroF+pPI4W5UewE= +-----END CERTIFICATE----- diff --git a/test_key/ed25519/inter1.cert.der b/test_key/ed25519/inter1.cert.der new file mode 100644 index 0000000..de28f8f Binary files /dev/null and b/test_key/ed25519/inter1.cert.der differ diff --git a/test_key/ed448/bundle_requester.certchain.der b/test_key/ed448/bundle_requester.certchain.der new file mode 100644 index 0000000..9944473 Binary files /dev/null and b/test_key/ed448/bundle_requester.certchain.der differ diff --git a/test_key/ed448/bundle_requester.certchain1.der b/test_key/ed448/bundle_requester.certchain1.der new file mode 100644 index 0000000..8ce0a6a Binary files /dev/null and b/test_key/ed448/bundle_requester.certchain1.der differ diff --git a/test_key/ed448/bundle_responder.certchain.der b/test_key/ed448/bundle_responder.certchain.der new file mode 100644 index 0000000..20b2aa7 Binary files /dev/null and b/test_key/ed448/bundle_responder.certchain.der differ diff --git a/test_key/ed448/bundle_responder.certchain1.der b/test_key/ed448/bundle_responder.certchain1.der new file mode 100644 index 0000000..67b266d Binary files /dev/null and b/test_key/ed448/bundle_responder.certchain1.der differ diff --git a/test_key/ed448/bundle_responder.certchain_alias.der b/test_key/ed448/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..a5bb0c3 Binary files /dev/null and b/test_key/ed448/bundle_responder.certchain_alias.der differ diff --git a/test_key/ed448/ca.cert b/test_key/ed448/ca.cert new file mode 100644 index 0000000..84658df --- /dev/null +++ b/test_key/ed448/ca.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoDCCASCgAwIBAgIUGLSeHGorNoEo/OeIi9vZbFSZoscwBQYDK2VxMCAxHjAc +BgNVBAMMFURNVEYgbGlic3BkbSBFRDQ0OCBDQTAeFw0yMzA0MDMwNTU4MTBaFw0z +MzAzMzEwNTU4MTBaMCAxHjAcBgNVBAMMFURNVEYgbGlic3BkbSBFRDQ0OCBDQTBD +MAUGAytlcQM6AFYC7HwrDw9Qc8hkk0sLKuQRICXZa/Odc9wsh3nGPSvzCCn2yPwI +ybLo3fAgIr3mwddegoDX7x3GgKNTMFEwHQYDVR0OBBYEFKxvmix6XhrOa7Gb6+6d +r3ANogrLMB8GA1UdIwQYMBaAFKxvmix6XhrOa7Gb6+6dr3ANogrLMA8GA1UdEwEB +/wQFMAMBAf8wBQYDK2VxA3MAagqU1i+nIPgxvjjRJt+08NQpjyINmciUlHB0Ezvy +dmTG3GPil7NBu1UmeezRmq7gyr/1BaPI/F8Athwp3vQl57CzjInRlC3oX8lb/mJI +gB3z1jCbOog0u4mlSn8BUYHAz2LAJytKRzomfCbfMBrQ+TIA +-----END CERTIFICATE----- diff --git a/test_key/ed448/ca.cert.der b/test_key/ed448/ca.cert.der new file mode 100644 index 0000000..2f47ae0 Binary files /dev/null and b/test_key/ed448/ca.cert.der differ diff --git a/test_key/ed448/ca.key b/test_key/ed448/ca.key new file mode 100644 index 0000000..ae614f8 --- /dev/null +++ b/test_key/ed448/ca.key @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOdwR8hzwNqAd09VjF7nBee/BPLIp1tEKtl9ygRB4tdxj +TrIki1KPOXoj1xOrxZDgAOgKaZX42GIhjA== +-----END PRIVATE KEY----- diff --git a/test_key/ed448/ca1.cert b/test_key/ed448/ca1.cert new file mode 100644 index 0000000..04ef85b --- /dev/null +++ b/test_key/ed448/ca1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBoDCCASCgAwIBAgIUVBU/CaKh1Lalkh2zd//Y2Cafy1wwBQYDK2VxMCAxHjAc +BgNVBAMMFURNVEYgbGlic3BkbSBFRDQ0OCBDQTAeFw0yMzA0MDMwNTU4MjNaFw0z +MzAzMzEwNTU4MjNaMCAxHjAcBgNVBAMMFURNVEYgbGlic3BkbSBFRDQ0OCBDQTBD +MAUGAytlcQM6AJtHyLFnb7hIvW1inH/+Hj/TaH7i/HTMFdAAVabAw9vV/fgE+iMg +zOrkxVJOBkHSg59emmFA5NQAAKNTMFEwHQYDVR0OBBYEFLmP8fgt9YiCw05tzY3N +I72BX8j7MB8GA1UdIwQYMBaAFLmP8fgt9YiCw05tzY3NI72BX8j7MA8GA1UdEwEB +/wQFMAMBAf8wBQYDK2VxA3MALXW9AyAw6CeAtDKeiSk0E+U0E2348UF8gjvc4LX7 +l6sPrCBSCzkWssGmRCujMWcojGuq5OJQUiSAEAgvQC/DQdBdbXHw30oiqs3GzL5m +0lDT4TIMYgBSe/BFCl1ZRbfpPn+prP1a2FMWSMNdV9PJajQA +-----END CERTIFICATE----- diff --git a/test_key/ed448/ca1.cert.der b/test_key/ed448/ca1.cert.der new file mode 100644 index 0000000..58a1095 Binary files /dev/null and b/test_key/ed448/ca1.cert.der differ diff --git a/test_key/ed448/ca1.key b/test_key/ed448/ca1.key new file mode 100644 index 0000000..c84fea2 --- /dev/null +++ b/test_key/ed448/ca1.key @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOQkZ/L7PCdGXbkDODVEg6G/Zit5f0Jp4T1ltmg40+u4S +AbVw2d2tZSwaVLSgXT8gpA/kwz/buiweSg== +-----END PRIVATE KEY----- diff --git a/test_key/ed448/ca1.key.der b/test_key/ed448/ca1.key.der new file mode 100644 index 0000000..e1d7038 Binary files /dev/null and b/test_key/ed448/ca1.key.der differ diff --git a/test_key/ed448/end_requester.cert b/test_key/ed448/end_requester.cert new file mode 100644 index 0000000..1ce775f --- /dev/null +++ b/test_key/ed448/end_requester.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICDjCCAY6gAwIBAgIBAjAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTgxMFoXDTMzMDMz +MTA1NTgxMFowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAo4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTp7SydfCsJvzjfXaE50+3CZrWiejAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAFBgMrZXEDcwBlhuwRsvb1xaj3tWHz1IxP +1xaVgRZILkhgK/9Jf//EICh2TUm99m670WzEKDIWNT+9KXx+PFsfUYAIXeYSjrSv +WJInOChdpNxppm4DguS7bdcMr2rzE3eiDFdWNnOXtyU7IDz1jTkaUABfVK/wQx3Z +EAA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_requester.cert.der b/test_key/ed448/end_requester.cert.der new file mode 100644 index 0000000..f7563a2 Binary files /dev/null and b/test_key/ed448/end_requester.cert.der differ diff --git a/test_key/ed448/end_requester.key b/test_key/ed448/end_requester.key new file mode 100644 index 0000000..11189d3 --- /dev/null +++ b/test_key/ed448/end_requester.key @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOcwlqZ7H59rzPLDkIksKJknGvK45rGhrc3AWtK8x9XC0 +jNaAdnz7h5isaJAVHEnWVx5Zw6HmemSE0g== +-----END PRIVATE KEY----- diff --git a/test_key/ed448/end_requester.key.der b/test_key/ed448/end_requester.key.der new file mode 100644 index 0000000..a7e06f0 Binary files /dev/null and b/test_key/ed448/end_requester.key.der differ diff --git a/test_key/ed448/end_requester.key.p8 b/test_key/ed448/end_requester.key.p8 new file mode 100644 index 0000000..e69de29 diff --git a/test_key/ed448/end_requester.key.pub b/test_key/ed448/end_requester.key.pub new file mode 100644 index 0000000..30177d9 --- /dev/null +++ b/test_key/ed448/end_requester.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQan1VrRhCr +72H2sTB6IlK7gvCqKG365137P6mA +-----END PUBLIC KEY----- diff --git a/test_key/ed448/end_requester.key.pub.der b/test_key/ed448/end_requester.key.pub.der new file mode 100644 index 0000000..7f21f35 Binary files /dev/null and b/test_key/ed448/end_requester.key.pub.der differ diff --git a/test_key/ed448/end_requester.req b/test_key/ed448/end_requester.req new file mode 100644 index 0000000..3956063 --- /dev/null +++ b/test_key/ed448/end_requester.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIH2MHgCAQAwLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAoAAwBQYDK2VxA3MAYarxDv1knP8C +p/0lhgWVXJe5Ev13szC4ArkkazDzdmvfZtE2voWZuFdIzJ0+Rli0r/+uxYiaDswA +6NFNVbrXtAeRufmmy2SqfZSZrnAhjmqs26J+usEsy11lnZ/Lxiol7udzmn8NMDQG +x6f5HfRmghcA +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed448/end_requester1.cert b/test_key/ed448/end_requester1.cert new file mode 100644 index 0000000..934ac8a --- /dev/null +++ b/test_key/ed448/end_requester1.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICDjCCAY6gAwIBAgIBAjAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTgyM1oXDTMzMDMz +MTA1NTgyM1owLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAo4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTp7SydfCsJvzjfXaE50+3CZrWiejAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAFBgMrZXEDcwArrblsnOpzlMdYF/x0ah9G +qdYMb8KJTQoTbnJb7o3xmnvFo9TdKlvNLoSaVCvOaS8tLAvdol8k34APSAC6sSRi +TVWUcvOz+7Of2MLfCiu1UST2XM0r7NpaQZb+copxtKFRUoOQkH4EHpDh7XlyHmw9 +LgA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_requester1.cert.der b/test_key/ed448/end_requester1.cert.der new file mode 100644 index 0000000..8166552 Binary files /dev/null and b/test_key/ed448/end_requester1.cert.der differ diff --git a/test_key/ed448/end_requester_with_spdm_req_eku.cert b/test_key/ed448/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..7fdf055 --- /dev/null +++ b/test_key/ed448/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCAUmgAwIBAgIBBTAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMwN1oXDTMzMDQx +NzAxMjMwN1owLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAo3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQU6e0snXwrCb84312hOdPtwma1onowNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +BDAFBgMrZXEDcwA09bfmLlKamtqxvMU+2IKe+JpSEKH7L/ect5FHgJ+QeY1vVyeq +pcnvz3rYd1B0bxWEvSAcbq0yAgAgiipkoX4LrWN22ITlvkH+Ui04UkiYU8f6+599 +fbzXKHa6s3GntU6yxmoeXo/H8cThyKD+1WnWEwA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_requester_with_spdm_req_eku.cert.der b/test_key/ed448/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..e515e57 Binary files /dev/null and b/test_key/ed448/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert b/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..d787c75 --- /dev/null +++ b/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAVagAwIBAgIBBDAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMwNFoXDTMzMDQx +NzAxMjMwNFowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAo4GAMH4wDAYDVR0TAQH/BAIwADAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOntLJ18Kwm/ON9doTnT7cJmtaJ6MEIGA1Ud +JQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyC +EgMGCisGAQQBgxyCEgQwBQYDK2VxA3MAs1cnIeAmoP4ePP5TVdKFWkm1UpgrmWVp +M7FUIdsqu1b2m6WNx7+FGtP/v6wv6NmnSPeKz57u59OAJXEPcPBrGZkM+DJGkv2b +DnSdOXI7OMTgyUgC+gMBNeMapAsaWzBNmmkvaqLa7KX/BRRL4a0pDwcA +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..e6c8047 Binary files /dev/null and b/test_key/ed448/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ed448/end_requester_with_spdm_rsp_eku.cert b/test_key/ed448/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..797c37e --- /dev/null +++ b/test_key/ed448/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCAUmgAwIBAgIBBjAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMxMFoXDTMzMDQx +NzAxMjMxMFowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlcXVzZXRl +ciBjZXJ0MEMwBQYDK2VxAzoAKShBdm4UXUvXFzKbCRa4zCTd/L5IB8QDQqabMkQa +n1VrRhCr72H2sTB6IlK7gvCqKG365137P6mAo3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQU6e0snXwrCb84312hOdPtwma1onowNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +AzAFBgMrZXEDcwDi7SpVKWxtx5xZMjxeG+AVwtdRFh2+SxYpK5bpbS1C8xh4YouA +4AFcBHDf+IMbsEsmRY/NgwXiywAr1bmPtZlSMHh7qCCto2uQKTJ/ynx9U714n+ws +z8LfgYSb2+saRx8vCQ4oUHCg8rj3W817PyueCQA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_requester_with_spdm_rsp_eku.cert.der b/test_key/ed448/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..8c995af Binary files /dev/null and b/test_key/ed448/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ed448/end_responder.cert b/test_key/ed448/end_responder.cert new file mode 100644 index 0000000..86f4f18 --- /dev/null +++ b/test_key/ed448/end_responder.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICDjCCAY6gAwIBAgIBAzAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTgxMFoXDTMzMDMz +MTA1NTgxMFowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRaQFWBtZE/VuArGZhVQTBmQFcIljAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAFBgMrZXEDcwAvRwpvaraxFe7ZfQQAPSAq +ONMqXvG8QbsxmBvnRZ5JKQV50BrtFvKVMQHYdpt3WIRxpVT2j6LXVgCjGuXZ1pRy +KLg18i7v/LO/D3ssRnRnKYMEu6Saewe9pvFYQg7i6HBDBALBqBRsV2o/HL9YrmHv +JQA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder.cert.der b/test_key/ed448/end_responder.cert.der new file mode 100644 index 0000000..b22436d Binary files /dev/null and b/test_key/ed448/end_responder.cert.der differ diff --git a/test_key/ed448/end_responder.key b/test_key/ed448/end_responder.key new file mode 100644 index 0000000..2ccfa90 --- /dev/null +++ b/test_key/ed448/end_responder.key @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOX9p2T8GstecQ9HzmsLnRM/pqniVDfzXhq2mLfyfziHw +G42ArRn4XhuUPWpuSWBhoz22UugKm4Y6gw== +-----END PRIVATE KEY----- diff --git a/test_key/ed448/end_responder.key.der b/test_key/ed448/end_responder.key.der new file mode 100644 index 0000000..731b401 Binary files /dev/null and b/test_key/ed448/end_responder.key.der differ diff --git a/test_key/ed448/end_responder.key.p8 b/test_key/ed448/end_responder.key.p8 new file mode 100644 index 0000000..731b401 Binary files /dev/null and b/test_key/ed448/end_responder.key.p8 differ diff --git a/test_key/ed448/end_responder.key.pub b/test_key/ed448/end_responder.key.pub new file mode 100644 index 0000000..bb7c969 --- /dev/null +++ b/test_key/ed448/end_responder.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl18z9TCMf9 +UtIdQGgZPxyHynC4TTFHxt8ZpquA +-----END PUBLIC KEY----- diff --git a/test_key/ed448/end_responder.key.pub.der b/test_key/ed448/end_responder.key.pub.der new file mode 100644 index 0000000..7fb271d Binary files /dev/null and b/test_key/ed448/end_responder.key.pub.der differ diff --git a/test_key/ed448/end_responder.req b/test_key/ed448/end_responder.req new file mode 100644 index 0000000..a028322 --- /dev/null +++ b/test_key/ed448/end_responder.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIH2MHgCAQAwLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAoAAwBQYDK2VxA3MAR+3ER2ABOYk5 +nQjMZwWtO9WwEjtHMKPq+jcUsSYNYi7YHiTOgAkluDJZmHoOtE+RNcXN7ne2agoA +YfZN/YoLshIHKc/8GnIW8MimOdHQLOr9jgF7yKdqnDeRFyNk4t+6/CaJumcKn3BB +HmwwhSMMQx8A +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed448/end_responder1.cert b/test_key/ed448/end_responder1.cert new file mode 100644 index 0000000..8a5fd1e --- /dev/null +++ b/test_key/ed448/end_responder1.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICDjCCAY6gAwIBAgIBAzAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTgyM1oXDTMzMDMz +MTA1NTgyM1owLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo4G4MIG1MAwGA1UdEwEB/wQCMAAw +CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRaQFWBtZE/VuArGZhVQTBmQFcIljAxBgNV +HREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAq +BgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisG +AQQBgxyCEgYEDAYKKwYBBAGDHIISAjAFBgMrZXEDcwAihbda5+69gV8LwW5GWrXU +Ra/+davEwyssoCek2lp5eLnwNvboMdgqBszKv0MzwDrWLwXmoA1eUoCXOUgzIu6Z +smOlS94z4wgyKGpwQsn3/H0lbwM6xhLaTBLSncm74qGzzjMjTawKTXwpdH8KsN8N +DwA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder1.cert.der b/test_key/ed448/end_responder1.cert.der new file mode 100644 index 0000000..f04264e Binary files /dev/null and b/test_key/ed448/end_responder1.cert.der differ diff --git a/test_key/ed448/end_responder_alias.cert b/test_key/ed448/end_responder_alias.cert new file mode 100644 index 0000000..6ea1898 --- /dev/null +++ b/test_key/ed448/end_responder_alias.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAXWgAwIBAgIBAzAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjU0NVoXDTMzMDYw +MzA4MjU0NVowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo4GfMIGcMA8GA1UdEwEB/wQFMAMB +Af8wCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRaQFWBtZE/VuArGZhVQTBmQFcIljAx +BgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5 +MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMAUG +AytlcQNzAFFocVes/0b8YbfxF1TMhR2cfgxBmJgyqiQOCTfho35uiJjdcgJDJPsC +UzWhoMSuh7aImnAD/x1FgE4lVqMkVsPuSLZrzh+ndXhqWF45D3wcAKrHS/JDjmr8 +J8jnx9D2y4DvexYNzyfjkuiN4smSS1USAA== +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder_alias.cert.der b/test_key/ed448/end_responder_alias.cert.der new file mode 100644 index 0000000..2b6bd6a Binary files /dev/null and b/test_key/ed448/end_responder_alias.cert.der differ diff --git a/test_key/ed448/end_responder_with_spdm_req_eku.cert b/test_key/ed448/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..3bd89f8 --- /dev/null +++ b/test_key/ed448/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCAUmgAwIBAgIBCDAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMyMloXDTMzMDQx +NzAxMjMyMlowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQUWkBVgbWRP1bgKxmYVUEwZkBXCJYwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +BDAFBgMrZXEDcwAj/skwoDW4E+aJcg/f2npPbwyXQGF8zSnh2rf/zDsD/CfJs6r/ +5OdkbcwpMEn3StpFA8i+UJIfuICNB2driB/vVHf6F18UJxLjS6Kd3zVw5JuM6Up5 +rnYF0/bgSqPGOMqz06JamFojF3LzOJ+OD7gJLAA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder_with_spdm_req_eku.cert.der b/test_key/ed448/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..0d456b0 Binary files /dev/null and b/test_key/ed448/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert b/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..4489e81 --- /dev/null +++ b/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAVagAwIBAgIBBzAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMyMFoXDTMzMDQx +NzAxMjMyMFowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo4GAMH4wDAYDVR0TAQH/BAIwADAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFFpAVYG1kT9W4CsZmFVBMGZAVwiWMEIGA1Ud +JQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyC +EgMGCisGAQQBgxyCEgQwBQYDK2VxA3MAhuaeTCylFffGx0SM6huGgJZ48drsjzsT +jyTh0k9AqKIul+dkykPsXrCkUeIISCYblE9VeEPuciUALz1u12GKJY5YTO01z+SX +NEa3sgtAaHMixHB4sI+uVvgIIojK/Cez28W40XYcXhR2ci06C23xgycA +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..93f9cfc Binary files /dev/null and b/test_key/ed448/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/ed448/end_responder_with_spdm_rsp_eku.cert b/test_key/ed448/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..7164054 --- /dev/null +++ b/test_key/ed448/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByTCCAUmgAwIBAgIBCTAFBgMrZXEwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRt +IEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjMyNVoXDTMzMDQx +NzAxMjMyNVowLDEqMCgGA1UEAwwhRE1URiBsaWJzcGRtIEVENDQ4IHJlc3BvbmRl +ciBjZXJ0MEMwBQYDK2VxAzoA03tGMgFtEldmh9TpIP2p4PI8bEccxI3KQKIuhnl1 +8z9TCMf9UtIdQGgZPxyHynC4TTFHxt8ZpquAo3QwcjAMBgNVHRMBAf8EAjAAMAsG +A1UdDwQEAwIF4DAdBgNVHQ4EFgQUWkBVgbWRP1bgKxmYVUEwZkBXCJYwNgYDVR0l +AQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYBBAGDHIIS +AzAFBgMrZXEDcwCAHRqTgDLvDo0oj6WirPElxPiqfYOXvkGnLg4g3Stn4IMWHQl4 +Shhh3koRZ4aT1w68eo4ayavNG4BqUnJ7P5dRvqYcL4CxaaI1AqktJPwFbp0eb3kt +fqXkdXbKUFHRpBJXJz9hFj3bhkqv/aQ8YkBOEwA= +-----END CERTIFICATE----- diff --git a/test_key/ed448/end_responder_with_spdm_rsp_eku.cert.der b/test_key/ed448/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..1d6705e Binary files /dev/null and b/test_key/ed448/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/ed448/inter.cert b/test_key/ed448/inter.cert new file mode 100644 index 0000000..a625164 --- /dev/null +++ b/test_key/ed448/inter.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCASegAwIBAgIBATAFBgMrZXEwIDEeMBwGA1UEAwwVRE1URiBsaWJzcGRt +IEVENDQ4IENBMB4XDTIzMDQwMzA1NTgxMFoXDTMzMDMzMTA1NTgxMFowLzEtMCsG +A1UEAwwkRE1URiBsaWJzcGRtIEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MEMwBQYD +K2VxAzoAjCjEvUTJkRyPV5JX4+qBPGbZvTX5nFn7Fu24qe11GXxBxKtAJobZ/aR0 +W8LGrHrukLbFfZLQoHiAo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAd +BgNVHQ4EFgQUVkQcZ3pEDTVb/maeISo8zH6xEGIwIAYDVR0lAQH/BBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMAUGAytlcQNzAOID3MjFjmg+sxSrjCHORk9MRarKOXqw +9GT2jge/mHQDnzZNc+xmcal4kTd4jL+VvVJzyvb4FMERgEl+Kybin2WkxienOXy1 +zT8Xv0HkwTaMKuUAlOoNfHk12tSRyA1c2v/mjOL63PfGKTXZw0+ctjwYAA== +-----END CERTIFICATE----- diff --git a/test_key/ed448/inter.cert.der b/test_key/ed448/inter.cert.der new file mode 100644 index 0000000..6955ae5 Binary files /dev/null and b/test_key/ed448/inter.cert.der differ diff --git a/test_key/ed448/inter.key b/test_key/ed448/inter.key new file mode 100644 index 0000000..8a62c49 --- /dev/null +++ b/test_key/ed448/inter.key @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOSS01sHC1TWpZC6VZXFeZDw4EGNP+cS9gGCMQk5FJd2F +LA3YS3dhc5uJF0jV7qbRsgyJlTB4ryuzHQ== +-----END PRIVATE KEY----- diff --git a/test_key/ed448/inter.req b/test_key/ed448/inter.req new file mode 100644 index 0000000..4bac182 --- /dev/null +++ b/test_key/ed448/inter.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIH5MHsCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIEVENDQ4IGludGVybWVk +aWF0ZSBjZXJ0MEMwBQYDK2VxAzoAjCjEvUTJkRyPV5JX4+qBPGbZvTX5nFn7Fu24 +qe11GXxBxKtAJobZ/aR0W8LGrHrukLbFfZLQoHiAoAAwBQYDK2VxA3MA8gi6ufYQ +P9GNKOfXb91u3vms4FXUTh0tCm12OalJncAqLVcnnrRZNZd6CqWdY91wR6MXNN+3 +zxEAWsBVoETlK6j1YGAEVpyOhwJF/z93Ro4Nn7foktB0jWiA6hbEBr71dMoWKrZE +GT8HkOGfpzDAtyUA +-----END CERTIFICATE REQUEST----- diff --git a/test_key/ed448/inter1.cert b/test_key/ed448/inter1.cert new file mode 100644 index 0000000..95f22ad --- /dev/null +++ b/test_key/ed448/inter1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCASegAwIBAgIBATAFBgMrZXEwIDEeMBwGA1UEAwwVRE1URiBsaWJzcGRt +IEVENDQ4IENBMB4XDTIzMDQwMzA1NTgyM1oXDTMzMDMzMTA1NTgyM1owLzEtMCsG +A1UEAwwkRE1URiBsaWJzcGRtIEVENDQ4IGludGVybWVkaWF0ZSBjZXJ0MEMwBQYD +K2VxAzoAjCjEvUTJkRyPV5JX4+qBPGbZvTX5nFn7Fu24qe11GXxBxKtAJobZ/aR0 +W8LGrHrukLbFfZLQoHiAo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAd +BgNVHQ4EFgQUVkQcZ3pEDTVb/maeISo8zH6xEGIwIAYDVR0lAQH/BBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMAUGAytlcQNzAMA2O3I3jlqMQyS1Qf7hy7paTOkFOD19 +qb1DPv+g74pl9lWExfugV4K7H0aGLTvO38u304nH1NeDAPt9+acQM6dEJsnA5CEQ +Mt+YhY4gVD/umOakdZ2Xqg69Jyz+Zqk8HTfpYiwsdv+A4Fo1B0qqJ9gNAA== +-----END CERTIFICATE----- diff --git a/test_key/ed448/inter1.cert.der b/test_key/ed448/inter1.cert.der new file mode 100644 index 0000000..588d386 Binary files /dev/null and b/test_key/ed448/inter1.cert.der differ diff --git a/test_key/long_chains/Shorter1024B_bundle_requester.certchain.der b/test_key/long_chains/Shorter1024B_bundle_requester.certchain.der new file mode 100644 index 0000000..43dfae6 Binary files /dev/null and b/test_key/long_chains/Shorter1024B_bundle_requester.certchain.der differ diff --git a/test_key/long_chains/Shorter1024B_bundle_responder.certchain.der b/test_key/long_chains/Shorter1024B_bundle_responder.certchain.der new file mode 100644 index 0000000..45da128 Binary files /dev/null and b/test_key/long_chains/Shorter1024B_bundle_responder.certchain.der differ diff --git a/test_key/long_chains/Shorter1024B_ca.cert b/test_key/long_chains/Shorter1024B_ca.cert new file mode 100644 index 0000000..0ca83cd --- /dev/null +++ b/test_key/long_chains/Shorter1024B_ca.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUDecCCyPvetJfImU8R1HxYLeM6WowCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWRE1URiBsaWJzcGRtIEVDUDI1NiBDQTAeFw0yMzA0MDUwNjUz +MTVaFw0zMzA0MDIwNjUzMTVaMCExHzAdBgNVBAMMFkRNVEYgbGlic3BkbSBFQ1Ay +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAStBDfRkmYa630Op3vseXb4 +fGsIMaifw/NVTT62hukeuBwvWi2nqhzjr/ExLvTJHO/GPWyi73BSH22H/C1PZgL0 +o1MwUTAdBgNVHQ4EFgQUcQkVzRDLz5dLW5m2tRTPPMkWPCYwHwYDVR0jBBgwFoAU +cQkVzRDLz5dLW5m2tRTPPMkWPCYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEA0ZGNJFSnyaUnFNYrSARok/Qshb3a/hmkufWbSJ3BSDgCIEz5VjXD +97ZfVdpjIrZdoRoq5x2e4hXAvKsO5JSEAZOS +-----END CERTIFICATE----- diff --git a/test_key/long_chains/Shorter1024B_ca.cert.der b/test_key/long_chains/Shorter1024B_ca.cert.der new file mode 100644 index 0000000..9972031 Binary files /dev/null and b/test_key/long_chains/Shorter1024B_ca.cert.der differ diff --git a/test_key/long_chains/Shorter1024B_ca.key b/test_key/long_chains/Shorter1024B_ca.key new file mode 100644 index 0000000..dd0d803 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_ca.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFlZDIM+HaeGIhF4o +BOMSANulH2OG3wsRQV7x1zHTQi2hRANCAAStBDfRkmYa630Op3vseXb4fGsIMaif +w/NVTT62hukeuBwvWi2nqhzjr/ExLvTJHO/GPWyi73BSH22H/C1PZgL0 +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/Shorter1024B_ca.key.der b/test_key/long_chains/Shorter1024B_ca.key.der new file mode 100644 index 0000000..1919543 Binary files /dev/null and b/test_key/long_chains/Shorter1024B_ca.key.der differ diff --git a/test_key/long_chains/Shorter1024B_end_requester.cert b/test_key/long_chains/Shorter1024B_end_requester.cert new file mode 100644 index 0000000..f6faf05 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_requester.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAZygAwIBAgIBAjAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMjU2IENBMB4XDTIzMDQwNTA2NTMxNVoXDTMzMDQwMjA2NTMxNVow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiByZXF1c2V0ZXIgY2VydDBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABEqKJJTkTF2zKTHcZJWt6aZUhXI3VWW/ +wC410I10TiRliv2z00o17/xY5f+g9X4chnFjaUHIlSmsFcvi6Wy4ZwCjgbgwgbUw +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFBERohq93MLkZxzw +TXnidh0AZFa7MDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdF +VDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYI +KwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoGCCqGSM49BAMC +A0cAMEQCIDQS+x+mMJK+Uvpseu+/u2nG8xeuPboWu7/qTIxL/3vYAiAxEdwiIrMQ +2MsJiAMxHawe4Ycozt5TgLpJKnKl2OWF9Q== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/Shorter1024B_end_requester.cert.der b/test_key/long_chains/Shorter1024B_end_requester.cert.der new file mode 100644 index 0000000..9742e06 Binary files /dev/null and b/test_key/long_chains/Shorter1024B_end_requester.cert.der differ diff --git a/test_key/long_chains/Shorter1024B_end_requester.key b/test_key/long_chains/Shorter1024B_end_requester.key new file mode 100644 index 0000000..8f55412 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_requester.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQFNc0iyQSzJZrx52 +qgYRvffXaTlso0ikutdrU2Z7mGGhRANCAARKiiSU5Exdsykx3GSVremmVIVyN1Vl +v8AuNdCNdE4kZYr9s9NKNe/8WOX/oPV+HIZxY2lByJUprBXL4ulsuGcA +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/Shorter1024B_end_requester.req b/test_key/long_chains/Shorter1024B_end_requester.req new file mode 100644 index 0000000..51e125c --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_requester.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHoMIGPAgEAMC0xKzApBgNVBAMMIkRNVEYgbGlic3BkbSBFQ1AyNTYgcmVxdXNl +dGVyIGNlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARKiiSU5Exdsykx3GSV +remmVIVyN1Vlv8AuNdCNdE4kZYr9s9NKNe/8WOX/oPV+HIZxY2lByJUprBXL4uls +uGcAoAAwCgYIKoZIzj0EAwIDSAAwRQIhANfEvY6r0GuvPb3X+wqUDveGYXNlcoWj +ETv3l7pNGjDgAiBkba+7bbUjdpaWtsYkfUj8vKyBolPfsMVIqBO07wmWGA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/Shorter1024B_end_responder.cert b/test_key/long_chains/Shorter1024B_end_responder.cert new file mode 100644 index 0000000..5c7ff28 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_responder.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAZygAwIBAgIBAzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZETVRGIGxp +YnNwZG0gRUNQMjU2IENBMB4XDTIzMDQwNTA2NTMxNVoXDTMzMDQwMjA2NTMxNVow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIEVDUDI1NiByZXNwb25kZXIgY2VydDBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABFDe/g3BHwuhFJxh5PB029bgy8EbHcXj +MKsasPBZzlh5tKUC0kop5rek5sHmYKKWo8+a+IDjQnB3p5ZW/gDdNxajgbgwgbUw +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFBZj7f/qyNHZUHQf +Gh2DznQvkdZcMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdF +VDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYI +KwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoGCCqGSM49BAMC +A0cAMEQCIFEyrKVkZEzyyoI4cXVrKp2BB6SzTihLWoXJgkMvK8aDAiAwFIZEz7t/ +yEXEWk5nXa7NmtsCjqVus9ql0kh1apWKtQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/Shorter1024B_end_responder.cert.der b/test_key/long_chains/Shorter1024B_end_responder.cert.der new file mode 100644 index 0000000..a0fb3fd Binary files /dev/null and b/test_key/long_chains/Shorter1024B_end_responder.cert.der differ diff --git a/test_key/long_chains/Shorter1024B_end_responder.key b/test_key/long_chains/Shorter1024B_end_responder.key new file mode 100644 index 0000000..a6307f1 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_responder.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGJvo12qJCy7FbNCc +9YE1GPGkGl8s1pVTY+VJDK3YnyShRANCAARQ3v4NwR8LoRScYeTwdNvW4MvBGx3F +4zCrGrDwWc5YebSlAtJKKea3pObB5mCilqPPmviA40Jwd6eWVv4A3TcW +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/Shorter1024B_end_responder.req b/test_key/long_chains/Shorter1024B_end_responder.req new file mode 100644 index 0000000..ffd2c0c --- /dev/null +++ b/test_key/long_chains/Shorter1024B_end_responder.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHpMIGPAgEAMC0xKzApBgNVBAMMIkRNVEYgbGlic3BkbSBFQ1AyNTYgcmVzcG9u +ZGVyIGNlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARQ3v4NwR8LoRScYeTw +dNvW4MvBGx3F4zCrGrDwWc5YebSlAtJKKea3pObB5mCilqPPmviA40Jwd6eWVv4A +3TcWoAAwCgYIKoZIzj0EAwIDSQAwRgIhAIzLQiPjxo5H6RxqTKRlFGBNBELzCC4n +pYjWFZ2FnDeqAiEAvNYcueOvsKzMMwAbttNnyA+d1/pVxhcaK/ynBCn0Hr0= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/Shorter1024B_param.pem b/test_key/long_chains/Shorter1024B_param.pem new file mode 100644 index 0000000..fa06ad1 --- /dev/null +++ b/test_key/long_chains/Shorter1024B_param.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- diff --git a/test_key/long_chains/ShorterMAXINT16_bundle_requester.certchain.der b/test_key/long_chains/ShorterMAXINT16_bundle_requester.certchain.der new file mode 100644 index 0000000..6a9dcf7 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_bundle_requester.certchain.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_bundle_responder.certchain.der b/test_key/long_chains/ShorterMAXINT16_bundle_responder.certchain.der new file mode 100644 index 0000000..c5470af Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_bundle_responder.certchain.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_ca.cert b/test_key/long_chains/ShorterMAXINT16_ca.cert new file mode 100644 index 0000000..caeb438 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUIhkwM32CyeJI9VMuAGyE/JzxGJUwDQYJKoZIhvcNAQEN +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDUwNzUx +MjJaFw0zMzA0MDIwNzUxMjJaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCRIPa1v8xVilSkALd +xTKX8EdE7wA3TQYnWMp5T58iwJ6CD9oMdPZNOdA+0Lj52aKdk4DkUBh8/0k9pmPr +j2W2H7h0dPTasD5bEP2LAng2ZPVFX67O+JvQJN+yrRX+8pOqAezh33PztZjaTyVg +IzHfHAowsiJWjRd9RBX2u0lVRkUNJAMlYBuNWt7dTDxCayrC13ruadA6LR2EJ0OL +zZJtqVW5jbC51D0+al8NgLc+BFiJRTLf93rnoicqI+7IfIlY31tMTsgBXd2aAeHr +DrF+MKdR8fqMyT3WLRapAEFMnMWohKufTQYcCsASpX/h2+tYVQGpuj67CJDO33jr +31Ny0GMmV9JMPS7pDNIl8WEiutpknhLLli8nyqHYy2YP2WB4gsshwFot/FsfRH6l ++aVAZNRHOc98t1YVI6ADlmqsM7hGgNje3KXzHq+vn2m0Lwbctpgxa3VqZenlvuj1 +jW7EUOjeOht+sDEUSM3lnUC812sfg7xowf+SJYPZE6yVJJEEuN2geFNw3duE38O2 +i/R5wQ2RxjKSaCaINcyssq03lVhlBLIP8B1ALaV7mDXW37agNRltEbAIVwE4BQgI +YitBYbaoXhDn9MuIW5zhbHrpiM0TMwM75Ho1ZI76EA5ovdUDZ5/73eAjuiCb9XYv +WwUPXhNDr8Q/2hebzbghJxKORwIDAQABo1MwUTAdBgNVHQ4EFgQUVpAt0ebM9q0B +AXxxkJqSgmCM7dEwHwYDVR0jBBgwFoAUVpAt0ebM9q0BAXxxkJqSgmCM7dEwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEATmzIbVoMuGUAHKEjWkXR +RpBdDrt3cfSjfzgalSKMrRuhdvPjORioGDhmN/xMEJ0ivxvSZRB/gttyJkKdlZ6z +JkTFMN7WaGZpb0AGSlUaR/pSHIzXh0ruJI9+tUPwZ25ShhoktKetiLIxiXXrU8mC +0xCp9cMAm3FX1Lvj5iu7AHnxLz0qQRyN6KwPhs7FACp+3+GYEQOsYCp8PevmWyOP +uY2YW/d5lJIkj0uq2gBuhLdbiyhq38HHib2X013ieQXYao46IUI7N+5wC+DiKjTU +MCHDyD3Gqz4qPF3YHPXTuS67Y5P1DPH6Qe7mZD3vaPE1f4TnjwcSrtWZbq9D0Q75 +FZoqjO29ZSMX/clIFJds+JMfrzVI64iBv33H1KsQc1yvpLhWLtZEl0zpviW+DOvk +ORj/bbD/H3QOy7f/WfjFzySy28sztMaUO4v3LyWKV34gwdj5+yc0FR3FxKayDA5G +YQDQcrvc52RTBaiE8e6Nw2V0eZXcA774O5jiq9dDZhHuLsGig54HU04PRYyJqivW +p5wbp6ykOYDd+P47N+RzE/wrSS6KpRjeXby1n6Gjjhj1W3nbUBQrMOzIeYp6vqay +yXEemySliymqZCPL57k3vZgyVDDMzmzldjgRaVWiT9QH163PoyiG5pkFXIvXqRJn +WwbyAw5EUYZwmuuTnl/TlRY= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_ca.cert.der b/test_key/long_chains/ShorterMAXINT16_ca.cert.der new file mode 100644 index 0000000..6cc24e0 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_ca.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_ca.key b/test_key/long_chains/ShorterMAXINT16_ca.key new file mode 100644 index 0000000..d86ef79 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCRIPa1v8xVilS +kALdxTKX8EdE7wA3TQYnWMp5T58iwJ6CD9oMdPZNOdA+0Lj52aKdk4DkUBh8/0k9 +pmPrj2W2H7h0dPTasD5bEP2LAng2ZPVFX67O+JvQJN+yrRX+8pOqAezh33PztZja +TyVgIzHfHAowsiJWjRd9RBX2u0lVRkUNJAMlYBuNWt7dTDxCayrC13ruadA6LR2E +J0OLzZJtqVW5jbC51D0+al8NgLc+BFiJRTLf93rnoicqI+7IfIlY31tMTsgBXd2a +AeHrDrF+MKdR8fqMyT3WLRapAEFMnMWohKufTQYcCsASpX/h2+tYVQGpuj67CJDO +33jr31Ny0GMmV9JMPS7pDNIl8WEiutpknhLLli8nyqHYy2YP2WB4gsshwFot/Fsf +RH6l+aVAZNRHOc98t1YVI6ADlmqsM7hGgNje3KXzHq+vn2m0Lwbctpgxa3VqZenl +vuj1jW7EUOjeOht+sDEUSM3lnUC812sfg7xowf+SJYPZE6yVJJEEuN2geFNw3duE +38O2i/R5wQ2RxjKSaCaINcyssq03lVhlBLIP8B1ALaV7mDXW37agNRltEbAIVwE4 +BQgIYitBYbaoXhDn9MuIW5zhbHrpiM0TMwM75Ho1ZI76EA5ovdUDZ5/73eAjuiCb +9XYvWwUPXhNDr8Q/2hebzbghJxKORwIDAQABAoICAHf5jFzojm3PwnFk0wBXOumu +0LT3zXBZt0UxhsnorGTwBHRaidVLnpkO7Vb93F8hU1ZxtBZMiPMZTggu7GKcCrqx +WF9Do7wzQC9JjOv+uHMPYpJXh0P3MXMYcraMQptTAHLsAXl1YMzQB/g7DOAUnEYn +sPtl5+L/+9O26sGX5LAvV5HH/dFlS16/EgglfsmeGah/H0KCQsDLAAGPph1+9cGX +5INVyCDbvH8BfnZ+WayJToxoGgVLd7H56KoTyvIyRziFqIK13LtLVwI3y2g5iNBg +B9WJ1ayA1Bmjeu0gZTOFVmS+mqclEHLdCMX7Q8Ee6neA+Cf0B63GmnfId4tkPsoE +AimE5ByvlcVNyhfnv4WV2YtSliqK09fmwoMMzZwIgWtVzzxCxULteHUMsQsH98dk +FyhDFFf3auhwcmmt7NOeyLmwLD2ix28kJEtIQasz1d00WrFIYiAwHFJmBbu7Uu6M +Gu8+gWiCX7C9dQxUBXiSgwkwsELZ5T6wAsCVlTyOIpO0dtibpYwrhLhUlNlaewKJ +Jvdqe/T7EtiYJxjoxvW+kHkOnwUY34Hk7d9MvyaOq+A0ZUEzLB7K3QAcRBPx3SUr +ITZ0zgyIrzqxtgq5vx+aLF9eFw/boGR/K1QXdN3VcurqwG05vYTcs+EUC2NQ2+JO +rJpr5n7hDgwH5N42mAxxAoIBAQDiB99jVuB/fSR8KOKlPeuRkCt2hCxStbBxpy3x +/dDOOYTtmG4u9HikRatzZV7zFw82DlGtMEvwvxNz4uFqlB8OID0x+BNImpLxu8xC +FLCr18bRDg9gTOfHobKg/s9/UUuWohitYocbcN8HWbc4p/0WPu/PwichDHqeUi7Y +woQ9sX8KmOoOGBRmRs7isBR6ymHsay4kRit2/YHIadt3juri5gi2lZMMss83XtlV +J2VufLP6ESEdcvXJLRBQ4ZvjIVQmBmCoJS1H+7DQ9cYbq6GIdVSHTM5nlvO6XsYk +ub7RRFQVzDkl/UUrXwSaqkMG9Mk0pa3tnt1A4aI5w2o06b/jAoIBAQDcBoMJSzoH +LQmS+t7eim6MIXHQP9fD6JFAS9TjzSnXXbo4MOEe9HQ3fQcyH9g3jomohuirha5r +AqJvchRkpX9FrB8pa+9SLmeAr+962fT+RngPXIgcQ9FzwwdlXI7EFSLQdJGzU5Uz +4AdUHTNVFsP61Y90D2KLE7M+KyV6V9FAI0B3KT4PD8hkGBiDDx4ODNovh0bEulLi +lqPqJ+Yq6hbfuFSlF8Vpekl3NQk+EcZGY+phyHeEroGQpqjAgg9NqJcfSWZF7SM1 +9znDf2UxjWDc/GOC4BjxYYDxf3xSzW0TO1UTcOm0cM/yBE8pOwU1pSiIIjI2Krsw +oGsp3dR2Rn1NAoIBAQDeUrwJbBSZka/naBe2TPd+T/5QLqWiHRAWWkg49F0D21PC +l+IY0WIwwk5nzNfd51qQ4vi3jv/DJ06s+Aac3GDHdjJ7CfV9vny2xO+eN9emzzDB +xECfikWY+JVJAhl6s63T1lDLilQ2S4k0I6yyT5oC3ZjoE6KFQU8Clvd5QartO78n +30yo3EqEZzVrh6I9PP+gmbPi/hoWijezt1uld6/VyknbvbfMD7z+S48d0QhV6tbk +KyEVZFQZsvePdrnsaIXqeO9ttFObsBc1EenwoZrbK/0esA99mN7W/A2NZh4onDrQ +zfWQRlRY2rceokYXe4LFBAnV5iLehJEam/nFXf3dAoIBADgArE+sRxvWec5gbmPE +Znjidl6kMV4bDwWHh6tn6BN6NtDgmBxR6lbJSxCWDGmvrRgpJoWp5Ag2xnOJXOl1 +OlzYf6ICaArJ5uxZW6IwYexqsVpvmfFfzasiY/qHwYrlOlRGp2M2jg6DIjplqFAr +GDz7KKVI2TM/E2tqfgKS4Z7qmhj6dWJOCRp5C5woN+Upnktkqj2ek0Q7RYNvHmWj +6aiN+XWABG5hgtuFs1GKIqZ9/gVfihRKeo3/7Yn6ULzagYSkIRUBU+oDgD9jaLVh +H9t/njCMq6ycvb46TcGhqfawLmphXgrgf/1A3YlIDX5nCFcGJTOmUrkAy+X/IXnt +XS0CggEBANwfmPDesAeYTpYolKXGguaSPOQAI7F8X/KPX+p9B2/R4dPssZcYMjL7 +iu8FSpHei9wCnhaemH52vo4sZSjeEA+C8/f3vhwJi9ibQD1sb3Dwj6y5hSSrdjHI +HVo1J9S5q/zXukY//0JY7wsWn9HXIwQGaKHbpwxFDvrKX6mSQvRSwFo22qcoOkfP ++euAyNMC8Auj7/YkmflHzrGYzL6pTfLB37K0/8jSq9O14MNp9NKeAk95/iSb+yh6 +/QsMD4a6ztoF/ojjka7GNgnU2VBNWTKPtniyxT0oyLNH+JhdiPcOSZhvb5qozRbA +cjYvOR7SMFEpYN4HwH+8JEcKn7wh6Zw= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_ca.key.der b/test_key/long_chains/ShorterMAXINT16_ca.key.der new file mode 100644 index 0000000..6a89d8a Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_ca.key.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_end_requester.cert b/test_key/long_chains/ShorterMAXINT16_end_requester.cert new file mode 100644 index 0000000..efbf115 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_requester.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIyIGNlcnQwHhcNMjMwNDA1MDc1MTQw +WhcNMzMwNDAyMDc1MTQwWjAqMSgwJgYDVQQDDB9ETVRGIGxpYnNwZG0gUlNBIHJl +cXVlc3RlciBjZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJDU +6RMHmwuqstOYUY9l64HNxTnh/5PnteTQlGNQ+u0LYQH62ePq7kuMqUwZGidYfYq6 +Bq05ezVYmxXP5WZinPuJR1XhfY1DJncRtrZD1zyPHpqK+jqloAP6U4Pn/SyTeOgH +qgrlc/yzPiXXe7Nyin6kkWYRltz6Fgny/fbB+6RGy0F/tstWPsPC4/54qknFjn2w +Osc+p8Yy/NMJRdF/+PADtO6qZLCWJlfnaV2L62yK4ioz4V6uWEQLpY2PjS2DT+EV +iROJKXReYZavclTSXgmW4V+SJqarryvPKJzL+h1jDYrpCHwvnVWzXQyRPmizwjKn +M1stDGyI4BUfn5mMNQIDAQABo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD +AgXgMB0GA1UdDgQWBBT6GimmlylnM6P/5P5JdWyRcOvr9zAxBgNVHREEKjAooCYG +CisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8E +IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYE +DAYKKwYBBAGDHIISAjANBgkqhkiG9w0BAQsFAAOCAgEAB9q5qXPcB0y0dJezkwjG +UNvy6JMET4+V+OogOworCQT0mO9Ebp6vmir2liltd1TOdjcf5yZBvROIJQM1AlvM +UFGVLssLPYTTY6xRcdd41MPNJK9z12H4YcDggK00tCFNHDmM6sJqknQpoAVswf62 +PpBDBZtUML7WCK/kaZKHLaU7O9daveOOk9AdIrKo+edjyL3pUflLgURb/KJgf2oS +MrW5sSmho4+auPDeTVuZERO+DwhQ50XUVlwD55Dcg6DJavJGPLqejdLR6t7Ez/8n +GCB7lauP3Nal1WOQOM5QH51JBrOoNiCGjPYqJyqsD3PpE1xKyMeMNeyrIZ/e/+Mj +EgZnGh427JAiPytI8rpFjIlhi2mSz/14UrPJY4IlTvZwZpiLxCWspMR7dINdlQEg +RIp5rAXUKWobKHOwfWMATojcfKKIBvOD2Xz3Z7y3hffKtKUDfiTzdi5Q+l7sOkxp +sXucGlxNKv1Uwe1SH5ikW5c3KTI4Gvk9etgEKJYdd8Zb02Pw5i6anqZSWLzcYGq0 +14N6GQVDywCZ3enCZBbFZtRnJzjzG+P6/UzrJp0R2/vBC1lYpw12jUnIlIvdXUfL +hEGyl4KLLHkqvg0Vh76vwiKB+5GC3qwIOuDEEXL06n3MNgwkpR4LJceIpnWxO+zS +eF3Q320DpdKcchh+EY8qdEE= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_end_requester.cert.der b/test_key/long_chains/ShorterMAXINT16_end_requester.cert.der new file mode 100644 index 0000000..8860e10 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_end_requester.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_end_requester.key b/test_key/long_chains/ShorterMAXINT16_end_requester.key new file mode 100644 index 0000000..95c775c --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_requester.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAkNTpEwebC6qy +05hRj2Xrgc3FOeH/k+e15NCUY1D67QthAfrZ4+ruS4ypTBkaJ1h9iroGrTl7NVib +Fc/lZmKc+4lHVeF9jUMmdxG2tkPXPI8emor6OqWgA/pTg+f9LJN46AeqCuVz/LM+ +Jdd7s3KKfqSRZhGW3PoWCfL99sH7pEbLQX+2y1Y+w8Lj/niqScWOfbA6xz6nxjL8 +0wlF0X/48AO07qpksJYmV+dpXYvrbIriKjPhXq5YRAuljY+NLYNP4RWJE4kpdF5h +lq9yVNJeCZbhX5ImpquvK88onMv6HWMNiukIfC+dVbNdDJE+aLPCMqczWy0MbIjg +FR+fmYw1AgMBAAECggEBAIrbZUw0lrVs8khFYH7foqTyUwk3NgpwAxQczXNTMp/e +sufe356jRVNUUzf5UdiUKrFMidwqqVp5G02pquJGtDFzCIjSGunIJXXlQna4c68P +UjzFQBY0mB4NAEOcyHq93BHBb1VkyhSbUj0sWHgw7BWGQPE/4ssgyY1+2yPa/gKQ +Lko0Hul4/O/QKsDpGRscZkAJ+5+85j6YfULYh+ZOPYjZVLVLu+moAnfQHqMlzBOG +LHRVoo92j6FpHmse3Is0jjSDoUh7jNRztWu9Dyd9Cep0haI4NPOAJsQVJifxaCFc +PyyCb+IKAnuZr0YuixJEyTVYepDhdGkX1yUctZ6QFUECgYEA/HIGrawywIf79FtD +XIC6WCu0kqILGf9LxGZq4/1dJQNcacykLgymbjUx/ZG7GnkCYHkD+OfcO0Ka4KDE +ZuiCJwYLcKAhfI8XzCL06KJV+7JSFQ0wXVa3UfalPhHIYZm7UVPGpDZWwlyTlG1w +rIjSqczIyHj8kRRCoiNqes+lw50CgYEAw0b2D5preuUnzhhLgeTR/uhhU4qVLEFu +RBmAR7LVj2QBGrNG77hSuPJ3eG85OeSjQwBh9wnifQJDfZLWDZ9dkxTr5gtRVtlv +YUnET5+C+ZpQl9b9xkty9lO8bs3U5xWMst5d1HJRmweCf32XZrm5urpTaUzY2tC3 +FzFk+e3mQ3kCgYBiPIEqzkrFr2U1ltokwhdBvmg7c4F8cWNrnytTY0H+6ErrBO6S +2OtfEaZNdYto5tQs9Iq+LoP+L5ITfZxQK4SSaQDEqBu/2/M3xhal/J4XHzJf7Mz4 +VYlrBN8Sw1rF2EwTftVbC6ZBZkMrzFa/XVMVLpKnqKUoU8kGTV/fQLTR5QKBgQCo +JoWhf/YHGCZDiJYUXuYY2x9boZy8RAdgKplUpADTfWiaBkASEiVhTqBjm1qqqF+R +RVYWNHPL81QMYJFjn5QjH8PWDm7XG1qWar/ZVGCi8Cdv6FgUFUoEJKzAuQsYhWzn +ZSVk15+/oCLWB16EvW7aBLHonZyqJ0lRdl4d/KXn+QKBgQCKE2TVKf7cJEfoMfhB +5WE2S9pafuk5wnUHZyRRwvTNtmPvYmXYkS1UucN0h924LdIpxyXAzeZj+F07lh5O +yxib6Ai0b6d8YVzpq9deX5Ap7F0vtG0msxnK59UzwR19uxyF+MEMvBDGi2yAYazl +Pz6pmYRwX9JzjGliH82VT5SXCg== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_end_requester.req b/test_key/long_chains/ShorterMAXINT16_end_requester.req new file mode 100644 index 0000000..6b0ba10 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_requester.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1ZXN0 +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCQ1OkTB5sL +qrLTmFGPZeuBzcU54f+T57Xk0JRjUPrtC2EB+tnj6u5LjKlMGRonWH2KugatOXs1 +WJsVz+VmYpz7iUdV4X2NQyZ3Eba2Q9c8jx6aivo6paAD+lOD5/0sk3joB6oK5XP8 +sz4l13uzcop+pJFmEZbc+hYJ8v32wfukRstBf7bLVj7DwuP+eKpJxY59sDrHPqfG +MvzTCUXRf/jwA7TuqmSwliZX52ldi+tsiuIqM+FerlhEC6WNj40tg0/hFYkTiSl0 +XmGWr3JU0l4JluFfkiamq68rzyicy/odYw2K6Qh8L51Vs10MkT5os8IypzNbLQxs +iOAVH5+ZjDUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBgv1h5C0m9sRIXRLgo +z8WL0Yb8W5EIL/OyW0YLv/np667EZAykeBG0Od111bwToK/vnKdWYQvz+0EEhJT8 +tK6zeyFwZrlxnFeXiGHe/s1XOa4E+m5OSjZIFcu4WEvkzC85Am06e4B6Inr9aEuU +X8itSlbv9ZxQN600BbMv8iu0XCuZSKIVCoVbk57aGr1PtB3M9gW5sYKbyXu572k6 +hFYffMXwrkLnFKW5CBDMDgCShRibtP1P/QSBx1/hxBz/mM+G2ghNUP8gFnOGgH2S +gMtU3EVm7sFH+0TXNBpZt+1vLGgqi/lFYuPkxjcJgYDFuCJQ7cYydIFvlARHbKQ6 +CrYH +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_end_responder.cert b/test_key/long_chains/ShorterMAXINT16_end_responder.cert new file mode 100644 index 0000000..b851d4d --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_responder.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIyIGNlcnQwHhcNMjMwNDA1MDc1MTQw +WhcNMzMwNDAyMDc1MTQwWjAqMSgwJgYDVQQDDB9ETVRGIGxpYnNwZG0gUlNBIHJl +c3BvbmRlciBjZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMAS +rXTU+Qt086Wh1g+BlARInbihIQ2kkAPqSxfkCL+RWZKzO7oIJjTPBmWkqoctwE0f +Ng3nBdBbs3XEshw+XzeqdLBdTw3+VeEeObbUnZtc2oIdCxwBYoO1wbsq+7WSOpL3 +hHUrxSSzBqzjRrsD/nz9Ss0BOHkauKKET8kFevEwxqadup/udtI3VHVk0NsmoT2s +Swhs3SzenYRYcXE4zNNQCVfNbYlu3nfY8Zngb5uyz1lVdpk2ir7zFcLIitZk33qL +kmwEDn0YsrxvQfRc8epbqZFQKPBGeAR2lmGoEya7Uq5K3fFpnKz1lQ3sLnB4X3PX +AbAKGABmEAwfIvY4WQIDAQABo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD +AgXgMB0GA1UdDgQWBBRtqaVSDc7VMpjQ28adXC7KbuOyXzAxBgNVHREEKjAooCYG +CisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8E +IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYE +DAYKKwYBBAGDHIISAjANBgkqhkiG9w0BAQsFAAOCAgEAd3ARFqGhBHy+Ar9JhDxE +tTKpydanc7ZmL6lQLH+3DO5z0KnvvKu0lgMr/9RDn64cHc7hVN3/O0YzWiIpqmCy +qmZMGTqlPRxJ/DSn5YosRAPlF7hQlpNavoztx5yi3cGHNF19lt87p9S3kjVmwGRR +3QePUwylc/5RORwZJVccdAjomYWo6ASO26Pp3jHoUUJlRQOp8g8H4hFFD7WdxXdS +L4Aow5JSh+fb4yslzRm5tXuu4crgBZpHjrespZepx92+CYYets1rKpCkH7lQ6+kl +4UDkm39KWtc4uLUYsu9DlolF3Spl+CKNHEfHP9ngMDdFeYvp9pXToDcjIpm0vhhO +E0KMjlnok8r5dph4i1XJNpFTSVswPraxRj2ZoMrhpgJriLiG8wmrWO2CIAMlF+bN +97Ay6YnfXsEoTGztBAid2hYV9/7OgB7wTKIWRybcWWjOk/hAaQqobWIF3Q3z36l3 +4vqXvwDmcSvBRcY6uX9Pv/fokw4R5V5wCbXdJ+OJ5pgFCkjqRYg3ph2MKWmjUvaf +QIZVi0e5FGWnOBd2/Gu9UbBrqLbXz/JIWWoND11wzGkE7IhYfapinzd77s4rss9O ++rUpOJEKOZzJ87psUCCQSIXMS7qtNL4KOmM3QgEwnhXj7YUrz9JdGvUMShYS6n3t +0iUs78/9UIpvROqpW5022XY= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_end_responder.cert.der b/test_key/long_chains/ShorterMAXINT16_end_responder.cert.der new file mode 100644 index 0000000..9209c96 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_end_responder.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_end_responder.key b/test_key/long_chains/ShorterMAXINT16_end_responder.key new file mode 100644 index 0000000..ecd453c --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_responder.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDEwBKtdNT5C3Tz +paHWD4GUBEiduKEhDaSQA+pLF+QIv5FZkrM7uggmNM8GZaSqhy3ATR82DecF0Fuz +dcSyHD5fN6p0sF1PDf5V4R45ttSdm1zagh0LHAFig7XBuyr7tZI6kveEdSvFJLMG +rONGuwP+fP1KzQE4eRq4ooRPyQV68TDGpp26n+520jdUdWTQ2yahPaxLCGzdLN6d +hFhxcTjM01AJV81tiW7ed9jxmeBvm7LPWVV2mTaKvvMVwsiK1mTfeouSbAQOfRiy +vG9B9Fzx6lupkVAo8EZ4BHaWYagTJrtSrkrd8WmcrPWVDewucHhfc9cBsAoYAGYQ +DB8i9jhZAgMBAAECggEALdPTReW9qZiakBnXXUXVV8W7qEkV9t33o7fVvdH9wm/k +iimaZ+IH/eY1BndsaG/+HxmXmH6afgcvJNjcjOP5PzJ3GKDvyvcmc5hw8t58HY3P +jfHak/jc9bZaApr3AxQi0FPlJUwpesz2iiqA8bujzYYNdXvUufOzXqg0C2V2SlE0 +URMJwMIEdiyNQb3KKx7Rc2bWCKViR9HTzIIMHkhteLudi5RoDoDvUl4cHE5WS3Xv +vECJoDnE501vKfbJTNYO4NV0f/3XNvB3o+rtajgJUnHXSvoKFto3X0WBaVPqOBMF +56aWvnGggLKE1UOLQvqWbghYpels4rfHpeEHPrVKNQKBgQD81ozODNZwVvlNRJZX +pxWAlJY6jFjgdoNtsrMxM9m9qsl/bx7i7Sbz8bhyMIKh+o53zg8ENSwxKCmDJhb5 +Owa7FOrRzPCnqbMCSyUHAvXTV9aI1THKBsOapOr2JDntQcE6PU4sqIHCxCgJcekK +g8+YUCQXsZsXoQRcc2NJUzWTRwKBgQDHNfXXdreLb9eD4AZLr0gHYY7I15l61sly +BLrWkclkzxLiClVMMMaaMk3TBFUiJvcBpatJLRw8ZAl/TtgLsQXrlVOdcFDtqZqI +o1oBVytsOpWHt9MJjE8luGuDpuA2Ll4TRsXS5HIZ4p1ZFNUlcZP9HMx1EOPHnTFt +py4S6RVnXwKBgG0VV8xyR3ZSX97RT5fjk2hVMvdxo8q79vo2Fg+NUkz9SU/8rjOz +o5Gt4SkK+uFNi3fu5BWppzZSII7fuRuwNrgyTxlTNSTxFzVPHFuJEGwtQnbonEGQ +Z4XpzyGBAaj2LJqm5npn/Qv9u1RP2/5YXhFVyiyayNIJ+yqz8csp5jxzAoGAbpO7 +RMB3HYUVYfRGSlifaMl0UnOqlA8Jfqq1c0k1OyneV25Y7pPcidcGb+1lvDFYxqdJ +LrNFixgUVYBUWBkJKj2XTjr8ERAl4VabLUdPqSHTwqP9Fr21aUC3HTrSFgEi4xxT +zr5Tv56UrM/tiH1FIiiMLScU6MaOm0lDP+f1o40CgYAzPPufIk+v64CAKZ+1GEop +jEUT4YI1batJhwS7fZJroBH5VmFed0axgpYeuecAo63ejtCYTAMzSEAtxpc4h/+d +E0EisWntIvcyrrC5uu/4rDRCpTpsdfGoyb7eSiqL4keIW9uEB3gQHpiy6UL/BbPd +aP2O1r4uEI/5lBmCX6ySxA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_end_responder.req b/test_key/long_chains/ShorterMAXINT16_end_responder.req new file mode 100644 index 0000000..f01470d --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_end_responder.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTAEq101PkL +dPOlodYPgZQESJ24oSENpJAD6ksX5Ai/kVmSszu6CCY0zwZlpKqHLcBNHzYN5wXQ +W7N1xLIcPl83qnSwXU8N/lXhHjm21J2bXNqCHQscAWKDtcG7Kvu1kjqS94R1K8Uk +swas40a7A/58/UrNATh5GriihE/JBXrxMMamnbqf7nbSN1R1ZNDbJqE9rEsIbN0s +3p2EWHFxOMzTUAlXzW2Jbt532PGZ4G+bss9ZVXaZNoq+8xXCyIrWZN96i5JsBA59 +GLK8b0H0XPHqW6mRUCjwRngEdpZhqBMmu1KuSt3xaZys9ZUN7C5weF9z1wGwChgA +ZhAMHyL2OFkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAhDcmZGCtx+xPXeLi6 +fDt4t6OjS3Vhg3RFnpvWdsnvjQIsJbmBe+Qc8h3v9R9nAgWhuRsn7GDUhwytR/cd +8OahXOZgSM2fb47sCzsTJELbUCBJbE71NyR0x5atksx49dvpRTzCKSV9Mv/EQx5g +X0HnfSVz5hZh0TbQzctyCo1OXrO14PcoVQH7aA8hH1gaR4wLOOWhAZl420PBAKue +I7QNsiWrJJofbEkvvcOoSR8n1/HTO3VamtfOLR9KcitTeh/YLnMOeDAPmq9M6Edm +bMCKjwwXOl06c4paEc5vcmwvNHKMhgFOoFYO6Ee+SPswHsK790yeprg7SfV98JTW +nLQM +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter01.cert b/test_key/long_chains/ShorterMAXINT16_inter01.cert new file mode 100644 index 0000000..4441f3a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter01.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJTCCAw2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwNTA3NTEyM1oXDTMzMDQwMjA3NTEyM1ow +LjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUxIGNlcnQw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDssu+5QZQ2GaPFtfhTxDem +DVMyd5Q6y0NCAhQSFIgf1+P+r5EPucSHg/2fROJPY3gV5llRByGU1mK3wUKiP0Mj +kk12VulzNKt7Ti40GHiEmXvZlHZnms4GEztjmpQRDBbHe2ijl8qR2adxHv+Fqatq +wa6gRDqsvDCDv+uebMeIR3pJHPD0gvw3ZiqbwreBRzWdg3oMC8TqK4A8l8R69wjE +suj5r48AklLNgzAh5etJSY4Q1348oqutAl8EPLfw2OW5+OVIL4ZqqI1oNlioJ0tL +Hn/yN3PoebXNmwooUzBEENK6VR9i1/eGr4lgR8CMhmIwfpTStEpaiMq7MxrxAiHo +1fLX54hV/onymfFQviySe7IOsO3zMuQ0M0YG3aHoHvkDhLxGYXV+6uuPQb6KyUes +oKA6vl/u+eNnQun3qORFyxaa/f5Mk/3t+knskgMaKofvLIFNBRwdE5Uwat2ptXqv +zZOSBurUzwpu/p1K9Nwch/tiAMCZFqby2OjPiubqykaq1Bm2ysd0blfMiluP26ju +LqftNTgEDn6c68mbmX+g/1dVZ1NB1z7j44LfZlph6MYIRHIaA14HGXi3MGcZygWQ +dLaXHLYTUINqja5md4Wssu0Q5W9Xn0blp1v96ziiIs7WvbgHBLwvY5n4fsVQUOHK ++kb84d8Gaz6/l2ACyF4dbwIDAQABo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIB/jAdBgNVHQ4EFgQUDQfqhuMPc3uZUEYMqW47D3PaiKUwIAYDVR0lAQH/BBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4ICAQCyFMNitGYS +3BsN8b4XgSWK//aBqgd1Pu7Q+Emjj4avWIhWerUq+6FPCEMhBk0zpm4ZplhloK1T +AyFSxL0yTsMBpzd78YshK2y7Yd4pqSlq4eDw6Z11BOhrdugZNrVqwtHMYeMnYDC3 +pOBvggTYGsYOENCrGWWe06pl4COPhmTyXIbIl9/7bhQGKbdUZFA6zaK8lt2bdSav +LlxQMJeSaUx9ME14x09o92ZvTy8U2e72OkFI6X/guTlU9+HGNPLq3Pcp0YEluokZ +ZrK0/bCOG863gqhlGW0GMQ7uEC4TwZS/Trc56vmN8W+VmM58xZSsBveWaHo2o1Qq +arU/MGGJ1DkUr8IXqXOlGLaiBDOB0eu/CimpPRlVqJnoFYHckGiCxn/SMZinperm +XohYk3OqauTFZjE93qtJCjhXG3uM+s8TCnVF5qkER9IwlqzPtdkGbJQfN7P84yXu +agq59PMRWOIN39aUb/KLluQpHlkPPRLj1Or9ag1BvmWniKgI6s531r5Ug6F9/frw +H2gB/tkUFwVh4cc6wgCMC9O2pDQiLKRl1PsjbufIUBmHBLwCj2/ifAJ9Bg1yaL6B +kC3iRLJmRYHGEPqo3ROHZqpNHY7zgD3L0lIBnLSga1eA1mRkfVMsK6qLnclZTcPs +KWKcK9YeEhs35QcV8u6jRfl3tRQOoo7stw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter01.cert.der b/test_key/long_chains/ShorterMAXINT16_inter01.cert.der new file mode 100644 index 0000000..50c5b4a Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter01.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter01.key b/test_key/long_chains/ShorterMAXINT16_inter01.key new file mode 100644 index 0000000..318e7be --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter01.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDssu+5QZQ2GaPF +tfhTxDemDVMyd5Q6y0NCAhQSFIgf1+P+r5EPucSHg/2fROJPY3gV5llRByGU1mK3 +wUKiP0Mjkk12VulzNKt7Ti40GHiEmXvZlHZnms4GEztjmpQRDBbHe2ijl8qR2adx +Hv+Fqatqwa6gRDqsvDCDv+uebMeIR3pJHPD0gvw3ZiqbwreBRzWdg3oMC8TqK4A8 +l8R69wjEsuj5r48AklLNgzAh5etJSY4Q1348oqutAl8EPLfw2OW5+OVIL4ZqqI1o +NlioJ0tLHn/yN3PoebXNmwooUzBEENK6VR9i1/eGr4lgR8CMhmIwfpTStEpaiMq7 +MxrxAiHo1fLX54hV/onymfFQviySe7IOsO3zMuQ0M0YG3aHoHvkDhLxGYXV+6uuP +Qb6KyUesoKA6vl/u+eNnQun3qORFyxaa/f5Mk/3t+knskgMaKofvLIFNBRwdE5Uw +at2ptXqvzZOSBurUzwpu/p1K9Nwch/tiAMCZFqby2OjPiubqykaq1Bm2ysd0blfM +iluP26juLqftNTgEDn6c68mbmX+g/1dVZ1NB1z7j44LfZlph6MYIRHIaA14HGXi3 +MGcZygWQdLaXHLYTUINqja5md4Wssu0Q5W9Xn0blp1v96ziiIs7WvbgHBLwvY5n4 +fsVQUOHK+kb84d8Gaz6/l2ACyF4dbwIDAQABAoICAGqyRkl1/D9e02o+GtB3tLYP +b59iM9lE4u6QTUfRJYNlKAsYTQWPsb18jAkNXg53QhxtF3nlAwg6k4lNfqHwbm1M +d8qOZvFdnqcYmM828KylGyT7PVx6dcBbTvwZJAGDN4l4YbTMqa2RNV9Sn9A6qWCY +KgVofCJ9OklJbAaf9lnCDqeCekNeAB9g2HgaD+oglVSJfayMaZk9PrMRnqnnTXaN +R2O19XpGezjUmA/Pun3wwC9rVCY1FboJRZd9X1UcEIICZihh8++ERyngxZoXDGOy +Pe6LfJ4grwkdiDihNzKXesYvtNQzkgqOehiCf5NYyE4f4SoRxyqEWw6DfPODCJE0 +YI6jQ4rd7mGU4Y901fgJrHsXHV90ivvhnyFgMDcik7U4vx4GfmMpU+UW7xi+EP/u +mHsdhIXCFUlbk5BkGboWABWHTz387yzNnxgmX3/V3cKRRHiEMQRSW4X6V5NptrPi +p7G19TBsSvFO+psRosjVS0jVXUWukT7LwQy/zGKhFHFOWNKaqj0sr7sVyd9isgf2 +HTUnHRzQJHbQqNV8fBzwHzxYgHjW/2Aw2XtqlnQjCuB+juQG0TpUlX7iiY+qbb2T +cyrLTkgzq5bSjGHF0dzXb/+NpbXsxUhrJXAgbHhhpypdbfaojAe8ptTTexfQA2wr +A5046ID4Va3PjNQWXzWxAoIBAQD4ff1qBCw/GAsorVNheU2iY0IE6+fSiNX5zSBU +uQdBALv++dBYZTEjlyFDGunzcLmy3BjIeiDmRBWX+t7DkY/G2T8IIMMoKpfbUj52 +ZMc+DwGYCNoyJ14jcp3QpYPaITvCWuKo+NiyLPP56C57KG5tidiRGd6BpSqdR8pb +WS4LTckd2RvwfZfKpKkRFw1SCsIXK1ljYD6jFNBgvYMrEuUc73EDlW5AIaQqv1Ge +zT/jEQw/Bglz8sdWKF3YvRjih7Keww886Nij2Ksm6qlPHg10wBJg+plfXG+3ARfB +/smakBflbKIDBK+I2chV13B2/3dz+p1xKDltcrHj1v0goOxlAoIBAQDz2brcv/1M +N0bSn2i+Pt1ZhRvp9pViy/ufKc8yDIjekbKKALnAgu+NEf7Ot3VBI8LWiebyly3p +yv+mEr94K3ivAMpiEzfBOVDYaa/lymU/lEpT9F5vztaDksomd70GthMzzCu9NRaQ +kvoXgztA7QrgeCxyxR5pV2viIbfCem0zPQHsg/InmJCDNpA/s8QzZmCRzO51moXs +n8KetDUV+C+sKFEpsSm/ogNsoWiwo/geo0sS7bKKaqrNa2PuehBChURW/k8GCt0I +u4CyHEgQ7JB7krhYobRDQBWJ6UgZ5mOLjy4AnxqQhTgQATgy6abWydXr06QneXvb +RIEmyFYYtdNDAoIBAQCBk0EXjUF9TQ5Ukb0O8PAYo2WDp3flAtGBRwN66ljr/nQJ +iz6nOW0cP+xqT5h7Bubua3LI51ZMfGg+LeUHWdn9OL9zf5IEWeGBzisgFYEHzU9p +dgRBbuHZ3iSI7iYJEpdUy4uxzMFCd8ppIDdMpVKf7+dsEm9Cb1v/U7YjWCd4YYFj +/RhimTsTwjUe4kRh6ZY3+rTL6x3+cBYQvAGv7lRmeD0YP02UR3aRi94FzsVnpDYc +jwtS2OA0/yugn0pgpZ3wx4okms6M8aidzHOo++TMYnOy+joLzem7Jei7kh6SaFzt +l24L4N+fnuCmUockpiYl5iM/JFh9x/cW9b5cy005AoIBAQCiZuyzXk4U9298kNwS +cA29NBBeJnJhRRcEbrTmUUDKcmBk1ozfcJSX8FcyVy6JPobhmSAtio/yd9cBRNUt +9E3Ax5cB8GiekEyOhPy33q7FxD4oYcSPVEK7iASH0BEdKh/pzF2I+pVXnftfs2/A +Et6+lmqL2UoiwC1CglA+/ohBqqzgVxPsWQhNywYQ1umhjdpc4A4kVtBAwjm8tqnw +QsWFM6iySqJSVVVQgMMXeWyjAv/Z0GKrGtU8T/xS9ApmMxlLkr0QeiWxTics9/br +BpJHKnUJ2lASxdhSbAIv9adwZ+AsW8o2W/L1fcpu5fvOasfE8sQN4jOh2aLmMGBe +vqG/AoIBABtvF1dXx9nvJcw689TvxBub1YP7uPBtkbhJb7y1/OXcLSFJkJDD1RtW +rLX5josobPos+leYLx0qJwhtsQrFx2XWMZsVy3H9XdpPKWl0RDi53dXhKOKX42zc +xomnBkreVwNKSzK7DBEEWsIYTABq9UxlvPJTLtBVR5lqmlCnDykYqVye3FPPzDmG +st+1y6zcEQxcmSVu59T6CYMCLgtTZwA9ZvjysXRD1mEeJl0o6cyfa8BYbFxnGlcK +GGOYlgbbuC9bHDKApQZ6I4OyC2UeIJOMTLmiUqXwgmhLolt7ZD7bO8AHIM6HVrG8 +dNSEtESdzAUzyKtnYMgywm+EoTvb7hQ= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter01.req b/test_key/long_chains/ShorterMAXINT16_inter01.req new file mode 100644 index 0000000..57b3239 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter01.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDssu+5 +QZQ2GaPFtfhTxDemDVMyd5Q6y0NCAhQSFIgf1+P+r5EPucSHg/2fROJPY3gV5llR +ByGU1mK3wUKiP0Mjkk12VulzNKt7Ti40GHiEmXvZlHZnms4GEztjmpQRDBbHe2ij +l8qR2adxHv+Fqatqwa6gRDqsvDCDv+uebMeIR3pJHPD0gvw3ZiqbwreBRzWdg3oM +C8TqK4A8l8R69wjEsuj5r48AklLNgzAh5etJSY4Q1348oqutAl8EPLfw2OW5+OVI +L4ZqqI1oNlioJ0tLHn/yN3PoebXNmwooUzBEENK6VR9i1/eGr4lgR8CMhmIwfpTS +tEpaiMq7MxrxAiHo1fLX54hV/onymfFQviySe7IOsO3zMuQ0M0YG3aHoHvkDhLxG +YXV+6uuPQb6KyUesoKA6vl/u+eNnQun3qORFyxaa/f5Mk/3t+knskgMaKofvLIFN +BRwdE5Uwat2ptXqvzZOSBurUzwpu/p1K9Nwch/tiAMCZFqby2OjPiubqykaq1Bm2 +ysd0blfMiluP26juLqftNTgEDn6c68mbmX+g/1dVZ1NB1z7j44LfZlph6MYIRHIa +A14HGXi3MGcZygWQdLaXHLYTUINqja5md4Wssu0Q5W9Xn0blp1v96ziiIs7WvbgH +BLwvY5n4fsVQUOHK+kb84d8Gaz6/l2ACyF4dbwIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBADesg/jnMP1j3uP5U22nTMqO1TtWlBuwp/AFopc47y/yBHIsQGcN9YU8 +Pd4lcnfgvNj830/hGVcbayC0DIc27F8tS5JzBnqnD3CdnhJQ7Z5d6cA+auikOsn9 +U3p4FSv1ZUTyBgRSQi2D0d0ZsmnFF2Vp25YsfQGi4YD1hza0dYgPCEebYwGjPpbR +hDK5SDWEMWZTRupJrisRY2lsCwXHKdO7Hh5xI4+hcpjsW6VD6VQUbyMtzCJTLeQ2 +iX1vPCHFo0Ofkw5RCOCrxtcqkAtZovAWD7teLSRWLvL3zllS7KIpN7gbPLLd+bWU +z2d3890PUZhYs9fCMAj+GslUuc+FFKICAMTTvAaPi6pBG10eFw1phiAYzQkILwlN +E3sJEHRCyCFfTOf69n9os7Q3PcAPWuEIZZNsAvoLgvyHF8kisL0/aih5dbQwalyW +Vio/YHtZ1Fo9E8PFpMZd/IcQOeeg7UsDw2pThg7Iy4kPx2EiHTvgln12+MQqRigm +1qdUcfaZa1XfBZJRFoxkZV3/0DJp6jC5rgiLN81P3azTgHR6V36wTrUNJTJXwfH9 +M6lOhybH5acOjf7iPBGOg2scru2cvDtKa17PAlHbqHUvYa8dB6aWm3i/UMwGnOPl +tW3l3hblKO13Zoh6wpljWrQNGjnLv3rANSZvX30x4OgMu4Ehg4Au +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter02.cert b/test_key/long_chains/ShorterMAXINT16_inter02.cert new file mode 100644 index 0000000..b271d2a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter02.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEgY2VydDAeFw0yMzA0MDUwNzUxMjRa +Fw0zMzA0MDIwNzUxMjRaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +xmqTR6VHuW2leQw0fsVz2ANM12epPjYlNQ0mS0riMsklMnQ8llu44ZGXpIwMv8pe +p6VYBSB+4LLgfx0b/JVnpXqyky0Q0Gl83wjWoZ7Gsd8RoEHWW1Dk3TeMwL9aNY0y +KkTT36Yb6FM57iFGBxsWxmTN7MZ88yFm3iOejuhrtiTGQ/y1zkG4DPDoUYNc/iTD +48IBlu8D/xCVqqUsdYQcSg1paiQLJDR1HI/Z8HCLzStEab1NuSvPTRLD8YU19OaE +IUPdCpHfQV7xTOhT8hUr66gnDmoE7y5E8+J2n6lOU7Ocw0SAh5zQjFylWV2KRWXz +i/vsR233umnL4d7SQx7lBOp9t5lE/Lkxn0IPW0XjS0Y4609L9+gyoLyFMImDSNTz +ALtQAb2nrZ+u/VBUlSY3veqxaCxhHnYqIBjlqov7/q2IJCHyvLV7V6+6C4BA/8D7 +WUz+gCcfJv8y93vbMpVdPydXkrPAmREx4J4Xr2KtDK97hWcsGO06UE7WrerUhOgE +JAlRupZYuZRdFCvF3YuERJCNHSrtG+mcbNPsIPXGzfaogUzSwtkpIPVXgN98hHGi +Skat3hwB6LEhxeAxV9KGH440JT0BSxZn387ltWTPOYupcBjH/VehO6cI6l+0DpgO +cXAav++6YKDK5IEOIrjzIVBFDLv5vi9yOFb0JOGcsLsCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFNHGH4l3S9LARwC36F2m1TSZ +rRDeMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAzYQl7G4R/gp5qZ/J1VYlj7G6R0wPfA3dz4D+Y3JoB8pjofjYt0cI +E4O09R/cFToIIaAKIlAncuMbzdSzYs0jPr1HgELN6sUNLBmP9Qeob2ZDc7V7nhmt +wVPEEvR7OPVh6kwBgHNpRN7cfCyYyRcKLe5Xmmluac2WeZT75Wy9XxFgVIyNfi7g +8TYAsClLg16H3LzgGtx/m4AJB38bx94HSnPT9OYiICTkSep2/0ZrUjL7JSTavtVy +5j5EGxT9hP1fFU7KXP7BELnnPRmxgDQDbtDKKzFTcQvLsclrq/N/FT83T1400O5T +mqKhFN49dihHK883x6aqOvK1dMF3za+o3+kGGpZA7/GGEFtAFcYPtWL1/rxQkT2e +a0U9P0MwNOI97+BwWiQKkvw5wcsJNZiIavZWrRx4aePXUWXnZewnc+J+IYEIuYbb +BPk2EyhCXlOH7aYZWffxiK4t66Fe+n+a6CH0dSNNIVvOK1VmabZGah8/TWuBWbAu +Q4f3apZqSxlZ4fU+rBQGmCJ8ERyKGF7SSVMPIURiqYVdV9p5sIw+x4UxmffZKeBK +Y9YRK+5gsLMrXoQPL0dnLVN+/8py8PQ5YIuryBUy956BKnSZLCjwH0WTE49uGyXI +IYmAj03irEjjxmSA0CAa5UniIYSiLViSIQLHkvp4/2u+3dkZ+2osb58= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter02.cert.der b/test_key/long_chains/ShorterMAXINT16_inter02.cert.der new file mode 100644 index 0000000..2c16ff2 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter02.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter02.key b/test_key/long_chains/ShorterMAXINT16_inter02.key new file mode 100644 index 0000000..3f24aa6 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter02.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGapNHpUe5baV5 +DDR+xXPYA0zXZ6k+NiU1DSZLSuIyySUydDyWW7jhkZekjAy/yl6npVgFIH7gsuB/ +HRv8lWelerKTLRDQaXzfCNahnsax3xGgQdZbUOTdN4zAv1o1jTIqRNPfphvoUznu +IUYHGxbGZM3sxnzzIWbeI56O6Gu2JMZD/LXOQbgM8OhRg1z+JMPjwgGW7wP/EJWq +pSx1hBxKDWlqJAskNHUcj9nwcIvNK0RpvU25K89NEsPxhTX05oQhQ90Kkd9BXvFM +6FPyFSvrqCcOagTvLkTz4nafqU5Ts5zDRICHnNCMXKVZXYpFZfOL++xHbfe6acvh +3tJDHuUE6n23mUT8uTGfQg9bReNLRjjrT0v36DKgvIUwiYNI1PMAu1ABvaetn679 +UFSVJje96rFoLGEediogGOWqi/v+rYgkIfK8tXtXr7oLgED/wPtZTP6AJx8m/zL3 +e9sylV0/J1eSs8CZETHgnhevYq0Mr3uFZywY7TpQTtat6tSE6AQkCVG6lli5lF0U +K8Xdi4REkI0dKu0b6Zxs0+wg9cbN9qiBTNLC2Skg9VeA33yEcaJKRq3eHAHosSHF +4DFX0oYfjjQlPQFLFmffzuW1ZM85i6lwGMf9V6E7pwjqX7QOmA5xcBq/77pgoMrk +gQ4iuPMhUEUMu/m+L3I4VvQk4ZywuwIDAQABAoICAD4Z3T7vXCONTd01FLkY08ko +P0SsDSyLhdm04+ds6J88lYfVGaF108fF6dB2hQcCL94IwiPYp91sHxep5LiJiocg +gAPQdxLD8XFdMtAjAc1qI/okoRKznu4eFM+/FFzudGUGZcn6E4IDin4dq+1NbTNr +GYiiFzmBmtCsFVRlKlE38VYWIlEMAK8MN6pLky94EleWwSicZoPOjQl76Q5e6vvC +dtvhrBsI0B7AZ1X548ezYxY1Sb5LF/bniKxvJRQhkflXZDeKsHWlYaDQlnWOatC3 +MIIybJjvwmUS3E3cj8di0A3NwuyvCBbmaFowDLbr0e5eSvWQVZjixA1N0EFxyfvR +7KaTQcjgHcDYzCfIs55twI7koBpAPH1tuSPHLLJxs3ctdbfEzRay4BsPdEFcCblj +8Hm7AgJfuXnyet/gbYwG3HjPdW5KxhgtOY6SnofJw7HeaBBq3v48xgh5gveUDruJ +s1bZqPJ73Hz09l9pY0baXPu7cqWgCmPZAdcFenlwrUNtXGrYYHHR49ImOCrusGkK +np54pT+33Vj7V9+bkBQe5twXoib+ENKC8019NOmxka31mK2iEDPgjejNUyyr3St7 +t8zODG1YKryNypJHXj6f3HSWW6BcI9Muggc/VFBCP+VJ3KXRQpGtq5yArGRLai0G +qTr1obBg7bftuQ6iO9QBAoIBAQD8YeZFYWTRtHVuRXt5+0r9bZstXSfGYS4X2AZ2 +SX93IZBvN1o7VhKmCIxTbqnuB+AeU9sRt3PqDrzPJqXtwq04jM2QEbuspWmrSthf +VauImPpMNFVlofVFcfB+rjt5N4toTimu+ppvJ6qnKSe3EkusCNHndl6e71x0SlKM +LLb7f24y00Jo5v4+piu63tZmIhgsAPR54zDdxNN3ENq7da1FhXgWH1kFy2yQ8t9T +ArVTjKR/3sR2HzBpV+SNiAURiLeGlpPJ482mtZeSrvOp16V3JE4ZBW/6OIInfAUe +OBHmWk4hUyyifruc7lAORmTg/HbKrH5TVPfSHmxzeYVCEDcRAoIBAQDJQqaYejTV +1WnYazb/4evmKTVPRkpWQIDksb0Kohp1tPjfThr/Q0i0RgSQE6Mg4oT3X/n9j71L +2/dOrZ2jP42CDhzpKh4vuFbP5RFt1dUde5YXOwFiPsclIgKZ/NOtcP1Ta0AevEIR +R2erNV1W5ztAgTPLAzF8a6chkPMKkXPs1YhgR9oqG70aVjVlMRkISYPrCqXOJZIF +fSE95OwgKWTMW2kVLNdAf3HZVnKdnncshRRQHInwMlI6/Hvw3VErGd67sW47SXqV +VirGTx4pY1XNF9kT7QB86FVs6hP3QXvQQQYIEN1pe+hOlCp13T7xvgyO5zaPbMmG +4ty4ImgrMyMLAoIBACTVsQL9RPaqTN1MPMo/1+EHBzfmubBlbJHEUKUg8v6TIn5o +6L1yQYSECN8AbsKz2YzzliyOxtcpUXs2W89Is3lma3YUcHyxI6wBX3UCjud/1EAc +/z23FpINIBmNGlcFuU3+4myMXM/OTUTaZ9Z7UBoKq4AJsaOmsaqzUjrtJ8OrBI1c +cfvXgtHn9MfwUABWB4sclJHZi79CQ87D4fisIx7bbPxllNuYpf69w8Rcx9Qq2bNj +8u5+fNVTI6NYb8zwVEDLZ0R3AAPNyxJ4gE2QkLDD1rYmKgKuDqjum9yeOFaTZYXN +mt0YfA9aZMrAkWaY0kmgRUuqQgUjtZZg7QcIUNECggEAXaX83RBoS2PNp51j7zcR +zHw6SRP8/Rtwnnmx7CO3yjOWZlnyp/qH9xJphx0MF/4vPuhS69CZlZXaAqs4ocCt +uOmWPEyT1UKiaoQ9Uu1gCCL8mPykzTFG+xlTOpHxcVAVIF7UbDjPSTj/nSPstcZM +xNwZ3Io02Z9CGpVW8gDyfy5xEdP9SQC1Qm8A04BAFKIYlyLSOhUzWAh8kk9WLDT2 +qTyTrf26f1GOCUJ3fK5C591YsVpGORVBPB9GELL61OJpyM5r63xqZNi+eJ5R+5I0 +V4WURfhO9NArB8330mKPGT1YcCJg1HeKhh3dkBCN/HChaVFfCufk8jXX3HpuHEPk +NwKCAQEAlD9FGhG1gKJsIvBfsKOJnMBNu9AwDWxeqBZbrFEtVa0JQpibund/M61u +9qSfbyybIjJT1awEzBlu7EWKKZ0Gccu8LaOeAYjgcGkRg6i/U0Wy9wvtwcWWGre0 +cWbRrHx7fn+8GnssHMYnEZVLnjUnRIkUB7+xs674klRR1CSk6J5HbdnLsVjoZQCZ +2fR+GxOcQSBaPaYw3Rb14xjGjRYZ/RVe6M4CeWUHgv5L/Dq0SLMuf6h65qke2qPI +7Lgr1+MDyap//ZVxKrv60aHB6KPY1n08Fsed3XtLYt5phXlmEqUXy5AGbNJ8ks5Y +iX2W+eQCMjgE1pbcJ37rIXvqQzRinw== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter02.req b/test_key/long_chains/ShorterMAXINT16_inter02.req new file mode 100644 index 0000000..540b1b4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter02.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGapNH +pUe5baV5DDR+xXPYA0zXZ6k+NiU1DSZLSuIyySUydDyWW7jhkZekjAy/yl6npVgF +IH7gsuB/HRv8lWelerKTLRDQaXzfCNahnsax3xGgQdZbUOTdN4zAv1o1jTIqRNPf +phvoUznuIUYHGxbGZM3sxnzzIWbeI56O6Gu2JMZD/LXOQbgM8OhRg1z+JMPjwgGW +7wP/EJWqpSx1hBxKDWlqJAskNHUcj9nwcIvNK0RpvU25K89NEsPxhTX05oQhQ90K +kd9BXvFM6FPyFSvrqCcOagTvLkTz4nafqU5Ts5zDRICHnNCMXKVZXYpFZfOL++xH +bfe6acvh3tJDHuUE6n23mUT8uTGfQg9bReNLRjjrT0v36DKgvIUwiYNI1PMAu1AB +vaetn679UFSVJje96rFoLGEediogGOWqi/v+rYgkIfK8tXtXr7oLgED/wPtZTP6A +Jx8m/zL3e9sylV0/J1eSs8CZETHgnhevYq0Mr3uFZywY7TpQTtat6tSE6AQkCVG6 +lli5lF0UK8Xdi4REkI0dKu0b6Zxs0+wg9cbN9qiBTNLC2Skg9VeA33yEcaJKRq3e +HAHosSHF4DFX0oYfjjQlPQFLFmffzuW1ZM85i6lwGMf9V6E7pwjqX7QOmA5xcBq/ +77pgoMrkgQ4iuPMhUEUMu/m+L3I4VvQk4ZywuwIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAAd8kEkjPB4+EuYL1q+UgGyoyZrdnjORJfy68acZqzRly4Y1Ak+unszk +7CtTzLTqUjai/xECqxV7PDM1b9NhNISrXJ8t39jvvXUkC7QYkJdvI6xrD9twN/s3 +7DX69+LBtAoUr8/XEuwPJw8CxOn3ifksqRyzxFleCoKzY1GrrgbjmnI3PCccDywj +q4n/Ep9bHZJotvKHTZbpy5JK4UPZTgfmdVm6M48x0yvgPCJ6E7KkgS1Evbt/d7sF +3t5/XmAeT4eRWFCkFxfOr/mZbtMTeb1OM06AJp89E2YXtiwBUYrR2qjm3AYxpUJ4 +kq1JQXIEbm/z04SjKVAyLn/88oPC109L87PvEWFTXE8MuiDeDgEnfAEa/IL/Fqoi +ySHwpAFkgqS6JapK0F0m61nqjtWMza7TwYh+2xZgxzIXFQ3M+9Wxv/tiu0noNOVs +SAV+u5QMz/DPccqG28757GcIvRichjTwan7qtVcXAngxzkR+bS3cigHcNPXKFehl +YZn2h5y0eI1gJ8QEahe7kMHzIB5OxqA79HsKS0yf7NPr3x5K/MxPwq5i6Mh5kiRM +m2u8nJp7ej2NPLkoX+N9JRK2Z6KtF09HZeqzBbGOPPIgvbUNX1uNBLBkf93/Lo5X +qYjmk9BTVrrZ+8hJy8Ipyf8dJYDznUbXOpXM7Uz01U6ak9fChfoT +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter03.cert b/test_key/long_chains/ShorterMAXINT16_inter03.cert new file mode 100644 index 0000000..2674974 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter03.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIgY2VydDAeFw0yMzA0MDUwNzUxMjRa +Fw0zMzA0MDIwNzUxMjRaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +yrwBUYX6cT4/AzanKKZWL5qflNg75zTBNuRCZ1SR10gx7IC6LB/miw6SLDK90C1b +Hl0KFVY4TtFdvbIpc+EW8V76gyk21Z/5hutaqmSC2kux+d9k0Ua+vRjukUmlA843 +lN6pTS4nlzgnOOrqBKR8xYKLoIsaSp6E6F7sVLKV+KJmzd7aEdhtWfLCOQ2T2o8k +6XKgr4HpJElBot5qjPQ5lVRLoQ4zyGuu2Yr/We3lWexg5U0O2lJ2xUAY7tANwRgX +wMHpZlaoGPECSq7OrJQVUHaKOtsQDZvolzfoa2mi0fFsWNI2DRypqaSvmYpH/A1Z +rlAAZ5pXwB0AnKej7UUsqafagebOHcPvJr4nolKr6SP73idWrbSU2sRf71dgMpBB +VyQ9xm2afOwhiqqhOT2xpcaw+lFZQ2Uu3Zd73ukqoTSrANDYrDIRc6jpH3qPeehj +4mz7pUGW2gtI8cpYxPwl3Mm2xdWy1RsqX1/cWg7QHwRNDcZULQQhlhgYLmQMF1+v +BLebNMT8+7mi00UtEqsWQ2j2L73D5fx06XRFv/bMCZrgQso1GKSLVWafGWJTMA4p +pEgc1Yp+KxJ+M4Tpl/sQ4u8oRJUAspGTfDtGGu9SODj48m/qJw7t3idgzeyyXAw9 +SivnrkeOS/yhhDtPT12ql7CViWE0iDdGNOZbUFywQDkCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFJ9xxfUhd27ArnAlrONTiLqO +ECdSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAkEFePWuhF/5WZ5MREBrRffdfKj6uLVooHs+Y1ckJOfwxwI4j4AwB +ETYO9I9gmJq2zUwo6cPLIO4hOXS4yFpGPT3/ImiCvrfhlpDvlbIPlPYYcfIfgmoV ++4g62cwXdThXnmp6thWKo9GEM4VW2PpTD1UcRzAAaBHM6TQb2TuHneYwa+bsS9ro +PPyYx0KZ3WeL4KV8VKIhCFsIXwktbbUglTJVgOshPwmCeVTXZ1LgmI04aW++Wqhu +HnCX9eMR4M8plSu0639+Ts4No30ov3wAapnhwDc5Nb23VBv96X7VvenreAOq4PBy +HkoN7JG37YJiMclTV01ykIHRvahKqbcr+pm6BaXX6QsWNrC21QbhhWrll7Whwyyg +2eoE6EP36uWY8Wpt+f8N+GAEZrUEiLE0zuGhLPjA/MEEPJAVwlZJrKb2zh2TCZw8 +ustJsqLfwbI6PY9+qlX0fbek+zboJWvSmqDNuXn+cBzswCjnD+Et/OEpRzkb+YoL +KLJJEHYypy8noW4k6kgn4Ri3EUFY9ndZ3qfCWDDgNWte9ZFchsPGrkck5IxfnwBE +oqHDLzlCqV1yPWNYE6c17gnvjn1pdlb7slY3pkJcaae99Gct/1S5PFhJ4MTGHYQY +y6YQHzVmFsxDoxlLCpugGCm5SPBxMHarH0OmMGtc/h01JQBCURyxK2I= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter03.cert.der b/test_key/long_chains/ShorterMAXINT16_inter03.cert.der new file mode 100644 index 0000000..caba600 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter03.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter03.key b/test_key/long_chains/ShorterMAXINT16_inter03.key new file mode 100644 index 0000000..2cc4a46 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter03.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDKvAFRhfpxPj8D +NqcoplYvmp+U2DvnNME25EJnVJHXSDHsgLosH+aLDpIsMr3QLVseXQoVVjhO0V29 +silz4RbxXvqDKTbVn/mG61qqZILaS7H532TRRr69GO6RSaUDzjeU3qlNLieXOCc4 +6uoEpHzFgougixpKnoToXuxUspX4ombN3toR2G1Z8sI5DZPajyTpcqCvgekkSUGi +3mqM9DmVVEuhDjPIa67Ziv9Z7eVZ7GDlTQ7aUnbFQBju0A3BGBfAwelmVqgY8QJK +rs6slBVQdoo62xANm+iXN+hraaLR8WxY0jYNHKmppK+Zikf8DVmuUABnmlfAHQCc +p6PtRSypp9qB5s4dw+8mvieiUqvpI/veJ1attJTaxF/vV2AykEFXJD3GbZp87CGK +qqE5PbGlxrD6UVlDZS7dl3ve6SqhNKsA0NisMhFzqOkfeo956GPibPulQZbaC0jx +yljE/CXcybbF1bLVGypfX9xaDtAfBE0NxlQtBCGWGBguZAwXX68Et5s0xPz7uaLT +RS0SqxZDaPYvvcPl/HTpdEW/9swJmuBCyjUYpItVZp8ZYlMwDimkSBzVin4rEn4z +hOmX+xDi7yhElQCykZN8O0Ya71I4OPjyb+onDu3eJ2DN7LJcDD1KK+euR45L/KGE +O09PXaqXsJWJYTSIN0Y05ltQXLBAOQIDAQABAoICAQC/SeeAkYb+BPqVwKK2s0QN +BLtgSSs0e813SqbxMpWtaNxaSBfh/HOeb7Aybeo1nCYmnykdes4EaH4nuAxu30qz +kqeSzHeF170stbNFpTLmYJfcqhFJeZQNfpHTmoZN8ez11aYvQcZvY7d2eAk5Oi7U +ednfMIEtOSc0ziP1ws/I2wtfYs+mGO0M+waRqKMCjSAJ+XNuRojCCTEaSPyGZQZU +RUZa/7iSejBv6TwJEXPfhi7jDPNfwoF4moMsCjmAIYiAAzeDrW5MolNEPm6Z3dvC +oSbKY9pgzOQIkuMFPpY3u7E8mZQQiSP5AoABwr0rMTmWRLwtBS+ZAISMS41cGnIJ +MGrNwoMfZy+ZijzAuWwLxmj8D/nwesFIedwXzNCcO0liW30r0c+yocKbBCVPyf0E +jBj58R2+3fbcJdkLXJea/pv4GhHU8pv3Gs0NZuOITNT9VkR0MZE1z/2waarjbmIu +FSFLr0Q8A/th2lnGjhwgFVXsiEIDYmt3EpU8EJM/FFTvaLpFC9QJodgqoRt60JhG +uPU66GnCQZfbV1Jtt7+B/k4NZwsb9x1HQy+kVT1Jl9njhyaTVJ68ZJcQOGSUeAIR +CwAk7rIPnA/RUraKAEFwB3gfa6fQ4jEz0gUFRrLeJ8EtTDhcLn3wK2gyuBuqcFN1 +iGyInp5jiPEZ9YztsA6mlQKCAQEA6KBP5zZOCqhmIEvaF2UAjZkWF7pXQ+f65sfE +l0vKZxmYHMKohZZaW7Gt0+eY69cGDw3/bkpOvo2bBTDRD5DXKbXNk7uoAPZJ3AFj +Ta5cPC68am5ksxqgwMq5KBQm4C+qyIoPYuni7Lod+EgLMiFV7P4RJPJBMTwocAvB +FQoQRlLLRlPORT9xVq6qXaAUhbbE7FwD0QNRlK0WDrYeYU7fOQIyDKndWa2F5pm5 +ukb1yrB3pPUhJpb4npM2ugvvHTJckjtoCV1UtHJGGneuICnWvKMwmq4IujWFY+yN +Wm9DQ37wICnClNGrlWbwNIrnjawDxz3wLm+GB819YEUkL/O4WwKCAQEA3xrORDqq +9LNii8YvMuYUSEmPJUQ/I0fRcyehANWnYcDu0AqGwP/bTUt5RUrpqUgTsUV75yVT +7ZoE1HgMy7tukPq+pFepkCaR51mwhpzAsEvxMR1Ay+6uwIL/PJDLudBt2IX0F/J+ +OLEBJEyH0+hPEKsHt2JHWOfqFedyUqZWmpAWEG1JI2dCOFJcktsb8d4x5bX0gmYx +vMB7WSaKDDuzvth7WvMcQBwkyekd2Dzq94/Un17rvXhNFFNLHzWOBWHs8yhrKo6g +6MLZRqIiHRGzf3B1x4sMQpp9Vrc6AKClqKZJQ+Bc9ngw5sUUH1kzOz9nwoBPaGby +8e3W9JkWkH+t+wKCAQBkVbkBBfg1OpsJ9Q11J7hMWqofw9ydynH6llFh3GvJek2U +ohUjwUzp3cIW8v6PQmg3mBcDEAPUxqkFXR/e8d8L+4FW5gq5l4EV5ndZawoXXyUf +VswSQDrzzLx93+tAqO6lnn6ycCTTbBc/HnvNvHkeRhtI70BVJxhd84PtOjD40/8f +L0h5r7qH48BRr5kKb2GSfMGcpizKzrkD0WNbHzTClwLVWXLCmkh1xPpJsQ+Uw/Zm +7N/GkDld1Cs3pawV0MICxKLD30CIr/0yr0ooT0Nyi4SMQuI6xpjpF3+EcRb3Bso1 +ZS2rGKBESWjzkLH89iOPDVUKAkoyFVytaEUKdbmfAoIBAQCdjkagdHYKfSxY3Uqz +vTwRmLEYdkvIVI2brx7KghfEtwVvsh9b6NQsj+JChxbgT2BozlMj935/y0ch7O3M +ar84b3t2f9nlTPe40+QQDF8foWHhd3EtE5Ahr+EkGnVk8cbBJEgvKTbuPkI6Kjm5 +8tLzSHUYkrUkGhN8CIj5yTJb0OlkDGmcMO3Y7IEnzMi9VFcUjBzygc0aKSxy1v6i +iP71BdiHcCxBMh7g4FoNPWgKEG7tZZFBqtV0RyZEEgQL1Q4K4j5cPYFxHzll4lYJ +BVkn5Hmow4+S8ZsWRCsYClsy8MvIvYepH1QZhJAjW1EMxEg4WXi6mAl1xKsK7Zm7 +zg9FAoIBACggpSWB9XUfWLsu5DKe1Ngys7xEnNMzrp/0C1iNadox876U4SDfXEmi +9kA72DRggpNPvwToIG4uwBYKYF1F5aNfkjGjVAlsIdQupNOAX62V/0XCzy2AM5O6 +0ZkWTwGwWTw9npyBxzEDVPNuRzP7YOwzmIqBbNWR6ll9hgnFqJ7IEBaImFqNS8Vd +MSKVhklsFCTrN5vFIWjZtSsrxVej88AryZYAP1+ANzrbRQItXVT9AjPglxrAooNH +VzSDKyTRAkBd7J7r9nr9bpL7sELRGha1O7nFh1dTurR5mI+zJsD0hofkcUkL7FFV +odxX6sCAn9K+DbuWYc5HndJjGwljj10= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter03.req b/test_key/long_chains/ShorterMAXINT16_inter03.req new file mode 100644 index 0000000..a3b6bfa --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter03.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKvAFR +hfpxPj8DNqcoplYvmp+U2DvnNME25EJnVJHXSDHsgLosH+aLDpIsMr3QLVseXQoV +VjhO0V29silz4RbxXvqDKTbVn/mG61qqZILaS7H532TRRr69GO6RSaUDzjeU3qlN +LieXOCc46uoEpHzFgougixpKnoToXuxUspX4ombN3toR2G1Z8sI5DZPajyTpcqCv +gekkSUGi3mqM9DmVVEuhDjPIa67Ziv9Z7eVZ7GDlTQ7aUnbFQBju0A3BGBfAwelm +VqgY8QJKrs6slBVQdoo62xANm+iXN+hraaLR8WxY0jYNHKmppK+Zikf8DVmuUABn +mlfAHQCcp6PtRSypp9qB5s4dw+8mvieiUqvpI/veJ1attJTaxF/vV2AykEFXJD3G +bZp87CGKqqE5PbGlxrD6UVlDZS7dl3ve6SqhNKsA0NisMhFzqOkfeo956GPibPul +QZbaC0jxyljE/CXcybbF1bLVGypfX9xaDtAfBE0NxlQtBCGWGBguZAwXX68Et5s0 +xPz7uaLTRS0SqxZDaPYvvcPl/HTpdEW/9swJmuBCyjUYpItVZp8ZYlMwDimkSBzV +in4rEn4zhOmX+xDi7yhElQCykZN8O0Ya71I4OPjyb+onDu3eJ2DN7LJcDD1KK+eu +R45L/KGEO09PXaqXsJWJYTSIN0Y05ltQXLBAOQIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAGkPi/t2QvjidA20KHMafbXfDmiT6roLiMKchG9bqq5xMRhCTkSlHUyO +2LgBNAwrK4tyGaP8HC0U1dSdOvGUsMyrcfjUAFl4EUOsZNLEEVF7/SogNl5M630W +hsTJqjIAz5UCH2NPz73jqtZydGBsF6yuwDSmA+bFEVgr8aCIsOnOkZxA8g73nRQZ +xXVDk2LzlLEpgft2q06AknZ2Noh2ZiwWwkzXVv6rqejpHuUn/KDLh8AjLv84GX6f +17GOaLvFJr7wlUHDCFPofb/kgtdqwCWqUjJowrg6h/sfudTS+O7W1jM9cB+DQSVe +fShyy0yk7pDd/ZjFNDP/4Sp2TlgEetuzPrb6mX/y1HqetjV6GZav3GBhXILA1tBl +WGMdiIi2ijbjHdCHXcproK4tvF8xLM8RRl1bQbm6UCYEKxSfWT+UzSQWMd/4ugta +hD9LNZJGZhtFFHeXVjvj6ztzv95o/c3RaLpdZTi2Cq18/7BnNM/0H1BVQLC5opoQ +Y7vIORIdAwFLariKWZvRbobwNoHjiNUMWMqd+WTowLsVvTGDB8oqrk2d04Xhrrgq +Ul6wopFeWG0PWxoT6Zhu1P/QZA3BiRL7lWgtUlIEeaKm6Al5xd1H2XBhN1Rda5Ve +1c6HHw9San3i87/YWdNRVnJXEXOeDEXfGwQeyf0inELMMrGhyK4W +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter04.cert b/test_key/long_chains/ShorterMAXINT16_inter04.cert new file mode 100644 index 0000000..59143e9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter04.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMgY2VydDAeFw0yMzA0MDUwNzUxMjVa +Fw0zMzA0MDIwNzUxMjVaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +18inHqztKe5WdNv4hwT1lnxGAX7jkstPoDtskCtt6529UMzfO8uIsmwgwc6G9mmZ +kiUTFZrq13KjLue+ZmnJYFOeYz1U7j2tokdtY1TExhTZHhhwdvLmilLjaTN8L77m +ORE0z3QNlbbKoc1oclQoR6/EGcVoMAVe1N7oiUuq+vsc7UhvUPiah5/sqSA5dil4 +vGniK9ZFs+5AnIdfdHPbVoJEqLaUK7GZpNrzI0R9U6N3/bn3QTJnXcKSUMbi/7kO +NFYPMXbrIS6AIwPO2mTEEmuBC6V4WLuVmplpuTG1UuQMs12v5KaViR59t2TuLnV9 +e4HYzXz00Zj3g96qNRib4SZR10a6mn2wVn7FyM3W/ftscjTUG+v4BD4shwC/WYkZ +wLwhcKoyE526yy1iu45g5T1yhR7scWwHoV0RKtu+AdlWETjUuzn6PQHhca1He5Mu +k3R3lIlzMksC83mJwwCQgaZgB2EWxIzw2tTydRRqgUjnD2zVwYcLUfF8cYgiX/sa +XteJa/TNYQILL+uKBewedanMMPulWcNrJE7vGXLIFRLybD5eTC+NOb2ej7j8ppSA +SAjhTvSM6oi4zwH2Hz/uRDgUQhH9gS3Z+l9Rp7riRg0umygDTtun1IVrViKHndJ/ +RhSxpKQLb84Hs5Tq81JRp9bSoLX/rrLardKblLzRKBECAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFDCzjgLKbjftFaX1OZBZNvP/ +H1ZAMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAWHCBONrxDXeFpJjY4qLuo4eOn6kd3wui0YAIErt4VHrqjeYhnRui +3aeOdCiLnpi3r69SJOycR2oCBFdl3ZcaZ/IcyOq41VlKWnnZiRYS1S8Ntk8owCsd +66YxVOa5rd0dVMMQKxdExRTuEuRCPSWCZyuoFIA60vlJD33MCak3oeCGoGBtYpBZ +jHKqJp1KdD7XmIWlrKKLaaggSxckIveFzfy0t6J5XA/JwKBXi2IwLf75SG5P1akM +hdiXnBqiY2tCXgccmeFtl+w0j4liPgTSIV55TzaXT0okHum4ZjV1i2y5Mv7R6EZ+ +MCawGLVnoQzaZXhPPk1YXDa/rsV8SCSzLLNMUthhnp3zsparCgBSrET+QdTAAjLH +Xjf1uG78+WnG+UiDPp+9bDZvsFYiLHmTdr5+tQsRCVYofgjTusOPezDJ4WSdJn4k +SmzZW/BI+F9gw1xmtkdLadGqhO9rzPfxHbG7p2gpFkEZWRPODXzBeVYFwcq2HmYC +LTCMgDw8ksNBpUWsYGzuCvJFGrPQJWhC/bEISb/4dNaey9dydpXdxfXFlFXz60Ng +a0h2vFBJ24KtMQ00JdwUprLxVfIRmhs69vbCDWbGWxZWR/7h0WFlppEGWyC9p8PX +/XBuq/CaGOwQxP2r1I2sJnJf2gyiKyDk9oaQ+u5TRHYfXN4wqrsbEmo= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter04.cert.der b/test_key/long_chains/ShorterMAXINT16_inter04.cert.der new file mode 100644 index 0000000..abe9d49 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter04.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter04.key b/test_key/long_chains/ShorterMAXINT16_inter04.key new file mode 100644 index 0000000..95bf30c --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter04.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDXyKcerO0p7lZ0 +2/iHBPWWfEYBfuOSy0+gO2yQK23rnb1QzN87y4iybCDBzob2aZmSJRMVmurXcqMu +575maclgU55jPVTuPa2iR21jVMTGFNkeGHB28uaKUuNpM3wvvuY5ETTPdA2Vtsqh +zWhyVChHr8QZxWgwBV7U3uiJS6r6+xztSG9Q+JqHn+ypIDl2KXi8aeIr1kWz7kCc +h190c9tWgkSotpQrsZmk2vMjRH1To3f9ufdBMmddwpJQxuL/uQ40Vg8xdushLoAj +A87aZMQSa4ELpXhYu5WamWm5MbVS5AyzXa/kppWJHn23ZO4udX17gdjNfPTRmPeD +3qo1GJvhJlHXRrqafbBWfsXIzdb9+2xyNNQb6/gEPiyHAL9ZiRnAvCFwqjITnbrL +LWK7jmDlPXKFHuxxbAehXREq274B2VYRONS7Ofo9AeFxrUd7ky6TdHeUiXMySwLz +eYnDAJCBpmAHYRbEjPDa1PJ1FGqBSOcPbNXBhwtR8XxxiCJf+xpe14lr9M1hAgsv +64oF7B51qcww+6VZw2skTu8ZcsgVEvJsPl5ML405vZ6PuPymlIBICOFO9IzqiLjP +AfYfP+5EOBRCEf2BLdn6X1GnuuJGDS6bKANO26fUhWtWIoed0n9GFLGkpAtvzgez +lOrzUlGn1tKgtf+ustqt0puUvNEoEQIDAQABAoICAQCfACB8zwl2w0N7mnb37qSU +PYBMK9a+3QcQV5k4Znf5jOLp/fxkECbq6hf9FxSFz+w0LxNv8RYoqTUrI+I9jqev +Tg5Aq/nADzy5fg5Rii3wk34k2fdM/tD3jfo6E5DnkbAMzuvuDWLRNb78GOJklDSW +FiLWpoqOD/b/vjz0pggYJh77jUtRC866LxJw0Ojmc8qecxsQGDSGUAHWFT42DgTK +KvUyqE5oH9bKDffovdfnYGXTVUunA9/8y5mK4fJ0YkTgNaW+WhUJ/zy2EGFEtclw +lTyie0xBff/PykmIB+PHb3kYVel8/27iedBC6aFEJJjRAC3jxLaVFzUTO2iJ9Vct +5hDbb54yPRP4lyLjbcoTUZQPob0pr6Yy273U1S5ZSLUya7J9dtIiIip9ZrNH+Tep +ngwsTkOXKVYAitcV6vTpjbiF7VW1dlmQRoU6B/2fF1W5QJ0GHu39Pt6nlSQqanvL +Iq50+OepjJ2aM7mtW3+/kmHeV+zEnLvFdqtDw8An3rSDpXWOlYS8A+M2f+DQm6aa +eUAygf/i9ywD00TnXPAC7MJ2/zwrczBNWHqYN0X3v7D/qCUscATTYte+A5gSHt4s +0fC19OUgRg9d3YP0wdpbe5hWrWjshuk/MuOe9i0mllEbCA5gFtv+tLcf1HyoeOzT +TBePUpFyxGU1yqER9AEWAQKCAQEA/GFvxHYQR0WgIFfUFRXjWt9vBXQOdrN6Lwi0 +NWpKErnZm9S+6ggzStpnZ6l9YrUT0K217fhGjUug1/+CokOf6PbRkNLeLzl8Jj88 +nk7dUK3/Yy+XZRJjFOcaGKqLirTOWE1sBmiWLsUZR6Iw1pdxdXbFVOr/IbET3ac2 +pkWDsbH5tjLOYdNdJSNRMk85UTaGa5LebgGyER4s3SSzRsuOzX9Lkj0J+NlMmFbG +69VZ1AMPZh2CzVcPbSgQ/qu1CxhHNrS4ZXRrkufm4XbGhq0uOiYMVQH4lmPDlfna +0TqDNGflzdClEKdNyxpbVmdI7DgDzwu7J5sHRqtZO/elkDDMsQKCAQEA2uDbyxj1 +o8uX7cgp01I799wH64rN8K4e2RyfEK0dt445V8xbWvyzISSImUeywy5l4Y4i4P25 +J45X7poRmfingiugoxhSBJJVMLMA+nfN1TrOZmq7+YnjL+AHLosx7t9t3g4n2uxs +44AeyEo7viUF8Z2yE9RHib5A+DcTwQsgQ8PpuqnpuFfSe/o8kfOTOlEtsnx1RQ77 +taKc2dKc0/ahWzbgIyFYWtkCu7Z1g9eiIn+8ydyu+XA/FFFngZSiE3U/momtctIp +FLM3CA2D6MKbT2Ulqm/yXtRWbDPbKgzwh2SqaG2RwURprgjhq0wsRQuueAfOwU6c +HwwdFJpQmA9pYQKCAQBpMl/4/tE4NABTmuhOxanXtew71K02swbJ1hHvdddcSNU4 +jAvr1vEyUSjq343g9+NDhzSe9W7K9GwdvGYCJrffzgl6GTr9ajOiaZdl0S+UsoIS +IMM1IN3l15JcF7JEZargyZyuaye2ZPdtkWBUAhoLwS7tf2pK69mA+XLhCXakObAB +TtoRkp1vnnH4y2bzwAt1iWlnZxOG6RIAN4z2hGCIrXedhA3FCSZRFVKi+HIR2hiw +Errzxkcq05mJ3Z5/+mWsmtWFjGpOeJUXA4AqoML0/+kCAelRHlJnEBcyQPZxgKEc +EczLzUCy2NCbij+uHocP5S7kik0VGtT+FvKO0JhxAoIBAQCIZkJygb5qcbDfTLLL +715RqvwAjEKkb03oDQ8PbGKtheM0VLTFsd7Lk6HQq766JYr2EgaoYVVmUi14EulP +I4b39soneTt7f9m4/IRqkghijkAb0P4NlyFOL3UqSzI142TrUbUCl/2PlMMaHDC4 +4QegN57G/q4KJ9cDGAemcJGNyWQ5oDN3Xrtb6Wifp8QjPn2U0jyeaaTw30KR988l +xHdviXYKTnhqPPyYEC+RluqCR0pWHcGozotw1P4E4aRTLekSHCRL/q39KWXtDccb +YVM6GhVr7lGDSR4GVhaJUQD/zvrnEwkXANQ+0WgYwOKBsLLsOClfi+Z87qactUHu +UQRhAoIBAC0/MaIi5SjkVbWVnVy/b3xtKPZ9WIoj2EckO7H3LlCD21CznE5OcDcj +JHH/BLrrR/7S9z1U+W965YU3iFMWqYFCFhcRS8CSatunRGkvJ6jpY7xHL+EESYBj +8pdmPNuBofjgnxdNRphEg/RwNPsIxhcvKqNHVrmM0NvZvcpVkHJrERuv44xZ38gw +nTT1bblTAKeTEpBfr1weQxsjPaVRtjncpb2GpOOBeB1bgaFfpoKi5inRtc5rYSVl +9Qx55RE+qvdfWnkwQyVfHmR4zttEb3ePM+L40IJXkPhFapkfnMRxOgx+h3wkvv4C +iMGdffTWqzoP34TG22jFDYrN4bNltdY= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter04.req b/test_key/long_chains/ShorterMAXINT16_inter04.req new file mode 100644 index 0000000..ff2baa2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter04.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXyKce +rO0p7lZ02/iHBPWWfEYBfuOSy0+gO2yQK23rnb1QzN87y4iybCDBzob2aZmSJRMV +murXcqMu575maclgU55jPVTuPa2iR21jVMTGFNkeGHB28uaKUuNpM3wvvuY5ETTP +dA2VtsqhzWhyVChHr8QZxWgwBV7U3uiJS6r6+xztSG9Q+JqHn+ypIDl2KXi8aeIr +1kWz7kCch190c9tWgkSotpQrsZmk2vMjRH1To3f9ufdBMmddwpJQxuL/uQ40Vg8x +dushLoAjA87aZMQSa4ELpXhYu5WamWm5MbVS5AyzXa/kppWJHn23ZO4udX17gdjN +fPTRmPeD3qo1GJvhJlHXRrqafbBWfsXIzdb9+2xyNNQb6/gEPiyHAL9ZiRnAvCFw +qjITnbrLLWK7jmDlPXKFHuxxbAehXREq274B2VYRONS7Ofo9AeFxrUd7ky6TdHeU +iXMySwLzeYnDAJCBpmAHYRbEjPDa1PJ1FGqBSOcPbNXBhwtR8XxxiCJf+xpe14lr +9M1hAgsv64oF7B51qcww+6VZw2skTu8ZcsgVEvJsPl5ML405vZ6PuPymlIBICOFO +9IzqiLjPAfYfP+5EOBRCEf2BLdn6X1GnuuJGDS6bKANO26fUhWtWIoed0n9GFLGk +pAtvzgezlOrzUlGn1tKgtf+ustqt0puUvNEoEQIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAJkmsn2I4ALfMoBB8durSK1HGO8V+DBVdE3aE/GPqEQDwhVmBWnvYm/f +nEFZKB0lq4D+VTpg5h3ZsnxVlt2o3RCs8yJ2kqvdjVUtYllYE4VziPjphMV+cqqj +jyIvITPeCycrSM8Zr8VqDcqkS02JMPFR7O02wHkvAcmlIixgkjtO2zSB+zBIP7/l +lRuDiEel0WJIut22/xTA2qa03R+ZLh1vZz4BwORzNxTEYlMMhtiMhDVukNQbXRsi +kBNqdEIUS7T1ZbMUaFIOhkFf5UmNrUiu2IOOKn2aIFTe2bYpy9FwPKVGOMuU+08/ +oOuyzrFkWmAidD6FD4lqTdOijhr1UpV8fUoRqMhmmvvvFgkX4SpS2XTumJ6alsDR +ZEuBh9MQ7Ry+YPd2Xj+qnIh5+RFjMn17j3mBPVoe7Y6lp7CwFqwwfnFYEdyGGTR8 +XB7gYLEr9kkdsqZuxxTcordDXr+u4Afy1aIDXu7ZPi/oUMphJ3AG2oN9a+/ZSIU7 +chL7d+CjoIcHRCwLYJBSpqR242flU2+D81Y3LByDxb99EDOzV1QyV9Tk6zVRI/GD +dQ9RRfiRJ3YFgiz3l0uLkFfTq9MnL6fVMT6M27EfP2K21sZnkwx62RqJqJ6y/x5M +s9ISw44b+/jQMv+qPRjhFcrZKWWY1wguOAW1cHIWG7bhBqhdK5dt +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter05.cert b/test_key/long_chains/ShorterMAXINT16_inter05.cert new file mode 100644 index 0000000..87c9b4a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter05.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQgY2VydDAeFw0yMzA0MDUwNzUxMjZa +Fw0zMzA0MDIwNzUxMjZaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +2JX9beCCEwIrXPqL7aVdzaVFQDYG7bj1Li5RWINwPExhphwiq2aV2PzwYDnayUM4 +YwjujbczGD4bzksy/nt+UE6Lc99owexZe/OBo+73R/OKIvjitpeZvfeOGIEXgnE3 +fh8CD7Fz+BNNrJfo6HVsSQVVjGQTzFbB1MUgTlqs9T7ZWKgnIr+0+u+V/dPjo78P +oBFmguOgAHExRTWMsZLBCWxGioOX8ofSq0oardvEmPDstkjvMSN3ysOPACZT8y1K +JAAsUa66tfSz4ACcvH4W4svM+vx8o00U8HX8Uwcd12Zo5oXcfLGdgYJfweo6t941 +MGoQmt4ihbFh228iLqL+k74SsUGH5f3pM2GXWT4hyVwJVES3jOAxJ8xMjcGwPS4x +CwmXJgCODzbnXjGMUVbgYVp12JI09FXFjJdbfdewuLtAgR/N1lJMfSNwqQ2Bjy/c +eEAAry5j1aVHoSoVZrcy9I+vdU5eZyJmuY09oXtr9m154+jI9e7R1ZN817fh3YSL +bapC1pQhoWBusLwl8ynXQ5H6CUtfmWA86wNbLX74KiB1JHB2//43BBYVxy4pWVou +NkhYOqhur+gsWhcUAJDbeEsoltZF0UR1831hJY0dVXQVJFQH2UEDgAi8KRwNgx2s +MtNZh3EaoiexKvSDcT5aDXJPr7PwgqQgypfBH1EvzfMCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFDJVF9Lr8JPyhZYSpPHv3FK9 +WC65MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAe1wI5kC+8YI/tvAvz4DEO8U+3cdFT7MCY+n/K3Le35zuWR2P9N43 +lQQwdFWG3LxGPO1E92DDxaKyYJ6GMWStVBtCIKnkFsQ7Hz/N3U0sxSS10VbwxDiB +zaGdwTyGzxqkoJXQrS1ShwsTWTYHGFd6q3sIRaA/a7tk+jB94LlokM8mG9MAnK46 +XbIY2NR0Zt0G6xELWyQRNhEDlWpllXNpCNZtctTla3gzL4eN6TYOphHBCTNMzFQF +UEvCke78AA4S9ZJKikiGxq0cDL8l4Hw2A9wlQ0Kp/2Zht6lJ7JN803mFnT+mCZwK +gQbM0EjTIIM2efZMhRWS6TEzbAzG5I2QLN6mFKmy77fYMWRCqXNXOpQl409hPBoI +tA8V1UCSts8KNnhAspp7MDtjMB2l8D9BJOA8Wzl06Xf3hUSwSQbfhs1jV91JK1xf +dHbvEq+bEPLTA9P+nnJE4VCRQSuIYRrW7+aDbbL50Q0Ho+yHB0YoUPcJsszezBxG +/kAD+GwlbwKw9e2hOsT8ogRxmQhtM8FguLgUxKOvUSN3b/voib5aOa5cCeei9OUg +/MdI0H5FlB9rJQHjHx7bUm9iQ0uSuwrdEsuIx/Et7fQpifH49tmqq2v083VT9+x4 +k8KwCHKyx0eQ0X5oD2Q2P4UrRE3kiWgQNKLsmcbB4sVEPOgUCCrLo2Y= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter05.cert.der b/test_key/long_chains/ShorterMAXINT16_inter05.cert.der new file mode 100644 index 0000000..3653509 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter05.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter05.key b/test_key/long_chains/ShorterMAXINT16_inter05.key new file mode 100644 index 0000000..e3326d7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter05.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDYlf1t4IITAitc ++ovtpV3NpUVANgbtuPUuLlFYg3A8TGGmHCKrZpXY/PBgOdrJQzhjCO6NtzMYPhvO +SzL+e35QTotz32jB7Fl784Gj7vdH84oi+OK2l5m9944YgReCcTd+HwIPsXP4E02s +l+jodWxJBVWMZBPMVsHUxSBOWqz1PtlYqCciv7T675X90+Ojvw+gEWaC46AAcTFF +NYyxksEJbEaKg5fyh9KrShqt28SY8Oy2SO8xI3fKw48AJlPzLUokACxRrrq19LPg +AJy8fhbiy8z6/HyjTRTwdfxTBx3XZmjmhdx8sZ2Bgl/B6jq33jUwahCa3iKFsWHb +byIuov6TvhKxQYfl/ekzYZdZPiHJXAlURLeM4DEnzEyNwbA9LjELCZcmAI4PNude +MYxRVuBhWnXYkjT0VcWMl1t917C4u0CBH83WUkx9I3CpDYGPL9x4QACvLmPVpUeh +KhVmtzL0j691Tl5nIma5jT2he2v2bXnj6Mj17tHVk3zXt+HdhIttqkLWlCGhYG6w +vCXzKddDkfoJS1+ZYDzrA1stfvgqIHUkcHb//jcEFhXHLilZWi42SFg6qG6v6Cxa +FxQAkNt4SyiW1kXRRHXzfWEljR1VdBUkVAfZQQOACLwpHA2DHawy01mHcRqiJ7Eq +9INxPloNck+vs/CCpCDKl8EfUS/N8wIDAQABAoICAGTOUtlcQE5mmRY6ivw+Fo3L +mZLMUqc8ielHp5bh/lAiYOS2fbB3G9GV0K+I3fsE7W6yzo1pMj/bUIfQ2lg11FG+ +bQuudQylW/TkHnfVloSHpsimPKctomIXoaxoETAmT+TEu+nf9xEEswdc4Quo85B9 +ChdA0TIvQyIr6eBuNcgjy3eHNEfpIGwXLSGqCG7DU5t13deX6HWsOXlz9hsEKhKf +salwnD1G2FffMtGu0y84G4SwJ5wgXPYj1SAFttcdQj/FUNtnzwE3dq0Qu+LDcRV4 +M9yxvbUoAFH3KEzgqBQEV1jL/xaOeLe5naYcxd2kb+8rvrTGJR1CtUAz1p4MQR5Z +fAB+Gmnn6ocMxqoKbwkbs61LM0tNFJyWt/UMsx+GyrWFNNW1mbbkbE8MMUGFtYwN +3GCYYXtat4KbAhfhiYgUBQ5Xdlu7Rz+WZZCwRQPQ498/Nq3yBMH7tQWzLcTNah0m +4FHR3xOEDw9nOWajNlp5LHT1evIrIEWVQzN4xr1I19ADZd1HTt1B7nBzJra6W+2k +FWAvXZ+2jnHiJe7ccmUrJKnVnJkCXVwqEO9XRUWqkpbLyLtdXmJ5ePRJXJJeUxYA +Ww2CdOj6D9lvHAd3TyvVdulP4HF1UCdRzOHazTELziByiFr7t4+yVb0S6ai3TNis +MlId9WY5CgKNoRu99iiRAoIBAQDxS3fAPzN/TnfCOjD90A73vWhw0412lOCRevNG +oBujlIo4Kr/593OIW+OZzf+0rv1VmwubE1whCAH64wKlb+qn4uXmN2VugmSfQTcU +Rfss0Yqw0ho9kaawa42GqSTQaXUOqgLi+3f5yvrVRFREHsxB5E3Ucw74axq+FFzY +rHkv7WrnBD50Sj9/7cJZmhy5yyxc0KkNpAb+diRw900zZUwsVTcWSt68DJou5h2G +3jg4ib97HerJG6y4fod6wu37kGzByjbRy/Y+sy48+PapNnUBAatiax7vBy06lzlV +6gglL9lIQW0OXvSJcYbAy50jIj2x+Jcf9dWjWiyz0rdv5+FrAoIBAQDlyQd78Ew4 +JzV0oY8AUQbmrXxEAtP1+CWH13R9ftPm7ZtZC46MztFX0n5F3M2igLyKdicNwc/U +oz6jC2lmDqu0CGSgaqFASN4MR1rlL2zJHG8OgcjtVzCJ7eYy9Td58aboS/9yibAl +TiSaRiVFOY/tIqxlW9Jqsa/NHjdHKGICYI2IZ6dUkinmYYojeW8DzVjyaj1/dPbM +T587DLolx5NsMwVCr6ureR+kQRUV7Z6Rmy/n9lSfKjErrA/w8vOfqaCLNu5PXkHK +U2V1ZwdOzTpLqHfr8wJugctZSsxxl0qWVSd1hLUlGf/VRnyCA9obfYEJX3Gr9gIK +r4HFDJ230n+ZAoIBADy1mS6UeDd6naUPkQ37EBkC3cktYPVJ5eqUfaryU6HnmJMj +JmQU/0t6mxwyeTiTooesV9Ivn8lrw1vFTAAl1WtiKievHmUch4aOGPaP2O9g1T1B +z3pYMBFJLjWITwvkzJ/g5JMJZBlEGbIY2/67pPabI33laQnVoMfcRbP6SQ9m87Om +HLSTjcB5KKH0pW+Vj9bWZQJal6vkO6z0e8cHoI+y7QY91iaIIS7VlO4+8PRArB2k +3FK3FNDifOHFM61MnCBx6TMF1zHVUTfkB+NxISUcr2s2unS3YIjSTYmxNVVt4YRN +ecvY1jvShW3yjNmvHsitXBCdgJ/16zNfO+n69HsCggEAQvt20woZLcVAL99ocA8u +k8++iZTJdMoBJrgHnQ17d7WLs0lLJIClRZR2eqcCynv8eeA3QitdCf8MIzsQXk+o +fbJ0os5ycurKz4l9VZGdhIJlXTU3/PeNjqdqkzAoG8P1g4Gj1R+N2VIOGWqZMrS0 +38tbtbAuhiuFs6U7N+LtrwO2Piz4+g4haKbGPdEIK3OQmhmeE6lkx+nt4Ki1Go4y +yzeUMPxEbpfAQYE3RE0gDBHQxS1pPXxvGOvvOa2YltI7mllI3pn7U5871B1UZAQv +Gh7h1kXgT5ZGUKEdN3+Cno/0EK2+oDIUAXeqk7vLuHe9RZ4s5JOxxKukiGxFDXCv +AQKCAQBp709M411lPkE3XyldImK6WVZ3j97U+9hPGXKQRpPYGFnQczD6beKQ9Hhk +y4O6BqCDleNF6huLiPzkW/TrMO91cPxbFDwIQ7r35OU30qW9kAmyYHLty9kf2boN +QO4HhahMJETEfivLtrDjuCMKgJFnAjUg3IVUw9qASiAf1deDfgzrBcBu0jP9CecD +8oJLm+Na6f6RhLrg9FR9Js3yXp0cbGyBIokzZk3/a5ezmUleHQoWerSucnx6DYXh +sxNLCSWPDI+EN9gDO/gIcCEWdkD5QOAwbW0CC48pjOvF+1dH7tub0i/xO+dQBitm +NVS4NF5ZD4afRrvk3aEAh2538quK +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter05.req b/test_key/long_chains/ShorterMAXINT16_inter05.req new file mode 100644 index 0000000..e84bff1 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter05.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYlf1t +4IITAitc+ovtpV3NpUVANgbtuPUuLlFYg3A8TGGmHCKrZpXY/PBgOdrJQzhjCO6N +tzMYPhvOSzL+e35QTotz32jB7Fl784Gj7vdH84oi+OK2l5m9944YgReCcTd+HwIP +sXP4E02sl+jodWxJBVWMZBPMVsHUxSBOWqz1PtlYqCciv7T675X90+Ojvw+gEWaC +46AAcTFFNYyxksEJbEaKg5fyh9KrShqt28SY8Oy2SO8xI3fKw48AJlPzLUokACxR +rrq19LPgAJy8fhbiy8z6/HyjTRTwdfxTBx3XZmjmhdx8sZ2Bgl/B6jq33jUwahCa +3iKFsWHbbyIuov6TvhKxQYfl/ekzYZdZPiHJXAlURLeM4DEnzEyNwbA9LjELCZcm +AI4PNudeMYxRVuBhWnXYkjT0VcWMl1t917C4u0CBH83WUkx9I3CpDYGPL9x4QACv +LmPVpUehKhVmtzL0j691Tl5nIma5jT2he2v2bXnj6Mj17tHVk3zXt+HdhIttqkLW +lCGhYG6wvCXzKddDkfoJS1+ZYDzrA1stfvgqIHUkcHb//jcEFhXHLilZWi42SFg6 +qG6v6CxaFxQAkNt4SyiW1kXRRHXzfWEljR1VdBUkVAfZQQOACLwpHA2DHawy01mH +cRqiJ7Eq9INxPloNck+vs/CCpCDKl8EfUS/N8wIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAITPc+G4+YRvtfFCeGpJRvwvwKmxB6HK8Qfc1pqCzHi8li5g4MZ8d3bx +fvnAJxp29ejz/ilRdja80T/7DA8x7JDCg8GdRBITxCAi2DQQL3N0kO7xDfu4yNF2 +H7caXiFBWvEicHcQb4tWJQ5dN7XIwo3fo+yu7N6ar5dXtWbVuPEIoBRVbJddjUk0 +7NgJ9roZ40abwN+UA0/CGCYUk+fzPjV2LTkOi3ysuQYflyda6pklxTFo3lnnudnj +xiK82tLAlfeDWAOli+RLtn4u+F124X4jIlmSiarC6/ygZxHqzlsGz8cOB4vf300w +hAK2gnueWX0AX3fBtsM7JlbxCmEmQStragXG/0rCGdVgZ/YdAutlH/RbfaWP3+8i +XJ1wr/sRzjGLHIGT1v1S0rfvL2mdtK9uMaOzn5eh+/7bYdCRTcpYT18qkXVVPuO9 ++5YnJBNC0Vdp4lbaH9kLgvA7nlibKcGtK2lD0j1ea+uEb5GjARkHHgQOMG8y4TAl +Wf8vPLjkHOrPEpyAN1ZlC6hsMW04gvKE65GAhsul5BPxVQNojgvK0lpO/2B2zYwn +/eFqklQvVccYvWkZJvi7J7Cqs55snWpw31CXlSHs1+dmOGx7vFxcZr9rKn82sWtm +/hbtXAnRGVKNjx5ARcz577DTNI+UckCttVVcB8Z7UrRF7e6cZv6r +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter06.cert b/test_key/long_chains/ShorterMAXINT16_inter06.cert new file mode 100644 index 0000000..1d21198 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter06.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTUgY2VydDAeFw0yMzA0MDUwNzUxMjda +Fw0zMzA0MDIwNzUxMjdaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +vUvE4rwoNQN7nTVHsKzMiv5LgSYrzzqG+sMFyMHypCxBTyEDzPAXtnceDUTVqy8J +HCr9nhxG2quoCoeiExYhOC+25BhL1bnexGjllsWDuStkg0WetSyoJWDCnzwgbd/H +2lXk6PA2/1ShKlkMMUaGeJFxYyaPDNxReIWWw8xHj0jr0DsUQHg8PYLgDHjHpuuO +95ldtZhrvLT6EnZ7D6m3gmhOPa8HuOD8+xZODEIbtIcypu3t5+ZzHkFvo5aayqIL +6brW/Y8KR7jNzeb6rGiCQz4J+FZA9NrX7Dk0ZK0VpKIcN7ZGZc3boVImeCi7dZJf +OZJs7Isx2/fOZDvP3KBNdDnh/6hdJE8wffkV9FuFPyVGGczHPlmkUaj2C1bMQsV3 +0EdIy9ZLMUugYhBlSt488KoyLXRGlU0my5cYnLX91ImOpnhRf80143OpwZIDBHah +AnZl+qQjMHg0e5hFMSU2BOh4+VDNhf5hFgj5wZVMc7BGYH3uTg0YL9TdA9ATw0kH +g0nXkekc7wg/VVLhnZoOvkWJOdmNzpBFxQo99je7xy3x3nERawTM7kWXFQv3LxH9 +lv8QPBlB8qCAMukdwyf0Hbkt1QUYD3I6iaWgJHC/KDHVsfAT3xEDwGaVAAOLNn1a +GRzVuCavWRjsKNKxHVc3XpdSbq04mmXA5vhx/IdLuTMCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFG2kvq7onFd7JVYINVVsMXKq +HkhfMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAX7stVZQ27z8DhOskPhamsJXN/8lYt5ydau/DciR+y2guGb66LgKT +eyUFQ/LWmAGgfsLZrKwq19ZuLD1ZbOpYqz35VMywCejkJqJPqSdAS5Nml1UFxE1o +DeTHhQ9O9IGJOD/liv/Gp0TrRifSAsRFq4aoVDe0OOQBYGftdB9xgBUmKLcjtwue +qhre9tnkxEzZNJNfRKEC4mbPGBj8BC6uI6/F2boUqoo6+fCvzYyQMIgbZ/BdQGDb +Azxb+v+bpZkpl0JtV0xcITxilX0qvA32Zvkd0BBpMVtcbUVOYzlAmFHm0J2Z4nrj +K6HJ4QymnweCx63whYWK0v2epn038eF5w7ho6CElC8iRKCBbPWy7r9vjW+zyCChm +CJDzUSMXYQK+Nwt/ELmqGlcLf/giDc8pAQf9+AUQ7qelw42R66Swh8Jy6alROqqs +fRksDAFcTxnebbA9s2tnXeJ+NY196zDc1GiahNv5bx8UcQmgQ0uZzeynPpQFDsjy +2aDG5JENhTCnKyofTyKjCZjOhrQTs+35gwIa/bLt7oilPX1v7S3KFViH3UfZKhlQ +I2vaxXkGjk4lfhkL0fPqtdF5uPDXf7Pk5AGzS79NW8VFbqp+geaHdUkrvkDwuKyy +Tv/ad48HUGHFXCuIZOurtLyNhWvmA+uqdSGuFgmUGbJjEkyKwBtmf7A= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter06.cert.der b/test_key/long_chains/ShorterMAXINT16_inter06.cert.der new file mode 100644 index 0000000..c1fdd2e Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter06.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter06.key b/test_key/long_chains/ShorterMAXINT16_inter06.key new file mode 100644 index 0000000..51fdf4f --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter06.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC9S8TivCg1A3ud +NUewrMyK/kuBJivPOob6wwXIwfKkLEFPIQPM8Be2dx4NRNWrLwkcKv2eHEbaq6gK +h6ITFiE4L7bkGEvVud7EaOWWxYO5K2SDRZ61LKglYMKfPCBt38faVeTo8Db/VKEq +WQwxRoZ4kXFjJo8M3FF4hZbDzEePSOvQOxRAeDw9guAMeMem6473mV21mGu8tPoS +dnsPqbeCaE49rwe44Pz7Fk4MQhu0hzKm7e3n5nMeQW+jlprKogvputb9jwpHuM3N +5vqsaIJDPgn4VkD02tfsOTRkrRWkohw3tkZlzduhUiZ4KLt1kl85kmzsizHb985k +O8/coE10OeH/qF0kTzB9+RX0W4U/JUYZzMc+WaRRqPYLVsxCxXfQR0jL1ksxS6Bi +EGVK3jzwqjItdEaVTSbLlxictf3UiY6meFF/zTXjc6nBkgMEdqECdmX6pCMweDR7 +mEUxJTYE6Hj5UM2F/mEWCPnBlUxzsEZgfe5ODRgv1N0D0BPDSQeDSdeR6RzvCD9V +UuGdmg6+RYk52Y3OkEXFCj32N7vHLfHecRFrBMzuRZcVC/cvEf2W/xA8GUHyoIAy +6R3DJ/QduS3VBRgPcjqJpaAkcL8oMdWx8BPfEQPAZpUAA4s2fVoZHNW4Jq9ZGOwo +0rEdVzdel1JurTiaZcDm+HH8h0u5MwIDAQABAoICAQCTLLfVOUlhfmW7otMsUA1v ++6qkrRLeubh8euiiX/jRH/9fEGIuEnW9Tfu1gVFHGPjSR7KMHZwRI+kw1qdyg4As +eRyPVzyO3UaQGqZ2hPaXH1+0mIp+fkv1U7e9qjfkdVqjLKkfWrTH6/qqPDW4kga2 +8w3fcvlBnIJTXDoN3WO9yYpeibCDN3hOstSTncxMwVSUuU8cg3cwbt0HQcsIMIIX +CBXc65rraTIH3h2sdjGoOH1vQAn6hTf3zBSKcevDpB3zCWtiFLZ/cPXCItW++jpd +IX0K8bTrKsM6THep1tC/AbNCtZsiR919Hav/PFwTW0xiLLA3cTnAtnhnggFondHZ +NqxW/j+0AEDXR0Sq5r+WCSiUcMeup+5tDJMYcOz02qXqfMT4zJqnQ2JBwa8i5Ldb +9amdmCq/ZaL55ukl7oq/VPrUD/GYmv43TxuIEdXRIlRmUmDGvFx2/tTxrNzig0XI +P4XWuWn2UylVQy3AXmNYZ3r7LvtgetpI43201sbP9OZEQlCAp2n0z9ovpha/IMRD +KznkOcby0+OFxo/RBdUfZ7xKoN09kmNpMVX2ZLgFR86uiEY3PebZsV44BFpBvmX0 +XmJ95bFCOhk12jT+8iWsspNgSRsHcWBB1lQy5mq7IJ93y2rmfIE6kkhplpmuNo4+ +YI7z5jqLgDznqlHyubJqMQKCAQEA6rXrvAQ0VaWW1DKV2iEJ70NgXl6gmLm0U2hk +c39XAIgpA3T19wxX6oBeBYJie+3KDp0wyZv8jVTuCDGG9+YNNBMCIZeKOMTy0oS7 +Zo3+7ER0FLKB1yu4yUeJ4SOAnaszZyv/3YX3P7hGKWpL6xWlLEF8cyT9F2UvzG/6 +b9f1fa+p6wsTFoNdnKs1okNkS05H1tTz1d8dFt9Xh57thRnObumJRb3eZguYYurp +aTHkEMKWoSA5gnFddFZd7UpLbe5aKnf9+/In92l+LEwaa6WvkKEQ9wr/n9yFcK3Z +SxvdOdpvUAop/Daoc6YnljoCFTqujNZ/SEybzSvR6YtQKux0xwKCAQEAzndNCOGK +4RdFCN+zYEo6p0WRSBV6xwfKNGxlpPGiKumJz1xQNkQveQ1rtf53n3tZjCE+nVc1 +TK9KqbnvDFXeGszbYR434BxSZxJHNJTerElw6osFnx7R3sFz5Eu5gwdzGE5Higuk +GgzcT3uqsvKOCCB9dZ3robthtp6xjTD8/hX6EIJDju6D2yO/EHThDlhsTmx9yLQB +eXLWzkRHrqH8TItCi0IIb9hMQ/bXL8lAg+iVcDtQeQVrKNkRJmEOuAZAndvZ6Jse +J9nMD+rl8Nvw/Jq3CVD5/M5ETXF/9MRE294nuwlNcBjvP7NUrAj0Agwta1pXaHd3 +SsGjBjDvUwgUNQKCAQEAl3SBA7hq1QGfjJp/3FwJfx2pJ/xEAYmD9Xadq3H2gF9c +p+Bnf921NZtUEJYMWxAcnMWOX+qKU+EEIMFk6L7Islu5uleBWBSu5G3GR+1FHM0n +Ytu1sVWDTk8dh+xS6Gs7Jk5cM2RpIfMVQ1BWYQJ8rUwstFigAOLIr1Fq95UR0uLx +8LwauyJV2+0XFPgL1hRTgyuzlMT+jm3cm6VQe90lOqj0bc6RnqPI17viloEdPDt0 +29Bhi+z/czzwK1kPx4ZRJKp9eIDQjXTDeG47dk9aNSfaPLAaN9wjN4zXdQIsBVMR +FUMZyKi0lrwXO3d/NJfDXxpi1BKrTwAB2oSNXMVsrQKCAQEAvDZ3LDRm5QDQduFu +ZMXmKBw770ldbliElTuHgVCg85uHfFd766xG1oRMf1Ck/eZ1YE/iA46/UNOvLYAJ +EeapHSdIiYUBjLRkzf8UmDNptgcQ/06SZlazHOyfWCtLxs2gtzSM9KPeCb1VjMOA +fbatkW0E0ZaPehUWY2LRGpPg3UNtfWUybvaxjrBMeZUCoJAs02UFWVP20B7HAKuv +6NtT4vdERyyAAm1cQMyhp7c/r7/zkqcPmfM9l7QhdSofP9S7TOxg/jGB0PQzmQMa +cHIfgjcLylteOH5UN4DTE29kEka3U0KMrDaeyyQQeO+EeOVe9jEZ42qcfbJ9iaRM +VxXTTQKCAQB0J5Ond3wUHAIn+pxn50S/t9RaRtiJjQ3bA4zdckp7uSrhWwahWJ3k +LDmuzdKVuFC7sz2iZccaL+uz6FOoCkqokRGCWyfnhM42Wi+QN7H2/GUqLParvln6 +nvuG0b4tkbwexs3MFGzTEQXNgX1gj6+QNsZC9hYay4zxmxRUWSr3PimGzlDUFekK +t9z9xCz1g8cz5JZThzms8XXfxHmr40tKNAZb1wbMSBYOvhXuOei8zNX5zVKAVysW +WDNdP+ltlfN9DslHo/6W+YGZ87vMG0wMcAVo7XI+oHzJCrBq/lZZ6lc9xUeN+uKg +I0zXpyWIOYFhb7z0pb6K/YBPtHiuKuxD +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter06.req b/test_key/long_chains/ShorterMAXINT16_inter06.req new file mode 100644 index 0000000..da84cbf --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter06.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9S8Ti +vCg1A3udNUewrMyK/kuBJivPOob6wwXIwfKkLEFPIQPM8Be2dx4NRNWrLwkcKv2e +HEbaq6gKh6ITFiE4L7bkGEvVud7EaOWWxYO5K2SDRZ61LKglYMKfPCBt38faVeTo +8Db/VKEqWQwxRoZ4kXFjJo8M3FF4hZbDzEePSOvQOxRAeDw9guAMeMem6473mV21 +mGu8tPoSdnsPqbeCaE49rwe44Pz7Fk4MQhu0hzKm7e3n5nMeQW+jlprKogvputb9 +jwpHuM3N5vqsaIJDPgn4VkD02tfsOTRkrRWkohw3tkZlzduhUiZ4KLt1kl85kmzs +izHb985kO8/coE10OeH/qF0kTzB9+RX0W4U/JUYZzMc+WaRRqPYLVsxCxXfQR0jL +1ksxS6BiEGVK3jzwqjItdEaVTSbLlxictf3UiY6meFF/zTXjc6nBkgMEdqECdmX6 +pCMweDR7mEUxJTYE6Hj5UM2F/mEWCPnBlUxzsEZgfe5ODRgv1N0D0BPDSQeDSdeR +6RzvCD9VUuGdmg6+RYk52Y3OkEXFCj32N7vHLfHecRFrBMzuRZcVC/cvEf2W/xA8 +GUHyoIAy6R3DJ/QduS3VBRgPcjqJpaAkcL8oMdWx8BPfEQPAZpUAA4s2fVoZHNW4 +Jq9ZGOwo0rEdVzdel1JurTiaZcDm+HH8h0u5MwIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBACUqcAXhzY9CIR1FLnpvbh3jZi083KdrSevWoke4IIXgqH+09H20me3n +LUve/ahZ8t1ZreDIKgwH/x44cuIT+/bT57mSfu7W5Bum6PMDTXhqNPM7b3eSlKxi +kIjDZ9qqjYV6SLmTsxvf6zm/h/IQxb0Z7U+8jfRzZWy0HUwZXPm85bKFICpIaqef +cacBeS9w9//HCXf8+JF0O1BasfffADQa9IM4/gDE6cSY3LTeGlOe8yPiQPWKIujm +JMLvYstax+GDi8HVdw6qXpuM+WjwPZdig1rTMMHb7vv2Y7p93RwvUCI1slNoANjA +NnG6H1EePsgfWM22CMy64YOwnCPgctqmADtym3MYLObXy322VCGx0WEvKOOm0Ok1 +01eeCNgQ2ldb7sG7wZAZGXG+C0PIUZQR43+2KucfLyDE2kW/XKIefdIUvORb9pxE +NnhU7PE3vJaQbYFtGsvU3wbaaKQHDPPc4pGk7Q01Devd+qSLxN7voacRU4znPQMY +Q9qUoHA52nOgIqFYctyjxEh5i3lcMFVeKz/r+Svre7sIo1/5Ou8GO3asbjKz5LsD +mePjki0AjU/RhLGGWtQ8fEu9lt60r2KVkbwl59ezZ/leMeYVhLudz1rcqBGApNGN +fp7pdpLvCVDDRQGWymK3vpnf7Bs8MQiRVU7WY3g04Ka3jNBu3wY7 +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter07.cert b/test_key/long_chains/ShorterMAXINT16_inter07.cert new file mode 100644 index 0000000..b354fc5 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter07.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTYgY2VydDAeFw0yMzA0MDUwNzUxMjla +Fw0zMzA0MDIwNzUxMjlaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +26LS411C5H4CKjewY7kg/HrNMzY7c33WQmWoZICdJ2yMtvR91fM9gbhRrDlFdYbh +VJDEnFVh3fo9ul3JW6u3tSrnt3yrEefUIIvHIzA1fwnIdshOZEkPBKvd9P7bgXMB +itjU6n8E0yhdKW8YHzRs2Ra/4Ev3I4QZa9bljP/qRFrtfS01iJo5LhYgKIpMfIGE +Ka7PgamYHQ7UcBXTVW2qg2OtNhbHtFqh347+TLtqlww5JtwP6LmIa9l9ZXtc1zGG +K2f9nU2WFVKqSjA6nzjWgdLUb4r4+Tqiz0ClcAHcAXSxYS4ESgbbVExlTpRD4IOP +OjXpmUFVC9FZwUTBmTElxctY9Lwqs3JDVkdZBVmcfFcAtUHm3tUjBtqniNPzqRDW +SrQGql06NCyyUGc6oAwK6IrRy9yskFBY1xZJVGsYOXlayMXsCmhgKJ+H2iJ9WSn2 +jYn92JmUGHVOedhsOMFuaiJVLkEkfCJrz8Xg4VQwPFLoFrweLgpwvySvrSmP5wlP +K/TXPUcQo/z6zLzyND4aruj9ZoO//nouIgzfBKZAmmEM+5JMqcphyNXAq9RPUN9K +ZncU6iYUA+o5nefsitH4nAKAU2zCbPWEL1Fctn2q3/5NWN/gBsPZxl/mJ9LZKTF4 +0xkWIdg8yGxk+s08yVK+GxF/7kavbfwsnUdrbv9nSTcCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFOjitJzxlBFd078OrdD8k6qj +GbLVMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAS9gWW1mjCHOCIY3DiHAzDPFqf5T0n2Vp+P1vHHEBVT/H3tyYoFMb +Y+m0MPNWr5ZcE/HX/AA6a9Qw7qyoFqSIHpe5dXc0X1sL5JAwKFh5IVE2eU7R/IWv +OOhMb9JVO28nqBvBxrUvaR39atrC2a9L/Xxi8aLuQRUnLZLOuqnqbn9KAd6evR4N +otaZv4gObFjBk3BWIGQjbPdkwoFI8bl2q8MG6hJqjkp0q3bjaCjIc3Ru/oTL2vst +t3R619+S/V/03E0UDjnrKFDdtbCBooKUXoCT8Hhj7sjYQGZ0ApMwSJyxWE89V93I +FZJFoW8XWbnXxoLg/7YGphWhQTtt2z3aZpH4MjXVMxIiPhP4NqFUbwicgngrw3cN +tIa1pPmhoq/H54OnVJ2EyA5MRFD+jmF+zxgg3hDtceP0a+7ljbocoNFS3qhGfR5y +2Pg5CQZij3G86TNqq4sWC8sC9oc0ISfM9JSHAm45HvwnrWQJzdO/EemW3AuSrKEK +LCBgCEg7ncMtf+aTXgqN2cEzaD9TcIXvy+0qu45zWMOPks3WHOzh5H3MX3SojyoS +URrETni8EC5e8r8mk8DxCSREXCA+RZi63Xjd/lGtXL+jClyEFqy8QBqOsM5vTMey +nFG+kJbYPOz8eLN4xcLUzexajYPxbppjQvdYOwEdrKGA15ei4fwL9Hg= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter07.cert.der b/test_key/long_chains/ShorterMAXINT16_inter07.cert.der new file mode 100644 index 0000000..d25dfc6 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter07.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter07.key b/test_key/long_chains/ShorterMAXINT16_inter07.key new file mode 100644 index 0000000..2eae6e7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter07.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDbotLjXULkfgIq +N7BjuSD8es0zNjtzfdZCZahkgJ0nbIy29H3V8z2BuFGsOUV1huFUkMScVWHd+j26 +Xclbq7e1Kue3fKsR59Qgi8cjMDV/Cch2yE5kSQ8Eq930/tuBcwGK2NTqfwTTKF0p +bxgfNGzZFr/gS/cjhBlr1uWM/+pEWu19LTWImjkuFiAoikx8gYQprs+BqZgdDtRw +FdNVbaqDY602Fse0WqHfjv5Mu2qXDDkm3A/ouYhr2X1le1zXMYYrZ/2dTZYVUqpK +MDqfONaB0tRvivj5OqLPQKVwAdwBdLFhLgRKBttUTGVOlEPgg486NemZQVUL0VnB +RMGZMSXFy1j0vCqzckNWR1kFWZx8VwC1Qebe1SMG2qeI0/OpENZKtAaqXTo0LLJQ +ZzqgDAroitHL3KyQUFjXFklUaxg5eVrIxewKaGAon4faIn1ZKfaNif3YmZQYdU55 +2Gw4wW5qIlUuQSR8ImvPxeDhVDA8UugWvB4uCnC/JK+tKY/nCU8r9Nc9RxCj/PrM +vPI0Phqu6P1mg7/+ei4iDN8EpkCaYQz7kkypymHI1cCr1E9Q30pmdxTqJhQD6jmd +5+yK0ficAoBTbMJs9YQvUVy2farf/k1Y3+AGw9nGX+Yn0tkpMXjTGRYh2DzIbGT6 +zTzJUr4bEX/uRq9t/CydR2tu/2dJNwIDAQABAoICAQC8mkxHq60mcsI/KIUSjUWz +KWyOHnLc0OEtMQhyDTNmSENpU/e+wlo9y15u6tsnegSCzrHWoUciC6H4KFMhogpl +ywshuC9ad93jeMQvBlXZ2jfHMGiIm2gHFeLKYBN0TKK1bU8gcqRdAttFGj33hdg2 +bt+jpvf5CpWd0fJaquOrgP1QsYK3499YIO3Kgj/95mXsOU29RTn3MeXgvg003bA/ +lVeHC/a/e9hnFe5vS7zTKk7lfLE4oiFwo1mXzGBD9iYFng3dh2Nqugq7HEEquu8Q +mk+L3SXBNsXZ/ORTk3Ut1tv+3DoYq1yqPdP8rzq+T5qtXOBUlxKFzGcrnHQ2rUqF +wIC8KRaBipTpZNEagJw5ntBUghxOMXfDkzbXjAaVOGp5Mf0u/b1+ReDBHbwYA+/c +f651MXiQSqOY9mn43Tq90NI4V2OASe/qihsNS6OpwC2sfgfVdnDg2OZO6hwE/hjU +pOzV6W2Hqd86w9tcW5HiLVVuQDe7sImdQGrKwcvJsLd32qDcQmnTbHNk5VviPf1t +SxQC4OEl1i7A4o1xhjZLbEBG/O0KY2SL8Bw8fpSjQjemexAX8wOPxrH/oo0tO+LX +wlcvhKLeJ4qdZJwBeM+K8T6xJFSZgOSSU6vij23MeOa00Ri4ZbEmMuTbffRR02ZC +1DW07zy10sEwcySws7RmMQKCAQEA9cOAAu/4FynOGmgVPs3HHNvNbPxICKdYLaSn +s7eKLW26DYsJKBVPTCqCKERKOmF4zt5aF5j6wLP7XDyGPXENoj0+4rX5s3wbOWau +7N3+RgRmfCz2/OwN7p3sZNIVLZ/RcZiw80gwbKEgFZc5OQNgZFOCUg+T3SCeGc21 +dOEqzLWDqbbWIsoXbQ/ptqjgr1X4ZMgc6nGwRTCs5jwOwMqQb9NLAxXB1RG++ps/ +VBgFteQcK8ZDs3dBi+25MoA0fSLLMR+bkSL6KjQ1Ij1Q4hcp+Q0LkM+UAwAbWlco +Ig4Y9i176Rw0BAFTDxkSOSscwsZcrfY/RlBTtim1FJ/QZXScfwKCAQEA5Mi7pY1i +DQiVLqK6C+uIjnVxYVMMm6C6hXYCYRHzc1sqaTwEgajQGbXb6KCP0VNnuJbpI3jv +dxbhBYtYn8BCJUsIHhWJj34/7acv/eX3XXpJBtYekiRs+ZvHR7peHx06+qGloRJy +HWmJVzzCbTNNMdjf60KjSrTwVkWY8JplE7Rji4pqidt30oYUvIIk8gXhLbRRBfBO +yIAAn8u2ymZ82tUUeJ2CoQDMmguyZ7EuzxS+MpXzNLCkwO+535xdpCeOltaBFJ1W +srn8XKtTeyge85uIlM4W2V5fd6wJwFumyfF8pOiYaXUUiSgympx7Jg3++0BQM7nY +KEG7OL6n4kjXSQKCAQEA2XKK1w5/0e7ZPyAMfC8SF4Sbc+ybx5xZNrlS8H5ases+ +DTGRfnesW9XYp8wUaSdI/rBZwjtG0i3tHyUmGULoLz5FX85nCtmqNNWXvFiG3GiU +TRZzykEJ6rCsMmB3AJFBfWL+XaLnxZWij7fnl3xXUy1YR0clKyfq+yW5gZqghdOs +lQMC4HEy3PqRbV5qvngweOteOkkxD2cL9AH7g7U2qtqmqiocAGvdMFsgY0WF9/PG +wSyBRk8kHazOidJJntakNeijen0aHzFmOc9Ku2CHcKaMLyqa6TS0/u/SwJ78kwSX +eB/OHiUV2mvyZcaxgdyEsB8KySnVh33LjF4Cw2Gz/QKCAQEA47gpjo87mV2Bn/m4 +1USLl8CuKgFP+1fwUAc2Nwh3GcsUW8qxcZ1mBTFOwi2O+PvbsZAEXppxQEg1kh8x +B1GGhTg5zDgDxCAV4acXzdCodxLQvU1DAJPhJFI5+Ns39CBUJEPhaIHDtCLn4T1J +CQiXPZZwyup5PlL7JeQAZvxGv2Y97xbHFJCuo41x9nBT9dKEX8mrHA4lXMyL0oIi +XzPD8s1EowmkjD0PagVafnuN6/Dpn9BBU6C/XItAp6IsUshM1TaNJMe3FA6rclHV +tjApHrEhMXwwogudWrCSxDR1v2vudPZPPiibWCn6tIosyaQEuHE7Y0EINom2oLSk +xkdagQKCAQBD/XKE0DKB7Eu8PDa/eX2UVuBpk+zwWHEhZi+AycCDHKtNBc0uFKus +yCiSt5zrOjefaWBb2k5J9lNhhCtk6uK5Y8tJ5x169n72hRTiyM5oGZHvOqD57Gr0 +AAa49NmRnMBo6d+gnJyUO+o8V3JzYC0jcrFNfQb+XcBo4l3Xj7FUrdgC/UHwvUF4 +g7vI3bhJSfdAY5Bih5lztMIo2ylf9PFVSrgWbhnY9cwCaS9G4UxI/6BjKiRmLeKN +7ZoPCTkriZdvl3ZwHxyCriPHpWJ+AnV9JhWEhjR3zO5r+KZpawjWlITpjETvt8V3 +bR2UFB1vbjum10AjEIBPyoKWbxVfYriQ +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter07.req b/test_key/long_chains/ShorterMAXINT16_inter07.req new file mode 100644 index 0000000..0de2370 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter07.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDbotLj +XULkfgIqN7BjuSD8es0zNjtzfdZCZahkgJ0nbIy29H3V8z2BuFGsOUV1huFUkMSc +VWHd+j26Xclbq7e1Kue3fKsR59Qgi8cjMDV/Cch2yE5kSQ8Eq930/tuBcwGK2NTq +fwTTKF0pbxgfNGzZFr/gS/cjhBlr1uWM/+pEWu19LTWImjkuFiAoikx8gYQprs+B +qZgdDtRwFdNVbaqDY602Fse0WqHfjv5Mu2qXDDkm3A/ouYhr2X1le1zXMYYrZ/2d +TZYVUqpKMDqfONaB0tRvivj5OqLPQKVwAdwBdLFhLgRKBttUTGVOlEPgg486NemZ +QVUL0VnBRMGZMSXFy1j0vCqzckNWR1kFWZx8VwC1Qebe1SMG2qeI0/OpENZKtAaq +XTo0LLJQZzqgDAroitHL3KyQUFjXFklUaxg5eVrIxewKaGAon4faIn1ZKfaNif3Y +mZQYdU552Gw4wW5qIlUuQSR8ImvPxeDhVDA8UugWvB4uCnC/JK+tKY/nCU8r9Nc9 +RxCj/PrMvPI0Phqu6P1mg7/+ei4iDN8EpkCaYQz7kkypymHI1cCr1E9Q30pmdxTq +JhQD6jmd5+yK0ficAoBTbMJs9YQvUVy2farf/k1Y3+AGw9nGX+Yn0tkpMXjTGRYh +2DzIbGT6zTzJUr4bEX/uRq9t/CydR2tu/2dJNwIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAF7g0VVe6PitznS9tti4TAci54yNJvZWxzp94GLVN2W/YLMxaud9mpHu +xxEktsuVwNTcl/fEGJuo4mmgcveyx3AHzwiSjsT6fcRS1K6qiSAXXnwWKXbGXvWd +Mzc5Q9kY9nQC3gDK5OL3Cxz1bSuC5VCp8GCAgxo/tLzobkygf+1XG6LKsq2FTbrN +uqx0pnsXFHej4I9NrwU8xOcRoonA1eJ0KfwRVxR5lsdOb8I/NtBLkyq9/JV7kAMA +Gy4PB26V40Knc1FjJECPzVD6He3J9n98sjZ8UuJnegTcaHyBiAVvfow6DMXC/Duo +HH4AqSP4mAihZCsH9GghMPwjgtrTm4qBH0sb5oFd0j4ySAp9P8pq+MnHdOQQhk0P +cVhX7Ka0meyUwhnjAKrtKbhYyu6Tq0A6rAXHu8zniu1Y2fW6kBn4J4JxAkZKx/Kb +stLAg4fIwaUSU89ZKwZjrvrZMaLrAauKoRMipSbN4NyOJaPsck7q/oacfQmbtPMY +kLS4VxFjWkB2ponXy0DB+6B9Ic0gmvcPWAcAsNgPkfgcWwnfy6bvfW+k8DoWzVA2 +38aXW74KOpgGDDyGLyBoKxGRo6IF5JZkpbHA4cy9nKgyTyS4MXGbJg2c1+ZMBsgV +PX5+Njv7Jw/0aKhXrvWMmeexeJov8e3xXcqIMu/Za4LHPnHqsl4o +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter08.cert b/test_key/long_chains/ShorterMAXINT16_inter08.cert new file mode 100644 index 0000000..19c3563 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter08.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTcgY2VydDAeFw0yMzA0MDUwNzUxMjla +Fw0zMzA0MDIwNzUxMjlaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +zSKGlCEbMD93FDJU3o6HWWh3jmTycM2BSR1apgpwUCo7rgNMxBsn35MI20duEib1 +Aw04q42m3xQPsapRSjZQZbJTeOBlrjy2+7Avi9B7k5KDhwJyDtN8RnqaVr8h9AtC +NuVNQuzO2w9XRcATb60UKrUuJ5KmH6QUWEwz7fV4M0bwajz+fVTBkfgmrjevaRLg +EJsCigOrIdXjEXeCj5pzP2k4sNnDQbLzYkmO6O4QMypWNjOmfIlk9Rh7qVOtOKDG ++rFxL/bYyT4Qnt/0tNjautOPc5OttQxF1v251DEXG38uliZnpqf8FZ1ExWUhG7eN +Q6pegSA23yNmt/EqHeX4RyKxJHjqn3dPMSXe1HGSFmbFEJqZc3BPSSvFH0SDhqqj +95Dg+8qJE6N8xXwPSJKPGZg8okStPxGXrwzGujUOVExGx7eiB28DGfCOlsV+ZPv+ +lYVL58Ocs+eQHyJTR/2ma1uNE2e7w1dNHBlOHzLFcgGhuKJ22DGZpjEyraV+F1to +maK/olkkE4A264grzFUpwG+zo3qKQZ3d1yStjt8SWFb9tKkL2l1bq3rl7MH02hAg +Ao813dHm1UOdxgwHzMuZgiHY5pvqQt3FE4nHnBZluEwxSEKLM81IPpZYqBLTyu6t +fQ+2Hji2W41uQ91xblhHcwb5YejU2MxjBNxiGnd3+0sCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFJdB0UWNG88vO3AKcv5PbU2C +woCtMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAa6iGWJ+5cGURiFf8EAQtbP6nUR1rCRwHfkjaY8+Q5ho7t/rZMlnv +bqNedz0hg+hxh1mdmUbMq2nYyPkm63LxN8LEfLbWmgW3U+AnGo00INvXHWQGeWZM +O0cvWDIF8snJPN3E5txM5eDvWIoxegWhYZZOaMdzN7MXwqm+CbTMgNEbKX528vSz +fOfYxbclGHm2TMTeNio5nkILnNxOU3VD+p/LFfFWwUDGXXzS+eVzuoOEVdyLVp6d +vOLbfOgT5oizJHZQ+hDFvKmGMTUKaOYm1sA9HK9W1tfGjRWZ0mosDJGzgYv36iIU +1pOGV8ugksTI8YRCbiPCG5OFrzCwcltEt4vH5rcElPhMJ/lxC9ynQtdqXQb9LQbs +xMbLVg38dW0upv9mpZkqrBnGegE2L3Jl4ohiwITBbexkNtUlVSrYvHWNHWgA55GT +Qh15ayWUwsixZvS9RDAkqQXqzCF13P30RSDHbjXmZxzFTHCURg40Ks3g3t7Q8+EE +RBkBdjwuKmoQBdixmKUaNW6J16SSfu2iWB17PixvII5De3bAgeet1iCNuqqcmqIm +tqBBurYinmBnzVfTI+ZYvTA2935qi2m2kNignEqaQJlL0FX52gnUNbftxzWVLJ1i +B+ANm0xFm+UW+95dAL1k/keud2GozGS04MgxMPAtInvRtY/XoIJrs2c= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter08.cert.der b/test_key/long_chains/ShorterMAXINT16_inter08.cert.der new file mode 100644 index 0000000..6952577 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter08.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter08.key b/test_key/long_chains/ShorterMAXINT16_inter08.key new file mode 100644 index 0000000..e96cc32 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter08.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDNIoaUIRswP3cU +MlTejodZaHeOZPJwzYFJHVqmCnBQKjuuA0zEGyffkwjbR24SJvUDDTirjabfFA+x +qlFKNlBlslN44GWuPLb7sC+L0HuTkoOHAnIO03xGeppWvyH0C0I25U1C7M7bD1dF +wBNvrRQqtS4nkqYfpBRYTDPt9XgzRvBqPP59VMGR+CauN69pEuAQmwKKA6sh1eMR +d4KPmnM/aTiw2cNBsvNiSY7o7hAzKlY2M6Z8iWT1GHupU604oMb6sXEv9tjJPhCe +3/S02Nq6049zk621DEXW/bnUMRcbfy6WJmemp/wVnUTFZSEbt41Dql6BIDbfI2a3 +8Sod5fhHIrEkeOqfd08xJd7UcZIWZsUQmplzcE9JK8UfRIOGqqP3kOD7yokTo3zF +fA9Iko8ZmDyiRK0/EZevDMa6NQ5UTEbHt6IHbwMZ8I6WxX5k+/6VhUvnw5yz55Af +IlNH/aZrW40TZ7vDV00cGU4fMsVyAaG4onbYMZmmMTKtpX4XW2iZor+iWSQTgDbr +iCvMVSnAb7OjeopBnd3XJK2O3xJYVv20qQvaXVureuXswfTaECACjzXd0ebVQ53G +DAfMy5mCIdjmm+pC3cUTicecFmW4TDFIQoszzUg+llioEtPK7q19D7YeOLZbjW5D +3XFuWEdzBvlh6NTYzGME3GIad3f7SwIDAQABAoICAD/icrsLHGaIPVOC4T92b9x+ +Vk14TrCmr47Pn316XsP4gyGMUYn5Uw+jwOxZcIQiscdDhNSYhtGOc9zGyA4uoBcr +1Cce60u6CNqVYhlO0k2BIYkYT+EiJ9/jKtG9MJvKLdLe0pL3IOzD+E/2o5bx9gfe +6QLV/vp3pQZipQGEouyFOTY8zJzHmokVGSbEnNJCWJmTTNUik1c0P0UfTP/f/+hN +oqQhDVgWnQmNEv6jtVPZ6YNzznOWbmSOPWTcdGPgXleQj0l6vMTfmVmBMbpolqX8 +YP6DjWOG8PElj4vvxdyAXUfRqhIS2sT4d4RqHEd/gHUER+461Bvl8IV0i8NH7Wva +6ftm/1jMz/WxWv8gw47BOkoS4fF+xSAOVeDWNujTUchbvQ5XxSD5NWny6baB2BMX ++jnqY4i0VZGxbLd08BH8//Fy7bCvhPrIFi1PgATa9NckWXIgR0lX7fKHisXVslha +K8VzHRZFIymWu4PsW2pHVpus2Z/TU9UW9jI+nX8wX3PLMLTczUPys7WiPKcmia4D +J0FqoOumGegF/ZaIN8bb2Sg+oB8Giy1hXwo3FgYJafh3FBucyFqOyl7BllRSpTzS +XBGwR9D1t6x2QE3QgD65Pf+QulhiW693IRryOxvlB9O720+ML6wVOIz0IFfBnvWg +5wo+ORtye9kHGl4g+0uxAoIBAQD1AOpsgXSjlyRSF3h1FNnXVgCAAL1xaBXY2Akt +fd0sXn+e/nzkO49h8GsuxVwG1sF9yHPmd7b0ehUci+S/XO/0IKotJWQdNMLglAcN +jRIKObvamDnqVTpH0oIbH4sErF5E/2WkgFCGhH+tq6kAuXnx1LnTp2JZ9voumRQe +28sK+knm5Ss2XyRC0Y2Hb6HUWD29iYzHPwz8LUBa5XnrcUWERkuFYFgvfJME01IV +gsRS50woRZcnHwXl6MVHKgDNaImKk4BJtLgSFmNI7SFkQDMxpRFcQYZ5wKnG+lw4 +mxwa/cz/YX/+cAn4mCRbbyMhriyra2VBMWYfvXCjd3aFXx/FAoIBAQDWV4UEeWzm +n8LB9Y+qea4wWIUDiuJJxrqrFAedQlTZ4Ho1Zdf3/rAaCImo4Yyscx7uqaPjEfJH +Oy1Uasll2Dz4rGTMcrV3aesHo2VgultPkX+egLlXau0NpnQYOA+Mh2Iykpmu1K4Q +tY/UJy6gogyMHVUPNtrzdbaJROuSOhG9mJQvSqxZTdfV0jwwHk8jdsS8e9xtedYl +WGk72e+zqBvvFpW4LEcrT2fGhHLPkAxdN+Ldr/KRi2/Zq0zuCycq2XQePw1pshPL +cttTlTd7KGoeLRRFqjfXR3BzWMBb45C/UfU0PX8aP/5iyExz+ELPXKbqFVw9ol+W +2ysTeJw6Oc/PAoIBAQDnF84GOrVB+LYRmIHOLbSsIDqoggouhfbVajB98FJGH3xR +A8nZnTRJNPRkUVPUP4ySkBiCMjknsF9pZaqFtau/oW/i1Xnw8ms+WWGtrnptmrdO +IHfASFOIm06NNttxtQPWIPBGkaFiwGeN8HSgclJLgFMnCKMEKKkietE3qimCWUKL +v21bA7K4M+BC91C1ceYKeUuIRDiDREuHcRvmsBjaA1QIoi+L2vzxeEHceFOlvvVe +pwVDqUdu7Hfn//5xwUC6rRY8b3GP3f4YM1NjtAqVsRUG5+dnwApj3JJP8j44V1yd +JeIMpLFDAn6In/OLOTZ5GfuP2oBxP8aW6X+pnWfhAoIBAQCpqN8GWqLjrgO4CYqt +cuF5LSgkVLOnmCE7t4ALb2zAhRnW2IVprHRyNt3YCqiR/BG48hhibVssHOBVmK1P +6yjf4X1sA0Q2gGVkR2bAeOI8CjxNFzEdy+pVyrLMVNuh7avBwh7Zr0kUutJdKKKU +zZBG/BTPFSmcWkmhQCeDOGnAfFyXTnE7ww0cF+xCXktgE+vIEfa5xR3Hs8KgeHJu +75sk1eiuvoWa96B6F27Vcv0GcG0n8tR7djaTwi8DoVpgZX2vT1NrnWRjvsdy0oL2 +/ld5CU+pkQHgapDNDKw+T9PMTLBdqGvKOGtAf7Fcfl9LydfpI/0+YB9vxo3DPM3U +nNwrAoIBAQDZjYUEI99qdRstWgdWl7tsvFxbzqbWLQzc+I93ziQtABMO57NJggfI +d/ZmWWWeGs8cY+YW4XjiU4XCXPh6Pd8Le/VDiShZN0pUmHYuNBhHDF7UP5GAXTLy +47PJBhORINTgo9qS3yhmSYod1BnYMBWNdXFrA2GgfL+VqCNBZxxXoUU02nALmHLn +dnNaQzXXEMSdSr9ICfzLW8LdN/m0DJ5b6tStDnX/GRnb94cewtmqx5BEmIixrhXC +Yb6qwnkmfr0OxM+9pZpm4E2wMO1tKKVRnFq1ZIPdGkYFLomzBKxhpPgr6d4kzQG+ +28hrZyuzRdg7XrSOnOot+bTGR4LXixOl +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter08.req b/test_key/long_chains/ShorterMAXINT16_inter08.req new file mode 100644 index 0000000..b8e31a3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter08.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDNIoaU +IRswP3cUMlTejodZaHeOZPJwzYFJHVqmCnBQKjuuA0zEGyffkwjbR24SJvUDDTir +jabfFA+xqlFKNlBlslN44GWuPLb7sC+L0HuTkoOHAnIO03xGeppWvyH0C0I25U1C +7M7bD1dFwBNvrRQqtS4nkqYfpBRYTDPt9XgzRvBqPP59VMGR+CauN69pEuAQmwKK +A6sh1eMRd4KPmnM/aTiw2cNBsvNiSY7o7hAzKlY2M6Z8iWT1GHupU604oMb6sXEv +9tjJPhCe3/S02Nq6049zk621DEXW/bnUMRcbfy6WJmemp/wVnUTFZSEbt41Dql6B +IDbfI2a38Sod5fhHIrEkeOqfd08xJd7UcZIWZsUQmplzcE9JK8UfRIOGqqP3kOD7 +yokTo3zFfA9Iko8ZmDyiRK0/EZevDMa6NQ5UTEbHt6IHbwMZ8I6WxX5k+/6VhUvn +w5yz55AfIlNH/aZrW40TZ7vDV00cGU4fMsVyAaG4onbYMZmmMTKtpX4XW2iZor+i +WSQTgDbriCvMVSnAb7OjeopBnd3XJK2O3xJYVv20qQvaXVureuXswfTaECACjzXd +0ebVQ53GDAfMy5mCIdjmm+pC3cUTicecFmW4TDFIQoszzUg+llioEtPK7q19D7Ye +OLZbjW5D3XFuWEdzBvlh6NTYzGME3GIad3f7SwIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAALfBlrBp5FtU5z+3t+Ef6mLy8KlPvG/wDUtR/B5PeH0fHF5Xtw3Mfj9 +nEU1wZDZBwnaj60lZGarK/UDzeNrPIazKrftXZvCK39kbM2F2IqkUV1P4kGZunR3 +LaT7Qf+IWs7Tr9OV9TCGEni4VZ/Yw2CQerkVSPDo4FCiWrpWidMpIZVowhLlmF48 +EVfIm38M6EDNwEnOAntFLoWKf1MLfRQHeN+0uMKJ5ESDewnB5eHfyt8y8UuCrbxL +ZgsJe9ePDfhXfc6j57WmTf0SX4cfYDtjtDsQG0fMgAHkx2CFxqW1Oy1Yq3Y7wEr6 +iUihNatqQzUfllY2TwGnGV30Njpx+ZcqgP3q/mwGZC2Ce+Yz2hxWIdZ/qvauw3Z0 +iXO0v/5AKzVhnwSSrhDEegjO9dky8/jZtiu+R0XRKSf77yw7sgrTJF1ibW+UbdD3 +Z6jF5GxtR63qMoF3qXqjCeynIVN6hhpOoj/HGWSPfs6kyVjaQ9MKbjC3z0lrqrlU +5v7LuZmad7llOgxEC4wBC4o6HpLyPUHx8LDHHMcp3BVsYy+lqVh5+AMq3ZPS50p0 +4XcwEATNeYjbnRrNi3k7sgBOVZyTl32Lc0b/u6WGJfvd3X1VDuhIxBNnaUUl4Y0f +aTFad6H9cswhyR5uIrH8YbaO35Ukn6MqOObD8ZVH/DO0S81rHvgZ +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter09.cert b/test_key/long_chains/ShorterMAXINT16_inter09.cert new file mode 100644 index 0000000..53d3989 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter09.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTggY2VydDAeFw0yMzA0MDUwNzUxMzBa +Fw0zMzA0MDIwNzUxMzBaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +pta0mr1UCWBaj/n0rsrIG/U8mzqZa0tOGxP3VSASEoLzBtgtdq+SNJ8uEoiExVcH +6qhUWm3W6tY1IHGqKnpHmVw/xhaR2/ANHo4RgIVEHfnjwNSusF7zFxkmAFtsyvyw +JavuckC26lVOxcZBywr2ba+LGx8siBw9x2u/YJPzvsPDA/EOO7bwuCpgJ01rd4MS +htA7u42eKR0FAA4O0CXL+s4kirBNEB4m+iGhjqxvvn2vS4//Bb87o6wpjQ89Y1KF +sIxNqUsK8mqy/BovonPu7fDRw3hridJlp/uiDyNpUHoQrolNnG3IUbzG/cab3Ac3 +oOjGSjfGIP4ayRctaqJ9F6T+oAwGBWima7DkSUvETYaMbl6Ka8RIGWXPt3HGsNH8 +TBhLKmBi8sKYrHjIfie50fkVHxkIn5cy9MWgQXAXXya3+LoZAHPwubGVkbPspWOh +8xDEhpv1zf5CtB3GxHethKXbSKKt6gRmEZWXU2eJeoqkSDHSaterCogEcWRM5xGT +VdHE0J8ZJTRaddec2t7CjMFK4vvTfiOk/7V6OwxiW5mD/oaZU9x1lTenMrsxl4A/ +48pcDyNdI7zay5bchH1WCFzHh+xmy4FUGcRgFy4tu5sGrpfecfZZlbHxCQjcxPUW +fteq3Q5zqeNc7oI3BlK/wWPrv3DQjjPLpV54F1lTNIUCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFOu0UpuKdXt8rsa/bfaJegNa +rGl1MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQ0FAAOCAgEAGe0ES9oxUEAOiLsIRnYZT6MUuMV6WzgANVoCB4KlftaECLTOZ5X5 +cb9iSW2/0To13qiacl0quIRETzUBKUKh1Iadpdi3RrKH1apbqBDXQMYoafbqH8Ap +2kyw2bA73U1fuOCKBD+NbvWObkJVG4X+pzKi56k8YOvHSozZSzwhoVZYmxuO2jCK +LdQPohHyiK75RT8qaBbQ44VAOfNzJ3WA2BVFJQH47jn3Ya2aurmnq749dD4iJptS +VEW0VLlpSIxEuvMA+U8P7ORBwzrQvwFqVJdbgwdDuoaUEaQxNnURIbzrITW04D4x +ok+Js3t6Ax2SwwVrAftNIAO7A137gXOAwWToi9COEaGqXOcE+b2lWObHLRBT7LRD +t8DK86wQY9f3Ym8OYKvWeCbdyhhnkVxeBhQGe+OrKNYyyrHiYtp3eUnA0wBhNmDQ +uEPCD7B5m8kpUgml0uvHWFsXfbUMyV8ngLK3+TH/JH3qrZ+2yWD/eiCf+xQ8ryMt +6OsaXJC1EY4BMB+flreIMY/h8/rOB/x+kLQymHBWLBCFMBA73EKorhogDtP93ZWE +Y2q8Q7J7L86djd6uz3Xl5kARSUCsbN0ac63WiFvpSqvQ3AqXD0ArPkvvL7rTgLqv +qaTM52NCyy3BSW4KD6xjJHunbiTsG5Lo/psOlkFqX+b4/fIBZE9WkSA= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter09.cert.der b/test_key/long_chains/ShorterMAXINT16_inter09.cert.der new file mode 100644 index 0000000..326ef06 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter09.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter09.key b/test_key/long_chains/ShorterMAXINT16_inter09.key new file mode 100644 index 0000000..7421a28 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter09.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCm1rSavVQJYFqP ++fSuysgb9TybOplrS04bE/dVIBISgvMG2C12r5I0ny4SiITFVwfqqFRabdbq1jUg +caoqekeZXD/GFpHb8A0ejhGAhUQd+ePA1K6wXvMXGSYAW2zK/LAlq+5yQLbqVU7F +xkHLCvZtr4sbHyyIHD3Ha79gk/O+w8MD8Q47tvC4KmAnTWt3gxKG0Du7jZ4pHQUA +Dg7QJcv6ziSKsE0QHib6IaGOrG++fa9Lj/8FvzujrCmNDz1jUoWwjE2pSwryarL8 +Gi+ic+7t8NHDeGuJ0mWn+6IPI2lQehCuiU2cbchRvMb9xpvcBzeg6MZKN8Yg/hrJ +Fy1qon0XpP6gDAYFaKZrsORJS8RNhoxuXoprxEgZZc+3ccaw0fxMGEsqYGLywpis +eMh+J7nR+RUfGQiflzL0xaBBcBdfJrf4uhkAc/C5sZWRs+ylY6HzEMSGm/XN/kK0 +HcbEd62EpdtIoq3qBGYRlZdTZ4l6iqRIMdJq16sKiARxZEznEZNV0cTQnxklNFp1 +15za3sKMwUri+9N+I6T/tXo7DGJbmYP+hplT3HWVN6cyuzGXgD/jylwPI10jvNrL +ltyEfVYIXMeH7GbLgVQZxGAXLi27mwaul95x9lmVsfEJCNzE9RZ+16rdDnOp41zu +gjcGUr/BY+u/cNCOM8ulXngXWVM0hQIDAQABAoICACmnLQv8/MAiiDmt5ALHqdIh +FfKDXM5GzMdB4twj1587hkVNL3yUNOJiY3RJFSzXn6hcQkMZbTDQLg9dkWhtgvas +61cfR2crtXrNaV026Fy7iLsZ3ks2SWaY5r3sFWtQTwH4vN1VftVeWv5RkxeIMyIL +U6V/0PRiaKIjKnKIPbCA221ef3k1IUA5hCwLzirWVIfH8UHQB46oKhlraRNafGSv +lrvxbCv7+yszvkwKjRN3+Y3Z84eRyOgCEZWgGmlzruD3BmSf0anYLbt3JjFe1GYf +W597rw2Hs82Oq1UwOBjZgNSyfufxGLQfd2bgcQUr4B2SP/9DkXmnNzTBTpty2dvo +KT6jt6gtdZRwTNJXAAxsTGvItOJ8VFuxjuox3yIG0MxtqMaX6zcPlphdpBvNgQLl +bh3RCm0PscvXWdhqKloPHmVzVxcmhqi84xckAufLKNIeemBmJSe9rU0IwMNpRjGg +ybHGF8rknN80SF8/q9yCl3BjjTaRs+lBwfoBzhxEYz2D733YjhZmWHMGIJYyiap+ +zGWdDRpPOUP5qHxeMCZlz8mxO5X6sf//gapbq8mV0/0mDqg/TBAhZ7D4IjDfsh8M +6wiZGUh0tO5he7noW++DIbYMVLZUpaO7Ev9AXQ8yNinhV5h832rPMPWNJ3yLj/eW +eSPzM730E6gT/BAhk+O5AoIBAQDQG4UAqQuCQXkL0LISzdy5fGGcBMrGUanVtXhE +SG3nM6ThQRPAM790rkMVlbinmnbE4WGWsFh18xE/WwZsd1GfaFx6QFUdf4PxmJ2K +HkxQ9C4DG2bZwpnn6aYE2e2R4DzijZAAoFfwrncMeY6oaLwnL8jLhLRirgjTGbZB +/4r2aueSzO3PsIHouMakjMfniNFR9RTbDZtkmmcfXsslkBJGoabhQoBNMbVjTKdr +1cs2M+2xsNx2c0mPMLkhgNgnu/VDIiNmZa3DTzzCbAAxI/vSBT2t+ek4U7L63k8f +QFgdxz+SF+gjqlVAk458lBtTPi2JbbLhVmiZ1IzsqREo2aXzAoIBAQDNO95apwvI +E38N0o5OnFQh0c8IyxwbbTBKr/OgYHES2yCW7jwKRG6vHTMHkWA+3asF38On1DFR +RPcga3kY7E7X4Xwd2tIdTlS0cawspyRgTf8EY/R5O+eItDKVQGL1zFvWRvQPVN6k +akiwXPRXUJ4ejQPn49mVZjoJmuii0REXYRodWEzTql4SGoNBpqVtEsnqdI8NTFOE +gCw1KEQ1GyAE1sWnEk8ooKz01w6nKWXwZtluoYYhyMkZ6/+flYwzAjPoxEERSXhl +OMqB76fmgqHacosSt4af26KuNMRPvko+VTj1YXyXjRkz7DEFBo5zf2aBJGwO7zE2 +robhNMCyBgGnAoIBACRozCpDaRoO7micyKr1jWp+Um2DgR6VZwtWxoXbzi6nIG+w +fQ4hf5ugaWg7W6UnJyRm8jX1AGUSc7AL8uHDNmqXTaat3rZceu8n7lgd2OhI8Evm +3WW34Els3Xj3z9K30q8oaUtSwk//liB+m/Dm8hRBDfZdb1ncbPrSAsslNGDMb1uF +sw2lKfVXbpmXb9oYW9bk9BMnHErLoMMiSJR30lq9KX87rUrUKZIH9TqumvEOwMVX +1hp7LSF6OsmbyzWYct6d+GeP3ojPMigp0RbH3uTtuc7YbG9IZYXyoxEqpr/+/iZH +PHwQ7v1vU3yERQuZU0o6ARPflElloIo/QhtNiPUCggEAXRugELhgG/DcX0T60qcR +dBZfOroKklbC5d9VQ5j9M3S+IDsMegv5uvAgSnqlk1+1SwDtHqKhjSEgjFC1q5zp +V/8v88tmL21t+D7pwYhCdH5uB2vhaW7H57j4icWgH6sKrveZmasDJswhFgHVyBcG +5Q1MjFNOTv0Fr33btKHsgxLGajG5CP3tl4D3sz0LJ6Syfe9LRtktupr7c1JFP2KC +8C8PlHA2AVSDosA+IZAicyH12r7kv0b8FQp/+cI6zJlfO2Ztro4KVMGi/bfgEC+L +hjMY7PDd3oAiGa5OsW6+9/Bp2sjTYV3d5TRuOL10uuk9c7E2ZMAXL5uWDW2FTj5z +WQKCAQAkoYrb9R0JLLNQECbo278B6SkIwADVYWyk25BKCFkKW0aN8GKQ3s83y2tV +9bh314KBoRIPkE7yblx7HSRWFAD5qL1LVbntKINJE6BZnqwcxIKymYNC6ItXs/m7 +7x3VKW6zwkqvQNlXYhnt2lCjL636pSd1gNPgXS+Yr8vpqqMeGPpzWx75Mjlz50J8 +w3XzRsYhcvUTm2jmjE62i4LLkpxJCn7NdvljNyag8cqIn+e39+EvOajuJ1isN2PR +klKbdqxyc9nrq0UwScWk7oQ7XFwoy82Spehylttmb3/1TCwBymB1Vj1Zd/9o6rB2 +8MYFGv3N20VIl3m5cHnvWfPsBeXk +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter09.req b/test_key/long_chains/ShorterMAXINT16_inter09.req new file mode 100644 index 0000000..c73fc84 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter09.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm1rSa +vVQJYFqP+fSuysgb9TybOplrS04bE/dVIBISgvMG2C12r5I0ny4SiITFVwfqqFRa +bdbq1jUgcaoqekeZXD/GFpHb8A0ejhGAhUQd+ePA1K6wXvMXGSYAW2zK/LAlq+5y +QLbqVU7FxkHLCvZtr4sbHyyIHD3Ha79gk/O+w8MD8Q47tvC4KmAnTWt3gxKG0Du7 +jZ4pHQUADg7QJcv6ziSKsE0QHib6IaGOrG++fa9Lj/8FvzujrCmNDz1jUoWwjE2p +SwryarL8Gi+ic+7t8NHDeGuJ0mWn+6IPI2lQehCuiU2cbchRvMb9xpvcBzeg6MZK +N8Yg/hrJFy1qon0XpP6gDAYFaKZrsORJS8RNhoxuXoprxEgZZc+3ccaw0fxMGEsq +YGLywpiseMh+J7nR+RUfGQiflzL0xaBBcBdfJrf4uhkAc/C5sZWRs+ylY6HzEMSG +m/XN/kK0HcbEd62EpdtIoq3qBGYRlZdTZ4l6iqRIMdJq16sKiARxZEznEZNV0cTQ +nxklNFp115za3sKMwUri+9N+I6T/tXo7DGJbmYP+hplT3HWVN6cyuzGXgD/jylwP +I10jvNrLltyEfVYIXMeH7GbLgVQZxGAXLi27mwaul95x9lmVsfEJCNzE9RZ+16rd +DnOp41zugjcGUr/BY+u/cNCOM8ulXngXWVM0hQIDAQABoAAwDQYJKoZIhvcNAQEN +BQADggIBAB+FtuHseZ/Zdvf7zDSGRi9bnUDnD/q3gq9lWCge1hUB/dJP95zI+IVN +rBAwCcQ0HUdEp+xwFG9ggfmC/kFRiQ56p9+Bvn/Gfk/jvIWt785WVH4il8zcNfUV +BueECWv5G/RRRsKIoKiXVCJnR6sw4vWKANa8A50Cjw+gCRA5stHqccy7xp4D23Kn +remD3Y6sne9Y/EZiWKBU0p0+csA9VKEKK0asuwskfXlcXxqAw+sDXkXsIGpRBFGm +TSIwN0DdVkFYVJjk+lmac1IPxlNRNbo82uOZPOTT+Fi1PQ15jOScYjo7Zctl9C2x +dvHGm4ufGnQ0g72m826bXzKzsf6ACG/4YCWv/F8u66gv2Iparm0WKo9R0T/msXzM +7KGSWZkvrHQg9rVSOYqc5kQtLvIVObaY5OPPUHVySigJONiOUpgv6QE80LjC3Z0F +B+D49uBytgKrH+5/TsfO4vJH5y8ndTLpCbMMOmkGjzruPUrXENfpGJp30rTI9TOf +gsyLKORsKiXy8D3KiJf4VEAnXDNkIpdS+oSGKHcKxiYbe8nKJG+SgVqDfwOUbvgF +K/jtg3zJUO/Z72T/7BAuKmpjS48jqdZ+6pHJKH1xjzYk8VUJKNJXB5IsNwYPai4v +suijN8oCkVnjpqcoiA4utj+wLMbIfD4Jl+9dg6TNab0FIQRqPz6s +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter10.cert b/test_key/long_chains/ShorterMAXINT16_inter10.cert new file mode 100644 index 0000000..a0631a4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter10.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNjCCAx6gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTkgY2VydDAeFw0yMzA0MDUwNzUxMzBa +Fw0zMzA0MDIwNzUxMzBaMC8xLTArBgNVBAMMJERNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMTAgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AMCSQyg5W7dfn56W/pXFEoYH2N+bmB4gHeiIJv3kHTzS8F819LdKNkS2vqBL71ry +TYMAF81RyZRPcWkQyA7LfRmcjBUOVhg6m+l2aCD08y0IpDrXC8GUfJcsmHIB+p0N +Px3Qr8X9ZyHoWXEgQ+9I+HYPrsNNF+I1VqmAWMAp8AkmWOio9a9wXTbaQpfvdjc3 +lCIDbkmhBg3rXx0oC/Lb9N9B1U04Uie6H9AY1H6dB9M3hGVeh53IS4NpiCnwU1gp +6D4AZ78pV+Cptm21LBn1N2nfnczpfRRXyH0dXxmhC9II+QkU6zr41Ex+LNSAIqet +n3j1eyAehiEytQzZ/PdKhBht1B5bBanwYlDiMJ2AbW/CeaxA4A+kdyGo5wKeiq6j +YyxawXtcdbeXq8gKftmltAUbVHgADeTQgQQLRTGK/vsD/EGOKGVxhVBLAHcNG5ih +lzZdHfI58EkjMD6aRb2P/OywADpijVdNuiH9l/SNUVu2JfRdUobWiWHOX0SxDw7e +/D7EenDGNDbQwyWzrm0q6HPqcEK4vQwqksTwt4MsQZ5r6KPl0uPoeWryeV2gifwb +xLzsaG7zFq/UZGJOLvHtIlUsto2pZV37agRML/QXr/NSQcVhCERA6rK4xJuiLYvJ +em4CgfLmp7fGGuB2leI05u5LXwmFjpwPi6yZ+w7KB3cXAgMBAAGjXjBcMAwGA1Ud +EwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBSu1oZxImPBObjtQfEKdoLJ +SLdxQTAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN +AQENBQADggIBAEZRoWvCkjYEnikFseAgF9OQQoM9sjf+9E8JeQnrEwpA+h9Xl7rp +t7L9n4nhszbnnzMQnvBq5hnmnB+jnnnQpBPREOVBZAI8Edb4Az2xsiBJR9i17F78 +hm65fHnRhXpstsaMftWrtR8trnLft9SRA5hspgT7jtbIrzVYl/F1PJf9HcWAoCA1 +OTmVOuEKk3pH4fXRDnyjDk5AqOSELqo+hBIFLnXyeqZ9n/IaKA4jhcZ88yg4ITnq +4UfgUseRDHoEmms/6CE21ugbKrkt313HlA5iuP7YQw7SqG4goASjo7LLm0lKu8Jc +E7Z7BSdqhXwkcoXVln632pOsxp8kxIBRhp52cysf+m1X4wlH2j6JllzI9YacM4Pv +jJLlm+ySiHTAdqrQ0OCwe+bRt2+J5O1puLegfuKf3x4lmI5z+QEfFEdkVdncTFpX +JN9ho2EUqwbdGgfljacJFXB1Y7CN85s5Z8Z27ZP2QYu6p/8sl6QyDB7Tt1ERBO6m +OO47PK6Q+u8e+JWHDLMESKbiyPJLwzPNuCWbvZSPPRc3rcCJTLVMzWSxVxFja8qt +np4kkqORpWFZ0FZ4bFFow/YB8OHS9PzN+zBh0khglJvSVRAipB1NeyMDr8eVzPdQ +cS+SrA/uj1p/F5STVGy3TEWqS2n6hsVuffxKZE93FapdaF1J6AFE42Km +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter10.cert.der b/test_key/long_chains/ShorterMAXINT16_inter10.cert.der new file mode 100644 index 0000000..828833a Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter10.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter10.key b/test_key/long_chains/ShorterMAXINT16_inter10.key new file mode 100644 index 0000000..7050b49 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter10.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDAkkMoOVu3X5+e +lv6VxRKGB9jfm5geIB3oiCb95B080vBfNfS3SjZEtr6gS+9a8k2DABfNUcmUT3Fp +EMgOy30ZnIwVDlYYOpvpdmgg9PMtCKQ61wvBlHyXLJhyAfqdDT8d0K/F/Wch6Flx +IEPvSPh2D67DTRfiNVapgFjAKfAJJljoqPWvcF022kKX73Y3N5QiA25JoQYN618d +KAvy2/TfQdVNOFInuh/QGNR+nQfTN4RlXoedyEuDaYgp8FNYKeg+AGe/KVfgqbZt +tSwZ9Tdp353M6X0UV8h9HV8ZoQvSCPkJFOs6+NRMfizUgCKnrZ949XsgHoYhMrUM +2fz3SoQYbdQeWwWp8GJQ4jCdgG1vwnmsQOAPpHchqOcCnoquo2MsWsF7XHW3l6vI +Cn7ZpbQFG1R4AA3k0IEEC0Uxiv77A/xBjihlcYVQSwB3DRuYoZc2XR3yOfBJIzA+ +mkW9j/zssAA6Yo1XTboh/Zf0jVFbtiX0XVKG1olhzl9EsQ8O3vw+xHpwxjQ20MMl +s65tKuhz6nBCuL0MKpLE8LeDLEGea+ij5dLj6Hlq8nldoIn8G8S87Ghu8xav1GRi +Ti7x7SJVLLaNqWVd+2oETC/0F6/zUkHFYQhEQOqyuMSboi2LyXpuAoHy5qe3xhrg +dpXiNObuS18JhY6cD4usmfsOygd3FwIDAQABAoICAQC12uo02EX23ATfPXTadytR +C6QRNtzmxim4aKt55Kx/vixlnYymcxzgszs+Ibe+SUhNyA6yROR6fLN7Ju/mmOBh +CWd4kvtXEjIevUUEqo3jH2AIeQCPJOyrzt9/+sJzAgly3JrB/NYiPUwJ+xBsrpqE +07aUlP9TDk/y7lPh1TjrSx13SegKb7B3lpKA7RDUgFYR8O979ObEylweKq1uAa40 +D/WhYOikv64/VNOHZj/3hVwwZp7nsDkvtr9x65Spk5nQw402B5MHhP3UiN1G/j4A +a76Xvn/ycBvTm6Mtjtqc1QBpRSoHnOjP++/WFdOkSeBp2FkYMfs06q/znQC5f9NR +ohcJjRuTrcyq5jJ4iINt+ww57PPOyyunv7I8q26jGMWgH0tDKuses0FXgZcyNcTB +q6/T3dVYQVg+e45Pnh9Vn0YT5v7L2dBNcJMWePAkAwAiiiIgu4KUr/VIOHHQblx6 ++sGN2TTlM+S356fjdJKczbY7jU4TU+kl0Tp0k6Whw5f/JmlEidxNhHHnZGDqZp4B +zLbXyGHf2YHiBUied5ofUceOn4s4HAukEXGF+QgVqe1NzZRbS/8dBIJ4pgMkoJ2f +1i8YbmTEdJh6zX6TSdA4NkLah0p6e95cE4C2agodS+kN0X0ug7a4rpAqJXFPUbby +DI8SlcuEBqn32y5aHyNtAQKCAQEA7wAkTfg4rmiccNqU4TOXuY5YRjxIEk/UXMVN +aA+T2jGywlkukmCsUk2WeamdLRI2zmm8gkzJMwyF8QfnqT8Ka3JKAkqXXo+/aCjg +wctfwq/14axZ5My8DvZdnj59GvuzfFBWMhbtIxHy/MifB9q7qgjkIWZZvID7YcZw +VuWwWVyPFNMeHT0ZsHJay9xLuXvyXNTbZpl4Y2Q6NJGSJD0Z+V2hy/+6msFX0P5o +RNLkAzufXHHzvpU3vZ4DeZNVrdcEetWVPd64Zb8uihyi/Ww2VTr7IzoV9MWlFiLC +LFPMYWslKsB5ooYzTC5inProeLyx+XQxK0V17+8MpBBMU0AW1wKCAQEAzkS1/ZPr +vP1ZqY9rLeoTePbjqddLhGCnLvQqNy/ahHXYcmFS+gWEheMK3KyvHoE66VTsU53C +EWuXgkhLdct5HDFNmm6MtWb0i1B46uZ53WwBqGt8dpSDuoRAA70Gbmp41KoGA25S +gNnanqE99WsJo6Y6gF1Pw7ipBsiBkQJOylivwCoNmDFl1y293dWX/DBrXvZxbNHq +gxTqOO59iN8WcffzRYWp6ihaFwI6e6XTdxKPV4ziZde5i2GcppRFD9L8fuPYxUe+ +4qQtjG3mbIn/n5K+t4a/JLi9DRMHeGE9zB34Q5hXc6T6XaThO2qPby+fRbXeujUw +AjgCdZse7jbZwQKCAQB3aiG5l2FyuzAXLw+eKfIQM3Alv67e/2YC6E4RxV7BcX14 +n6imWIkhIkUiCr5Oq8AYiDo4/Ha2+/XchW+ZX7csElGqLWzOQZKIT4xlJ+Fz3AlF +taDAsg7whuYlz+EgX0zBuz4mDtBzal93MCJNgVuszH53tbT2e5eetdChimf/bkDL +TeTJBSNVxv1YyHxJdAWXnn71F49QUd7HL0jOtHzK3J6f1+l7s0jWUpb0dE6a0up/ +/SulONc99bqUvynbDwjc+uRzolmN9OUi+sXxS2UmVq7uXfJkd3BRzBIqpcADmM5c +OwlLTDRLRw3ck30d/mIKWqTKkw0nUdCGFOKd4fLHAoIBAQDFAKkUvK99PDfjkz/Z +hWP9t0evUholH67tUHP1a3X35xnH/J4kfxqYSUV5iFBlASZD7kEch2LwAmOdIfE4 +WxKb05b7tTQcmW1clYo3R9MCoIJg2e/wzV2WyXLeXy4CTRyEeLLvmfGgcPG1aejk +OcvmCgB70yM4mmiNOvlMhvi7l8Kb9U4wmpVa06wwcC0Nxyz1cMjaFw81DMe7gkRR +ckhcp2UodEXZh5qruQwkRjfW1Nok00Dz5fqnXZ4hFyFywJ85jeHeYey1R/rc0aYu +6gpD3QLcBA0RRIQDNbZ/ydgc2E7iOGDl6Z7Zy3z2o4rEtaYYDWDhVaU5qUboDjSX +bbnBAoIBAQCbled0bDyuA2JoQqIRLFD8ZFkBjPra/HWhuenbLf4xbdFxsUINZoRX +hpG7Dmo1J088YKZAEI+ZcpLs77PGSpHlc5nUBAVnVa03Mm5UMcK75M5oFDKj/rAW +sKiVPFoCdFUNZMPZmmLmuJuiPIx0JTzf+QZiJpT6g0IIkOd61crBdKEcJhd5WvhA +X4t89W2ux9QfJE1OjyTnB3iG+Y5DFxGE00166/iAu+HViJGxHjOp0yAbah8T/1Hw +svRp68uCluru0Br8unWdO/oMK8BDVhhflSq/JUO0LN+k6jB2uVY9AAgpag0nG6Mf +1Mv/3oqyxDIQrn/5MX84lAjSkQEVKyHR +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter10.req b/test_key/long_chains/ShorterMAXINT16_inter10.req new file mode 100644 index 0000000..cf3026b --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter10.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJJD +KDlbt1+fnpb+lcUShgfY35uYHiAd6Igm/eQdPNLwXzX0t0o2RLa+oEvvWvJNgwAX +zVHJlE9xaRDIDst9GZyMFQ5WGDqb6XZoIPTzLQikOtcLwZR8lyyYcgH6nQ0/HdCv +xf1nIehZcSBD70j4dg+uw00X4jVWqYBYwCnwCSZY6Kj1r3BdNtpCl+92NzeUIgNu +SaEGDetfHSgL8tv030HVTThSJ7of0BjUfp0H0zeEZV6HnchLg2mIKfBTWCnoPgBn +vylX4Km2bbUsGfU3ad+dzOl9FFfIfR1fGaEL0gj5CRTrOvjUTH4s1IAip62fePV7 +IB6GITK1DNn890qEGG3UHlsFqfBiUOIwnYBtb8J5rEDgD6R3IajnAp6KrqNjLFrB +e1x1t5eryAp+2aW0BRtUeAAN5NCBBAtFMYr++wP8QY4oZXGFUEsAdw0bmKGXNl0d +8jnwSSMwPppFvY/87LAAOmKNV026If2X9I1RW7Yl9F1ShtaJYc5fRLEPDt78PsR6 +cMY0NtDDJbOubSroc+pwQri9DCqSxPC3gyxBnmvoo+XS4+h5avJ5XaCJ/BvEvOxo +bvMWr9RkYk4u8e0iVSy2jallXftqBEwv9Bev81JBxWEIREDqsrjEm6Iti8l6bgKB +8uant8Ya4HaV4jTm7ktfCYWOnA+LrJn7DsoHdxcCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQBlQ2Gi2+0OeE6GjbYh0Fjtya/+yF4W4+p9rgBD/Bk/zzVtliY5U7dS +wutirKifp4bd7SwUbx68AXJcm7CwTHTUARia0p4jrZUJpi6gQSSDAB6hHSHV1QO2 +RbocIh0m/C35KvcCLjHdjJfIpkqPy/dODTL8HVnvoEaNYetEECpzKDAyD03gWk7h +iC2snDYVT9agqky8ox9SK15I57rNldPiIi+aRUHs3VOw8pgNybPGc6KCxNIFlkvZ +g5VcalpEgGHrDv+cHA97YO7qj/ksEaXy4yLiMsN+10tdhYwkw1W2naundg+ZtPrE +Cf/RDzEvLTntc4jyl6+Ph2fXk1ZKcp5EyVj/671VFfpXrR9cExeZ5P0vQLOKZ/QG +DR2clhncHBMsELUm22GFGkSNpyI8IrT1bH5xltHfdYC7felieJkv1/OfrzKCbqdV +lzPKZn/VT5PhcQo90u61Ewlxz6XTIgdEU4WBmP0mPVs0Pyxbas/bQmHGvXcvAnQu +8lx9jNIfsFPAlExCKthYFN3fpY2sKFOY3uhOsCSnet8OqzT8WOAVUYHbSvPQdYaE +cczRchcdBU1/vTOCUf028TCxxm1tuQMrYvN5Ur0rbtlS3z3wQSLYDJgE7v/YqKmF +L7mc888fyYDZYE8DeDONqVYbwRoIfpG0hjoBtSI5zrYCf1Sxv7k3Lw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter11.cert b/test_key/long_chains/ShorterMAXINT16_inter11.cert new file mode 100644 index 0000000..7fafe48 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter11.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEwIGNlcnQwHhcNMjMwNDA1MDc1MTMx +WhcNMzMwNDAyMDc1MTMxWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTExIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCuIcrTNDDMERSVK6B67Ch/tZ0HRmqc+NZJek88TIIM7TBIJpNlxL6F5UG/baLu +eurni/D1WW5A5qoYJLsoD5NiDDuk4Dq+xhrES5OZWNB5DWWojCWhxEsN8Pus1Zi2 +X1Hm89vGMs/30kBu/DNT3G0pGYJbC9cATwepQfmg9R4hHNUjQKG5aGMulervTGc2 +f+cpk09bpqS56N4pPU0nsF07Nxk40u8o+qopsyD8EXIHRssWv85Doo0p4cXmHUWX +rgLA4N6dJWWvkCrc0gw58HNAv1YQuoG8MeH9g1whOedSMnxdiQA8FKfz+nd316hM +1V/nzMHk4yo3MS/bj1UG9sfk3Y8vsahvf1aR6Efd/HXvGaKKoCCzg4RTtgiZztIL +5M0TZ560G1t0mjxGvFGlhdlJmPm1MT1gqtW2uLjBtOgPFoDKZKi0R7JBtP85qyAZ +luJ+XFWc/BqnLvxJLS0GNJ5/RrIu7y8OLf/0iLPqbV99GxL53iTVTAOI24RwrXWW +1m65sHGb449DLjxo1bGgUOZwuhMm6HsMju1fuk4EQDRToR3GeKydydVScmFNaobh +yPfgzheyKKQFsD/avMklgdzs5mMdi0EpvZt9jkDPH1+PhC+g76QKXlhcaKzhJfrp +UYbBuzl5g6CixIDff8Ng5BHpOveRetLMx6VfUSXBPJ6mzwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUKwTCPxd5GAy9ZnbB0Y7V +zlq5Jq4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQC1vrd19gv6x+Nav9xQG2r+O49dBCApc3HRJ9yUNAw6L8YJAAmW ++L/k2efaSVZtiXIVBqwTRyrnM8BhXokNQ1RjJoAiP+rCJA2fda5HWhbWyIoSkf3Z +y6sUXoIXDDV1uGiRw5LL8RFCEiw2NLMNtUrPkoIOUdHwVY13YScq0UUbeGWJxCeG +lGWFxyHkKPcgJ/iFZTNuz3GNtg6WseULw7tt/B5am39elnCyo8+aC42jEGLKis7A ++YWiZs94/9gpcmYZcmlmhajC+sXxwKKaq6c71ytcYH7wlZv6ZzXHGH5kWAfLJ3Cb +U5dPPdpMd0jpQVFu+YLp1Po6P8kxdRYcbwdD588ICoZSTK+t18cRNH+5TSinZttb +urWZqGUMCIs0jV01S0eiPURU8Rz5+O9kjOsQpRdkpaVe687YHcvYgCG6o0LjEeKW +6yZbEO1tbpb9euHZmvAE9PWZJ2sFM6HXTiTwzpq11s63SRa/SnX710f3SfxWBtwK +SfKGWCZTueh+m5xuTxAi5MbGBLHFjnmxR/2FKgz2YBt02geynE2UJi1BW7fM4RkL +VXxpf1VrbeUCeMQxM21fFjWiGyFJv87S1HlCOLqIvIKeiC/UMjWpkjVGHFiqjlM/ +Hnb8VKL5fPDuGkCLZdMdDbeAdbHU6/nbfZwucHMZDS9R8Ik5i0uAVhxvRA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter11.cert.der b/test_key/long_chains/ShorterMAXINT16_inter11.cert.der new file mode 100644 index 0000000..3e28558 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter11.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter11.key b/test_key/long_chains/ShorterMAXINT16_inter11.key new file mode 100644 index 0000000..bfe2ac7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter11.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCuIcrTNDDMERSV +K6B67Ch/tZ0HRmqc+NZJek88TIIM7TBIJpNlxL6F5UG/baLueurni/D1WW5A5qoY +JLsoD5NiDDuk4Dq+xhrES5OZWNB5DWWojCWhxEsN8Pus1Zi2X1Hm89vGMs/30kBu +/DNT3G0pGYJbC9cATwepQfmg9R4hHNUjQKG5aGMulervTGc2f+cpk09bpqS56N4p +PU0nsF07Nxk40u8o+qopsyD8EXIHRssWv85Doo0p4cXmHUWXrgLA4N6dJWWvkCrc +0gw58HNAv1YQuoG8MeH9g1whOedSMnxdiQA8FKfz+nd316hM1V/nzMHk4yo3MS/b +j1UG9sfk3Y8vsahvf1aR6Efd/HXvGaKKoCCzg4RTtgiZztIL5M0TZ560G1t0mjxG +vFGlhdlJmPm1MT1gqtW2uLjBtOgPFoDKZKi0R7JBtP85qyAZluJ+XFWc/BqnLvxJ +LS0GNJ5/RrIu7y8OLf/0iLPqbV99GxL53iTVTAOI24RwrXWW1m65sHGb449DLjxo +1bGgUOZwuhMm6HsMju1fuk4EQDRToR3GeKydydVScmFNaobhyPfgzheyKKQFsD/a +vMklgdzs5mMdi0EpvZt9jkDPH1+PhC+g76QKXlhcaKzhJfrpUYbBuzl5g6CixIDf +f8Ng5BHpOveRetLMx6VfUSXBPJ6mzwIDAQABAoICAQCdxdh0DPG5tDAmCGVbeuYm +8HLayJ6Io53k7YElbVzYQYBhnzImH2FRCCvOOpRJ5+025sDoTKNtApJTVdSNs68i +Q1s3REN13yEZgjC13JbnV5AoavMd4zDt7M7cBpxbgXo/++vBZQCx1jqzVKdc8Hen +qYlG3S9tBC442aJIiE9ISUuEqWbfCwnyh7taHqvV4YWdUe+xZwgRukCwtO5Xa6DN +qlqb9eLkClprdfYI7fWXSjlw31EQTxQAQqSAnz0S9YNhJ14MnHnJ3KI5ecfCJ28F +11cvyQ0La1cL0B2FrWU+QKgWR6+CwGR81w+v8iJ3m01ORWPY80qov1RRZ0jvCmKK +J3PLmaUWUrCkDae2Ii02nTarudVp0DtsouMr/k+KtVowtO9ITYSh8kC7MKniqW+Y +R1rWqWnY/k+T2dXA2fOCAji+wTl8b94oWeFPmnUKh4iB5pOB/zYeMaE9aSbq31Im +CuMYZNXCAeaBUTRaDBp8I9CGkyUE6jggzSWvo1W66+qhEF0KzFs0SOGxPQWstFxJ +v+86Tmd0Md4qpg566AALz2TK8WAu6XdOzoxTzqkby0IRF/yp9xh0UbPCsIY4Hn2X +8jvhGTPZU9Kkk+YS0EIrJS0IqjF6gzu3z5jvMmt6ltHdOtfFmVCMuP3oBA178G3k +WGrkkd9BqGYgod01QK1mgQKCAQEA5m45KTI/DXQA8UPW9AGxF+M32iQbqrMrnQO0 +8P6QIn6U/GeF6F1nxmBWKUASf88i0ri6BfQmXUURQ9L8yNkbtevB5h9o8pbjJANi +xXdVEOTHzkRjqvkypg8FdmvDDy7COYJRnCVf0PDB0javMQQZImz/FHl+5Z8T+C13 +s3hkmFngdDDgE3gUeQ8/UVwLMm2H//+6tU/vz/KMzhVoIXCGTxn+XVC+M5WMwCho +4Ac72mVoFmVghQukg2eVxAsFVrJB6FCf24xcpslwxyeygLLqTeADxPaiZ50s8AnP +igSGJnMyZVIvbkYBdtULNCs7ZE/YccJJDxWhiHBDAfyYTxRQ8QKCAQEAwXRPwHPp +vewObbr6qQqCsyyZmIqj/1qcmBSBZElLw0BPRm6rSjwDYdeAaGrfAeQi6oYJwdTd +xDCihNeVFgxP+YhAIo0ZJOEL3BzJuRiCmAQfPDeS8amhwIJrYk4v7QHDGZkumYaJ +9glNwQktOyFcSZNctJ10g0XnJaKw/fd6fctmAnBig07LXBS3kYOaAf8rIshPxfdi +PLOvxti90rycmyXLs6KB0ck62YtUjP7ESANjr+3FUZF3iE+r0ZwzxeFVD+MNn+N9 +Q5sFE1fsUvuCOaNzVYEeRf8H5bC29Kz9J61d22RC0ZKL4O5Wn59AW7nEd61+Gc8x +HJSo8O1KHbpzvwKCAQEA5dKBSElJAc31MqyKswsM6dpBVlw1C+dvVEbiLIp4jy7Y +wXUu5TZjzkM/LB0vVjHtdWWwg0ejC9tbAN5qKJgBP0xIM5CYR3ueR8jotjHyscq8 +TUmAboHktiK9PAL2pSnppRoI80eDbQzzAwpvaN/BgchcELusiLBEZn5SqLkm+5yI +dNpaYpCdOrCuYiL/N+hugDE6sqNrd2decByBovhrvHEcdU2WpjQ+EVk8YFRWqdgC +HHQ38/pMtpKVmNW1GWbovR/MkFhKAD9hMACz1BCeB9WpbMTf7Z+htjbSu8EPW0IB +vXRewgkoZLDPX9TOg5nvMmaoH1dfqIjvDAg2kIiewQKCAQEAlts+vdMmOWZ1MfiX +M27w0Qw8kom6rYxZhPaomC3YGOBzcXcnt/HoqUnF5qdAVFc1KzFvNmnqre1HLtR2 +fAUJ8IrhiJADRZEBEJqaa+7DGAxO10R3IGCptFd/qd9S3D19iN69ShdyShyjN58S +WIQBVZbGukn26899Gwotfz6XlLUiTVCaYc72Ik49gAnh9SCo4KzYGIZ7Yt60ehnW +nRlb/liQ6voUxiVn8PEH9BNPuOB7wltmfd80GWYXlJN8hBjdnk/u9foOWsPuR1FP +Br7+pDfj3o+brfXckK8nXNHxcBlvkYAz4v2merchccRcCatpm/H83d+GasU6oPZJ +z7jwPQKCAQAiMy34PBrJ5wPI5L1AKE1nEtt/Xi/dYWkBeTYq+TKm8mmU9BskiIVA +F5mRKgZXxmS85T0fa9BjkHUR6gbDLNmppMVngk/3ZI2TM9VVxBg5Of9oo1mOULhF +F/DHwR6TdXQJGa6lLF5lPzFrkWYdXQLI5Tr5vJNy9XLPrh0RZKBe5m44HERRNr9y +a1R8UuwVHZ6bA+bbpW+a+KQVlUuRBmJc4mNQVE3wvV72z4hBb46SRVMpQJRRTbdY +GGu16XTz/jgpVFa238+20wSAczWAFOrpl4R2lRLNQaspor8gfLlAWH4NsDWB80H/ +Ci0GNJrUePH/SmOulWA74psI1FxRgUpz +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter11.req b/test_key/long_chains/ShorterMAXINT16_inter11.req new file mode 100644 index 0000000..26dab9a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter11.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAriHK +0zQwzBEUlSugeuwof7WdB0ZqnPjWSXpPPEyCDO0wSCaTZcS+heVBv22i7nrq54vw +9VluQOaqGCS7KA+TYgw7pOA6vsYaxEuTmVjQeQ1lqIwlocRLDfD7rNWYtl9R5vPb +xjLP99JAbvwzU9xtKRmCWwvXAE8HqUH5oPUeIRzVI0ChuWhjLpXq70xnNn/nKZNP +W6akuejeKT1NJ7BdOzcZONLvKPqqKbMg/BFyB0bLFr/OQ6KNKeHF5h1Fl64CwODe +nSVlr5Aq3NIMOfBzQL9WELqBvDHh/YNcITnnUjJ8XYkAPBSn8/p3d9eoTNVf58zB +5OMqNzEv249VBvbH5N2PL7Gob39WkehH3fx17xmiiqAgs4OEU7YImc7SC+TNE2ee +tBtbdJo8RrxRpYXZSZj5tTE9YKrVtri4wbToDxaAymSotEeyQbT/OasgGZbiflxV +nPwapy78SS0tBjSef0ayLu8vDi3/9Iiz6m1ffRsS+d4k1UwDiNuEcK11ltZuubBx +m+OPQy48aNWxoFDmcLoTJuh7DI7tX7pOBEA0U6EdxnisncnVUnJhTWqG4cj34M4X +siikBbA/2rzJJYHc7OZjHYtBKb2bfY5Azx9fj4QvoO+kCl5YXGis4SX66VGGwbs5 +eYOgosSA33/DYOQR6Tr3kXrSzMelX1ElwTyeps8CAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQBsWDU90PwSkYPIF1jkDlwgH4/T6eFioYacTfQm3Kube6AMDR8zXl7T +PvtBeehIDhxNTs5iPvD5UID4RJE/UcpKFHy4yhn6tsM+AVAl4aRY4FADJzi6qC5a +pljrcfaoi9B6IYM/FlFv41oyKhhxa8ywlAtkNfHGf1GhAydr9mUhRLDD/e3vBKBf +eZ9dyeUCYgxflROEqXcv/ly/tGauA4Uz+JO54CBykX2ZEgPP8heyEE0mIc1+39ze +S4Og/ttQkgmihlaagsJueBCR9Y+4FS5sSNCQGWYJEd8JNBTdYC+JHAEAcFIQvnCW +oc/5aWqgX+H+XqTvZQoOAKBNRnHUsM8xAqjFN7GR0/T03WvS+k4KMbpjG2PXfCrK +FVxB+H2Ain7KBwoWZ0sZSG6AN1zhuKAbae7MAzqPsekaVM0NC8iirP/phYqtHCcL +WWCz/B3oewJ1z8l3XFUqq05Rf73fOsfI+1/8eHm+mpxZU5zMKIyo1QF4flNDaVm2 +Mc8oLM99oMix1SHM1zSmnpNxf0uvi+qxpFcXWA2tLDK/wAUvrWzz3SFw0xVGwFck +iRCxHX6ExhX5ZC/drDNKFOtrgOqO7euydmQ2j/gdHOuLcm2iA8Fb4KOC80fxuLf4 +XLC/ZAzxxnoal6xwHWHB8koEShKyCAr46wI2hOTgNXGZtp2kF1cC1Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter12.cert b/test_key/long_chains/ShorterMAXINT16_inter12.cert new file mode 100644 index 0000000..fe517cf --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter12.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTExIGNlcnQwHhcNMjMwNDA1MDc1MTMy +WhcNMzMwNDAyMDc1MTMyWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTEyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDbasvmrw70eKr+WbODdzWNfZm5zw62IOToFCJHQtMWAc+gjJR67fOccyRX9JUE +NrFk6nkhtmSC7g8rg9GuwETfij29a2vTEb+yB34DKYy6lsh4DIotHSVjoGCgxYdb +RGEErV/NRB7W+NmgE/ADNkXZo4/qNpHxNdG9Fs0JVawNZU5I4qB4Aw8ioGQFM3Hk +dMaQOH7B7EduyAu9vNM9IPcoZUv5T7TTrSEpaMLH8mYGKcK7+k3jC60rUlgwgnf/ +X6FV6moLHc2mSKWs93GDCx4VqMCGV2zVze1idXEQ4pI4Ey9LsXTtQGoVWIvWwLdm +K3tf+8WXDjIkC9AM/BpmVypBjRFbyI+Op5Rzv5Evc7fGpoZx+A35anTieOr9hlP6 +kXOZkoMuNGPPHxhZu7kpgY1XmVHIX+Y6o2aywWq+Aqox/gdTyLXh12ViXZnlOGyb ++XoSBUXQjGIrTKTUyzx6+IRytYRSNgtvttLtN3E16hJ2Zew3b1EkDibWoTkP+Mjj +pM/dHwGipXIoU7r1nDAXBXCdDcifJt+mKkCG7+QTEKYX05TG3W3wapOaREEL1mbC +oViwU4C/cppc62CBad3KBNzi2FFjpKAENWk7pkLE9wfYNQfQANj+CntY9uk/xLKq ++l3qx8/Ns46dCXf6NHneM22PZ7B6fvVtrM4dWpnTjWFakQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU98h+HzvGCtud50Cw/Qc0 +NnaftLowIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQAePo9hRpcoRhuHzFZo1G8IvoOzofCYr6brd/yZslqb0ZPVccEW +10WgXhbOGXRQQUzPNxpdi9ikbAA7LG8Ib/C9fX4FMAYIwn0g8tedUd5frkjrZUYB +Npqf/SC8/4Rzl3r9A5WRhmti80yQCc/26ZCSnlj5uLROY42V+CnwHOA9G08PxxFx +E7SmmDqiMuZGIWRQ9MpPIEIH5ZdhNkD+8Jqh1NAhJ12U19acfsNjA4uDtPRGuIyy +H/QrZHM9U/TXK4FTCZtfov3HtR+GiL3QUXEWER79sKZ5yTC5SvStSpUzg0eaWx4Q +GbUpjg6XH8NNo01yN8BDM/eiWLK4xHHtwZvhefPp65l7nNNmba/Gm+ToC4Es7X+7 +QzQeTPZVwc8a2YpSI077jfE5jA2Vor+Nf/3KYWvWWCcvbnwmZpPdkFrw4sUgXF+w +K+spb3l7N+oP9K3+QYrxLjJLF1cDFsFA5uWvkhYvkfVDxBSfwGVVK9vk6Q6Br7rJ +8Gb85+0KZkOYK3rVnMSOvrhKcrhM19lEzW1A6SO09bPWjPiSDrDtaIXxV2LiM5cN +Wff3vrS5Vpuz3Q/qkYIh9tbLXWO23WDn+BMKAb5Xetal0GwdoSF9RmiwzDRIUMk5 +XDJQm9fu0aPtOT9qmbCI6SPR4tLtQLfUI/FGzNUcMKHQXNEmBNfic6q6HA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter12.cert.der b/test_key/long_chains/ShorterMAXINT16_inter12.cert.der new file mode 100644 index 0000000..0a03f47 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter12.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter12.key b/test_key/long_chains/ShorterMAXINT16_inter12.key new file mode 100644 index 0000000..88c0f28 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter12.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDbasvmrw70eKr+ +WbODdzWNfZm5zw62IOToFCJHQtMWAc+gjJR67fOccyRX9JUENrFk6nkhtmSC7g8r +g9GuwETfij29a2vTEb+yB34DKYy6lsh4DIotHSVjoGCgxYdbRGEErV/NRB7W+Nmg +E/ADNkXZo4/qNpHxNdG9Fs0JVawNZU5I4qB4Aw8ioGQFM3HkdMaQOH7B7EduyAu9 +vNM9IPcoZUv5T7TTrSEpaMLH8mYGKcK7+k3jC60rUlgwgnf/X6FV6moLHc2mSKWs +93GDCx4VqMCGV2zVze1idXEQ4pI4Ey9LsXTtQGoVWIvWwLdmK3tf+8WXDjIkC9AM +/BpmVypBjRFbyI+Op5Rzv5Evc7fGpoZx+A35anTieOr9hlP6kXOZkoMuNGPPHxhZ +u7kpgY1XmVHIX+Y6o2aywWq+Aqox/gdTyLXh12ViXZnlOGyb+XoSBUXQjGIrTKTU +yzx6+IRytYRSNgtvttLtN3E16hJ2Zew3b1EkDibWoTkP+MjjpM/dHwGipXIoU7r1 +nDAXBXCdDcifJt+mKkCG7+QTEKYX05TG3W3wapOaREEL1mbCoViwU4C/cppc62CB +ad3KBNzi2FFjpKAENWk7pkLE9wfYNQfQANj+CntY9uk/xLKq+l3qx8/Ns46dCXf6 +NHneM22PZ7B6fvVtrM4dWpnTjWFakQIDAQABAoICAQDIAWqKBcrRB+l+Xo/m51Q2 +fGYTXG2hkQx3jFrOsFgvuEjlpR93is3EL6TSVA09wQkk3yK5m0O1oYDMfqU08OgX +CDFNJ80qogQmKPQxt78jGmz0GSIfC3FYhgluo3/Frufs1oj8V/rwo/fkFihzFRbI +03JM4Z9Yy2E7RrxxpNlngI/CmmoB23ABdUiXARTxVYzmS8knxdQ7ZDhnpOa80v7Y +oLWHNaO0TB1tXKQolIlxVsG+jeRPcQZR9gaTeWoeq7Ip2br+FRWvXItAxnF/LTQo +NCICk1CO995KIJmG9bCpUruK+OCHn27TtFoL0LGcfUhB7wNmtTb5apckLu11mkDV +vUzF5+68f2AYJdys/Qv6jYjkabbTQRjXNIUBS9NXmMPv5nO9BJRp6oR6hvWmjPBg +hnC9cSkOCPruaCMCfr6stXrPWvq0TEmDpj3VEE2q6+uVpt6Zq1Apy/0aPh3XNEFa +9ukVHjXvjNgx340+Z52pupvRuNS4gd+4pEJXC4Fp/Z94YXQJm/UrvokfSSYNg618 ++cJ6LHYhR5m5+AyVVu2ljg30wgHg6e6m6S286pL3fPP7pCSlTwXi6CQaSP3b4N+g +cXSh0Dnj54AF6hegWE1f8nSoAgR0Q9U9kgMJX3f5YAeUL5soPuLv3QHHXAfTdxB0 +jXEzArIss4CM9+u4D/FaAQKCAQEA+HSZCcGI5qbXGFxqDplK8/HMXId7/mVcqbc/ +gTyoL5ExCsKbdMgrKl+wrZi61C5XF69wxZaHucLBPBHx5+utdrMQ0TDyHujOsVgH +TsO8ZxOq7hLErVIGlsmg7XPvx7c2mIBHKTsIXzV2pJNlLz+q1MfIkZHzLp/kdbLP +JEqaHWW4/O5GHTp/pMw4KL/QsP5Alo1LJKRQ3RHkYAbgf0lRDVdvA2SfIxwi7sBZ ++AA3YBch94r7nLj3IWIEjI4oAfApDQiAWdN4iEV9LhE5XUhNE+DT307P/di8P4tl +uIk9BZUUc4rg/Ves2wluO/O/Ub9GO0M+JGpYI0/zPEa1IuqiIQKCAQEA4hR3M25T +TwN6RJ1kqfeLWGcr46rgab3rqlJlVygC4pmToD6L4c2JVOURnn1HqC+qG1ajcdAj +JQw6odnXoyUTdcqcEWGAALHi56zg1JggGPcPM4hj56A178kVVSRGDRKb1UeP9j9W +pcsFgK3auCzAOhRkSYq3QxuuuUCjGfTITRKMqAhVyGL1fXsPFbr0y2KrfXO7TmtA +rFVHCHV1BsaOpY2q89pHK8J9XTjYz/JcRWkqu90toNcidUpoohZmGp2y9FIMd02e +V2mQEVS66AmnC3LrJlVCaFn6kD04xaZfY/IS5ZzQCvoqQHdHVXZ+iM3J7RHKJXo/ +7toliiuKLyqKcQKCAQA5WfDZp6sKUwjjvrFcnVYH6ZDa6wtcNdml837dPjs0f7dq +XHG2C16rcVs/NzopMGk6Nm05rv21i5c/XoUQm/52n+8J2tqI+AR+O2u0aspaoNec +DQkJWR3cQL69ET4QQ+J+YV4LzmyoTZcNdlitB21PoK5Tq/UOlioOYTAfmHjqwEhr +WjUlGhPM3rc38M8jjA0ss4Dc/HEOFss4v12jBDGJet1NUzTIzf3iTtR1wtcFf1F/ +6r0Z+DhTpGSYbVge2mkfcQ7vrTjte9zhfWhYeBASvpspuO+aESWjJXJdnpBPcZI+ ++Zfl4w8roImpnSJUpGp505PMpB+kRxhGmavGW5MBAoIBAFGwE2IB+xgRqZwhQr4n +M7I9lR4uH+gVN5HTM8rKKkC2PSEpeGGeYoDKRBOAMOQUVOKL64K0Mf6w7H6Ot9u7 +Cc0F6F5fXGDj5ZjQXmxyiyZ6HoQARBjtSo/ZmFurP6R5lNT7hojzWduN/+7+4oip +ostZkuL/vDgDSJ6nPEekqrsueKQ+XsCJASrVzB2N7+WNQWmS55ruJfAe4AuuZRqN +o/0tsxdpR04IeEO2xqBccfqihU5cHKCBG3JF8Iigj0QOtxqQivCQmyX6fpPEicRN +uI3qeAzhwZzy5hY4CMth0hXK4gkVIBbXTWz9rEi1CANmWA/Q3bms8mzbZbUHBmcE +eAECggEAVKtiV8V2QcrnolQBT8X5rxMnX8t9k37TkmgdvbLKySWEydLrB0WWCmTV +q3diWo8F0icaY4YxjyDJLTQhP5pN331YPTnmabITkK1HEyOUTjiZGDq09QYYcxIk +jPnV9FR7C147LiffR4YBH75bs6YQoG9bo7UcJjypAvoj1UjAmlpNuZh3v4+Q9I1Z +cJysMPS1PccSi4uheiX3ygxduOhGQ68D7uw13SEwY4mMNEz8vG4LMjSmylTxfEEi +ZT05vNE3Ue/JIHxDRo0wZD6xbdmUWooM46A/79n2qdjHwS8OgXgoMtlsrTonsGjS +pLbEPg2bX7mkbaiNTDxtAICrzk/cvg== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter12.req b/test_key/long_chains/ShorterMAXINT16_inter12.req new file mode 100644 index 0000000..c950ecf --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter12.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA22rL +5q8O9Hiq/lmzg3c1jX2Zuc8OtiDk6BQiR0LTFgHPoIyUeu3znHMkV/SVBDaxZOp5 +IbZkgu4PK4PRrsBE34o9vWtr0xG/sgd+AymMupbIeAyKLR0lY6BgoMWHW0RhBK1f +zUQe1vjZoBPwAzZF2aOP6jaR8TXRvRbNCVWsDWVOSOKgeAMPIqBkBTNx5HTGkDh+ +wexHbsgLvbzTPSD3KGVL+U+0060hKWjCx/JmBinCu/pN4wutK1JYMIJ3/1+hVepq +Cx3NpkilrPdxgwseFajAhlds1c3tYnVxEOKSOBMvS7F07UBqFViL1sC3Zit7X/vF +lw4yJAvQDPwaZlcqQY0RW8iPjqeUc7+RL3O3xqaGcfgN+Wp04njq/YZT+pFzmZKD +LjRjzx8YWbu5KYGNV5lRyF/mOqNmssFqvgKqMf4HU8i14ddlYl2Z5Thsm/l6EgVF +0IxiK0yk1Ms8eviEcrWEUjYLb7bS7TdxNeoSdmXsN29RJA4m1qE5D/jI46TP3R8B +oqVyKFO69ZwwFwVwnQ3InybfpipAhu/kExCmF9OUxt1t8GqTmkRBC9ZmwqFYsFOA +v3KaXOtggWndygTc4thRY6SgBDVpO6ZCxPcH2DUH0ADY/gp7WPbpP8Syqvpd6sfP +zbOOnQl3+jR53jNtj2ewen71bazOHVqZ041hWpECAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQAL73m0bul+JJt0BNh8dys+DwoFGt5KAzn0QOR0EhnsuPAiPtLrDesL +C+EHyt0NcIXmFgZqa1wwUdppH1AU/4JqTQllRdaJDJV7fNdPyyxQlVLnkcq3NoA4 +tIR6ByTEMvZR6PjAi1GWZ4ezA1oGhxZG4a7UhrZfacVb2aKFEnorQGR6npuecZvs +TH0PyBIqtW25kCVDZtzBaqwG57sl7Q1de6PuCR7xwPkQOkwuoBak44H3y7QtTIhR +Vvfl25vtBXiXrTux/fdkdm2HEVEiflZWndI4yCLOrs9+fNCFmOB7GaTOYFIMoNyB +tRca8sCcRJsf4pKQ5L3OoFaSPCy1D/H/ufPoZlKkeAKZ46VdcMbaRi19kLLJE6Ld +wjWU4nr4KfucWuLenhYOK5zhDm61YQ2+iUniedPM3bwahS1uxtc7SfRY6vGPstXg +rSEFAHWdj1fcs2r0iBd4BYeilHQfV7XKCkOOtWANAkUXi65WtIl7IsdsardIGa3U ++f5ACTfCcGHwpcTbmkhxkufUI98rDCAyvxUbQegTZwb6UnwksyuvgMjravblo/V2 +X3sa1oflzclT40aGIzZzsIkSNeGTCszhmd4DVIGdVavbhDEbBhhyW5+WiOO+o+4L +V97VVQX/UeQ+UVEGcntZy+phPqGiBN3zaGVHqfCxaFNEYRAWjNFTnA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter13.cert b/test_key/long_chains/ShorterMAXINT16_inter13.cert new file mode 100644 index 0000000..72c91de --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter13.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEyIGNlcnQwHhcNMjMwNDA1MDc1MTMz +WhcNMzMwNDAyMDc1MTMzWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTEzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDE7wtPSOXgRBrTBEfezQ+7MgX9BggZB9ArFGHXzLTZStqG1AUaxUNvqSWKpyEB +zpg6R2E3aatipaUC9sTUAQ0I/z/V6RiT9Mr2c9YgpSbqlVO0ZgP81sI3ggWg/f8d +z+VMrjkvfUF0j/8gnGQ5EZdajl76XDsfd6eV2Zz30fWVB1f/aB4H445RZc5DRGrm +JGinCPWhx/eN8uNUW6jmFo1VMnbdSeiDdAIEXGdhhB86Lr0RJIjJ2r1zZVWfR6N9 +A+Sycfce6HwuNMfm+X7yAWZYKaL7tcKKsrpTnqiEnSxCjsD6chGnrmSXjNV0krn8 +4ksVK8EmWh2SqnMkKpzKHJprmxg0oNMYAYQEAeb8DGNpHC0wGI4fkSWlpZbxxJij +l3ue2AkkkEa6ESbkmDtuXoQA6gHYsVgR5cNS/+siS4SaSMLHRfLCf+d0v9Om+t7/ +i9F047NDR9w9uAJ0hrsS+XElepUjcbDizWttGhIena9vP//HH4Bru18DelUshe3f +MvEFEltq+9UsFJLL5JmZyTXmxXTrKNBWR6AwvdP7aX9Dgvt7+u/53iZKglMOwof6 +er+HX+wgppHRT/Fk8F6bJRycaM43cfg8J6QcR9O18HoFV0Nj9rwgXle5YqUG0bXs +sTYRsmQ6LuikVXVeKSBMi8zwu6GHErQe+bKqe+IpuHTp2QIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUysP1f7xDEB9/iYSBBkyP +XNG2ORQwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQAPtHYVCJ/idezQsO9YWpfZKBHEZjVSa4lLCG6YRW92+Qa7ty/B +BjusnYtA7ye922qM+T1caFRjWzN2/LFbQaXXoQcOmNc3ojiix4VjNVP6ef/b5akn +gCgxBhPv7DPhjjX3dFDJQsye0JXmfg3X7/3w/79hkkP4bOIPV4upccZ+73/dSM+R +ucxPgiCwTBIgMyWCFzCuL8+vDc3l87ucr+voDqR04Z/l20KFnaUbplvHNgZn6+sB +iEckDLJuDJlPuN2ykSEXnmgmlZdjaWaMYLYfuz4QwOJ/m1673TMAwXQo3sberX5+ +cuTjbxsT/QfHvndr/0DxtyEdU+ArDA9V1pcsqdfcDWOUsxHoD7k8cMIdVFv5HGLf +uA5FiuPvJ7TSSQR1z9/FGjzqxiKHbt67lO4UbiGwnTdbfOFmCHuBesiFQ+qGUOA+ +4vDfQVsFXaOAn+3FhrJlGaBdubie+gMKF/u5P+7AMUwTkt4ZZxSml2Y+zS5zMbfS +pJj9c08JvMg9f1WiQvnEvv7Sp45Ceuh5u71ZZcLq44XhnWvGwKWXYxLTZrAdYpsb +s64JutXe/EpcOyDtFUTFAEXo+nqvEGZO5IK44ZirQivrgrqnmzIB5DOYuCC6V1+N +0ipXUxpGbf0Eb7MX34/n1b0JExG79V8QgbDlyO9lAlkzSu7bReoWf5TiFA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter13.cert.der b/test_key/long_chains/ShorterMAXINT16_inter13.cert.der new file mode 100644 index 0000000..e8cf0aa Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter13.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter13.key b/test_key/long_chains/ShorterMAXINT16_inter13.key new file mode 100644 index 0000000..494b51d --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter13.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDE7wtPSOXgRBrT +BEfezQ+7MgX9BggZB9ArFGHXzLTZStqG1AUaxUNvqSWKpyEBzpg6R2E3aatipaUC +9sTUAQ0I/z/V6RiT9Mr2c9YgpSbqlVO0ZgP81sI3ggWg/f8dz+VMrjkvfUF0j/8g +nGQ5EZdajl76XDsfd6eV2Zz30fWVB1f/aB4H445RZc5DRGrmJGinCPWhx/eN8uNU +W6jmFo1VMnbdSeiDdAIEXGdhhB86Lr0RJIjJ2r1zZVWfR6N9A+Sycfce6HwuNMfm ++X7yAWZYKaL7tcKKsrpTnqiEnSxCjsD6chGnrmSXjNV0krn84ksVK8EmWh2SqnMk +KpzKHJprmxg0oNMYAYQEAeb8DGNpHC0wGI4fkSWlpZbxxJijl3ue2AkkkEa6ESbk +mDtuXoQA6gHYsVgR5cNS/+siS4SaSMLHRfLCf+d0v9Om+t7/i9F047NDR9w9uAJ0 +hrsS+XElepUjcbDizWttGhIena9vP//HH4Bru18DelUshe3fMvEFEltq+9UsFJLL +5JmZyTXmxXTrKNBWR6AwvdP7aX9Dgvt7+u/53iZKglMOwof6er+HX+wgppHRT/Fk +8F6bJRycaM43cfg8J6QcR9O18HoFV0Nj9rwgXle5YqUG0bXssTYRsmQ6LuikVXVe +KSBMi8zwu6GHErQe+bKqe+IpuHTp2QIDAQABAoICAQCSOP/HxdPReiAEsHgAyXe1 +wcXKgnD+zNtXMVIY3oklkjvBwqlroC6bOReD5OZQJirHkvpvH4m+vElScxHgbEtW +c9fdJ681JJyS8515LcdAhNHa76hkUr1wY510VUPYyeVy0yXoyfMQ7l47w4NzEEm2 +VmHVOSg5DColzKeNJptXJVXEcXVi3CZu782ACsvox/3gkHl5vzVjc4Yxu8Ej3njg +WpEBbAA1oqxguo+US3q4Q73kfaEHZ+AlT4eMta+BgqOLj60yiOKzmEMZkAUfAcUR +DxFSHjotq9lHf1WW6fDUFpTZIFtVitpr4IkZflyUlR20wYEvzdeJcAAASZeTRjus +/owhmCw0s/V5ScQkeIAYcBRF23b7KUMzlBIJV+KANic71hiSGxwTpWVySpX6FwXv +gmpJp6fmqVWQSP2LqTs9FWstkEiOBdCu3KKnfUWU5M8atERSH9cYIVorA5ARw8vH +vLNEjWy0Jbz9B299bdOoPB2yF1kDLXrctJDq58Qq3W4zmee5983vPE5AqPS+P60Z +dM/QgzUgs0rmPE53N3YD5hZ7lGOfrwbEjRd8x3sLqgOKKSj7eZ+/TWjKYYCb2P27 +GeRR0IVo7HAz7j+FCXUC9hhgac7yBa3y2VF6EZo6s3gHf+hdQAqlpYWdxDz/9SC6 ++C3bnb7IKd0a9dzidx6YgQKCAQEA6eSw7aIp1DSq55eQ++2iP/TvlbvuKS3L8sfa +4zAeTq33amUAxNiWe6ADJGZJ1cWNJW4lgrSrG0vk2iSIMEl28O2mK+1JwSXIm6a0 +SrJzw45KBmEwY8TzbjTwKyOyTbPk/k6nY1k7nQRzjsnmy+tzVpT4G77xHJ93nVg8 +HGxCcQFIi4aU9y3k6JJu9px/6HIgTOstPAk+M/tJQmzIDgaiH6DMQAN7WRsvwjK7 +6sPu2356EBDqTwOIOlEK81yEkwnpHNC8ywkdVgL8CBOz+nRdeiQ1WSEtpsGuGbFh +3WnTFSMfMYWs7oHeQutkvU7iVfG8GBPSapX3I8DBMEaxHMoDiQKCAQEA14wTUhDR +jpEpEys/lb81ZVNBp21aspIl08v2VPGE1XIOiN/oXo4jEkBhlMkODexUYSxvAbO+ +1KEemZxinEacQthxme8XGeR1iBkf07SmSNlWNP+XcCvkWIK7ScGoWz1UpIQNKdWd +4rAOEzh+dKW9Jo3p2E+SoNIgdxo5VxfCjcukLcHx4IWtMJIQPZgjaey8YCxoJAo6 +jJKwMb3kWt7I0Alxv0CgPRJzbxpn4ZweqTI0cal49nL+DYo2/cltNCcUoA6RaVlU +gHKvqebeStZ9WvB72YkP3qNIb6TS3vJv6Sx5J/dh35ivddIvB8XhyibbTeLcBqi6 +U7R9y2fUGvsP0QKCAQEApzdOnrXe/c2hme0sRFCCPQNZ/kzbWilZs/raLK6MHGgX +iMMpJ5JJE500YeOXSfPwkyAKRUXxRpSdyq9vhkYfeOQOdz0wC5x9rXojT3wBc3/Y +wHLfa5S1DMdgJRdiNFc2kfGdjlOPYRR7oUwLayKr1Oyv7PY33uTLWXxpjVCAt9XZ +DZdsDMOM8hEur7T3ZTGikhtYvaFGDVfL6mdnJ0/qvH3zSJi0qOHc5RPscU0fCWGE +1tOhEFhQHpEuKQqt5YmiVW2ObAHaLVH46bVcaOSkp9wXH9+uiZfSZqAAfZFYzbXM +aVVOaz4BrwonfYhWHGe0t+oD9xu8Ep2OAHupyBFNMQKCAQBDiPoMvoRKPSU3gld7 +3dsnEj0B7nt6c9wyTjeySbIrBn+TV0SBS9ulPlLUwWIL7r5JbBij2eOyz4C89IjZ +Gi6fqx1887KzRCenKugT9wgazy35kROr67SyHtP7uhe77q10loNhVjMP8cWXNB47 +AisPx2s7gUMZ7HyLlMXeie1FbEbWp2vXw0qOa1V3VxHRgIFNSNygXiwWG2flTfAc +oK0esbbYC7GpMPzGFOnzgG0C6l4QNt9VqJX9PA8a2V/D9XK665WYAos9a7GqdFG1 +9Rp1wd+sOwuj4Fkz0drYS/HQh0S2xwX9fuOK8P4XW2LxaddQwgHafEdVLrozXybQ +BVXhAoIBACynNBmLsci/PHei7Tn5tCeoJn7/LMmVzLpdh+EofdKz19t1aJAMQrMR +7iJJgay4FqhntK9/s2t91yJyTTigNAreV6Oi7RgQ2IalNzTaTmylCraOWHVO/4o2 +rItaQE68avNMLUzKY5UM0xT4ZNUmloSxr8PpbRpD//mLBxef1Y+SrMzGNFWn5qY8 +rxcPgb6XDX7xWo92lCPD5KPdpBoPV84DCfySO7cRrwqOzHnavhfGCqE2ZqfqXAIe +cyj8RSn5NTC/XwbeUsgRHorEC7C+wULKbqOZy/KmpFZ22I1GHQSj/9sj1sQokc/s +CKX7ch9Wb/z0s/V5zQV/a5gylric4iw= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter13.req b/test_key/long_chains/ShorterMAXINT16_inter13.req new file mode 100644 index 0000000..b74bec9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter13.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxO8L +T0jl4EQa0wRH3s0PuzIF/QYIGQfQKxRh18y02UrahtQFGsVDb6kliqchAc6YOkdh +N2mrYqWlAvbE1AENCP8/1ekYk/TK9nPWIKUm6pVTtGYD/NbCN4IFoP3/Hc/lTK45 +L31BdI//IJxkORGXWo5e+lw7H3enldmc99H1lQdX/2geB+OOUWXOQ0Rq5iRopwj1 +ocf3jfLjVFuo5haNVTJ23Unog3QCBFxnYYQfOi69ESSIydq9c2VVn0ejfQPksnH3 +Huh8LjTH5vl+8gFmWCmi+7XCirK6U56ohJ0sQo7A+nIRp65kl4zVdJK5/OJLFSvB +JlodkqpzJCqcyhyaa5sYNKDTGAGEBAHm/AxjaRwtMBiOH5ElpaWW8cSYo5d7ntgJ +JJBGuhEm5Jg7bl6EAOoB2LFYEeXDUv/rIkuEmkjCx0Xywn/ndL/Tpvre/4vRdOOz +Q0fcPbgCdIa7EvlxJXqVI3Gw4s1rbRoSHp2vbz//xx+Aa7tfA3pVLIXt3zLxBRJb +avvVLBSSy+SZmck15sV06yjQVkegML3T+2l/Q4L7e/rv+d4mSoJTDsKH+nq/h1/s +IKaR0U/xZPBemyUcnGjON3H4PCekHEfTtfB6BVdDY/a8IF5XuWKlBtG17LE2EbJk +Oi7opFV1XikgTIvM8LuhhxK0HvmyqnviKbh06dkCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCAgYfkBvW32zn8BPJcJuJLLFNGU+gkCYuHK9ZToMcQ5AF3Tu6ogCQB +3ux+xbGfC5Q6QAXUCCzleUDtI3//d2SUcxLZxaWa4q6Xg7Wxd5Mt8nr1paYWCY0/ +77iAbuOFCD79EQACz1YYZU9+cAfr/uyjwpChbw0CU97DwZNBFTj2G9gqg9LoDi30 +WpUj8w49Wr9eR8/v4MEPuqHTNhZWyTgCY1szDbsCd8GNt1p2y4aoMa6QWgKgeSPh +BtCSvk9T39xdvhNPFAibF1Lq3e9kc7WtLR7Cgc4ERN8t7iy+0Pp/P84fgzK5brxg +OSc3xDvc5mFjfhV20/0IkK6Z+T2yTmmeSCS09ZF4ZB01sFVpIXWqIBXiptVgdiZd +sQGvMDjUOTlZHWYp4DPHz2KoM2+vBmPlB97S9gfICJpH11WqMgQ93k9pIYQue6HF +IP/juQH0Vecox4YJb7mherqM3F6UlGTvROnuDdq9UsDtjoS2MWL0WDYfMTT4cvkG +vKQL96ExQgtjmnDlQx0rbdBpGa06Citf6b1eh6GRUOwUTjnCS22yoBCUSwrSJaJG +ECXVRmoA/hl0a7Ms19zug3q1Z4c50PvYwy8bw2ntvYLQu1pvdjsYMl2kD8QySzUv +jgeWD2rNPKW+0xDh9Du9V/ENAD6At9zwKEqhSYTV5HmFFeCjIzng5Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter14.cert b/test_key/long_chains/ShorterMAXINT16_inter14.cert new file mode 100644 index 0000000..7512965 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter14.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEzIGNlcnQwHhcNMjMwNDA1MDc1MTMz +WhcNMzMwNDAyMDc1MTMzWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDIxpWcjAco93wV87VAQXCtOtorr+BURHkGhp0K8OMyg2ShRQYyM2zOwFeFqZfG +H3yW8w3XvQutS2KKVwT5hdKEpfINyRsEpqyS/OfOj6CmCiiPUsWzDXXDYQLG1gfW +Ff9VUSeE5k6QABDIRe6H5a2FX6XPIL00gLl+diutDG7GnVuGFjidgaRk0EQ3vyBS +rbkPCuetBiWOs8ziGRcu3w0QuyPl6HzYzg54gYx9+t/u+Z3vg/FEyD13Oxar7Su0 +gs5ZNs17ekH0N7XBMnjwlEiLDp2cUHlbdIqnfUQfIQ6ZgCVeXipIBTbLXsmP7LnL +pQFVPPA4skBk5Z61icSogzR3JpRILtsh9ZNT1/1aQqmXiQnjDtplSpkg5cR3jGmQ +EvR8XUtkxK98i3IW5SZPPZfqrmaA5zLuFaG5FyUXE1VGy5PSPBtzYpNH5BGd3WqM +KQrLBXj5T4/WRGyZKt2S7zNhP5yuoDdOEN3xtRZ9w9zewMD7xHKqJtWKh9DdekL9 +a0HDpewzr+/7wRyLKIBdoIiKZyJHKcijDtj9QsIduSnMQMj4PoGnyrMXOcwoxZpp +ZZLnh5JsMNevkBrkEc7zirpLBj88eUndlzW4HYa06Q8xO26P7YViFfyChKoqpaBJ +/KM9+0MeuraHbHYitBbNelI5eaLPuHd37hxxf3mI1leAfwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUjV5PwvtLsiH+wFAgGdhI +JU2pctIwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQB5S1ABT6mzEOOKiQY2D9qMzV9OJVqIX6AdHZngPvpu0Kus8MQx +prUdb0n6upN1jACpPNHxbXciauFhNMb3zN8sceyur1KOxpbniv3XUQTNHvOji8vT +MK1qyFxF4towyFRJawJM669hZthjdij3S/aPhe/EsL1zO36I4Ref7lDdk2S5M2gz +7Ne2pmkDBmtPLmfRa7KHdzGkHEDt0DgorkG1cG+CBeuzuISM6W2IdLPpW+C7sAjl +V94Xay7eDeZpXWEYGha30M0c9b9qMoznO8x/RJcRoxa1iWJD+Xe7As04Ql7wF3YV +UTekZFumjOjP6j4q7MFjlcYbXRPfCQAW/HjUeKWHy1gBn9YskkRMtsvoNQlH/E0o +zXwJf4WH+U9L2zqzxPyRFyVOPSDKCYI81aQndlGDNFx2GsnwUUlO375SUE5NhoU0 +BD1/r32c8K9GtR6zF7QdpT63I5asVPzYMmUM6MksM+zH6X1JUcc8Zfc6BUGs7UkI +TJi0yXq+jt+WBspP35aKV4HRKrRS1jWVHvNaciMo2BiWYvb9r2vw3V7FyKzprRy9 +ByY/xeI43pTUB0CLAEk7qWDsbTLowRp9sYSb1lc9JEMei5p2QCsD02TEenVFY3jj +YDGyMLvNHBPWQ4UI2p2ddEQN/MUgJESiWRw0se/SL+j3msEMI7AmJVFCew== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter14.cert.der b/test_key/long_chains/ShorterMAXINT16_inter14.cert.der new file mode 100644 index 0000000..51b7c56 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter14.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter14.key b/test_key/long_chains/ShorterMAXINT16_inter14.key new file mode 100644 index 0000000..a15bac1 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter14.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDIxpWcjAco93wV +87VAQXCtOtorr+BURHkGhp0K8OMyg2ShRQYyM2zOwFeFqZfGH3yW8w3XvQutS2KK +VwT5hdKEpfINyRsEpqyS/OfOj6CmCiiPUsWzDXXDYQLG1gfWFf9VUSeE5k6QABDI +Re6H5a2FX6XPIL00gLl+diutDG7GnVuGFjidgaRk0EQ3vyBSrbkPCuetBiWOs8zi +GRcu3w0QuyPl6HzYzg54gYx9+t/u+Z3vg/FEyD13Oxar7Su0gs5ZNs17ekH0N7XB +MnjwlEiLDp2cUHlbdIqnfUQfIQ6ZgCVeXipIBTbLXsmP7LnLpQFVPPA4skBk5Z61 +icSogzR3JpRILtsh9ZNT1/1aQqmXiQnjDtplSpkg5cR3jGmQEvR8XUtkxK98i3IW +5SZPPZfqrmaA5zLuFaG5FyUXE1VGy5PSPBtzYpNH5BGd3WqMKQrLBXj5T4/WRGyZ +Kt2S7zNhP5yuoDdOEN3xtRZ9w9zewMD7xHKqJtWKh9DdekL9a0HDpewzr+/7wRyL +KIBdoIiKZyJHKcijDtj9QsIduSnMQMj4PoGnyrMXOcwoxZppZZLnh5JsMNevkBrk +Ec7zirpLBj88eUndlzW4HYa06Q8xO26P7YViFfyChKoqpaBJ/KM9+0MeuraHbHYi +tBbNelI5eaLPuHd37hxxf3mI1leAfwIDAQABAoICAArtfBEkMfOR3MgZFqFjrm1P +SbadAPm1LF0lkICa8dK7AgwhBKBQ2jg6kcjtnRwkdJSGsBcw6+THuJpM+DFYjke3 +/H+xlW3gYH4zk65TdOv0m5aJa8c+EU3MBumplo2ZbudG3n7GRjpiNoef/saYwqQC +u7SVVJb59p6icegeSB05TVTz+qrf9oGiMERUe77kQ7FE560sK3kj4h/gO7nKXByw +AtktmTX3qSP38RyePff00BrMNKKIv4ewyKAc7YcKo46JhA+XbOWM7rCQPbLibzxa +VEvAuYo3wqAxGjcThobmSaJkP6rh1cSl6RSTTt19op/wDCcZ1JVpRgUddX2yfnVw +/nFR8/jadbLr3/YxzDNh13vnnMgCmoFanjwyfRLiHOjA0co4GEy6Q0jv9J8NPr20 +meXzcq5PtfQRRxt41KB3kqqPjXULv4ES+mgqVfUsCQ+p3puMFo+5LSmoYk9drYIj +/T6LtdIuqZ8qABAEGhkuuWAMBWc+7IYHvUI7mkMDK+4WrrvpyvWcVfLUI00HF7fG +zsNhz1hINWxBeWhhUp+zEMe+Wlz/FAyVE7h1vdVStPmwS7mUEqrUe/IsnR9mV99e +ckvNn/C4cs4CPo7v/dOM2MY8jI6rfflC/iziqJ4MboEzPmZJ2jTQuh2Mjh3B+liJ +KQn+7wy5KVd6vTvVcC1JAoIBAQDz3w263qBnvscCpeZA72/Jfh3avTdm/cRiRsC+ +PNgfgXij6e2I1kQ1YmzUE4+J1KbjkJYhS+4Wog2RY/O+fa6xpB7b0CNBqWhMVP5U +/ySMsPS92mRNYl5slsIJTZSO821Jl1r+KtHMawWVlUVawwsFh+e6V6xR2nFS8NqL +K0jzfG+C7knBo3MskfNiECAlU9zvaKnl285/QrViT1ZGzT70kED1G87f5pIkR46y +FFSlM54CfZ+MFBLMTfPReRBKB1mM6e10YEjqDjRePjAQCJa9IJq2bjrSjtCh35BJ +EFvT9wEV4PVaPa50ycUoWN0Lj0en7xWk5rBQlDrDi+c+IPHNAoIBAQDSwteG6ZKt +Apk1Th5Ck/YUvtD3feERkuVL5kt1cuHHZePzMAOfSHmIqE13qa2yoRs34ZNnxJFx +mERNVNtHoSwAvGBS30H5sC8UAZU3dI4B9YaMpEsuF6n06PFb/BiAMi+1eQ07Gw/u +6hJCcKP6/8En6bfcEbbUNTwRQcNI6XELsNsXF0b6OMShNFCS+ISBG+07izzpA25S +dgXtrZF+67q/81Q8ZmV7H4JZB+aMgVb0mT+GRYog1cbh40h8rAJwVYVLkZOi0pcE +UOR8//KLB6QiRfxMD9E1dYkNP07fXGvSp2JORER8yQmPU37ezX2Yc6y9tYKHeB2m +tr7yIml+qZ97AoIBAQCvwZGjm87+9f93aRkIs4ddMAdUHgpPr5RZP6SpdjBMhILt +nyoR9Fo0HztPnMlWDGw6lXmdhZuRtDkTD3YbU3kTjbSvttGyAOWqHZcuqrMssluw +eDTRkJN8ryooikEGxWl+IBb0Fugc6wSbSXkycF8BHXFkWstWMph5rhvTMN7inEvB +kPqXE7Vt6cH+aqDARjB0WnoXrtKj5O/UallDragxmcU24VO3CfVJMEknDn/yj8DR +CrhxvAXQOF4AGcAjmihv5ie8N6hVBue3BBqfc5EvvM/Dqq26EjNKdlUGU0Pa/6lI +m1g4MTwJ72CoM2Mbcaey4Bw5PAjWCf5P8AQ4QoYBAoIBAFYrmYkseG7KMC/OJ6sa +6bLjrXZy/hF8WMmmd9WmSc+HxiJI0EJQlHgeL8YsFruBCSrYzLbRdJHYKpzfg+QO +bnpCirN3Wncm5KiuWP7aZbFBXGimR6KpxDBBCWWNdcr8Oetded5fmy0YgKyvdywJ +Y0TZVvXgPDsZJNz9YUWvRCv+fCU9vCRUD3jFdegROcO70kvVCutOHs4SOSxLGcCl +yq3uY9NqHjWv1VBnXYi23QGWopVYWzg/j1gN4DYw8bJSFPSnqZAZv+rg0/qTfuv/ +DMmCibvjf6r2yjkjWDEUjXUMQLI1UTcfzwvNnIKly6MIMGlEDAEtSBpAf2NqVG2Y +Fn8CggEBAMUhiE/YkZcqf6UHZXmLl0uLWpDO+/FdVVMQtbb3xWucz4YezCs9LdWU +PepE2S2H8dyiK0BtCo9ejqOSyuri8UQVxD9NDOikG1UlbtkJ86noY+bKn8TDCr/F +k4/rhkmDcwbprF81KvRo6ZSHTuYFZ2MsQgTr2yzLuftKD39M9rUYthJk+TAw9KVQ +HQBQ3jd8a6LBXqqIwTw+2gLFqR9wN9m5EMUV4pOF7qpPEuYUWS3aJ07Vi6bKF0JQ +SLgLWooyDJx3LgnE+EaNFIiwGziQ5g+QW/BtNsTnVIEVSbZ2XevNuF5VQdaPHJM/ +HSHot0eyrXEzOsW6hi5KSzSyQ/v1h2c= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter14.req b/test_key/long_chains/ShorterMAXINT16_inter14.req new file mode 100644 index 0000000..20e03f0 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter14.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyMaV +nIwHKPd8FfO1QEFwrTraK6/gVER5BoadCvDjMoNkoUUGMjNszsBXhamXxh98lvMN +170LrUtiilcE+YXShKXyDckbBKaskvznzo+gpgooj1LFsw11w2ECxtYH1hX/VVEn +hOZOkAAQyEXuh+WthV+lzyC9NIC5fnYrrQxuxp1bhhY4nYGkZNBEN78gUq25Dwrn +rQYljrPM4hkXLt8NELsj5eh82M4OeIGMffrf7vmd74PxRMg9dzsWq+0rtILOWTbN +e3pB9De1wTJ48JRIiw6dnFB5W3SKp31EHyEOmYAlXl4qSAU2y17Jj+y5y6UBVTzw +OLJAZOWetYnEqIM0dyaUSC7bIfWTU9f9WkKpl4kJ4w7aZUqZIOXEd4xpkBL0fF1L +ZMSvfItyFuUmTz2X6q5mgOcy7hWhuRclFxNVRsuT0jwbc2KTR+QRnd1qjCkKywV4 ++U+P1kRsmSrdku8zYT+crqA3ThDd8bUWfcPc3sDA+8RyqibViofQ3XpC/WtBw6Xs +M6/v+8EciyiAXaCIimciRynIow7Y/ULCHbkpzEDI+D6Bp8qzFznMKMWaaWWS54eS +bDDXr5Aa5BHO84q6SwY/PHlJ3Zc1uB2GtOkPMTtuj+2FYhX8goSqKqWgSfyjPftD +Hrq2h2x2IrQWzXpSOXmiz7h3d+4ccX95iNZXgH8CAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQB9jO8mEybQe1IRJoiiWM1qDW5YCa1aC9ZSgA6IRO1VTeT29hSUDP/e +iCoJ9R2x03fbgKXUKKzMRPeWOxqbcAG4lPCHDU+mRlRKW7yieQkRYg1YSVKALtWf +m1uzFrY3d5HAuUS7exaZxtm0IesqeYHpX1jxnWdyobEBCZxxvDy/HxltBAqExE3j +dd3AyvHjhwsGluGlYtFbMESiXd95IG6taQTgNs0ARiVeZts6cIPSRWU5YbZB4zVl +0v0/MVrkTrvCv/FiADilIDJlxsJOEvJr3X74dy+u/3TevcJcgYZkHWd5G3V/cGvx +/j9YRn1SyS8TFqC7Ik0D+YftZ5XG6C4FbqG4t1Xxxd3AuPC++P0fAma+rG9rfn9/ +J1+VQ0F/rFnXv1COzM+YJWC9kPZ8alNWEfLFZc2YfgV11MORJehnteLXnRUSCBf+ +VZLJ8jRH22XT7nf7TEsaKZYXNhlbO7gAAuMob2xa5Dce8kGxleAAsqAioTz97r4E +lR1GLDfKSHBpgIFnuxkmVq8tffEEQMsdd01jcnlrOPlS4XWSdSP7DI5nWOpImFNE +sU4ypD/+mEOhpgBn/Bi48acfICB20FFQOrxDmZsv4hnvwee8gEpjC37MfRvOHFp6 +yF1hOZl81y1Joxn69Vdj6Ojw6mUblftK/bbsa1Gsiy7690mZkfj3rw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter15.cert b/test_key/long_chains/ShorterMAXINT16_inter15.cert new file mode 100644 index 0000000..03dbe93 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter15.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE0IGNlcnQwHhcNMjMwNDA1MDc1MTM0 +WhcNMzMwNDAyMDc1MTM0WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDA9IBQNi7pvpWUvzF7eAKWiign61jogGR2S2rQZ1b+hDA3t2otjErSsBRMLiyW +nPXGVqsbOdJ4p0IgyUbO8SRNu0U1A0OpED65j5x0hYMAw35ognnXu2w5BKfqtW1C +BCOADv5yQR+dwcRlJHuvSSgItfymtbNZmvTKDVYc0oKpP8fXDEGtBNHbzJc77wdu +WOPg6jklsHE7XdHinQKE0z4WkoaTeqUKrk494fGZOcwk9tetllOYQ4X0eHKFNFkd +/QQeDuwVf4LSuNMwhVHOgceltvcnpvsBGc3X4akT7WWxh3PA0/YjYFGNzToNx8oo +h9IXsYroKPj5g1D4S0gWloVcr2MxKiIj6rfRPwTVDdc7rbHJUD30UQCbwl29tr9d +4oD+LD4gsKiNzOLO4X7zKf4enBeIf2blmD/OkbndTSbhNI+1mY4In9eHmXGgw7Hi +rKteu/1lRxt0yL0ScsiaLdNIT1fe+8gRsFBhFTTy1+9UeQwT2BYbhCmrw4RPgyPx +07+utjG0NHiW+MmpMbShQBAYPvarGqXYsiBVR93L1i8hNQUHaTbLiOGpHDlrK7iK +0Gv7xNLIJeHu83qfs0POQWNyRPkNzSujjyWSlnkIqH+oFM7Hcx4eo8gBlmOC7ar1 +t1D1T9uLyo01yzXNepJCyIkT0C3yjuVvRsolIvm7iCmf7wIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUoJ/4ph+VtxM7T8ahxXgn +6ZD/2cYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQBm5w+L7HexIfBNNrw37rWdCBKaCer7RcYCkaIyHvzF+cji7e6l ++QK26T6mkSE+h6s49LugRJQquqpzYQmW6JjBgIwx9Dq0QFN+5anseMof3I1wUSw6 +aU0WS7umj1nhyhzyIP77lU1tygoxpjn1xEpcegRAsdf5QraD51nWQFErtJyvbSGn +nodG3vNdYdzkeqo78hADx06QdKtu5LjvkFOxcCGD4NOrSSiatx8Df/2e/QBd1PM9 +fsGarMBzrvl7vQ1z9oU1PgwszXhZLOJhOvxDX2fwaWKRAnCbqBi2J1gh850HWN7a +qFDplnH/iKTgBNZ1tMX58gj8E31VlLwG3TQfbkIXGj89Y0RajxX5GibIxSjLGPgl +jEIdxetflqu6VcohYOiS/PTKgln5J50/1uA4VEOqnfQbOSF1bJPJHAOgxXfks8RM +EbytUpt2a9LpaegXKVvchHjSqURSqw02Jn3Gbe7BetH6bHWxXAl3nz2wm5JBJQEr +tOlfgVE+8bYGm4JGRof3Yqo8hEwP6/o1oFXO0anADupxAjfo6f9IQNRUBixgMHJG +WtRvULMqs3cPiSK5lw35Ij+bvT4+3D8Bd2mY5NeoBtXSEQ7/YsnZK9DS2Df29Fh4 +RQFq8pdnFJzOhrf6a4gpXPXPDp5AHBk5zZTVyGb+f22EMxLjMt3ikLx4ww== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter15.cert.der b/test_key/long_chains/ShorterMAXINT16_inter15.cert.der new file mode 100644 index 0000000..c5f22cc Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter15.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter15.key b/test_key/long_chains/ShorterMAXINT16_inter15.key new file mode 100644 index 0000000..76576f4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter15.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDA9IBQNi7pvpWU +vzF7eAKWiign61jogGR2S2rQZ1b+hDA3t2otjErSsBRMLiyWnPXGVqsbOdJ4p0Ig +yUbO8SRNu0U1A0OpED65j5x0hYMAw35ognnXu2w5BKfqtW1CBCOADv5yQR+dwcRl +JHuvSSgItfymtbNZmvTKDVYc0oKpP8fXDEGtBNHbzJc77wduWOPg6jklsHE7XdHi +nQKE0z4WkoaTeqUKrk494fGZOcwk9tetllOYQ4X0eHKFNFkd/QQeDuwVf4LSuNMw +hVHOgceltvcnpvsBGc3X4akT7WWxh3PA0/YjYFGNzToNx8ooh9IXsYroKPj5g1D4 +S0gWloVcr2MxKiIj6rfRPwTVDdc7rbHJUD30UQCbwl29tr9d4oD+LD4gsKiNzOLO +4X7zKf4enBeIf2blmD/OkbndTSbhNI+1mY4In9eHmXGgw7HirKteu/1lRxt0yL0S +csiaLdNIT1fe+8gRsFBhFTTy1+9UeQwT2BYbhCmrw4RPgyPx07+utjG0NHiW+Mmp +MbShQBAYPvarGqXYsiBVR93L1i8hNQUHaTbLiOGpHDlrK7iK0Gv7xNLIJeHu83qf +s0POQWNyRPkNzSujjyWSlnkIqH+oFM7Hcx4eo8gBlmOC7ar1t1D1T9uLyo01yzXN +epJCyIkT0C3yjuVvRsolIvm7iCmf7wIDAQABAoICAQCOErlz1iF+zGyZBJornjbR +n1Jn6jshnn/aNjek0aJVbwGN1MgiV300Wp/nY8xC7blt25zLRCz717OyLmGruBSS +A4S2vvuPvT1iJiL+DNxjsI4f54pNVVwfM5VsFUAobqGxBdlGSTs9TlIMYuuLKiOH +HnC0U2+GV7lMGLvCJyI7+pFrf0PQYI8g9yiX4a0oC91mWy/O13bYToFfCVq0cFH0 +Dtl2N8TT83n6yKW6u7rbsMEnuFs+7uDwG8u+1seTdBwXAcfFIIk0HRCrVk7g7eAR +3YFoOePxcI2HGkoDOTY6nFCXt7oxXBdQgL7xLJ1mcHM6LOjpflmsZos090FSGGyC +hJoufCD7+I/aKggcZhoEbRLIDiT3fzwg/C8E5qaf7/ALTexpYPD523vTXVdEyHLo +znuigWnT4nfg6O6GSoA9QCY7HIdn25piwpuXmbekuT5+N8WrsUFGQusxIdeH8v9w +hFeSHENTaCGwCnMCAeinSM1OdP7S80i0RNwEyidW9iQFE4alfRsrx3Hkky0ZxSYd +IbzftKd4q/aju9PDcKnlhbOyBdnVDH6RpXzl0BHabqjRTdpM44D49eMwuwp9KGLO +BlSDp3irOpLwkYTIMLTTTQEKFBQohsneBmo4AfAF6ZkydmSeceNVNUTWPiGgmjDs +Glp9qPlf/UriCYEBpUDn8QKCAQEA84/6uiA/Ajxf/thRWoAZdnPEDY7i6nyp03ll +4zlzSpe8uq2rhHzspcsgVwj94MylaY+47wWLl/dNozzbD2jieUUR2fZwOPLNVU7X +AloAdoeORdNFR/Urks1Cp9thFgZ6Jn4wtz5fwCZ9dzgwe+Yesdzdp3IyhAdhkYUL +zu5Et5mJ5iO2dJnaSEjEI/8J5/yi2J+bszdNLhTTt8FlK8eYsf0Uef5bxBZNPuQy +g41v7AdoyBJaY7dq2bFEediKGyeQ3p1qkjhA9pQ6dACKcK0VD2l+EM15GpIL5knw +EVELcjHG5sD+jbGnzku52U7yr6oAGSTHiSOM3MJkNxlI3U98hwKCAQEAys7yZFwv +8lL9+GuXJI4r+g6PW/Z4zVNtpG3J10rTEpvXc8Mat8YIGhzL+RM5LWrImlAUi+1w +EadN/hgAuUkicEIeQZY5e22sPUee41OojOeLnCULpYI0oCzfql7ofoxQLI2HOQNF +BrsyPnkhdyLwY7x7K9fKHQW2nnQ+sI3ByszIX3WqE/a7nVO+FODZg4wJsKpKUfoS +8X/H2ot78TysBXZZwCt7YUWUAN0orDO6gsLIgIn7vcDABexbP+U7BRUMxiZywdfS +OGfc0GM117WF9JTym2nAsCHwZwfg9ltemRiv/bNV6FpjwB36w84yo3yjbhY8DK+K +Fyt6CuPy0pBDWQKCAQB0hUgE7VJXhnzCVcitzCTiV0XO2rHSTmuMoUJOL3jpkagX +guhQTNeGBaRmHwYeGqlz0+88YmHDBOvekUmXmKzoKVP9+3j6taXoDvyrwlUAX59/ +5i/52d/LrmkaFsjemaCsc6hose1q5r8VXwtK6u96Vdiwt+BU65cQ4B6jE7hKQakI +McOjCsuz0yQKuIOLuYBKtCjv1yAUUKBtA5ecFzQEyreWGUrbh3PTB6bm6q5Fs9G8 +DZOyqtfyZ20EAcUocohLB/IpG8JwdL92KaARgaxWoDhQX4x1WrNYq7yu/B/GtOuc +D254aSqHdhDmVm+h/Glpnf/bqudD4bfB6FXEkrdXAoIBAQCZIAtvrxMceYD8Me/a +T+XwVVH0c3HeRWGBRsug3APmBvhzlRn1K3YukROIqfT/z6JKsK/yvoFhMtr2QJU7 +UHbKH4HMr2oTQUlMs2jJ5v5Z9PE6IdZbTqYBUiBF+Ia+FZ7rJKi2aTuSy4AyHy8f +TqgGBedRwQn/Q7MQjGBQ2Zc6UcfwG10g2afqL7JS/Tn90pv2YXzfzFrFMF9rKOmZ +yN9w+FzndW0gknIe/NyauCvYUs0kEAqcyI2zazOyWJdpTO1qJtl6dkNpBzJ3vJCI +n6vWcSeEJCKyWc2zXQWDvJT+Lt+iQ+dXGfg6s+gEMwmU2qRimDMauOcge1kYI+fR +B89xAoIBAA7NvK6fWMQkw6rKf7Zxt/P4LJeLofal3fk9s0QgwYHr6vY+lJjjrl8e +i+PCbyEsUcbByAElaVTZVrlkBa9CMCBp1QDmfzLfDMttH49fBDagy64XZwJkZFgu +qX0iawX7Pqo2jJ2DD/rrOtrKxKg4LHAvR+7JEKsTa9QjB3Lph5biwFShkiyPnaOy +PTDOiGNvs+XDjqh5Jgwwo8hv7aTMEiy8pgimYSvuAGEoneO5qZFcfr4FmWTOGu0v +psiLmDvdw2osTgbiM5BrpHpLARsbOrMzelnGtWpU7Q15lNGFg2uPHEnllVHWiESX +QoH4U4EZ7NCkT0AWfNoHkX+8ux2hgPs= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter15.req b/test_key/long_chains/ShorterMAXINT16_inter15.req new file mode 100644 index 0000000..c877693 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter15.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwPSA +UDYu6b6VlL8xe3gCloooJ+tY6IBkdktq0GdW/oQwN7dqLYxK0rAUTC4slpz1xlar +GznSeKdCIMlGzvEkTbtFNQNDqRA+uY+cdIWDAMN+aIJ517tsOQSn6rVtQgQjgA7+ +ckEfncHEZSR7r0koCLX8prWzWZr0yg1WHNKCqT/H1wxBrQTR28yXO+8Hbljj4Oo5 +JbBxO13R4p0ChNM+FpKGk3qlCq5OPeHxmTnMJPbXrZZTmEOF9HhyhTRZHf0EHg7s +FX+C0rjTMIVRzoHHpbb3J6b7ARnN1+GpE+1lsYdzwNP2I2BRjc06DcfKKIfSF7GK +6Cj4+YNQ+EtIFpaFXK9jMSoiI+q30T8E1Q3XO62xyVA99FEAm8Jdvba/XeKA/iw+ +ILCojczizuF+8yn+HpwXiH9m5Zg/zpG53U0m4TSPtZmOCJ/Xh5lxoMOx4qyrXrv9 +ZUcbdMi9EnLImi3TSE9X3vvIEbBQYRU08tfvVHkME9gWG4Qpq8OET4Mj8dO/rrYx +tDR4lvjJqTG0oUAQGD72qxql2LIgVUfdy9YvITUFB2k2y4jhqRw5ayu4itBr+8TS +yCXh7vN6n7NDzkFjckT5Dc0ro48lkpZ5CKh/qBTOx3MeHqPIAZZjgu2q9bdQ9U/b +i8qNNcs1zXqSQsiJE9At8o7lb0bKJSL5u4gpn+8CAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCw7YY9XiKMjVZ5jHyIzR1FuKaQK+QWIyr2e4NipjHjj9OfXNQjyWwA +8Eyln2oExBsjtLd4CezL0vc10meh6i1s706fmEXPjrhLiPVvfyo9GD23aoupP1We +f2aWOR82zAr0BjUWmu+S8qpyxmxXJfLs58/6pa1o5Bk+l0ZquzFvA1HEnnrlJIRL +C7yqjXG12rkrJsETv7oO7j9dTGKugtG4ThJ+Tr9AlRSyX0TpK2GKHyPBb/ZCyMTR +q5F9AHMnovyvkg+3k5cJOFvQwTbWyu9wnD39H0/hEAw79sPPzV4xjpqNmsgZM8W1 +skJEJ4wydyjWfWsBHSoQdrm9Og6DtjaoLPRvYrNnjJijLjy2bEqJBUl6YoVdWs8h +WL/eeoC/7ix2NKQJeDrJb1DlPh/XZIjBIHm/itZkO6rtrI7jsAcohBZW38sn8gKZ +SaSnL8S9Yk64e/Sf/4mFNzyZADK05z0tZ2BoWGEbKWoq9Wp2evaa+m/iVLCzXcxw +9mRd3rSWfmuSyGH7Twg+QjgXIIcn3PL2MJSzAhV0vMY0QcIO6S/zCMV9NYjD7EQf +aPZ4rM+SKG2ao/WY/fSiwfB2q8XXRqGtnJ0P774MxKqtAbO10/p/48B1uIvCH1wd +CUnHSNuqwaqHBPPFZt26t1WCE18hgO2nPUnCby//R1Y8y1YUZGpDtQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter16.cert b/test_key/long_chains/ShorterMAXINT16_inter16.cert new file mode 100644 index 0000000..f181e0b --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter16.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE1IGNlcnQwHhcNMjMwNDA1MDc1MTM1 +WhcNMzMwNDAyMDc1MTM1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC9OY551i8yiYSQD9RZ8WMh5VBELtEizhSbgbmt38wP+sS5VorPRjkc+hz37QRF +nLkP7Ik8iKScKTZYDjUrASwUjt0GKHp8LbaZB76uGtr+4ONSTHmhozp9uvhVAHnb +OdCYjey7ThBszvqM/nKG1364SyZD181ImG51BxDXdTCwyMv42EXheHEOPGE5LX4D +f1evV8IjJ+K46cINarICkcpJX4p3mQAt6gF2IerTFj4qNnaBSZEjp3zAIMlHftmQ +05VjE4+YJ283dVDLgYa1pIsqyOQlaBmaNgUiH2c14QawekRTcTQ5Flfk7d3J7cBA +grPtQ0/nDeHULme8+YWCWLUpTGQ6q2BsZpdCfApXoBCL2jcJKbtl5hlzKVYiUj+A +uWw47bB1A64yB9pK6J7JF7UQpUJB3Ev4hKQW3DUp1EbvIYlm5ZjEulKjWcVxowSK +q2DNhS+zCjQUlaviqKzhOwfjZCVekHvzhHwh1VKO+UvlyAyTHG0xCzUcdHxp4HtY +AXOuOTQ8AkPPy6bMIAoj/3T7e/JdcZuaVCKyez8ugLcg6fUSjahhBsvsMrDVlckT +taav4hKShNm2TEldFaqum3dgfXsq4D+VQAnSBbEIVAwgmhc4yYJMM3mQOnrVGhK5 +Q7EcjTZVV/I9n2UaO5kzs7h4wLX+QV8PcdwQ3CjYHDRMOwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU4PqCmHWCPYRBIjaj0GzN +hRi+U0UwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQC9YxptZhR+mpBB4Bg3lMlBNB5AwsCi9axokA6k+UO0bnrvvxGe +S8X41PWB7qDyIdfw/fAVnlMep159JECjFlEZwmSW7UljhxdU28TWr10kAy4cCs/q +4VQcPogJWSwFCROYcPnVoIs2MZRq/3upT5hjyWZGMUCvkh7pIXKn1dRvDqdGcQ8V +MRf5LG+ta0wJoi9SzoBxL+nT73tsGBawIJALfnuqjC1cdzCLnwF+583zqyV1anrL +n1LWr8FuJXGIIQLFfP/GEqWVnIHjugYUwEb0CQtk7GYfAKiW1+QNIKlPr8kS2KIM +9m9k/q/ubCu91fTayihSGYzUC9V1yC+307iG9jfRsnjiZfnylzAGn0h1WKxIxicj +ci4QLiAegyUnZUH19BCho7zptMfua3kxYdXK79uzwWp7MV9K7yUeCx+BxP/NZowY +RnDN/vzL7UjzXLWMzitMILSgSPj2KXUK673JfMs82yFPQr6AUGFM9TD7cKjU+Z/5 +HZtYxkQW7RUYDHBkOmwkXDGTPj28fiXgEAE+o++5srMpYIf/M2PJMMqdjrrV82Sv +BIsrw4JKT8tOOYcOl+Vyvbz0tHyE5/wH6iEeDtmzq+XoT0cenKCS3cqiqZf9pBvs +owu8j7bgFL+28BR8UX2ffNm9PKvK2zh7K9XIHfYlrMxVXwFP17qqvjqDeg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter16.cert.der b/test_key/long_chains/ShorterMAXINT16_inter16.cert.der new file mode 100644 index 0000000..ea0ed0c Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter16.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter16.key b/test_key/long_chains/ShorterMAXINT16_inter16.key new file mode 100644 index 0000000..87e35d0 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter16.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC9OY551i8yiYSQ +D9RZ8WMh5VBELtEizhSbgbmt38wP+sS5VorPRjkc+hz37QRFnLkP7Ik8iKScKTZY +DjUrASwUjt0GKHp8LbaZB76uGtr+4ONSTHmhozp9uvhVAHnbOdCYjey7ThBszvqM +/nKG1364SyZD181ImG51BxDXdTCwyMv42EXheHEOPGE5LX4Df1evV8IjJ+K46cIN +arICkcpJX4p3mQAt6gF2IerTFj4qNnaBSZEjp3zAIMlHftmQ05VjE4+YJ283dVDL +gYa1pIsqyOQlaBmaNgUiH2c14QawekRTcTQ5Flfk7d3J7cBAgrPtQ0/nDeHULme8 ++YWCWLUpTGQ6q2BsZpdCfApXoBCL2jcJKbtl5hlzKVYiUj+AuWw47bB1A64yB9pK +6J7JF7UQpUJB3Ev4hKQW3DUp1EbvIYlm5ZjEulKjWcVxowSKq2DNhS+zCjQUlavi +qKzhOwfjZCVekHvzhHwh1VKO+UvlyAyTHG0xCzUcdHxp4HtYAXOuOTQ8AkPPy6bM +IAoj/3T7e/JdcZuaVCKyez8ugLcg6fUSjahhBsvsMrDVlckTtaav4hKShNm2TEld +Faqum3dgfXsq4D+VQAnSBbEIVAwgmhc4yYJMM3mQOnrVGhK5Q7EcjTZVV/I9n2Ua +O5kzs7h4wLX+QV8PcdwQ3CjYHDRMOwIDAQABAoICAQCw4+pV6Szr8HRU/AdGIYrL +eAQGCUIGaGIJUUcTzN+FnKZkoAtZYssnVITaG97feHfj8/oC9bX0Ke6ceIOpdQoR +GdBy3kpKZa2J9xyAw6gvlmnLWKRnvyCBwtQ9GhnQH4bp5dsE6iAep4q/XWoQtcjH +XbEiwM0t7RltGzLaR7pBuSQ8t2j0MtR1O2qjuexQNq3ww3g/xxyCQjvesPxBvKo+ +1yqpTQVG5reBCInt1KA+c/VqPSyKCRtsu/mNdX7LjY/cM8ALu+mTDX9/DtGwYmaa +k3v7oAo3CALaeELSsk6/kTzoSC5Ko6F86ARqrXAInma3CTLbyzVuVgcyOIxfYq/O +lI4Vn84o+F4jx8ZCPkaknMdyHZnENfCSbufpgrqy5hH/H4k4U0Al7dzh6Y7EkLCu +kiZOpTFfugQe/xDEMuZK9MqQgOYG9WiYB51FUN5hFsWrdn2K3z27BG+nA/S4M3fV +BSHN4muNwUacnMcoNDmhoy7GqgKAlN9QkW/EqQZzRxwvOJwGc6KmsWu5il7T0yib +H64QZC8JfiCLz65lkYtAtri3aJTMBORLCuHDEYMK1y8hu78J0i6JBWHtlkvCOsBn +zecQ3GydR4RAyctIZiAvETAy4h1plSy+pv0QNxm2cvErST2TXUmqzICsko7TTyK/ +OchssDFIT6kNrbJSpDcN2QKCAQEA53bsItd6qU8j41pzy0Rv+2BTstggMw90djT5 +2GfFhsN7X50wlKQPDwldFW54cwcizGj8Aa1Tch8F3ppOl85sWiUTq8na4qtYVQia +XuA5Z+bHK/dGTFQAisgQ8m3tgukLlGnK97/d+mxp+RGpGK0dcxHHcM1bpX7J0Q7T +P1sL1tTJhQX/lzaNFydnlyLMeaHpvRanGxuei+AXYI9dtZsnP4JLk8zHFB1idU9H +GvSQYGk14/M5ksUV90MW6XO75SYHs7cn/53QXSRiScUsaTNqlmqxUBZNXVXCSwvv +nx3MsxpLp7J/F7c7r0SZinQbaSnRvG4xVxkXLubMEhoYL/uHtQKCAQEA0UhoPHX4 +aQy3Y+yTQxQcOVAVi9TNe7HfHKdVmhAReUgUvAJC2R1gz367uv3yL1Ce3U23x9MN +gXP7/QZrhPeDznOVgRvwBl0HmcG2oHXTJCaj9qTOlXMGYdFsWY3HsnzVbPbyEaXq +hYr3LkaNOBlpXLqsAqJM9yoXpoxN/XJuIbj6kjZFaXA9umRPw0F/dAWg+jFxkwdl +Q+7gQBAuQoZwnxSyPI0UUZNmBUhTmkX9KqK09gznsWYmOfGD3kuhO212S8DMhUYd +CW7VuoI4SG1kWu8Slf1PhJxF9iuULV19jvLTvp8XWF/HUxLQOuTYhKF4nq8o2GF8 +2ytVc0XeJwYaLwKCAQEAxYfmw2Ey6/R/AxJ5SVoRWux84V6yNAEXeZ2CLt14Y6bF +zfY+tEtCEqoCBz0si7XmS524mtHJKdYx0yPKuKDQNSn5HJz6MIDbtE3QN/GQ7Au1 +o9613oO9prJQTCPmEtdBK5oRPdc+3+zPj2Az97wdKstccfa/JIAMSV4mh6Xyd5dG +l0BkPC6wv7bAH+nxqEe2SslfOLIcXvCR4rTW2xoap4dRakPTDWZ6VPSgEO/vmmeP +Nwal9ow9T7OwhPBgxJDs98Dx4KJUZHidbKlZWjon11AcG+W8hk+erR71kswCmkJx +mB6reZjE1bFsewzVK60lsXI0p0jhUQRj2Xrtc11sFQKCAQAjX26m0XW0I78Xd5QI +YWzHzx5lLQmyH4VLbYkNaivZ6PIAOQ2dbta/G3eViniVwLWpSAqJDsYYnEb6JEym +A8PWcDjTwqoWGUFAnrpEcsXGNXW/KWn1XqS0gdYjaNBY/bqBGVge3YE/IxbWTnxt +//WMA80xAMerewTWVJ6V+PJeZsqLTfr7cEoup+fHY9mr/YuQ3iyJIlXeXpCuo01+ +VwTQDop1q47Envo+aFQhHjVFMI0PjWzX0iEh6A1W1EejKMQ215Z57DjaME6VoI7s +xviQWho1GcSH8HXuvrzj0gp3z9k0PeWPPVkOVH63hZiHCle90nM/53JYBQIDYsrC +o8hnAoIBAQDbIdDXG80Mj9PHjNOllbyfIYLj7eifiF1YMnnMFG9rKjOz4c/W6Fgl +/npcPSTepS8/3kYTDHqVyWBAGUV008AdnG+KPlzYYH4IokZX6Spie6sFlQjQ6xeY +J0GWCIyRTust39kumLfT/w+8Wqfp28ejQqz4LQ5+4G3lM+PxoWuKgk3yoxMNtwBY +poe3TGuwlbQ9uPsoG0B8o0DWyWlWP4oZUNd8lSnIMtRJjA0HW+WWx/21l1YMd4pp +569NtbvKxTMzNU8poMiXBW4eMEVls50+o0AfIDTrEdPI+7uOISuTq7nBeglvDHGB +FpT6a8hjvudl2+4dcSIyHo8xKH+s0TVd +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter16.req b/test_key/long_chains/ShorterMAXINT16_inter16.req new file mode 100644 index 0000000..ca6f890 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter16.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvTmO +edYvMomEkA/UWfFjIeVQRC7RIs4Um4G5rd/MD/rEuVaKz0Y5HPoc9+0ERZy5D+yJ +PIiknCk2WA41KwEsFI7dBih6fC22mQe+rhra/uDjUkx5oaM6fbr4VQB52znQmI3s +u04QbM76jP5yhtd+uEsmQ9fNSJhudQcQ13UwsMjL+NhF4XhxDjxhOS1+A39Xr1fC +IyfiuOnCDWqyApHKSV+Kd5kALeoBdiHq0xY+KjZ2gUmRI6d8wCDJR37ZkNOVYxOP +mCdvN3VQy4GGtaSLKsjkJWgZmjYFIh9nNeEGsHpEU3E0ORZX5O3dye3AQIKz7UNP +5w3h1C5nvPmFgli1KUxkOqtgbGaXQnwKV6AQi9o3CSm7ZeYZcylWIlI/gLlsOO2w +dQOuMgfaSuieyRe1EKVCQdxL+ISkFtw1KdRG7yGJZuWYxLpSo1nFcaMEiqtgzYUv +swo0FJWr4qis4TsH42QlXpB784R8IdVSjvlL5cgMkxxtMQs1HHR8aeB7WAFzrjk0 +PAJDz8umzCAKI/90+3vyXXGbmlQisns/LoC3IOn1Eo2oYQbL7DKw1ZXJE7Wmr+IS +koTZtkxJXRWqrpt3YH17KuA/lUAJ0gWxCFQMIJoXOMmCTDN5kDp61RoSuUOxHI02 +VVfyPZ9lGjuZM7O4eMC1/kFfD3HcENwo2Bw0TDsCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCJyAySviEOU7Tv4HtLE8TcN1ODZlThZ+oWN6z+3roGhV+rNQHxueqT +cRLBxebgW5+0yeyfayYmTfLflS2HPCBIrLAACgMBzgZrWCMLROXiSihBeGLtRASN +PD96gEoay7xUDtss23QNIGehSNWIS7HyE04Q5sXmvD3V2MHodSY53e9SEisXV8+p +G/U9S3hu5LSnYyO95NUxTEzymRENoCIc2qFM2oln7xIatmUeH4TA9UqOx7/VIJ/8 +XhsOmnNT93+wGXp48wASNMfkSEP08SwhDv6yPuelplZwy2GonmEeNoVe7vq5LgHj +UMvo2hdEa0qhMmSPZR6s/hOtSRzGOB2PlbsdN5JdEkkTrSfScGE6k+dyBuHsPhWM +qC0LXuE4jWFUAZOAaIun4zAabJJYAw/T9mTd6NNM7IsAj3yJUH7+caKFrJaXD+zb +R6WCLWztCcSguR0xRcegws0iAemi9qlOXGNHnM17OxpXg9kngGYug//QfqIZPoaf +rM09eKfFiMMZZMRNGKs01bwhaH7PTQK0ivSzSCYv/mqAY5BD/ouFJRloJO5e8Liu +wU0gF6I93WWnub10SJkIrx7MrkuGQy28dIC068bgajdF22iKFxHXJN1Elv6xmEft +Z4cM5B/THwa0QoNYStgA3iS1XWZEXZnbZJVsn4UjZYaXs1hK4EfRNg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter17.cert b/test_key/long_chains/ShorterMAXINT16_inter17.cert new file mode 100644 index 0000000..9bf27ac --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter17.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE2IGNlcnQwHhcNMjMwNDA1MDc1MTM1 +WhcNMzMwNDAyMDc1MTM1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCkOAEdJYPcY6yb43zWlRhR+jwqECGxPtySsjZ0ALZDpK+xRfRZX3Eq/wpPIe5n +sUP6SVvLT9hKCPjPn5OEnAanFG0eJMv/AQ+M2xyuXRg6KCPUL0XAYzSevHyzS3Ox +otPyUeCm1vRFvdduYTmQ0exWr/zAIUkEUyG/8bhlavR0dScnmmb3jrQcHAeQJRsA +bzOHTPzfP5ocGpCS3pzffa1kr96sIuJWWgnornAeUFywQ4mZ0mrTnZdKaK61YK4k +GFBkKLOuTCjBVX0ZLx63FJ4OejjP7wWsOJZVJpFWStYK+RjUL2U1DeRKRTzQSJbQ +RD/+mXVVIIQuyCz8EkdZgQHfXtQaxOL5AhzLZa3Yt2OOkGQ1TE2eNOqfDlR6Am0G +XfujjuOZb0NQgxTDJO+G5NSxmaIojlnayGFY64paSI9hcVIwniR9h2MYz38ap7Nh +iqz8vW1sAZlz0ESltiFdAdBKZH8vWdupdWZhLBsv4PDF4Wbzfeyg/g5+pRYPKQ5q +173BNIEVS/rMPF06g2Ey2hVU3eCmS4kLi6UPOPP4dH48TP07ppfJW83LvjQnrGNx +2U65pQ30H/gugWQebCsPvmgUbkP8gvyHCPmN7prXS66PGS8p/i37sWw5Y0qHkf3A +ESKOlgtHWoa5hMaIiQ31BwPify6B9Mt8vNJog0zF9VwD2wIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU6FBYhVH2DC2cqn/Vf0FR +/3Eub2wwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQCnjI7tvxL5bE9jnAIw9QtGNYW2T/T1Hx8iM0rjBfSDr8oSvsFW +B1h71HJv6DxIB7vIH/H2xNWlsghLExDVJOGsnlHcmOo5O+v3ftqML5kzBVj41Fai +fkYXEPW9TKT8bx93zJRQwVHUGe8HU4JKgKfsDeWBG1ffHZjONzdIB+/7pDQlnlN5 +MrwTnt+AANB/TvpjpRMgIEDuCKO4VgrXCCAW9cXZYg2V1DoyNSHc1K00oYLeLD3U +6hVto+OdqVBwpBPeVU9sHEPeydbmTziGa4jw9l+1WYfueAyR/Za14fiF2XjUxMAj +/nPSSfDSBezPXscdcrzkKhcwYx/AYgjXMi19SExMVvjdcX6A2lnUV3oA12IHsODv +CUXpPwPU51rT7zopSdjOQXRgcOMEYueiX/l7S4tskGbGhK23T5xIP7zKvhCoUv/R +uifZ4q8njnFOqnu3sMBolFQij0ZWiyOnlX766O/AhGts1OsrhCaVkhRQjVkIb1Af +Z9x7RLOnV+8R+sFMd2P84/YVGXrky9OcEQiyRL3RsniHTUIrMuhR6ZOapZRoRVbr +HQCnUrKrv72oGWMfWO81/IILNYfhlhH4FMH9ykJJdFybXmg6hGTOeJipmW4tgpQa +jJHA9EGH6aqdsPLlLneIV5nmlEuhcrfhYDWCW3GR3wuZzRYfiknYu96KaA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter17.cert.der b/test_key/long_chains/ShorterMAXINT16_inter17.cert.der new file mode 100644 index 0000000..15f566d Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter17.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter17.key b/test_key/long_chains/ShorterMAXINT16_inter17.key new file mode 100644 index 0000000..6898334 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter17.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCkOAEdJYPcY6yb +43zWlRhR+jwqECGxPtySsjZ0ALZDpK+xRfRZX3Eq/wpPIe5nsUP6SVvLT9hKCPjP +n5OEnAanFG0eJMv/AQ+M2xyuXRg6KCPUL0XAYzSevHyzS3OxotPyUeCm1vRFvddu +YTmQ0exWr/zAIUkEUyG/8bhlavR0dScnmmb3jrQcHAeQJRsAbzOHTPzfP5ocGpCS +3pzffa1kr96sIuJWWgnornAeUFywQ4mZ0mrTnZdKaK61YK4kGFBkKLOuTCjBVX0Z +Lx63FJ4OejjP7wWsOJZVJpFWStYK+RjUL2U1DeRKRTzQSJbQRD/+mXVVIIQuyCz8 +EkdZgQHfXtQaxOL5AhzLZa3Yt2OOkGQ1TE2eNOqfDlR6Am0GXfujjuOZb0NQgxTD +JO+G5NSxmaIojlnayGFY64paSI9hcVIwniR9h2MYz38ap7Nhiqz8vW1sAZlz0ESl +tiFdAdBKZH8vWdupdWZhLBsv4PDF4Wbzfeyg/g5+pRYPKQ5q173BNIEVS/rMPF06 +g2Ey2hVU3eCmS4kLi6UPOPP4dH48TP07ppfJW83LvjQnrGNx2U65pQ30H/gugWQe +bCsPvmgUbkP8gvyHCPmN7prXS66PGS8p/i37sWw5Y0qHkf3AESKOlgtHWoa5hMaI +iQ31BwPify6B9Mt8vNJog0zF9VwD2wIDAQABAoICAQCTq7zsrdCOfZ85K28WM0qE +ZUZ2+Lyje4iz7cfjtsQvvccz3VkmiRnl9SQbFsMgwZoEVrVR9YHkyX6cjb4E8J1W +35pkEejTbevC2UJIVXS0z2Wwp7XMlCk8WPi17jKiWW7IJ/KhdQiCMn2oR4uRfARP +y7+4MfZMCkl+JmqP4Ibktni4NzNCiDPUVyxB5ewLDvRCRevbAYGephC90as1mfkz +YqcVGeV4i0z/zOULjW5cHs984Gep1bu3cL0yYzcVRDv+ZU92fAvmFu8Al4vCTKr5 +D9VIvoLWZKhi9+SXuYISqf82x0v2UoCofOx7y9q6e7UkSHDnVO8odl9laTZ5+PVp +q/TelxiQwBQ8h/GKtkQSLsxxlytQxKB2OnrBoJ/PYEYZiLo4vsja9veJUnxiKJYh +DdAJzIlb+WyeykF4M39yH6buv1EdbOKgMwspqIi8J0+HteVdG2wKBTIw6BhMFO9d +gvfN2tTd0Y3mwcSmBhXUwMf42ypBZJR/Z3+cUIUPHxDW1WVxTYE2eJkx6tnwyJRd +f8plcuUAlJKemf7WEGRohkYhKIu0kMfsOWN8L1a7PeT5dFJJKU7fcHXZzqw+n4T7 ++bVzBaCUCFaL1KNLNFInJlPxtfaXUga+Cg66/7IF1503/De3qxOMbKi/MYATNyUy +o9wFNvQam0q0hSfwmcL1EQKCAQEA1bQyXZn1L20khgku9v68nSkvoA1FtyOGi9M8 +vcHGaykqyd4mzrdefwzGTNM2nbtNxI1lz1oC7MtJeB9LKf0ckD1LkN/HuCS6s0y8 +o1OIcvQ+EVsGjCzC3upRYNyeDiD3U9b8/Nyw2I1sERktw01oorpDWYQ/sh2WA9Gv +aKgPm0QXOXmDdJQQq2IQ8C5WRjKJGRBUT5UQJXD82G+lnNag7fXhgmiG6B0IFwVH +nw19rnEi6vsU3R5YTinrWU9F6tJHjiDl9GkE8H/WB0Yuf2XaZPiEltBS6dZ9csbR +0LxLv5KOxjKpWgaVy7ja6belPE8XzzRa7rGO1Ab1HZBdMgxa6QKCAQEAxLiHaIbi +0KutydCRjE6PWG2UTXwhmhKvUnYQ+dxHkl0KBs1g+BZFEEHUevysjkBTeBTwxY/2 +oqXbtgSbFtc53NVBL2mEbqgLySKZomH0x9RpP0hSWcm21z64E6uQzRZUbpRtp6tK +nYSF/VQVRydQ08a9duO4ArdUhi7Fxa9L8NW2RdkVGO+LXxRjvoIVTXhr/BqDZ1ZI +ZIRgg0DXMjkq5UQS5wyGb7oJ26rlVuMmdoJ0zLFgCuoHEDkJ3FRC4j9hWhc1a42N +3Rd0M/GdSul1iXgLKRBpAzoB+jK1b5peHlEqkBVGsK0Bc+tU3c9ohDT+otRgnrOg +r5NHyPvYMKUmIwKCAQEAgmIzzHnvZuUvQHv/5ICdMUH8pakTXN5W656Q07GTTrRK +P+nDQaINDHUN07eV/fxWQVKHyE/BsxmAlMJ7CH4+XB6ZqSVvZAE8y8JI4VlIyeIM +sGgaAZIZvwm1ZuSTpkkkvUlRBzHaz/TQ90mmax8idQ4xoz8V4aU9bs0TOUY4Z2HO +zak+s/TWisoFTZTn3GJe1STqW7e1pzJdgev0XlFw1F6NHRSLIrj7w5fcD8WaZcDv +LfDM1O/7rozS46WDIfbz41pdEpa0hctpGP0Px3isG6iotJ8bx0GvPkThpHoNuS9A +3tnwC1YzNJ1vKuN58+bJvwjRZgp8+w3XpRb8VVnGaQKCAQEAolJVQRXUADU48IcO +IkUMmP3KWmlr3JNAYX2Uomd2Ezp8NIKxWeQeVrzLFDR8OeCwPyygQ5R4AVt0QOvq +AN3VG/hHklSx9xDosK3BMbE8ZstJkPMfKIF+Qnu5Llnp4KBlSN1m4exAZFteqFsC +N7UkR6r82SYrxun5b8MWY/kyY2YkwdvPQcUfLnRHnYH/C+6qw9ooxVL35yEn9gXB +y+pKD+Ws50N5hqVuzvhjxt8l9LHOqLxPsJHNBEDcdxZ8He4IaWsvJDEodt+MffQH +QzICT01jgB3PWN87lHTVK2Kn+MImqb80lkIbKchsPZ6P8k88MaWmmC1GELopiJju +ma0cGwKCAQAoc81gKTj2je390QdTkxNrcMd0xlEILDwOeB7qKI1KSZZaCQqJXNbC +TeXr/XHnxIpZDjy0DcO+peY31DjpSHWutmRvz01tnF82Moh8ngchadGt5TUpSWGA +f4q+tpQrnb9G5otOqKFbHG/qo8qYTRZx+X7ArMXT2Hs0XBZDRb6fqabPUWjXEgiH +snhfwTrpjOnplLQEodVnAc6IT4Ypj/nYty+dRNG3ZP9rRI+SbMVCUH/JIt91dmgo +vGukRDj6dESXr/ZnijU+Nabo6k2Ho6pXhLqIxU+17E8uwXCSN/u7bjJNL2cX2LGc +XaOxuUHROQP4EQHsOE1cBCzYGW3q66oB +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter17.req b/test_key/long_chains/ShorterMAXINT16_inter17.req new file mode 100644 index 0000000..8d26d56 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter17.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDgB +HSWD3GOsm+N81pUYUfo8KhAhsT7ckrI2dAC2Q6SvsUX0WV9xKv8KTyHuZ7FD+klb +y0/YSgj4z5+ThJwGpxRtHiTL/wEPjNscrl0YOigj1C9FwGM0nrx8s0tzsaLT8lHg +ptb0Rb3XbmE5kNHsVq/8wCFJBFMhv/G4ZWr0dHUnJ5pm9460HBwHkCUbAG8zh0z8 +3z+aHBqQkt6c332tZK/erCLiVloJ6K5wHlBcsEOJmdJq052XSmiutWCuJBhQZCiz +rkwowVV9GS8etxSeDno4z+8FrDiWVSaRVkrWCvkY1C9lNQ3kSkU80EiW0EQ//pl1 +VSCELsgs/BJHWYEB317UGsTi+QIcy2Wt2LdjjpBkNUxNnjTqnw5UegJtBl37o47j +mW9DUIMUwyTvhuTUsZmiKI5Z2shhWOuKWkiPYXFSMJ4kfYdjGM9/GqezYYqs/L1t +bAGZc9BEpbYhXQHQSmR/L1nbqXVmYSwbL+DwxeFm833soP4OfqUWDykOate9wTSB +FUv6zDxdOoNhMtoVVN3gpkuJC4ulDzjz+HR+PEz9O6aXyVvNy740J6xjcdlOuaUN +9B/4LoFkHmwrD75oFG5D/IL8hwj5je6a10uujxkvKf4t+7FsOWNKh5H9wBEijpYL +R1qGuYTGiIkN9QcD4n8ugfTLfLzSaINMxfVcA9sCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQA61V35MGxK1rvhnPf8y8X5By5HJnGa4Zfh/dDNiCn87wYWcGFixM2S +GJ+EHSP8WiX4qp84jL50MeVoxV3FCo8dTtfTAsmxFi/rn6ziHd1JthgYTDGlwgwl +jZsb5vqOGa9h4PJ/4pJqaWlul4JK3uTqeUHrCV3k58pd476AmuHdudCUr726c2AD +QdpflToalJS3RwTo5hkxNiprq3MstKK/F76DLCsz1wVxqgEy5HobUIN7OFNUqvFC +iUcgdKbCqq02AXS1nqqgtSOv+mGa3CWch9reysLPIcT0Xk2VZTe1btsLgALZx56j +6h9BNj+n8SZWkRooHMu27oiVCXFrOcxp4SK/rH++Xon/oyvl8UGY0ajGcm9T2MyW +HxvF/6bwsA/LppZSEv3V0o4mtQP8bA+lwl56dPzQZlVtbKUOTrbAZCE+11wT4O6X +OZULj4tCrl4WwBHkMRPC+wYi6OaksU6wfp4Q4UixjjQnmyxqJfx7r2Y3a4U9u+/h +4aU/21GliAsDkyolv2VsO353LDrAuVsX8/77v1+40auCh0c3WDnS6VaqfjZNy4TY +czCOrMNu0NJO5GY6q29jvTN/rfOb8TQjZcTFJ2pY09RI22PmBLg6TK2ODwPbtVNH +wB0MvBCqv5WmJYuf+K8PPAqbjtMdmxCrcWvd7Ik2ylc4hchGJwAhVg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter18.cert b/test_key/long_chains/ShorterMAXINT16_inter18.cert new file mode 100644 index 0000000..5632797 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter18.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE3IGNlcnQwHhcNMjMwNDA1MDc1MTM3 +WhcNMzMwNDAyMDc1MTM3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDp0StRXSwEiyiWDRG98xklnhx8KgmK6DSM6cn8/WZHxpWYjiS2R1lSUuvzAsQI +82EX8sRlKkLDk+4U7KcmEmqcSvNwvcX6R77YbqXCSul5ZworJAiTCoUSOEXd8s1r +h0lSlgOcydHJukeKYHFxrWjxXwKxW98C/kNAlM+blLWC8XwmTvZ2daAJfKOwqVOZ +U08SDCdAnOpALvDmxB3ekdRSa2OMbqheIXBdWDw2kqQZIhNXvLWuTZ6KslVYTF2a +viJjRZx4arutWJRlkxtr8vkfpwL1bbN3TbJBzI/l9LnJskGFrJMhVS39AFSGwCP6 +Jj3P7jPjt3nYfQanCJrVfFaUSO/7vBHS7lZ+VwEzi21H40lTF9k/0DGRPfGjGzsc +EkuC7jL1JIeOi6F5cJiFwopPigZhym12Bm8C85+bsE+RDSGYfsQk3GTjSXGY/I7H +Raf5wbMhEGZbfbZOliX6P+u8XsbQn8cU8ueXiV+7vrC6wrYSgM7yO0QKcgBp78em +hvSf14fV04iogx0H6sDtY5CQq0EOIM74FeAfpK0nNg1QclJSaHEYTYJPuynKd5a4 +b++oXzqKozDOUv3KtZI2O3wI+ZEIZC7wHw6HljQVv8aFiVtfJB9Z4EVJLsMPBFjp +wG5Flxd+L0BoNuzhFznwyGwoviIlQhyo0SxlN7cyt6s89QIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUH4RXR5Gj6Sho19U6+LIz +7Ze2kv8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQB93JfPhaMoi2RH0AznHRzdRgDv8fxseu1j6XDO1NgVxx/R2Vcm ++u0h7fGTKH8VtdsU8X9Ki1930UataDTBrrHhqcCg0K56jzJyf+S7cY+DqQDD+bF3 +CACoALkCnxyVOCSwtNqzFMu52pRxSjfkqbRTSBgZ+QZtaLJ6bLw5emweTT7tKW9y +LD8rehWBhyol4E6NA7HfAGGQQXp3N2jZiOaV/5oh/Ebm0QDdqHqgwQteP1Y55YXS +THVJx/nBtrwut0ZXXz2a+TDkN7BavY4iEcvaXrMNAHAmb1j4Sq0Lvz9XyiFjNE3e +aE52swt29HM7IFcFQZDUQ8JqzKocnNrtW0n1pgrNKBO21ptxogczz4kn/NDa9nrL +xNK1mp2m70tGdefOR7hxoPdoaIe7CoPoIB+/oW6aMIHybUd/hpVkz2tKQfExEcLu +SovpD8mpQp6YvnyJV3CgGCLL9AJ6LoLNYjJrFxWZGy9NNtJRqY7SpXjlUqPdre/k +sNpBQjecnMtzYv+Xs1I7PVc2eHbocuQU7zvZSDWmL7LJTfctKj9DbTGqd8wRfAtF +N6w0ci695Tm8qyXFtT/ge8VMkjFci7KuFebmwQK/Wc9hQnVrBDmdsz1NmrC8NW8M +Gn7tGERTkaYzBuMJ8Qicx/7gK+Wg7Zjwd+1MAOR8f/7e8GWhtQAl4RlNWQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter18.cert.der b/test_key/long_chains/ShorterMAXINT16_inter18.cert.der new file mode 100644 index 0000000..c04d747 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter18.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter18.key b/test_key/long_chains/ShorterMAXINT16_inter18.key new file mode 100644 index 0000000..59dee07 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter18.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDp0StRXSwEiyiW +DRG98xklnhx8KgmK6DSM6cn8/WZHxpWYjiS2R1lSUuvzAsQI82EX8sRlKkLDk+4U +7KcmEmqcSvNwvcX6R77YbqXCSul5ZworJAiTCoUSOEXd8s1rh0lSlgOcydHJukeK +YHFxrWjxXwKxW98C/kNAlM+blLWC8XwmTvZ2daAJfKOwqVOZU08SDCdAnOpALvDm +xB3ekdRSa2OMbqheIXBdWDw2kqQZIhNXvLWuTZ6KslVYTF2aviJjRZx4arutWJRl +kxtr8vkfpwL1bbN3TbJBzI/l9LnJskGFrJMhVS39AFSGwCP6Jj3P7jPjt3nYfQan +CJrVfFaUSO/7vBHS7lZ+VwEzi21H40lTF9k/0DGRPfGjGzscEkuC7jL1JIeOi6F5 +cJiFwopPigZhym12Bm8C85+bsE+RDSGYfsQk3GTjSXGY/I7HRaf5wbMhEGZbfbZO +liX6P+u8XsbQn8cU8ueXiV+7vrC6wrYSgM7yO0QKcgBp78emhvSf14fV04iogx0H +6sDtY5CQq0EOIM74FeAfpK0nNg1QclJSaHEYTYJPuynKd5a4b++oXzqKozDOUv3K +tZI2O3wI+ZEIZC7wHw6HljQVv8aFiVtfJB9Z4EVJLsMPBFjpwG5Flxd+L0BoNuzh +FznwyGwoviIlQhyo0SxlN7cyt6s89QIDAQABAoICAACBsYRVnVjNLGNW1+j/c9h/ +BTTHqomggyyi/QsNSYFyTrSr6ixy7yCciWJXaTFTxawVnJNTih1+Xo+xC5OriouY +JfrijmFCcolpg/Ztzx+yN3VseJBI/4zQjmYytns7Kc+B/7QBQ/EZ9Dm6h8RlScrs +F8dmmY8aGe8z41dE9Te5ajlzBlmvW49ps7kYRNQaOBuj5xnevSsybtcxKZdn3Xvo +O6j8PGUn0WSCYm8D1lMvnbcc84/THzrRtBmi4LkLHGv2pKYmJQ31GS03KmILfrqw +0/LQMAlcI7y8wrsO0rA7MKUngJIb6yOXMpewJuPN3Whr7bTamur7Kl6GSD+aK13Z +0zCfS6xchnoNOIGbvtZTUQ7Q1YZK7+hnvZ11SmY4DtDe+w+wux0whDfQUiyn7pZJ +e6eVhi44gTI1MCXM/7wed8hNdT8cQzgt/8LdLybqiOWiiJSECk5/gfe135hojNuf +EcQ4A9X9LoPyQZk5MCKIormy1a5uhiu44OgAIotuwoQDWyP/HSoQTXllWGxe/2Ow +sAjTIc1BMsNUWPa8R2eNSUVlzwnItX5ixl9qo6FMZ+LOBzHB34oD3pJZW7/JE2dg +sPn5r8XsEjURG8qX/KeyGx0YzMQlytpjDDWVtLh0qZBuxBlq3CQ0KW7W6Vy/mdoz +hrJIG05EnekhWC6vFpEBAoIBAQD0yduXTvcE8+vQ7NiQfZdPA9sQu9ctLtCxNFTA +5B+DzGB4v9b7hOCJlrp5ACS+P2TwfvJ5BxYdoUA6HmofynAB3NcOA+it5AO+93Oa +SZzg3qo73293ZpIo1CVJzqWHn1dQBnvf+xsb8mHfWFFEgirZcmBaNWOKBgn5IL55 +wp1VtzeaD+rDRwIjRlKunL7icLVStlv4omCrNiSVR6ysPYeVEQtdq1Udfr24W91U +u49p5c6wUKVzZVVdvCX2DWZgf8mPmPiMxRGns+TejV7z0vAUaSmVjI74xAeFMP2U +DyGX8cOqeVZGDpuTvlHcCUUV1a1DP0h5W2zXW623N8YdID9hAoIBAQD0hqvjU7Pk +RK/qCAsz0reDWt0uKczDGZJPaDcWFvggdj+rp/4ViDtLOQYbrEBfzFMJaKp9F4K6 ++1l39mWU9n5szGF1K2EffHhi6/hpc9uia0Ige0RPZ2EaWo6K43FNc79UXKgSoLN/ +g2bAe7v9JD8ytnlA9QVOzch+87gBqBGoUaXEZw6pNLXCBh/tJLFZ5O08MW8nC3GO +sD2Qq6OQxUXQ9FOElASLdPoXEhaUWXhIaQUbFYy6E8lZKAKe5BoWIxeUmR0RjqFz +g9oJCJpZ7PHU1s0mQcKvncc/7qyiN3ZXUt8TUhtdXsFGFx7V3lqjFQk4Xczp8wmi +9TqlyxdiNEoVAoIBAQCMjme/nwDp4CGU6pqDhQnfvggIuMMaV5pPVgwgYhzScgUm +8IjCDY9ckabrGbD/aKlOCqax5ebGBrQ5awNm07ey6hq2Gnp9dsLL4YyImCIzYMeA +75AykDv2o7Hxim2zzUO2WLLCbo4nYurd8vlfDBsMlsdKpQNN2p/ZY/rbMWtkL3sG +xIL5tAk/Nf798lUM8si7AKkYwCwfw0wIR4qXsBDtAEd1do6+C+tmM6GIKNZ1aRZg +WT5XX2VAGGv3t8QEPvv+r0hwlCvKDtqpC6Xs/T8LiULuczIZF3519SZ14KZad+Dx +PxDR00tz70FTxiLcIcCGL40u2ddKZYL/BFCGouChAoIBAQDE7aCI1+RMtjSmWgwL +lGxO0WLHxsotZe67HMcgdyclnZXxfL3YQXrfPfF5X+QIQtms/iovzDtwsvR+9GUi +7tEqdf8XCfSSEwAxSrEo3DHKQG9lEWEWQb+mJcAegsXBBrLUEjsZpWpqCz05T206 +lXKAOQy2D55StM//zfAnBWATGo5R+l2IT/cBZ0VXCvH537BfhcBqxYCS1cT/Ofvk +n7t2aQ7J+xsd5Pt0kRC2MMf6KPn/sf8/7Kd/sgVKSZHouiJHfng2p5PHICz8kX0d +ZwHr04IsiVFtdbf9+Q33JoucEBWvzbRUIfetpvkibIy6QjrGtmRNFXpxTuYIl+Mh +J9NxAoIBAQCVDIUR7LoP1rwTpwSZZl5i1Mv+2tu8v0OiT4C7q8DZTyZzJZYhDAIx +g7bJbmli07KDFOtFpiA5z+5TYKfHMHDmck+tvRdz2WeyhV6Hes3w26pFUZTj6Zqz +p7MnY4ZxN8LvXfenKGiZNdkUjllSuaWTVZm11xzTsVXWPCe9REIt4vHG9mbcwtER +przP+zu3pzxpIplk+s7lPC9mnBxjZzuz5ep3zwEA2u5Rcs9z3pKipwkcPuI3fmuZ +7TAL/El89YYQu6YkJaFDxr9ArHNVDq744HNXFwZUc4Bk/8TrKzpIZlHRFp9cicQv +svZUcTmjQWPQj5MrZcbCxCkHCaOHPnmH +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter18.req b/test_key/long_chains/ShorterMAXINT16_inter18.req new file mode 100644 index 0000000..42d0138 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter18.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dEr +UV0sBIsolg0RvfMZJZ4cfCoJiug0jOnJ/P1mR8aVmI4ktkdZUlLr8wLECPNhF/LE +ZSpCw5PuFOynJhJqnErzcL3F+ke+2G6lwkrpeWcKKyQIkwqFEjhF3fLNa4dJUpYD +nMnRybpHimBxca1o8V8CsVvfAv5DQJTPm5S1gvF8Jk72dnWgCXyjsKlTmVNPEgwn +QJzqQC7w5sQd3pHUUmtjjG6oXiFwXVg8NpKkGSITV7y1rk2eirJVWExdmr4iY0Wc +eGq7rViUZZMba/L5H6cC9W2zd02yQcyP5fS5ybJBhayTIVUt/QBUhsAj+iY9z+4z +47d52H0Gpwia1XxWlEjv+7wR0u5WflcBM4ttR+NJUxfZP9AxkT3xoxs7HBJLgu4y +9SSHjouheXCYhcKKT4oGYcptdgZvAvOfm7BPkQ0hmH7EJNxk40lxmPyOx0Wn+cGz +IRBmW322TpYl+j/rvF7G0J/HFPLnl4lfu76wusK2EoDO8jtECnIAae/Hpob0n9eH +1dOIqIMdB+rA7WOQkKtBDiDO+BXgH6StJzYNUHJSUmhxGE2CT7spyneWuG/vqF86 +iqMwzlL9yrWSNjt8CPmRCGQu8B8Oh5Y0Fb/GhYlbXyQfWeBFSS7DDwRY6cBuRZcX +fi9AaDbs4Rc58MhsKL4iJUIcqNEsZTe3MrerPPUCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQBHsFc/g8P8ie3Y2EfUcHK4zXKIcxOchhq8ZL9WTZLtHbiHQFpKp5aw +gi0pkJehcw4PRiV0KLQKjJ5K+C30fT5OZfnl8zixFxpCfGgHO1FeHCi1TpVBJW2M +xwdRAiIAZmoeRbmTxZAyStP540jMNcG9C6WE2gQX7CMZO/AP4p4qJ/yqndbrO6MJ +yvCnjSmA2xd6sZFnvS2MLpVO8mL9JRKP0Hnah6xTBCf+pzpjkmYZUVeVwElVCOf5 +iavSSsw1UuZd5fKYtIIic9oUojEOG1hv91WZ6aDgMTkuYdaLJocGcwt7ovkb6CCV +/rInRdZBcdebkQN2/o+PvI0vPPHm+1sA0p5glBij1MhzANLXXblWwCKQzrDFhJdO +Ltj7uwxL1OxpZmsULMNDh9eSS6nVpLlNQy73CmBO/bzYsSjKQ3LVQq8eHssx8rWb +d+YZjh/V4Dy9/EW8bCeJHKvNL1lb3eHexO58s09lMHK1jMvFZ32O+He7CkXSnH9E +5iFN8YU9v4ENagk9UXeBKMoy6Is+/C9RPbA43tGbHSGY4VsCtXtTYcZDKe+bahFX +OXlKkB31opB6Rqb+WGzPH41U2zcT5Tivn/lftdgU+eIO+BDgvmvaFAGeNJE9fQgK +F0ZhIsBjPFxVEi9QOaZyZ6fyA+D4XiTIhwAnv1YWl3SqiZ8KXUWfxw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter19.cert b/test_key/long_chains/ShorterMAXINT16_inter19.cert new file mode 100644 index 0000000..4daeb65 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter19.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE4IGNlcnQwHhcNMjMwNDA1MDc1MTM3 +WhcNMzMwNDAyMDc1MTM3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDnavrYjvfAzEKJ1gjOmX6fOPaKckejCuykm2JGJ1DyHBbVnesnJqbw0S/vb0xH +MhJO2qji1m253vIsLjt6KkcrCKfC8uGGfDsrgE4jh8sogZAg6AwKgUlRwz7tSm2z +s6aV7jw8hxfSxgQVGGuqElmreIChdCEztfXnhKenpmE84RwdQQOWOiWc0SuzgTwK +qmOcA0k6Cg8stlmttFIBrVVR2SOD3lgjU3YiYlq9f6i8eeLMaHxrpNyKCjRF4jhc +7nSZfxP5gUNe/uenrMVpq/I0drx8FlTYrpGabDr47i/+5sRbL2Pdq4+IhwTqyBOp +sylfYEDKtkoyE1miJwIXIIJ9TJsWDQK6VW0kpi3VXxLhcpTKmEl9ZQhAq14ERhID +/QEHAwNZphG+FHkPLMNtuDzNOCADn2clVPl8kMHnfZFYZ2CArj6UFZlJz2vMW13I ++YOxcnxHj5UTRl+P+apA3GeXExuYrQr0YcbycTxOswcx5ZBWPYj9V3dWgutJWRtZ +fixI3MyG615BJRhhsL3yar013WYflpSf6yqLR4/fTAdTkZpvVgplWZztu9QCecId +yLgwREgixu9GAnBXarAFHKWo9P/UU60DXLXi4ZbrcvKRKAu9Jdw1J8CrdvDjoEzC +lg1wDOmeThb/qKUJZOMqdjaT/9oSXBKIvE4d122B70epxQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUsiWCt/CiT79f00F1Kzyi +1DHDNukwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQCoNfI9EruFqmeZLjpxEzyYrjdyu+k86AjYaau+dt9N9LMIFmCq +u8kDM+PLUAQUElAAQfFCDITlrCW4Ow7a4ExpuianGZoGYkODPa6Uu1E3DH2e/Mes +XgPEP18bcXAK34P0s+tyPgssWSGXBjaMQxuYG6maaTPsiieKAN951ChbEbuqs76T +AUp3CfraiHDMc9g3JgBAIdbGukDMtiV8Xqq29OkkvXstbULF+crw3VJ0lfAwSji4 +y/OlmazGaxEugzvN+UMFwlZqNIv8agzx4sjhhnyirLhz0Wgit0jsdik0ww64bGDc +bLwy7qQVtGmojpVCY97Luy8PjdvaOoE4GRnygHNYVHmpo7t4abIdVOCKu2RxbgVZ +MF6C9BHCHHdgQpwABiV6qeZN4mupyDYgkGWKZMKh6XALYPrxdLcBi5xpHcqWuu33 +lV5P2olNXnU3q4OGiXIDf3olh2ZTUBAWuy8HbjQUniwgjRvsNCl8KS3aTgeZ+kT1 +cgbNmawq3P49q0y6M9EGWTZvaQv0B7z+1JCxKwikmJFe+QzvPCxU0/oHNEDJspN0 +cQdOaQLGexKIeMVW48jx93WD+4wcQRMGkTe5oU6/g7BkkqBc0likI0uJyYXlBb+M +6Pkjeigu3UJa8hbTvhTBxVxDj6rXuccoFvu5YpnrTGt5v+ZEXTVhYESOLA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter19.cert.der b/test_key/long_chains/ShorterMAXINT16_inter19.cert.der new file mode 100644 index 0000000..6836a85 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter19.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter19.key b/test_key/long_chains/ShorterMAXINT16_inter19.key new file mode 100644 index 0000000..2824465 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter19.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDnavrYjvfAzEKJ +1gjOmX6fOPaKckejCuykm2JGJ1DyHBbVnesnJqbw0S/vb0xHMhJO2qji1m253vIs +Ljt6KkcrCKfC8uGGfDsrgE4jh8sogZAg6AwKgUlRwz7tSm2zs6aV7jw8hxfSxgQV +GGuqElmreIChdCEztfXnhKenpmE84RwdQQOWOiWc0SuzgTwKqmOcA0k6Cg8stlmt +tFIBrVVR2SOD3lgjU3YiYlq9f6i8eeLMaHxrpNyKCjRF4jhc7nSZfxP5gUNe/uen +rMVpq/I0drx8FlTYrpGabDr47i/+5sRbL2Pdq4+IhwTqyBOpsylfYEDKtkoyE1mi +JwIXIIJ9TJsWDQK6VW0kpi3VXxLhcpTKmEl9ZQhAq14ERhID/QEHAwNZphG+FHkP +LMNtuDzNOCADn2clVPl8kMHnfZFYZ2CArj6UFZlJz2vMW13I+YOxcnxHj5UTRl+P ++apA3GeXExuYrQr0YcbycTxOswcx5ZBWPYj9V3dWgutJWRtZfixI3MyG615BJRhh +sL3yar013WYflpSf6yqLR4/fTAdTkZpvVgplWZztu9QCecIdyLgwREgixu9GAnBX +arAFHKWo9P/UU60DXLXi4ZbrcvKRKAu9Jdw1J8CrdvDjoEzClg1wDOmeThb/qKUJ +ZOMqdjaT/9oSXBKIvE4d122B70epxQIDAQABAoICAAqrxjFiNk5vnMnaUsGkFlCl +QckUh/UetdbJS3jMq1DetrbW91bw01Xbb4hs62mFB48XSh5boOenPieHYjq55Fo5 +pfK5XGjlJZ1V50SAKIAPqWO7D4MUfxsEE8zBV9mneREE0UZBPHn9o4aNf7lx6yya +++N2BWnrBBHO7iQu6eDyyGcY7l9pAv7+LjOyy9/6B2nURPYmLJj1N6Fo5TcqlPqX +NqoIAKxwVswzGNgQIOm//RNL5iDYk0rSOaLXUZ4HaN0DHRquOTsSKgBzWQ8MXLjK +mNpn9TWgpxolz3pXEWOBpKBHySUZmh7DixiAbVev6UJ6n8I5MaapecKeZdxHJX0n +KhEEa/HUBOr64T23PbBrUYm4+U1sK1BkRcPTnXsu+USc7jogqSI0QdRvCkDPa+Og +MOB6x4lWKdylXutKbKNzkcI40cFVCVSzz3bOOwj7Oh0bTKeWlLyKmfSeqLfnVDIW +6cHmSLHVv1592kcxgJV2xbpd9fTyjprJ0Zbc/0UIe/zesP9mcqZJ1Kh0OhdoBVLX +CWF6d1R9Rjrn3mXgMYNyHhrwTnBUVA552qfL4a8tLXJe2D8smNyWCsVYGBI+2iN6 +ms+wEnGSKXVN7i/956NOFQI8WflBb44wN1YiB3ucCtXzJzswl2NBltqcSQjiiBlP +g1en4LUIIQhSfAk0GGjBAoIBAQD9VA4AeXUvrJJ7EfYii1KG3lE8mRBTZ08ggbfo +FO8QRXXz/bircu0IYeUQlE+Pa7hYQhjjTymDfFOolVgCF/OnGCxRgO7hCScb1054 +S37cTUzK7aDUbo5JOZiwBjRrw4OkjDsuBteKZshPAHLwOavQo/FYNArIGvEtKklK +BLudhM08zHKHc3UVMpEp/+P7FbwVE2nf8WzzTTR2bs8Hj0fS+VScWFYONRGJIAAg +061U7s4ekmJbNAtgJMcIyR9a30htPNxIswTOKpy1TXsYXmtP4axnzEV3TWFoz7J8 +7AbBelf68OEYjyoxdJnwbfL6Zr1T+2+C0OpKUimnCWfvscWtAoIBAQDp28VBJUnk ++A62W1sLcmi3BoYFiOqoLzZdGkyWzeoFmYwg6OgP3GnrY4QriyC6dlnSx1OjL9zW +zxewzybVccetX7pOgtegbhp48fY0PTh4xzj+Jzox46vX1TdyhzLlMkWoLV6CWq2p +XBQBTOG1m0rWeW2QFYGCsSnUykLDLM8ICyi4EdyG+9i6bX/OMXchfOCXrfxgVQN6 +bgMc67dwZsuQah8YdNf/TTFBr6I9BTjO4lO4t8h7ULr7IMBs9stq/0aLoj7JkVII +GnuX6g9EE58tBO9AKY15JjusaYGrHoT6JieofV6EGDI6L+kBR4rgiTO31+34Ou8w +lLx9R37Lb4d5AoIBAB19RGf/u4mCMEcNTza0OzYh+RjxxHnBA/AHya3FihK90z5E +4dNrfHZGVxD4As7yPjJf91+2nmGE/oQYZndP7HgeE0KlnKkrlJbkGGleeHUStobE +5Lz15bBWeRS8lCubRd7IyDbSaxLcZiL0LW0TeZG/E+Atpremkz6rtn5cUK7Ef9O9 +BPQJl66RBV77P8HBxPQ7H08HXqRv71R+D7GUl0rS5WuRyOq8eL8ar4kiuwGxDuN2 +LObrBwv5HAZEy1abuWWl+QqpdDy/ryBX1aV/kERrQ9ONbuS1aEp4KxHps9uf70/x +7HIccE/zf9wCII/Pl+iH03JJ+YwPRnQAX04Cxr0CggEAW77jmRY28kQ7CWG3yzrc +SAmgJKW9YbP8APSjXXp1ODMwHW0iNa7EQxusq6SOd3ic7qtSbbAGVKO0aKIsWwqj +SqpGniyIyaDIc/CBJadq8z89ZcAf/ZiTPz6f3SebWP2rBDqgXEWU4d+E3am61xOQ +fanvyNoXEB3PCnM7U/TNWBuAow4m1TISqbjxrgQL97BVMEyKuYRAtBRa1krHkapS +bFqlzmNwpfEzxNBRttzIl6mFLO+1EGPwpzsHIviDf3ucwoUpWszPQOya1lN2H8AO +74uDDUn//ap5OL+/plF32+eCIYDlxq7zbY6EPANEQaiyCIsHCh6c3hNMC140KT2d +CQKCAQEAzWbXZetCz7Dr5jkKej7VSgaKt9BZFfjunCct1UJXLVDQoRO0LrzaupfA +dZpz/1iZO/g1xkLarXqTcCGUJpXgtMEAExy8/mCM1+NlRQgqiWtZ6BDKas0yNebe +yA8mDJFCqMRW45vZQtxKa/v6MUTpfJ5yWCKI2pOAn8K9yFO9/7mFU34WuHswk0k8 +tu+jw1VP3UnSFUfOqzKJ/QP1wKWFtruYGx+YXm2uYA9E/VZaDryXFbr2QPfCV6Kc +oE5IYnWUxOcz+W6dW1RwT7Pje5Ok9eK/2bjvO9ZVJHufuu1yasnwiw0OV0hMfBXC +deqP/TyxX4fNy0Iex6xCZVqJDI0pAQ== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter19.req b/test_key/long_chains/ShorterMAXINT16_inter19.req new file mode 100644 index 0000000..3f49cf4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter19.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA52r6 +2I73wMxCidYIzpl+nzj2inJHowrspJtiRidQ8hwW1Z3rJyam8NEv729MRzISTtqo +4tZtud7yLC47eipHKwinwvLhhnw7K4BOI4fLKIGQIOgMCoFJUcM+7Upts7Omle48 +PIcX0sYEFRhrqhJZq3iAoXQhM7X154Snp6ZhPOEcHUEDljolnNErs4E8CqpjnANJ +OgoPLLZZrbRSAa1VUdkjg95YI1N2ImJavX+ovHnizGh8a6Tcigo0ReI4XO50mX8T ++YFDXv7np6zFaavyNHa8fBZU2K6Rmmw6+O4v/ubEWy9j3auPiIcE6sgTqbMpX2BA +yrZKMhNZoicCFyCCfUybFg0CulVtJKYt1V8S4XKUyphJfWUIQKteBEYSA/0BBwMD +WaYRvhR5DyzDbbg8zTggA59nJVT5fJDB532RWGdggK4+lBWZSc9rzFtdyPmDsXJ8 +R4+VE0Zfj/mqQNxnlxMbmK0K9GHG8nE8TrMHMeWQVj2I/Vd3VoLrSVkbWX4sSNzM +huteQSUYYbC98mq9Nd1mH5aUn+sqi0eP30wHU5Gab1YKZVmc7bvUAnnCHci4MERI +IsbvRgJwV2qwBRylqPT/1FOtA1y14uGW63LykSgLvSXcNSfAq3bw46BMwpYNcAzp +nk4W/6ilCWTjKnY2k//aElwSiLxOHddtge9HqcUCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCbZrh8F93mWHp42sx4Z5kZmq2aeXv3mTlGYMpxqbXZCMcXDzGQ4wSs +mpzaW/HfL2BmPyUOc3W/QKYZnhDk75yrg/f10iFH9wGkWqVa6QFEeGaF7H0LDebw +dhnT+DK3iACBuEP1BxA0X1Id0JCf7NHykKkRBmJvL6TrPx2n0661Aapvc7ZO5YR+ +O9yXcjnGoRuo4lKOTKo6YvTBmWEVD5I/tMHO/b8l2x3PItcTszGg2W/2CR2QCOzh +Auqp5BXnZuY6IWs9eEeTTj4LGe/h4zUCNF9E9G4A6WgAlE3ACc/8fOtIX853gwBQ +zVXiPieuO8NYK/gmL3pjLiHprZKRbxgkgoZdY0nhv7VAsZPaOxF8MORpTRdj2xkt +CAgEkCXmQ9pp6pbuuO4EdGZfV37OVYs7mWpTeA8VtGRZn6wQcLI7GyDDI3bvjza+ +WjUTDS8XNG1G93sld4YPDUq2pc3uK00jQ1JK3hA0zsw5eytGJr6l72Km2s9T5DUn +Jh0BXBa9yUpV8qffyffSv1G6VwUMVz+u4rSK+u9Nyz7GZ5bLeYbJbYVhICB8UB4D +FJ4vhW3yc+9bp9WFfAB2m2sEDWQMaP1ZToTC4b6g/91QmiIPlNnWu52RFeKNzrlt +S3b5SLLsXcf9wCS3C6o74yQdbkPsmYUIVBkOWkKndDviO9e8TVeHqQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter20.cert b/test_key/long_chains/ShorterMAXINT16_inter20.cert new file mode 100644 index 0000000..75479a3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter20.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE5IGNlcnQwHhcNMjMwNDA1MDc1MTM4 +WhcNMzMwNDAyMDc1MTM4WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIwIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDD1SxpXmg1DQklSgQBSv63Osp6GQL+h+7fyB7DhyJBMY5RqxKKVVPGUEqvjMuj +B2tJhcNgBk7OHssic8cPDwhwcfL/dDpk3EnT7nkTzoYvCSIl7zK0VsmzwkqZ0On4 +oM0hCqvZBz01Qv83w8Q1/FcuE103zF7zsY+SoHJpZSUpBTq+oTs4fSnknZTMNBL+ +gcBz8D9IP7taVIWXi7p5vxFnBt9U1NrIizNoZOWN+QPKonJ/5Sbijp66Sj/2X1u3 +HQ/ha3teOevYlNGJy5Ogv33SeFFD/7RcuSBwtqaW8Ny83x5tOFuKeBDl0vuZsr2Y +GfwsjDGWjA7556vY+eMGqSVZPdX+U7aFxXKVylm4gN1glCZSxAsh+f6v0xYgjOhI +C0X4f+X4ytZN3OuU/t1PMQu0ldwW/lIt168r0Tn+awHLOpSeVaRmgLB+u8reNaFl +ZDzbJe6tdDIvcm/thFRUIHNQk1ko264oDuqUa90SPnwect/gOio2tu4+iv2MlW+o +MYV5X4DyRrcn/v+fsFohMNug669sR2RGHSw6Kw0wLj2blpAWP1oljPEbT1zGCn2J +Iq80RYZjH2UZPtvKLfoI7GqKKoboZ8raJ58Yx9Bs9pjSW2T6BFCVEq+VZH8DBdmd +S79pj8+m63+LIFnd0Z6t34Qy7z8P69Aglb9yIgVhA9qZiwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUma3JHUq7DWSEP+3KNA+o +zLt77wkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQAkDfI9bKqgDR3ZVMpXz/EwMR7IJzkK5YfN+JSMUtEMMfiBBFVi +lAoKOHGVJgiYv52PghiUm9wQ/ncC5je+BManc5KWymo9+aR+1s3aIU0bD6tK5wxn +DhHMU1zhEbeV9+WiXacf9Mfw/ssi7Hg5iqFaV6tQiXd2Av5MahYd6NAOgbqJyov7 +dbnI2/k7lxCEZnF1lQeKTGuYoB4YoNJkOmXyLfp2K9y4VTGcUmjYjfCWz856Sk7O +gxcgh5AgXK7bHlJe9a0M/6bzAfhQkX5A9hWHvF+xdSsZaJBAgReal+0xYQ/jy/IL +7I9/ngtXcnUCo/BMcml/nhtZh7fzXiKRES4q8sx+h96aH8vK1/2Ix7fLOdS9+crM +P/xKU2qqYRIJrMzCMvVMNryiRNh9DjnGlxhj7RrrNK9oCp4b5e5il0fb4zvQwgD0 +3eSEfobVysDRtnPH2kGKfRiOrmTDtNquJCxYquycVs81udBNywIPFQYHktK0xmSs +lfg6hIBQBDbaUaRpH0K++FK8CRuaiDjKJSAxrLp9dPv9ZeFIodU+VprZz1adpVIJ +W0IUu8VlwU2kOr9GxHCQCG7ouCmXAbqxpvUmaPg/b6rL6stPur8+DLJu3kPsPEx9 +11KveuribxD0NXCTUcaOCL4cFagSg8AVNP/qltQkIbfkB3SILlNWsgs4Xg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter20.cert.der b/test_key/long_chains/ShorterMAXINT16_inter20.cert.der new file mode 100644 index 0000000..3c03b04 Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter20.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter20.key b/test_key/long_chains/ShorterMAXINT16_inter20.key new file mode 100644 index 0000000..6b1371a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter20.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDD1SxpXmg1DQkl +SgQBSv63Osp6GQL+h+7fyB7DhyJBMY5RqxKKVVPGUEqvjMujB2tJhcNgBk7OHssi +c8cPDwhwcfL/dDpk3EnT7nkTzoYvCSIl7zK0VsmzwkqZ0On4oM0hCqvZBz01Qv83 +w8Q1/FcuE103zF7zsY+SoHJpZSUpBTq+oTs4fSnknZTMNBL+gcBz8D9IP7taVIWX +i7p5vxFnBt9U1NrIizNoZOWN+QPKonJ/5Sbijp66Sj/2X1u3HQ/ha3teOevYlNGJ +y5Ogv33SeFFD/7RcuSBwtqaW8Ny83x5tOFuKeBDl0vuZsr2YGfwsjDGWjA7556vY ++eMGqSVZPdX+U7aFxXKVylm4gN1glCZSxAsh+f6v0xYgjOhIC0X4f+X4ytZN3OuU +/t1PMQu0ldwW/lIt168r0Tn+awHLOpSeVaRmgLB+u8reNaFlZDzbJe6tdDIvcm/t +hFRUIHNQk1ko264oDuqUa90SPnwect/gOio2tu4+iv2MlW+oMYV5X4DyRrcn/v+f +sFohMNug669sR2RGHSw6Kw0wLj2blpAWP1oljPEbT1zGCn2JIq80RYZjH2UZPtvK +LfoI7GqKKoboZ8raJ58Yx9Bs9pjSW2T6BFCVEq+VZH8DBdmdS79pj8+m63+LIFnd +0Z6t34Qy7z8P69Aglb9yIgVhA9qZiwIDAQABAoICAQCuhj6sMQyhqtpptwrWtCVI +2kY0hjHa8P37xXdVPgtTGn0BX3qIef7NECVfShT5V9VPkrxJyZVVsK/MJm5Sh004 +GPU8oDKiTIgnLbIN6tI+/N7H++KuQWJEp3SgnETH5Vaqib4ZDpCH9QtKgVdN3XM8 +htleru44NBgFzqPoNdHmOtjdpwcGEtXQ/nbrfcUnuC7xpDxhgRrRJ95e7pHjilpR +/RfvnDrW2ueXs8O4wSGV5ywvuuLqqbvfveg/A0DTcj0C4izyDqCXRhlvulP4wG+7 +sKqL9UiiEgJNMRpKDqJKWHXfVIiQYOx+RYcgtOCuuwm4EcDnsC5wnPzTw++Fshyr +WeRVqAB8ZoMsKaxb/iQ+ycOzQ3V7zWERenrmMYbV+hcc+IpfR0oPvdKmXqjmrzOF +kIqb24aK27o2DZdgqVH24WbI7vLMYZX09pLyhUg+GEkTalSuGR5YpKCN1/umUa9j +0lpIjxq5fVvOvArz6+ogtrIA3OxZ63Ku5RaouBrDlnJ/3vZ5YzOfCQe5PmrQ8Wa1 +OayO4ReF2qukdqkWmRVtnLw/fsenEJNyxntrfhSboTyw7LHG/FTr16jEACbLTcUr +/FOUdAj5dpMertBH15Pk+6X1zxwXyHqKTPcsBkf0aPD2MyPL53bO9GQvB/e0bIYK +XtD25Zm30DPPu6C8DZyKAQKCAQEA7T9aupXt+3XVIBVJdCECq+4m0cwtmVuZDLRb +gFR2rAGKOVe5Vt1TX865UcjLmpr4XxBxrqulAxlVS2iaetEyjxJEMiF9JOTPH2xi +AxL2i+EWTEc19SVksdCu+lyFtq7dPFfKvNeQ2SxIR7tGzYv4EW4w3jrbw3ar+IyP +dpA2+iqaIswLHdxIUdn4jd2YhoDmscXil8D0eAUhpd4kVcK/zbo/Tl1Mkfxia17t +O6T8kXvNxMH7TC31oxby8usbf6BbMqdBpCnO8BnkNG4cinXQYmRs3YITq2I1eBoU +YjCAMWi1k38+8bwKyyzzGKaK9IgHEUBL7oLVpZ9nO6oZYCntgQKCAQEA00/NGtBu +zXOsFkqLmWFKW79Q5ktV81YDOC7wsby/4SSUE7tizMb9K/QM7YGczsDxWsey/p9h +K7wBz6rGKSQn/eDKBe9wuZNBYcsnu+J6PSo2/TEn7Rlj3iZz05JIic8oAQsV3PjU +NHdwjERwX7QW+8muqZtuuoBjziQr0tz4td5j6FJMiJqgA2CIzY8cvlfJu2Prr2rD +jXW3DlnPp+61usief/ou7p6fjDkrBRLET/GQu4qp8r03u7FdGrvX9DnQSVcNf0pE +6MwOp0C6Vib3s14vjwdZu95bGGupCbMT7fMEcQlOuTBFUDD17NO4RF0IwTN4KL6g +AXmkddBRrxnlCwKCAQA8jIzFTfp80Ofh1kz23G3oH1G8/ZUtrJj1CxrHN8dJwuLa +G69rofTjYMkfPFXqUV7ONE4vPBNTJSYFpt62NannpcvN14ou3k6WQH0LN83AiWO9 +d/cnZ7G5R/9AWlit9Rb1jZpqc8G+C3UvCXbagrx/BlZmgTMRQbpGJul+YvQFCNZp +xxWXO18htLWgz0tcGI3IFS7teAtsjjK2OGmhkaCOCtiZUWp3X6hmqsV1EXh8UNKF +QtS17ozgYL0EjkhoXC6qUNGJ6jmsQY9iai/SjpruYZ7/MXF/rgLjchR9ss8kzQp6 +aGFSJKHElOY+BlM0cXsMRhKa/r00Feis646qYkkBAoIBAQCYLLPsR4ZD9rVLKEv4 +HRRLli9QaZhwMNUItOUpWmBkZs8slpnEFtljudFFiT2/tzsYwQ+qRmTX9gDn6Hfk +UOFr92IFfDWVrvI61u66Y5LcUXZgR/IU0WAWL2LiTkpm1ARfG/iWtas8TXeDzBWR +FkQm90sNYZ4QOT2mym204OVLM+iG+h2bkp8BT5e1UQbGHLpudLraDOzfBpLZhtwA +d+vvo2Jhj24U8a68cL8GXEl7uN8d7/ILmTB1vnjqM7SFcM0Kw+I4dOfDLpCu6fJG +8LEZPw7I1eZNYQgBQibtkUUc6xGbxbQnsRd5dIjmEGJ2+PjBCavSy9S2uz8wiOEK +VH+ZAoIBAAf53t42W3ZMMN6RijUrQ8W5koNFKXNY82Kox8vKIEYufMiXK80QD9iB +PCSAAs2piyoPtmmdmVqWpVimanXwqTi+ef0hEUY8KaVUegnnN95Icr92QfSTORpO +TWYiVw7N6i6frn8Fo0pjqpSR/55cQ/RaPBw1XhvMn6zd7Wi31pfyrs1uR3cjzZd7 +YcLkCT1GyOLLHntJcW9nPLaVC0MtkdsBk/antb0H2v2EMC9/ct0r3Cbi+XsdWskd +JY2WT2xZ/385mTFzUiUqTV14FsN3Kh+kyQ7YgGRH6zjFHjuwkyCdvC0Dqs40+qgC +MBzPGCm6oHq8j479Bq+7Qttop2ScbRU= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter20.req b/test_key/long_chains/ShorterMAXINT16_inter20.req new file mode 100644 index 0000000..a34ead0 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter20.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9Us +aV5oNQ0JJUoEAUr+tzrKehkC/ofu38gew4ciQTGOUasSilVTxlBKr4zLowdrSYXD +YAZOzh7LInPHDw8IcHHy/3Q6ZNxJ0+55E86GLwkiJe8ytFbJs8JKmdDp+KDNIQqr +2Qc9NUL/N8PENfxXLhNdN8xe87GPkqByaWUlKQU6vqE7OH0p5J2UzDQS/oHAc/A/ +SD+7WlSFl4u6eb8RZwbfVNTayIszaGTljfkDyqJyf+Um4o6euko/9l9btx0P4Wt7 +Xjnr2JTRicuToL990nhRQ/+0XLkgcLamlvDcvN8ebThbingQ5dL7mbK9mBn8LIwx +lowO+eer2PnjBqklWT3V/lO2hcVylcpZuIDdYJQmUsQLIfn+r9MWIIzoSAtF+H/l ++MrWTdzrlP7dTzELtJXcFv5SLdevK9E5/msByzqUnlWkZoCwfrvK3jWhZWQ82yXu +rXQyL3Jv7YRUVCBzUJNZKNuuKA7qlGvdEj58HnLf4DoqNrbuPor9jJVvqDGFeV+A +8ka3J/7/n7BaITDboOuvbEdkRh0sOisNMC49m5aQFj9aJYzxG09cxgp9iSKvNEWG +Yx9lGT7byi36COxqiiqG6GfK2iefGMfQbPaY0ltk+gRQlRKvlWR/AwXZnUu/aY/P +put/iyBZ3dGerd+EMu8/D+vQIJW/ciIFYQPamYsCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQBJsPph2tj0Tk9eafxw6KPKg5Y6jQmlNkhnCh7DKYRzdEkR4K9D5yT8 +V4IinYAyMOj0LHKzBdrGG4/zCdDRzFj1c7l8b2J23NYO3MmD7vulQEJeoHMnXeRr +FXXoRNIwCDcLsj6U3Ur0RcMAO4CpM4U85ueDYzBEx4vFLTwYjyiZ2KTNWzzEQ6ET +XwxQqv4qIvTGkqyAKjstSnpIR5RZzpbUaJAXxUQoEOs8on3o+0MsXe+7O9PPxzB5 +5+EQKBy/mIP1yLmLoQDucBR52pijfzT2ia9Ikggqmxy5MD91nXmW7/1RfmY1IQu+ +Qd/Yo//s1579Pu8ZMYdtKNCTHEm6sfFKJtcHGrhUeIABcVCVNPg8K2sqECKF1WYL +JZH8G5pF2wQDDkp5uTDQMtYny1lH/ycegxPCYgkrJ9BfE0HHzVSar7cPBQJ5qQ9n +bVqYrdop5NBnRaXV12/DcvPmwFWw7vDBJyV991OjqcpWSVxGhHploKzeecK//li0 +cAnGaGkjyzBMCfPk+Q1/6xw2jNNBBKN6/KGF6vCdPP+IRtD6sSYbPXe5HJV6SrAS +AdNlkes4VYMXiFEPI+NL1LukiBsKpZIZmTFKPqUmxx4FqZnghDuJGXwEDjvdmi0A +vel9TcLssuOVmPF8zUZa1qk4enAwP1g84jjS8Jaq1qOsBLsZco7H6A== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter21.cert b/test_key/long_chains/ShorterMAXINT16_inter21.cert new file mode 100644 index 0000000..4d44e3a --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter21.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIwIGNlcnQwHhcNMjMwNDA1MDc1MTM5 +WhcNMzMwNDAyMDc1MTM5WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDaSAN+n16ZAUo9hQNRge//ocATXUHn3CGYvRH8bTPdzKNJmkKUYzRSD3RfpKSb +niAlcPIchYN0J4HJv7XX0IRmwA0S4RxGFSX/FKAsY+iUcOA70TLw7yePwdpYKFe4 +wi8nkrXwFjfbb/XOhGiwJDYnYcZCNvZFPjZFMKXF1KsmCH7izacmYVXuz6nyHQe0 +tPGXKYcI9Sy8fs0tzzas+BfixFtkfz0Dgd/HWvkfvh6+dq3GkjmMKiOJriXRSTA1 +eRR/Adm+3M//mBSwzgsW/+L1wf85LGz3TAmkLTCgXqEXzl0IMilgml6Oz4s/kT/8 +8rOu0VXmwLoKVYDBLB5I+JYVWDdwoikutfO9DsbgI9GOMqm/+rs54NuvWPkxMEBK ++oe9GALx4yFyOgUn/yH2z72aRjxPbtOUxsl84BfzvZaV8Fbw6rzwt0FZfvE7qohv +l+TGVIL8EPzOj3I7Ux8Ctw7npjjJZvu69l3KSH7Gu1pE2ro3ixv9Qv/lyJ8vvk1X +z7llEy7af3rZ2eZ98oYouk8lSqE0K8InKoyYtZ+qL4Irn1UfP0GF+wYm3pv9utxG +Sfcs3aEVxJ97q37rjKu9KbPwo02VhV10oYYxyyv/AeZMZjI8LnrOiCdXQnFV8f6p +fQaSE0kiVbvhRZGtcTT9p84iK7ldoMCCBHlibj7tc/eiQQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU5dI+CX90WOPsRks38Quy +4hcyo/cwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQCRdYogfbJIZu1YMJolnLphvt0MJEPsb9eUB+d4h6hGjcJlFrzn +Km18hqSWNPzSffYb2XfUyl2jE+kuym/0hE0whtGI401RYVR6U4566obWv17i0479 +okcgCissF15UdT1/BUtM2sPA67T4TcLywgrAZ8om2hw5ypYkEz5uFZD5cZYrz9RR +xLeSXymaAzk2/qxBDjp5bsZFUPl23BtDnYl3Dkrc+qJqPuVBN9VoP0x6b+K6alDv +ZfPje6FfXY5ruJ+cCWYI7JDFH3nD4PTyBbfeyfw27cADHr8QKGe+xZRA1B+xtkA0 +KyT8q2G5AZW87Qose9sXTzIz9MkztpqYIikFzDERazTeLze64ermWEFV3d0d6F/s +OFt49u0uEupHxBVyITJOqkqTOCRNqMXgw5s0iVbAFGLlt/yiGOTgeb2Owc8TxQnK +3I+5RFdtvKScsuX4BNH4yKCfYZW4iiVOSgy18P2gvUgjT480AW+VJpBB5loBOYse +3dcda4C/v3N4XdnI5I0A8CrpVCy8e6p9h3n2QwQO3rRO8QirWud/XY1MeW4rtONO +TSRAPhBBjxNQRwPt94S3iZ5fP0uwiBELCNq0NG5E/cMUpgFYOh6Hn/5YL1TZi/na +HrU1uDNBns2UDZJiY1tUjnw4VJa8eUrR1srrh/OeXe34sXsSNJNqO6Tjbg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter21.cert.der b/test_key/long_chains/ShorterMAXINT16_inter21.cert.der new file mode 100644 index 0000000..6c79ebd Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter21.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter21.key b/test_key/long_chains/ShorterMAXINT16_inter21.key new file mode 100644 index 0000000..871c26d --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter21.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDaSAN+n16ZAUo9 +hQNRge//ocATXUHn3CGYvRH8bTPdzKNJmkKUYzRSD3RfpKSbniAlcPIchYN0J4HJ +v7XX0IRmwA0S4RxGFSX/FKAsY+iUcOA70TLw7yePwdpYKFe4wi8nkrXwFjfbb/XO +hGiwJDYnYcZCNvZFPjZFMKXF1KsmCH7izacmYVXuz6nyHQe0tPGXKYcI9Sy8fs0t +zzas+BfixFtkfz0Dgd/HWvkfvh6+dq3GkjmMKiOJriXRSTA1eRR/Adm+3M//mBSw +zgsW/+L1wf85LGz3TAmkLTCgXqEXzl0IMilgml6Oz4s/kT/88rOu0VXmwLoKVYDB +LB5I+JYVWDdwoikutfO9DsbgI9GOMqm/+rs54NuvWPkxMEBK+oe9GALx4yFyOgUn +/yH2z72aRjxPbtOUxsl84BfzvZaV8Fbw6rzwt0FZfvE7qohvl+TGVIL8EPzOj3I7 +Ux8Ctw7npjjJZvu69l3KSH7Gu1pE2ro3ixv9Qv/lyJ8vvk1Xz7llEy7af3rZ2eZ9 +8oYouk8lSqE0K8InKoyYtZ+qL4Irn1UfP0GF+wYm3pv9utxGSfcs3aEVxJ97q37r +jKu9KbPwo02VhV10oYYxyyv/AeZMZjI8LnrOiCdXQnFV8f6pfQaSE0kiVbvhRZGt +cTT9p84iK7ldoMCCBHlibj7tc/eiQQIDAQABAoICAH/cURe52Nq9U7SHlrMG7wOJ +xw5QwUtEufVTQxbfDNOujDOQBdIP7lTnMp7XvYhebqwf5eJpHuBKSA9amfUJ8pSR +iNb3P+2Zc8FgXpbCCznwiJjhaPqSzFS8E98x+niCXsbKfIJfMWb7xTusefo7q/ET +p+OfeFCFKZsL7P7eHUbRESpflrq3p3OU9xKYiKwElcObErtfik375MohqABX7v3p +UTOkCKRmTiPjmSxL3Ixqzk4T11vQTzLV7NcUDQY1n5jqB5dylvA8MFqExyA40cRt +V8gwyr9tLfSad/Jom+pq+jnT0EMDCcKTthiNR7Muo6wSeUQKvq9Q+HOvGSpbWuWe +slmYDoLmyy4EaSdbuj15fBfzYGDZiF0fvft4q6bTPXIbzyQjEJBq7WhPCLTNKHBd +DtqTxVxeh4RilsVNXlizSChDqaxXPlBctlnUmShkCzU9DiOSte7dAsUVygYco2jA +tTn1bLCQn3hj1GO0NWgcjGH63VY4Cd7JUdvan7YjJfh6AZLwxhiQ3XfUS46oNGdl +B/ERpVy6UXBhAveUP1CHX9vQxbJBihe2s/wmJG3NX9cNncTodSTSDltMs/EG+wqL +6hWGj5D5EqRXgw6ew8uB6DbOgLClByMGvYfXFCTFEOqoytZIpuUvvKTSr9z+xU5T +XDCYPhZ619SVPE6fjIdxAoIBAQD2anxnezBgEPsvRg6ztGl9FLveNCXE5NGqaYjd +uPNiJTTSemE1Lngw6d2/7f2a6N/1xufU1fjhxzrCyLDXw4WHLc+y0bK0/5QK/z/I +xp9Un/n2xtbOZZ22PI7JAbDv47T0kD06Lwlwn+cadt39nH+PMnAMN9tbi7k/j0cN +Es52S97h0gEY+dcK0YiJpCHZIhQ6mey9St4vZMUjmpCMgdFmVgsAiQ3VxqBo/zaW ++mhDq5picg3QP4OWogMvjYrbf6PacI9ozLQsEFYLU+vFdKCbTnytm49W8rAd+c5d +CRUH9/ZNLk31qW0zw1DoKKfga/33MXoYmqC5S8SAA1mlmRlVAoIBAQDixWWGj4nT +pd4oP+NB1isbNs5hK/pE41DjM8NaOTCXaohDZCRJfS+4k/nylm+kJd4YNSzmiier +Lf9+pKPMRCLTQINH81nnbnkw3jHTBroHRH8P79Kk5TdMIAHTrnma4RZntDn5SYQU +piyDHC2VZUo07WKGbK17SfTU3cDgr2X0FbHir71vzm5Of4ZHiZapkP3EfAuOnnQs +8t+QbH/I2KR+HssnN5QxJH7s4BCX/CskLfKQz6Pnh+YOFG2I6mIql/i9p+z8m+ee +fqUSnJxNoE13rlWsy277Kjx5A5saeJJgEQSGmnIVeDJrfHsfNOU+DHaBG/wfZmue +06X3PiHjRjU9AoIBAQCbe0VT5h73/r7/bS0JpuSIz/RamHzcZ6UD6eM6Q+EOJHvX +8vAzJkcgVfBdkkVa4WWvJvpRCVIo5BTnosoy2mP+j6FmK3qfSkSXS8drYChYtTh7 +xar0QJnqyvstSavjMcKULg70D4ndTof74tTfmUfDiwe4LeZzNQ6GVFl4nk03x1ez +FVcr8zkE0oFcl/vjjeVFtKn0JrFbJjJd7MEYZzFBaTk39UKNiO7eUWqYiRgQ2s5n +H6AnrmvROBjagG0FYtx4kF1suv1UcFpae3Fg/d35IOT6hhVDv43w3BaiDYD/ri3z +NSxrvaPx7WO3mS+UI4/z0XxA2hBf2rb6LyL5okihAoIBADJushCF9aIDPm/3HWRz +6+xGeQl1TVhqsX+F8IktNNhH0fwi1ksdszI6fpjryfJYlZcOpGi1CvNv7GVO2jrA +YHpY25lxzmnA0OUEVVJYKaEaI6P4swEHFRAyAhYAtHy0WFZB567AIcax2i5iYuTZ +vPIeZQ3+N2q23ONGWfHeMC9jb8c5TEkEQNXmWIeqWr5lR3qeF7flF3MzpHKrHpQd +Uh/WW1nia2uucSffAPG8HCAUs+BuvUXtnEU/V8jeT2ynlaMgKH1Zct51zeJgwAYn +g3L9a4JdT9Y942sKWUE+1VbWEgqZaIvLynLLIVqkWeM9xFEcVyrojUCqUzu0Lrcr +0wUCggEAcfZ1whMasnKH1d2bQBSz01rTZw29TWaxg36qmjFhTrnd24waqVXvJ3FF +X3YSn5jdLJibgEi4pof35xlbYf4EDiRWwTLB2EsUsVdg6bX2hfaUDlu+ioKN9G8V +wFd2dn5WN/LX0yXq7y4uJpHu9cp6Sc9TLQtk7vgECXTGcURLSMX26UCwKwUYU5hr +cIEYjIzMZcNFaphFKAqOdl1K3kdFVVPliMbdDTIL50BHqxHIA0LrR+IrRfmbGS9z +Qs6YYnM5iZHi1BNXpLJeYW+GVJ4ucXJ3ik4zFhlQiFaAv5ZCwmCj+OAkJnn3p3Mn +NH5oeeqT/fjEmpdR0W0oSrZ5apwUNw== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter21.req b/test_key/long_chains/ShorterMAXINT16_inter21.req new file mode 100644 index 0000000..c6e5f5c --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter21.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2kgD +fp9emQFKPYUDUYHv/6HAE11B59whmL0R/G0z3cyjSZpClGM0Ug90X6Skm54gJXDy +HIWDdCeByb+119CEZsANEuEcRhUl/xSgLGPolHDgO9Ey8O8nj8HaWChXuMIvJ5K1 +8BY322/1zoRosCQ2J2HGQjb2RT42RTClxdSrJgh+4s2nJmFV7s+p8h0HtLTxlymH +CPUsvH7NLc82rPgX4sRbZH89A4Hfx1r5H74evnatxpI5jCojia4l0UkwNXkUfwHZ +vtzP/5gUsM4LFv/i9cH/OSxs90wJpC0woF6hF85dCDIpYJpejs+LP5E//PKzrtFV +5sC6ClWAwSweSPiWFVg3cKIpLrXzvQ7G4CPRjjKpv/q7OeDbr1j5MTBASvqHvRgC +8eMhcjoFJ/8h9s+9mkY8T27TlMbJfOAX872WlfBW8Oq88LdBWX7xO6qIb5fkxlSC +/BD8zo9yO1MfArcO56Y4yWb7uvZdykh+xrtaRNq6N4sb/UL/5cifL75NV8+5ZRMu +2n962dnmffKGKLpPJUqhNCvCJyqMmLWfqi+CK59VHz9BhfsGJt6b/brcRkn3LN2h +FcSfe6t+64yrvSmz8KNNlYVddKGGMcsr/wHmTGYyPC56zognV0JxVfH+qX0GkhNJ +IlW74UWRrXE0/afOIiu5XaDAggR5Ym4+7XP3okECAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCyplhz02aAhD8JPp1RZlmFDOPSaFtmSogTsgXIvkSboO54SMZ0OYNb +C7hO41HhnbvwwLCIWSBuAt0f6sFXQ6+9A4pqBAy5QeD6ZFo1CN/toRkZdtlyWnHC +G3gaUVYV/qTH/0F6E6xk38TRYiujdp0O9m+Bwo0JpfwyEj8P4IB3tcFEw9h9/j1+ +FnHsHz/Q6ZR7jcWCALqSprGySxq0Fb8iEBQRuvldd5SZfU138RjN2CBwGcoDG6t7 +OLoZCfDMb1e5ktNxh6M16QWiIefnNiDhud5lPHBM0OkDDwG2PF8yaKJtPEBzCOc5 +3ODbBTCW+cfTUL2IUfWxthQXhsOkOp3piK+fdvyeJLQiIAgFUbdY1mutZwpy9e1x +Z7Y7LmkN0bgrUfFFUwwtsQgfONamnXmyUX8RMF5nfn8UtdsAbYXeomuUOwhb19OI +wB/FN+DqHtEeWr5s3qxBsISicxyOsQiLBO7xxIfj/hUgVOq0yZE+MkZkDtmNvKZI +tCpk+YHzeKgMhrh7H7baeSYs5UfRNK9AZc3xTCKB6EyV0VUvy4gtsQznRZKf0jcx +/qF/7A8R0qHQWkGJw6UQjSRmQJGj1eEu3P8+rkZ59bICYYqgvUCMIKEh9NsmBMpg +7bv4UW/DUpF1r/kz6JYawZVs02kGsH3OAAl/YA579FGB0hS1SiG7+w== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter22.cert b/test_key/long_chains/ShorterMAXINT16_inter22.cert new file mode 100644 index 0000000..95b43d3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter22.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIxIGNlcnQwHhcNMjMwNDA1MDc1MTM5 +WhcNMzMwNDAyMDc1MTM5WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC+ThYiBZ74ZE0/fmiyq4aF+yHYb0iGWALa7vDQVSDgkfmfw9k6rREx/DkBZEXd +p1VDo0F+z7+FlD3GgYGT4pIiKtHijjFGdnauaNWInlvik6/+cX/u9nO+XGf+dX8n +3l3Kv23EAnEZFpxeGakCkXFJL6WgVIJewBcYHAYbQ5a7w0MOFQFqUdYLr2+l1MLO +zU4bw6m0liyHG0tXGSFFAtawelGDsbPOyHF14SzebaZV+nIKb1jzTVmEFNvFSYFM +ivRSUQLDO3g+i9PKPk0YXRhCSud7G/RNrPRSqlsyXFMMmJl4o/fpPW0GpbWDQhcr +3TInS/38MkGg8q/MSBnlGqxVT+qpx/Aov9G2x8L1rtArUCXyqTuic6He5X6nFwjB +3//nVp0oUp8NW42LOyYQQRxsiZk8Aqw+WNOnxLaLGT4Y/BMyuOL8iAURdHVb+zQh +ve6m+zx20i9ZtErkho+53zTefdurj1+2xO9KOvn81jIuZvdQ0K23JKLiTLHG58Eq +J54O7OLvMDIBKviy8wuUwLIQoLvYlgL+nq9bp+sqMkioJYRWNEyUmQh8y8PQihTi +SBgc8wC18aoF0wNTCCCd8WX6cKN+VV7hzEtYg+j2soPPq2tCzK7PAwN8gKPyi4MP +DqHSYKUQ8p2HOGSIZux9c972CCgxe7hiyLsuoNmERBL1wwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUojcH+WubZOEgCHM6KRr7 +WtWNHlYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQAxT98yCL2HY00QIid8r0zHgX244rIAY/PXDsy6vCmdTBkDTzW5 +82Um+cVqoNT+/+d20UY7VE2Rwf5vpQ8HymJfFcIXRr9RXlGUM3OT9QzxJ95P2L9E +doIYUvz+fKkJtWlTeqzRZ1DOnwD4mJ/wxa4vvpJxbXoiND+tBLAgXcl3e2OUkyCF +w9FS5kUjE8eFwjQMSP6EJhPoIvhie4oq1m+WCinlLhY5QmFli0ijZxRlG2dKVKeP +wG0b1ylSpG8e3mqOp2/OJkpkUCIDuUWwetVpgTqN4Zxw7lcpOLuI3zjgc72QehW+ +vo1sDHUKOdmCCWFHJScMXHENHYabs9wL4EbLENSAD4QjcdxVbG+fevEwLDlyEsdr +lMXmgciF0d9X3A0ntDoUD11x4RaRm+h5HZt7+UKSLil+0Nw4SMwJvbfO7kyaseHC +Tti/C4dRsPIPgex6pe/NsYY/edNQgm2cGjLrzq9qFa6JnE9oyJ4GfCYfQcy3M1CL +dMzoDcSsqw9opCYzAqNz9D4wcWF8xjpLcHn0OmJcTOsL7p8NArpgSLhkPLZM9fQE +SA5lgFaTHR9/4onG0D+3fEdAJ+FyoSEKguaRULlLtZO4i+F7uaNj4Gec5lR4pVKH +GUFTtEPQrUE4p/0B2fkWMHz2dvcSxCaSHRUDI/zbRJ6+SZf6s1KgtgpbWg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter22.cert.der b/test_key/long_chains/ShorterMAXINT16_inter22.cert.der new file mode 100644 index 0000000..647806b Binary files /dev/null and b/test_key/long_chains/ShorterMAXINT16_inter22.cert.der differ diff --git a/test_key/long_chains/ShorterMAXINT16_inter22.key b/test_key/long_chains/ShorterMAXINT16_inter22.key new file mode 100644 index 0000000..f4a53e0 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter22.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC+ThYiBZ74ZE0/ +fmiyq4aF+yHYb0iGWALa7vDQVSDgkfmfw9k6rREx/DkBZEXdp1VDo0F+z7+FlD3G +gYGT4pIiKtHijjFGdnauaNWInlvik6/+cX/u9nO+XGf+dX8n3l3Kv23EAnEZFpxe +GakCkXFJL6WgVIJewBcYHAYbQ5a7w0MOFQFqUdYLr2+l1MLOzU4bw6m0liyHG0tX +GSFFAtawelGDsbPOyHF14SzebaZV+nIKb1jzTVmEFNvFSYFMivRSUQLDO3g+i9PK +Pk0YXRhCSud7G/RNrPRSqlsyXFMMmJl4o/fpPW0GpbWDQhcr3TInS/38MkGg8q/M +SBnlGqxVT+qpx/Aov9G2x8L1rtArUCXyqTuic6He5X6nFwjB3//nVp0oUp8NW42L +OyYQQRxsiZk8Aqw+WNOnxLaLGT4Y/BMyuOL8iAURdHVb+zQhve6m+zx20i9ZtErk +ho+53zTefdurj1+2xO9KOvn81jIuZvdQ0K23JKLiTLHG58EqJ54O7OLvMDIBKviy +8wuUwLIQoLvYlgL+nq9bp+sqMkioJYRWNEyUmQh8y8PQihTiSBgc8wC18aoF0wNT +CCCd8WX6cKN+VV7hzEtYg+j2soPPq2tCzK7PAwN8gKPyi4MPDqHSYKUQ8p2HOGSI +Zux9c972CCgxe7hiyLsuoNmERBL1wwIDAQABAoICAGM8lwAQzFAdBcdJZNFe7pxp +U8HobfpYZMzD8uHAso9Ir9InL90QKLpXG2blYiVuv+CwflPhg67lmb0tBWQXrzqP +97jbi0iCN+tFEazXX3TsrMbTavIypDKtPzGLFc61f1Vds6CV4WJCzzGm0eJb86ZF +aWoNB5rfMmvJGUoYWb752Lq8K2vE1whq6J6iLx/mIYgK5TEdaoTdr9Dwcs/o5glL +D7zL6sa28auVy28F4MpO+i8E126wdDCTK/NaHEnM4BEY24bxOQfspHl/OXat/Rt8 +se8ZqbDjsth0q2+8gzY7UTR+1KVU+ciQmvGigjDGfQPO9dgQYPbL9u5g3tgAq8I+ +2UkrVq/+Bx+nXJZAcgcyprKK1D7oElB/6D+r/2jDx2UzmcbQFE9RndW7o9LRmnbX +a7q6oOFh4o4BSQUY9xzUssbPENNirS9tX2XVMsA27h1Bw4SLC+ivZdBxQLMb9yBv +UFH3rqg71ENP/VibPFtgKy1vsEg3Pa2bbRhg7aVzXS9hoUw6zzoB3Ac+xe9JeTvm +A9sPYwos+7NBmxj8oxXAP62y+6KA6wIchlMKSH5ef/edlKXcVEF/Z5rau1xFORTM +6GjZnFZj01W23pyuGGRpVqOtIPcWB3xG/X+x0sytLfPK9e6oEsDIefmnCBpS/fuH +Bwda75qwiAmtQJOf8uzhAoIBAQDgn7kInGQD5v6xMk5T6F9RwIylEo5rEJL7O+yz +PNDEhWkTXiN/lkgcvWEXJBAF75DeRVIkKwQGmnB/dQAMLebQCEXdsSX6+uxwskyQ +inPNFmLk9WohTyR24ysy397Vr9SZEh3ugw0M4SDlAF+1lM49yLar3Gw6zLqfhG01 +vaIdd+oZ7cvmr9E8E7fhSHC+XplOcr0v3OyYd5uiz/wmpc/I3aDkUoMQknd+iX5C +qJkOPKvKsY69ldaadQiJgpZLrQ6VDJ+msdJMHrr1QUCp25ly4KTni2TnclAyQRD1 +84ck926mlUCVrsOLCHg3ag1KtmwHh9zQB3w8oedfwMROpU0RAoIBAQDY4yl2pP8x +39/tqcYB541lIktBRb9r/+E4nezHarwZwwrUIIFn5iy7ajYhRPz6F7Ft3lfsEPCX +J6K8TO8Tl/3jJQUCB68EluO2dSdeMZNSGJqAoHzzwDOY2Yx2srjOdcME+EldOtaw +v33O7rXKWa8FSgleeg4J74cUSJTCtfIeGZGQDTjUfY8r2OeaJZ1wtwJhO07tQrI9 +ERaFpYgSknWyhe28bzbe7n706EjpLxxe7Uq3v+b2R0X8+Qij1IxdsAl4Hd8y9KSm +X0l8X/86ql2I7tY6YSUf2uVRvIEP57WjGNW+6vv3naO0WbPgLuW+eKZeyD05fFj4 +FNtvrESnwGWTAoIBAFyFLX/AeumokauG3wBsrCZOOyAa/pJW51OYISzKler8UIVr +tw9sZROBZaZUck0fmfoTb3v6Q9Q8dK3rETPzDCkP30crGkvAYvcgWa0Heh81Y1KP +S0GhCZH2i+qOj4hQvi62aaG+VPfDGvt4JfPy8Og97g/n4KRvg0cFEr6Z91ZP+Brp ++ZxxOquWK50da2LeMCNB228FfmZmjbKIHIIGtgk0UHr7CYUf7xwtodXu/+v/TXtV +m0e3mgdQwU1yfll5VJJL+s58W/SCi9tNH0dXbmME6Kd+oPc7/JBWgJft0PKHAAqZ +W1rL+zsfJ/UbN5JYhTKs4WTGUIPg5B5qlfEW4SECggEAIPphep3aA85jsTKIXg/E +SyVsxe8CDTzqFP7GWwgas9wZUGnk41R3ZsPemS5xPOHPY8JUIhvtST6ImxMjoxoQ +S7J8UXOzpAIBe+PSaZsmKGx/SaGdfj6yWcJyfjXsrc/wKFhMZ3Wj4VosmgNn9u2u +FCLOy+PJMK+QHYBvxi9+Mh93J60q//xbgbJIfQLNLq9VGE25UZA7o9duUkH6L8C/ +TrbYkDdk437mJP0Q4Qv9x11TaB8w0i/CL5X6P1b5ROGYfwAjyQ6z3mxMszGxkE0J +TeHrBxNwXqidB9Ge2jlEQBltnssCJwN8OdcN57+ZxV15Bp5x2MTUjlw1hYRvKAa0 +KwKCAQAKCGXcqi3BHImYcQ/jh7USko5rH0jOBDuAKhX73hc9ctvmmv26P8qnioY5 +8JycdNJx7GkfA+/Za9KyFETA33EDoNpx6ICmA4OCYAXfXyVnTS5R4VMj/lZ55/z9 +0cZUXGHkkTmou9O6ejU8lF86ONEqqJtPsWkd1rbPji2ApaTmPdTVwrvVpVwG8wtS +NBrVpZsOd3QCPTPJxaraMFMsnnSzto1Uh5mIUnEdKT79et0W5W5lxwtZF9eWPEdj +C+VLa2UMRKKAORDZPHaQKSb2fqBxwfSqlRPPthN9fIBooch0pm4uKhfHXCorQKWL +31WHw2nXXjUIkHddSsDcdFzRnhaz +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXINT16_inter22.req b/test_key/long_chains/ShorterMAXINT16_inter22.req new file mode 100644 index 0000000..4c97a35 --- /dev/null +++ b/test_key/long_chains/ShorterMAXINT16_inter22.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvk4W +IgWe+GRNP35osquGhfsh2G9IhlgC2u7w0FUg4JH5n8PZOq0RMfw5AWRF3adVQ6NB +fs+/hZQ9xoGBk+KSIirR4o4xRnZ2rmjViJ5b4pOv/nF/7vZzvlxn/nV/J95dyr9t +xAJxGRacXhmpApFxSS+loFSCXsAXGBwGG0OWu8NDDhUBalHWC69vpdTCzs1OG8Op +tJYshxtLVxkhRQLWsHpRg7GzzshxdeEs3m2mVfpyCm9Y801ZhBTbxUmBTIr0UlEC +wzt4PovTyj5NGF0YQkrnexv0Taz0UqpbMlxTDJiZeKP36T1tBqW1g0IXK90yJ0v9 +/DJBoPKvzEgZ5RqsVU/qqcfwKL/RtsfC9a7QK1Al8qk7onOh3uV+pxcIwd//51ad +KFKfDVuNizsmEEEcbImZPAKsPljTp8S2ixk+GPwTMrji/IgFEXR1W/s0Ib3upvs8 +dtIvWbRK5IaPud803n3bq49ftsTvSjr5/NYyLmb3UNCttySi4kyxxufBKieeDuzi +7zAyASr4svMLlMCyEKC72JYC/p6vW6frKjJIqCWEVjRMlJkIfMvD0IoU4kgYHPMA +tfGqBdMDUwggnfFl+nCjflVe4cxLWIPo9rKDz6trQsyuzwMDfICj8ouDDw6h0mCl +EPKdhzhkiGbsfXPe9ggoMXu4Ysi7LqDZhEQS9cMCAwEAAaAAMA0GCSqGSIb3DQEB +DQUAA4ICAQCS1Q0MGLlRyDSyQceCZkvubWmlZyHsQdZma6A67oQcZuCbTtExvcIE +k2UQywT179FEG15WBOcO/caK8GmFJyHS0quYbONUFeiuVJIC3+P/hyOUGcQwSx8E +k/YklrahbtKLaD1k6w2n6F3Bq1WHzcrTpdAZ5kwEBg8qnxMEA0zQFKbq7SqbUFxy +5KKPYRosvfYicpuHOHY49hxvBfJO3ZzTOl9U5clZQgmaMQcxShYOrEdcwlycMg0b +EzJJCwA6FJj477BphfnOiMBOyg2P5gZyxfy1+bZ6/juzRsZWH8/UkaGyrKgebUaa +IPjcjcUy3Cm2siGNU3u4n+np5TK6kHIkBO4gbz8gCkcjndErsegGX5AINubtaqkE +apXO9GVDN2HI/NZLo6xVcIuhU/f6VcQcPMNpbzkSxWMThXZxGGCAKGGJqSMoH0AX +MVXpK5+IRIKwCz1+yNkMt9lWEGj7aNvqEWn2Znh6AiPbz+m73PD5lXpgYjNbdo5X +k+yYCmUCAlGSZEmqiobNASMdC7roVQP4IrHjIGZRAFTxsHGugEp8FcjqzX2xOpbQ +P5mEMW7809on4mocJYIgW6kQXvmzfKwgCVn/aZQKLZsszqcibUUzp875H0Mhu4oQ +Tjz36MMLUhkTpyWhquqcTXathm45TttuusJ69/zyZCKXKsYNgB/cOQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_bundle_requester.certchain.der b/test_key/long_chains/ShorterMAXUINT16_bundle_requester.certchain.der new file mode 100644 index 0000000..89d4d53 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_bundle_requester.certchain.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_bundle_responder.certchain.der b/test_key/long_chains/ShorterMAXUINT16_bundle_responder.certchain.der new file mode 100644 index 0000000..4bc8bf3 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_bundle_responder.certchain.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_ca.cert b/test_key/long_chains/ShorterMAXUINT16_ca.cert new file mode 100644 index 0000000..40b3fd4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUQVtC5KTVWLZRpIJ5wKg572bN5nowDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDUwODE3 +NDZaFw0zMzA0MDIwODE3NDZaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0kEb/vTvVMjIzOkIl +l5YCnoHqEU49wUf7PDkf6oixdpQRueXhLjoViRr6h/uzdPdHAFfbgHIrSCZMLMTs +hR9ITw/xpP8X8Q0mXcm38UYi/lwRq0ptuzp4dt0hMM3FV3sHInnPG4rkMYnNV6Em +rQm52Cs87aRKqouvTy0DkE7rZ8HMOoEJ19kh8nC+8MXFFoQm0KyoJB9CvjHKgiMc +p5vZWrZ5SGlQAqT/l0vrGOPEFgVTGdd4kPbxIc6/zEsy0Ex2KDKZZhIqFGnqZ1gw +3GdwlWE2InogInCMvvUGmj8VDh4Q33k+cIWfhGQoRARAiD/QY32uNcvIy3tXPqex +QyYamfLynp7SjABfjBdx1FXZVU/kxd/xcgMLvaJitM3MsmTlHJTC7hfjq3w65XIo +qN/JrCfb7yUHuvy53ZSlSbvKisBCfGFNk8xlCyZuaTtVeGBfCdqJDtm8vPgBXkSx +y3I3ody8zdYFkDTMSQfGvbTT87Ufn/jorZ0J8KbpKLKwAjjTeAJWS3pJ+YyinIXL +2ddVlvsJfKzsIZ9UfCbarHKCYEJcJQFba3L0gZ8sJhJBTH8hlZDH5FZZRfy8lf2F +qNRubPRianNBuQd0awjNc4QG7OABmGQlymC8hld8ZarG+aGFC8tl7+/RRZyicwOn +lgELsPZT97a/LEmzKb406eLK8QIDAQABo1MwUTAdBgNVHQ4EFgQUAPvSck7R3QBd +fjyo2s7WuI+3dxAwHwYDVR0jBBgwFoAUAPvSck7R3QBdfjyo2s7WuI+3dxAwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXnC+joiZK6MCFXkED9wl +UAs5nOV8ihcVjpuLiL543ahXDEcxv5jA0irjFpGNrDxlow5rN8dRACpOqvrrU9BQ +V53J3XTBGhBzOjaZ5pKM88G/7n0Sn5fuIk00YfENHtXShzLljy/lIYoVhJ7xrVHk +RiN7BUtjUurejeEXzSiPyedOPJcBYmyoxM3Q3+flgNgwE7RqwpQ6uxkAIQLl90v5 +14wBbhqYfLzfxIEeJzUy+PS0EKHrNfXdAAP+Mvkm7yvfhVyY9+tyHYL1u3CTD+7K +nncN+lnsnKr83fSDNibF2mYkzuuRLKtqoVxxIBpO3GeDq5Fxof11Lc+uWxP5Oht5 +wnm/vqaa2WwyYbqZvEF/QlCqzeLrQ/BV+lGBhOlAURzxQgwlPoWq5uqg3Gx4GUPf +TIApHYrzXF6ndhEDvAfHEmcAFFU82eojrvt9qVWpz0umrDuBwDTg/tvyu9qVzCMk +Ek5Gc9AVYT4NN/xAYVrGMGIA7BaXLV5LlGc6T6LUgo1yr1COBbKyZMChwMTFVlCl +nXsudnJS7D0t9w9BfzhSn8IEstbH6SMeJ7c9D50kXljBanEHGFx0aJAtAQXf3EGd +58KUMoJYREoEhTQ3WMIJYVdWPlda3PlVyxMuUqCEhHkYngc24T5Nmo3SHFmgb0I9 +oluQ3VrNC/MHf8AtiMWNJrg= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_ca.cert.der b/test_key/long_chains/ShorterMAXUINT16_ca.cert.der new file mode 100644 index 0000000..51b1f51 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_ca.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_ca.key b/test_key/long_chains/ShorterMAXUINT16_ca.key new file mode 100644 index 0000000..7de9aa7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0kEb/vTvVMjIz +OkIll5YCnoHqEU49wUf7PDkf6oixdpQRueXhLjoViRr6h/uzdPdHAFfbgHIrSCZM +LMTshR9ITw/xpP8X8Q0mXcm38UYi/lwRq0ptuzp4dt0hMM3FV3sHInnPG4rkMYnN +V6EmrQm52Cs87aRKqouvTy0DkE7rZ8HMOoEJ19kh8nC+8MXFFoQm0KyoJB9CvjHK +giMcp5vZWrZ5SGlQAqT/l0vrGOPEFgVTGdd4kPbxIc6/zEsy0Ex2KDKZZhIqFGnq +Z1gw3GdwlWE2InogInCMvvUGmj8VDh4Q33k+cIWfhGQoRARAiD/QY32uNcvIy3tX +PqexQyYamfLynp7SjABfjBdx1FXZVU/kxd/xcgMLvaJitM3MsmTlHJTC7hfjq3w6 +5XIoqN/JrCfb7yUHuvy53ZSlSbvKisBCfGFNk8xlCyZuaTtVeGBfCdqJDtm8vPgB +XkSxy3I3ody8zdYFkDTMSQfGvbTT87Ufn/jorZ0J8KbpKLKwAjjTeAJWS3pJ+Yyi +nIXL2ddVlvsJfKzsIZ9UfCbarHKCYEJcJQFba3L0gZ8sJhJBTH8hlZDH5FZZRfy8 +lf2FqNRubPRianNBuQd0awjNc4QG7OABmGQlymC8hld8ZarG+aGFC8tl7+/RRZyi +cwOnlgELsPZT97a/LEmzKb406eLK8QIDAQABAoICADjqaZbfXWbchbpkGMmkuKJm +uGjBv7nznO7ykscetKvLxuy3fmC2o5R6PUjPaGWu7uswjoEgQdymx3uneQNdCvlO +AqaW7dnsH8sCMT2MDiGlr/vZ1II2TD4Aqb92lMYpxxv+oArKkcNQYjGZ97ArRy+P +lkGEXw8yJwnBmVzQNjA56nqnzlj98vGibCuj1ZNEf6+Eg4gUqs3tCeDdmJfFtXiU +AYTFcHzJ+JygYkve8pyynEcPlD3q5AwqLfODQAjqY8+y6BA2fm9JNAGxRblRIEH6 +tEPOJlTOxk93OeE06cGHS67h4mPuMBCSOMgAeJ6m1Aap9cneJzhJ+70KgO19Txr3 +0+NaLr8Yr+sM5OIowHLQBm+KZW3p5klg7UX4jQ8X7YxSbsGZAt4ZvzT5vW9Duj9i +AaBw0dK/S1qdkBgUjpn4TEmA86UHEyyeGKxDgoT44XuJB0JeG9p7n7BblAhBs460 +RnAXLZUO3p8EdBfhf2fE9G3kBTNfXfTGm+y2ki/1fRH7TM9ZJVh2+wpTkE2tBXdP +2TzYg1/hVckSTmJP2kAwZs54SLe630EUJwKeeZLFHsOeVSoPOS7v5ku3wHLzDNqp +o7zj39XoPv239KeDSD/I93sidcxovaQFIG3u0D5Qcf7sGZZl2ydbaN+WD06/Yscu +z1I5MP285CaEdlJL6rLhAoIBAQDgo91zTDdjatv1qNAm15WW1BHsEi/jl6GczRM5 +c58nij6hSFtCjikmxjjoS/bl9/ib+dBtERu1/XKBRAaDPQEcxJmvptaK63Polqym +30E/Aj150mtOT1e/JazCEFfeIff5BVt2XMwMnmmagX3PIO2bsYgUZmm5X3+g96Kh +Iy5Qa70tb0Y0qJeSnEgZnxCe9WSMPGDUq3bPIafF4BUFIcZEusb946zJHXJ2niNQ +iKwE2g0UJsNdnzyS9Wd/tx8JPMvXbOresXjIcAu67SIhq2W+jdPyRRzskw8XhpC2 +exP4+BlJbNDgDtm10k2CZ0vCpNyFNpgJELwGegvATbG++I6lAoIBAQDNxTdYpwgE ++xWiFOxPAcCUAyDJuzafS5/4Whhc9B6Pbmm1xtcnbi3btqSpxM2kWiiyx25koWXS +aRwsq48thC7vpx8hejk8384/Ugnt/uIK8Ma+3V7LcW3Yl9B3xC2j52FLVvd90cCV +nByzl3Ta9QonL5lS+bsyx7zEA8yh/pv+uD/zGY+Oi3yqQow/G46G6FT1BtKrUvhM +y2s64XhF7gRrvrewYhAK6au87nYXSd8OE3YkqRbvtlEnpk4yQTZTD1kkKNU2MQuv +BmtnCdsOPJ9IQTlydWXtBUKHBmrdCR7U8B1KQc0bXA6at65zQ5hXS1k17d7F4zf9 +aeVQ8SKN6sVdAoIBAQCyxHTk3lBtw4pMEw2i+4lFwHqKvWZy3iZ0nBaib8rGMpPo +0aYebvd8rd53roxLMm0b40/km+rLh2hqSnJMWm3aMPKFAGZXo0xYWiAHpD9OH0BB +BBz08ttHeHnk7hCe67Vk7Mh+hxazLBWqKUavYOr2Le+3HFEifkcZGDjJty+SPEsO +LzFVkp0cxVXzXcxiU7KyjxIX7GPeLlBPfiX8MYaRB3p4bYkBe3etwecknb8XFVe3 +I6nxhVk1MiotTtNaDJHDXCAFHIKcL96F4VR6KuYLIN78O9fqxJUMCcB8F7IrPXUS +I5CN3gOPWE7qab22pm//axTOkgyvssxLOwkqiq8pAoIBACN54//p1E0fiOxH1TIN +6EjcfTOqjlFKdYsY5WhpQjeSXrFTVdbbfRaLV7pZTucOEEQ6dALvfKGZM51T+rxr +NLhmxMw9yU6Ae4uZNlMNBaXDO1C+09AZf0m/atarQP8oLjMSDFtp5V0l7CDedOwn +IRf+cd3HZonru9TDnu0y+2wgEg50kraNv/GOxaU/uAP0XGleQsX86Qg8bgFZzCWq +UqLM39iOH5vyC4ToS/3Z45YGrvDFIkoz0awXVRX+/kG1vLWqQJA2RoBnh+7c2SKM +Ox32+NOOAAOsS3sCFTyEjQdDWplp3NXhujbcgjwnJEWwnPHaT/UoJogPUNTyrfVv +y5UCggEBAK+diyIbsmlIX519J27K7y5Ju8YOSWZkxlLA0JhCnq+H1t8Xxtbta6F/ +FgwjIA6/9E+ndnODe/m7UX9VZwIZbmLyw5/ywJ83B2RY3qGicm+2PvqWXneLFieD +hYRxuxBMGQQ6ACOR58vz986ZtG+RKrgkeacCyBdU8hNyjViJ+kzhvlaQ9XvUWZX7 +wkWIueQXsIJm3ArNJ8nKRO2z1AInWLhoduvTZD/fFjBZhymwl615RVxoee/AsnQ1 +Bt1QfB+zRrsAm4AClreuSSu5yJaCAzPGjueusddK70sBMT+9n3KtsbZNqBcri9ys +bYQfBpeWWiJjp8VKko7yOLgCDknsMy8= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_ca.key.der b/test_key/long_chains/ShorterMAXUINT16_ca.key.der new file mode 100644 index 0000000..46193d6 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_ca.key.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_end_requester.cert b/test_key/long_chains/ShorterMAXUINT16_end_requester.cert new file mode 100644 index 0000000..4447b82 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_requester.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQ3IGNlcnQwHhcNMjMwNDA1MDgxODIy +WhcNMzMwNDAyMDgxODIyWjAqMSgwJgYDVQQDDB9ETVRGIGxpYnNwZG0gUlNBIHJl +cXVlc3RlciBjZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEaW +YrKEJ0O3qwWs0Q927B5ZjJhEiUm+9En00jwC+wZCzIjTZAHEkn/2hcWl4KcVHvQm +3tTk/x0FyWfZr81N6C861OuW+pD3VWzmVSTz1uH9H6Qrh26Gx6toUBFpB8GuEvZL +GF+kf87dxKp/5OSvh1OakikFnj4I6JOwH5vjfPMSmVFb/z2kIWIt03kGJfMYeJEq +mvZ2ATb4tlAFRIM9TIETl+fgyzedo66DyYk/ABlaeEchx5n43aGELjTvDwyAR4Lh +kHf/FleBJ6yls/SA1bJBWRy2xa9h9T7rp8qIFV+pD5M4dkoP16bH24ugvoW3RF3V +PWXZiMTvfiB1gN5jWQIDAQABo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD +AgXgMB0GA1UdDgQWBBS1CUUscP7voReexWk9VsSFuJw7/DAxBgNVHREEKjAooCYG +CisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8E +IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYE +DAYKKwYBBAGDHIISAjANBgkqhkiG9w0BAQsFAAOCAgEAH1KHjjwhrcMm2snHfeH+ +4LtBf8pzKAIntVZYgkZRPk6yU1uVBS0H/LwNx+TSc01RbeIyOjV33zESkGYB23oV +YxYvjL0jK10n7/MhECnTvFNJd/1E84/6tFftPAZxr42xEOEOtpgbmQx9QDAGnt4N +d3CkILVjNNfLP2bXLtfN5nTzEhLafPJLwHMkCdue7WPGIOQh3/gOOLrPxFKc52yn +ulDgsYvTbeBxCUoqWcgu7gswmrvyCfL1R/NHj4iNc7ho7ZPqcdTffz14tOjG3EYG +dnbF6Fr/xMPHVTq++3eSQdpMdDxUA42pQ8DaCDLTXtNM2aYxDn/we0YEGqDxcdy3 +oF/+1u9iZn2uSigUdGIR0X8Z3xXNvxqXd6mOklASHzyvxvYmPBf5MwFchIDy0T79 +p2qDDibja9BSWQnM3wMsrr21ARknXfLtwt02KPdzh6zEwqwQYFm1VRbzWPMIe4Q3 +ugZGQnac3kkriS1CiYJodgKpZP7P+iervZz5VQW1fJAuslu3U583usSvXXGKQK3N +891JJlfpPwZuPclQTgNqnLRCEWXM3k3bFi882+FpXzdsIwxdf/s85yXwKFb79KyP +puodwGoYX+yIhqIC4mM7DOTKLdO+mNVUeVPDisraXatMrXuIrw/2bmI3MzE5WJ4l +dJEcUvCKIAiJKvjHJ+8VDFo= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_end_requester.cert.der b/test_key/long_chains/ShorterMAXUINT16_end_requester.cert.der new file mode 100644 index 0000000..20af53f Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_end_requester.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_end_requester.key b/test_key/long_chains/ShorterMAXUINT16_end_requester.key new file mode 100644 index 0000000..0609626 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_requester.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDERpZisoQnQ7er +BazRD3bsHlmMmESJSb70SfTSPAL7BkLMiNNkAcSSf/aFxaXgpxUe9Cbe1OT/HQXJ +Z9mvzU3oLzrU65b6kPdVbOZVJPPW4f0fpCuHbobHq2hQEWkHwa4S9ksYX6R/zt3E +qn/k5K+HU5qSKQWePgjok7Afm+N88xKZUVv/PaQhYi3TeQYl8xh4kSqa9nYBNvi2 +UAVEgz1MgROX5+DLN52jroPJiT8AGVp4RyHHmfjdoYQuNO8PDIBHguGQd/8WV4En +rKWz9IDVskFZHLbFr2H1PuunyogVX6kPkzh2Sg/Xpsfbi6C+hbdEXdU9ZdmIxO9+ +IHWA3mNZAgMBAAECggEBAJz1eePZsHcZ3zIj6qyQumBecOxPBFfpoowG7IKHPTbz +Lc4VCT9rboBdVo5pnZpG40wKoV8HT014Lx1+MAY3nzqzMk/9SpJ8BV7KJHQohdrs +hBiel7TJPX1FZLjLA3wRdZxyW2FVct5GVvCkDHzGKFyHDhAeQADoyQT8vha4+jX7 +Ye5xBT53XDJ13vLWD1PbcrSt9T8hKs1ei30OkD6FHNHNbsqTzKZ7QuwVWJ3WpS9r +WIAMZ5y6GggwgnfLR3JriwN0zTVdKjhMd0K+VwFCSRFOPOxDpxxTUHXd7pOCs0l+ +wat/9u5Gs72MYTfhYWF1pPSmPXgyl0utY5JXalrwi1ECgYEA4+U9wKuJdzmhBVEg +cKialzCIlb1RN8qTQwV3CgNk/OMZ6ngMHSk0BN6pWDNBHh+usvmTbxU/o3B8k/M+ +WWeeux9A8cUQnOnWOHnFucqc8L0NB3i4ptaJShp0RHBkNJ2E9ny78YlRnoAIiBdg +c0OqeRO3XLILcxZvrxc9eWbc0j0CgYEA3HsY6HuOBeM04i+p1GPH0FbEbR5xfYuX +fS/h8r6w8itx2uqI3tWK8FmOcfvbXxUZlYH4YgLjOjZmN/hE8+3rWQGNbQMNjAI4 +Vq1+YZ55NjD28f3QL+tEr9SCDiTMLpGK4GZzcTxCkTzjg8Eqo5n5+GRI99sdSSvq +1o19e6rlM00CgYBl/3AID75S0kQzMQAn7A5kpKA9BKKZKd2HHacNoD9OwAYVXu1t +D8fsdgutIiN+7Acwq2tFSGlXKT1YqoG5Whs8/NwAWYb5896hID9SzFA5nyN5uJpM +cbC4reZjyznOIsIj3+fuTtts6TjoUC4m6J4f2qcyoa1mMSCDaQ9mipdCsQKBgQCc +eEfPBZBfIUWwl77g2gc+FbXE8uv7+wsBbu/dQ/Nzid19TSDhc47sz8HFpsWijujf +L6PEeuQjteOJKQpWSqzRN8bUbGw6xoCREwMz6DGBgfJe/o+20jKmzhuWSgsVqXhz +lIGtBOUBCcM1B+tou6eo3hLiw3/fI+m/Zh59m2SZqQKBgENgpfFo9rnL/o1mRnWI +L5MFNSqpIaw1rT0K4fD1S2+tzwi08mtudfZvVLif1HmSHU+4s7soo+crhswx2sL0 +Q4Ddqo25KTLrJEv//Af0GYdjPZj/mDUvXZCbeWGBlY1tHOUksUsznKkNYhCLFzbI +RdWHqVG779W+6tD3pByGVdeQ +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_end_requester.req b/test_key/long_chains/ShorterMAXUINT16_end_requester.req new file mode 100644 index 0000000..a9cb0c8 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_requester.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1ZXN0 +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRGlmKyhCdD +t6sFrNEPduweWYyYRIlJvvRJ9NI8AvsGQsyI02QBxJJ/9oXFpeCnFR70Jt7U5P8d +Bcln2a/NTegvOtTrlvqQ91Vs5lUk89bh/R+kK4duhseraFARaQfBrhL2SxhfpH/O +3cSqf+Tkr4dTmpIpBZ4+COiTsB+b43zzEplRW/89pCFiLdN5BiXzGHiRKpr2dgE2 ++LZQBUSDPUyBE5fn4Ms3naOug8mJPwAZWnhHIceZ+N2hhC407w8MgEeC4ZB3/xZX +gSespbP0gNWyQVkctsWvYfU+66fKiBVfqQ+TOHZKD9emx9uLoL6Ft0Rd1T1l2YjE +734gdYDeY1kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBPEFictdSb+lrsfrK2 +mLyZCQuHRSsi2ffk63HQhoXtZYPnLF8S2j/196NB9gALeLz/Z1Ho8rkAhcZQVt1k +iXpLnldeeD+K6dRBXFJaGlVoIYYN+yOfBRtKBh3VbnxM7YlDIfrpUgDPLLbulbpB +DtkT1CttvBTjE8Es0Iip1sAC7N2UbmPhh/OjajFwgIvtYq+mHpJ97dpzfdfsksz7 +9kIF8pKzU6z4yTQBMW89P1OXato/nKoqI/U9pflnGk/PntHxQ4QfiXJ8q7O/rBbc +UZ3zT7htebIHsbHWePEJz/u+m1FdtwwUfgLCDzpveTAVJ+Eng7qs3Ckga+2YYgT9 +VbY4 +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_end_responder.cert b/test_key/long_chains/ShorterMAXUINT16_end_responder.cert new file mode 100644 index 0000000..087e672 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_responder.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQ3IGNlcnQwHhcNMjMwNDA1MDgxODIy +WhcNMzMwNDAyMDgxODIyWjAqMSgwJgYDVQQDDB9ETVRGIGxpYnNwZG0gUlNBIHJl +c3BvbmRlciBjZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6tc +lzBnrcFLiIiQu0uoP0Pox5yX5D5cadt/J7D45X6BerWox9jw7XgVlmbFzVqT02CS +1Fnv5lyBuCIPz9w4dfUmtsoitq3uW86g0N2ch1DSi/gLd5y0GoyeAYMLhcQOTzOD +EwbpyHzu8I9uzA76TWAQcIfAUq/tUYHcqjle8pJK3KaJF3cn7s9O1peKVlP3Tdbe +JLl+vRIZOrq+32gAlaPokiGNRKhdztvQ7j0+9PQuX6Rl3QqG6hfr2AvhvSLf6S0x +rXvIibpIyLgqjIFkGt3fXYboHy7xOHfJS5BBFpHwMZWBTntS0JXmVmPI1STsv962 +X6mFqZSDpM0fjhGEhwIDAQABo4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD +AgXgMB0GA1UdDgQWBBQLdKEW8je51vT9A5o/s8w/PZya+zAxBgNVHREEKjAooCYG +CisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8E +IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYE +DAYKKwYBBAGDHIISAjANBgkqhkiG9w0BAQsFAAOCAgEAmesqMsggv9YBnOiyiO+e +Osq360pnDf75G/b01FFRmkXFQIVQez04CcrVko8E9skiR60qBAe8ElRM/lvlnPjs +NlKrdAaR1CE8/FXwzijdiwT1yY2ETN0KmKU3CRIzoWfJIe7FNft5D+e0Zrat30ew +3DP1m7+4SQb85aoPxyQETHa0K8qqfNlMgqjNTtyT2H/GkKdAKwoh4VuVNobWCiq8 +d9slaIcVhUEtX+4snQ1X/xqKM9xGlzLKsa/0mNEsbbzJIObiH+hIUpnNqQfUXXn6 +YeQQ4a1YQD2V6RU1sthtczgUD9Af5xYTwnqpLx4UWygVA6FA9bC6VkDtclZn9ao9 +hXjOLv/m8VTcc8dRAw41GDlTTUmPw7Zkf8sUe962AlNiIP99kuOT+AK03iMQDpoj +iLfDMNgDNRQr7xFupuy12jWoGD27ES50ORAb6HlQTz7pLwlYt44dzldnKwBIfQxI +DMQCnLppE2Ed1pfqsQayAg4HQ/eFj/M2h2vwZq8nfv3tDiDeHyPzqPSBDuv08HwO +i+6Ms9eYybdxxkOqqsHsUfWEmKG6B08KVq9/eKkFA1yFTPZuK1nEJbJhQqRYZLUL +9FMNiatfbexX44Uey/9t6H0UxywuYB0I7ZYAp00brAJN/Vy6j6dGU+uTgfu6gh/t +IP0xchaVgPxN2Mt/4XZwOOA= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_end_responder.cert.der b/test_key/long_chains/ShorterMAXUINT16_end_responder.cert.der new file mode 100644 index 0000000..59ba1f5 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_end_responder.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_end_responder.key b/test_key/long_chains/ShorterMAXUINT16_end_responder.key new file mode 100644 index 0000000..b0d3b82 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_responder.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrq1yXMGetwUuI +iJC7S6g/Q+jHnJfkPlxp238nsPjlfoF6tajH2PDteBWWZsXNWpPTYJLUWe/mXIG4 +Ig/P3Dh19Sa2yiK2re5bzqDQ3ZyHUNKL+At3nLQajJ4BgwuFxA5PM4MTBunIfO7w +j27MDvpNYBBwh8BSr+1RgdyqOV7ykkrcpokXdyfuz07Wl4pWU/dN1t4kuX69Ehk6 +ur7faACVo+iSIY1EqF3O29DuPT709C5fpGXdCobqF+vYC+G9It/pLTGte8iJukjI +uCqMgWQa3d9dhugfLvE4d8lLkEEWkfAxlYFOe1LQleZWY8jVJOy/3rZfqYWplIOk +zR+OEYSHAgMBAAECggEAUTvRoKmDJjGlsIIPGtH+V5GnAW4UYikwSddYIEwaO17V +nl9/8rGxsG12qakQSNBny0qTsHCumO+FYsCbgtzOyuKq4yxbqN49QKxSZQO5Ij8Y +oqtJodxBTZ7k1gpQ1Yekzc2uZL6MuhaEask0wNMFlr+yh811MKuXPU6aQOLNDzNs +U6NNoVqyvVYiTAb3s0bmLUeGVrx6A8uY88Tkgq50sWXTfdrKp11uZaRGuvVIVfmP +L/m27+LEpnT+nev3IE78fHu8YqvEPUN7jh53kYpRovN3SUfkOKCEKuNrMQG9ygnL +wxGp7wi4O0yX7xYCKbC4+T6cLR7XzL0kn30NsUyjIQKBgQDVGck71iiYJ2hyIgRS +Ry2zQODQ79H3fVfAe1J5UMLpfls7q18x3fbmdRjbnb73SXs0Ox1pHziRKz8s3mRI +texk9e7vygF6cgxFYx5PGvReW53gULRXyK/8smIrWEHhG283KipxGgWt4JsqMpeE +8vEX+cvCzggZfKbt2E6OiR4piwKBgQDOOmXkk/Ow9pRVPdwP7Ac/n+I+OM9741N8 +HeTRoRx+aPx9+72hjLsgWhpKrRRs446YZHIP2LeKOVXZEc26AyrAdeZA2FlT3MZ5 +VEg4GJ0kizPCt6OZBIkV6U+2z4Fd74Ql/HGort+1euKz/JZ3VJdUcZ0X3AgSkGhw +e0khl5qYdQKBgQChDjMLmSjnDemfUNxJPuhoMKF457edv8qhe9LyQzp8c/YJ29Q/ +gQ1IUbmuycL5bDzEVeU9fM4o0TGW/KF4Xp5CE6k460hAvY9OpcHTcYC9C6r/TJ9w +NQnlBwCw16w6sJxWafTXtB4Usssykjf30BCs2SrJmSN/97jFy5Rbn3//TwKBgFsz +ulIPGEtfkRPtin/EGySJGa34w9F/JDGUqtgGTyqcVWWFykRCj5LsJgp2Zr0NGcfN +TCAz8F+BobSgygGEWwjIWy68Pyz2SxPnMRUV1ZEOurJXMlN+jP2Ss70eIZEgVqnR +7ZXy2F5S3SVKBGT7lP00TYv6s9s53+Y2r43alPTtAoGAMrTxRQAJPA6jMAj7UnYA +qbHJ07fokbTuU3jNfnW8vdX+js237nvoYg/Eo5vkR4znruMbnrmLKFN06vH/n32D +o0ez56Qx1lSqTDVqJ7OrNYqfkf6ATK3/Kkk8cZhSWOrTjy9tsmZc2iYn9tM6r1mS +2oljBKGaweiKSsdQLoq/gTk= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_end_responder.req b/test_key/long_chains/ShorterMAXUINT16_end_responder.req new file mode 100644 index 0000000..a996e93 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_end_responder.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKurXJcwZ63B +S4iIkLtLqD9D6Mecl+Q+XGnbfyew+OV+gXq1qMfY8O14FZZmxc1ak9NgktRZ7+Zc +gbgiD8/cOHX1JrbKIrat7lvOoNDdnIdQ0ov4C3ectBqMngGDC4XEDk8zgxMG6ch8 +7vCPbswO+k1gEHCHwFKv7VGB3Ko5XvKSStymiRd3J+7PTtaXilZT903W3iS5fr0S +GTq6vt9oAJWj6JIhjUSoXc7b0O49PvT0Ll+kZd0KhuoX69gL4b0i3+ktMa17yIm6 +SMi4KoyBZBrd312G6B8u8Th3yUuQQRaR8DGVgU57UtCV5lZjyNUk7L/etl+phamU +g6TNH44RhIcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBLmVG4Q0SMe4E1q1fO +265cStRBAqAjDzvPzyOaMZtnTdUrXJt+Mvgqa+WNYLlOHTtcO5hfoB5OSMEZZfBl +x4ZFu85Zvk9XEtIX2EPgARg58QJNIzANPVP1vt6TVo3Wx63QHWvIJZjpe03tSFv5 +P7pj4iRQI2tc6cW/cbwPzWTR+NL+qJXsSaAlF4+OGna6GSAMAUsfsyyLxnoSeOgB +aAj3+Y1JhkDuyV+gnNpbKci2sO4M2He3F8OTwZLhhRNHxLebkxNp/WmjQW6Pk4Hg +V4ivkbMK4RNHxlRMduIRvcrFjkxILea0APnvgs8cDlsmL2DKlyY0foms+kpSRzwo +45as +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter01.cert b/test_key/long_chains/ShorterMAXUINT16_inter01.cert new file mode 100644 index 0000000..c35a872 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter01.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFJTCCAw2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwNTA4MTc0N1oXDTMzMDQwMjA4MTc0N1ow +LjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUxIGNlcnQw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyJ3U+H3v07VK9SK7BqMpG +ofHUq+tjW8bfnpJKUaDIfekgF7s53iGyEtwdBGC2G8Fc/sA0zJRP38espLrRdcNq +dJ3BqMe2MD2f9XyCHuUcfDBEnS7xO+ClrHOSxDhDYaQCSPKNhGvx4e7no1l8q2cH +7VeVI6EWRS52rMQ6uvOjasWsF43MZnTYx3G9stX3HY5K4BH4PTDFmyawCaiL+OuI +s78ufcKZG6JXhI5UGK6FRyCn95Nrn9eS6t+PK0Rjzec/qPhoVSkn5n+OR9o/UNeA +r49JD/CyibocdcReppxiIPrLCJApZraDjuIkOk0W1lOE1r2FaiCakeW4o/nrhaCm +5EL/z3iQ2inRCZo4yxywvqlVJZUS6aGuqeOi8JYcLUnx/OXzJWTGFcTCR42oCop5 +XZ9iymqpwRzp9aTkx74s9LV4BuXbAxjmzpkPe66Ys7loh+kKrI54GGsRrt8BHzKR +REftoy2JlgEm9/wCxSB4Z4XOZFZt2dV6JG00X9wtHAled1SffXow2v0R5gBPqAIw +cx7LSUUxc+Bt2qtvIAX5L3ecwkhdd/cBOwfBW0geBQTJbR7o/Ln5QqxLGsDXxz01 +4v9TtEpaPSzx4GcFIYvevQs9O4KHCBgjiSS+LRSrafBsHnrikjwn2SQX126ZmBkh +I9F8NkLxUgLOXES7ooeH9QIDAQABo14wXDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIB/jAdBgNVHQ4EFgQUhkkAFGfW/SheihRWa08y+b7tKREwIAYDVR0lAQH/BBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQAaiRvv8tKE +GnsVCT6b1acb68gvrkICBrB5ebLpu1jJnnK9UPDF5AR3fapqzPvbOxMsL4E1oz56 +HAfbzxIKrS8ivqJDzAKXjbrVCUK9N4bHg715J3HdH/wilDzyOnEBoCVla+OoR1tC +HvHzahJnfxL+h1gGYcb7jJ5mlLi1uQe96AcD1U9EEQ5PmbbJ/UTRowggO6NVWEUg +Ro8wN41Xf1M1zEh/bBoF+x9FWnMGiW8+2oIKm6Fb3IUh855d0B5wP3lcdqwL4eq/ +aL6w9XKMlYY7maac3LUeTbF/XNi+SPloVPFL9RuSlIT91IIJKHuF5nes0Du4Xzgh +Jh19UKiNVBDZY3kIKFpbx858uUjDSFsMGA+8YfoEl/MFWSGrlck9MIufgni9Doa9 +mSp91YLQ8VmiX7euhWfTx7mPxRXbQ71pXmswYXhDMCRjIVo3EbqkWX3FYumjiqX8 +6UB5aKu3tdyg8pgjCDBv/FgnRO/hKj2raECmJQq+2LLk4/nGRr+Fbeqt1riXZV/n +D+ImETmEWBZdX1vo2Ji8M1l0AVRSpAXGSHcpRa81mJvq4977bd7OiUF+CxMPcNBM +4SguSPX64Kd2gbfh1kXkb1fKUtTY/ioKISu/xbh/yvQl+TCYADwXxehcdxKvLtCD +HQxDmsezSvkIqty3tmH11hFN34ANWG5Skg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter01.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter01.cert.der new file mode 100644 index 0000000..01045f0 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter01.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter01.key b/test_key/long_chains/ShorterMAXUINT16_inter01.key new file mode 100644 index 0000000..3affd27 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter01.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCyJ3U+H3v07VK9 +SK7BqMpGofHUq+tjW8bfnpJKUaDIfekgF7s53iGyEtwdBGC2G8Fc/sA0zJRP38es +pLrRdcNqdJ3BqMe2MD2f9XyCHuUcfDBEnS7xO+ClrHOSxDhDYaQCSPKNhGvx4e7n +o1l8q2cH7VeVI6EWRS52rMQ6uvOjasWsF43MZnTYx3G9stX3HY5K4BH4PTDFmyaw +CaiL+OuIs78ufcKZG6JXhI5UGK6FRyCn95Nrn9eS6t+PK0Rjzec/qPhoVSkn5n+O +R9o/UNeAr49JD/CyibocdcReppxiIPrLCJApZraDjuIkOk0W1lOE1r2FaiCakeW4 +o/nrhaCm5EL/z3iQ2inRCZo4yxywvqlVJZUS6aGuqeOi8JYcLUnx/OXzJWTGFcTC +R42oCop5XZ9iymqpwRzp9aTkx74s9LV4BuXbAxjmzpkPe66Ys7loh+kKrI54GGsR +rt8BHzKRREftoy2JlgEm9/wCxSB4Z4XOZFZt2dV6JG00X9wtHAled1SffXow2v0R +5gBPqAIwcx7LSUUxc+Bt2qtvIAX5L3ecwkhdd/cBOwfBW0geBQTJbR7o/Ln5QqxL +GsDXxz014v9TtEpaPSzx4GcFIYvevQs9O4KHCBgjiSS+LRSrafBsHnrikjwn2SQX +126ZmBkhI9F8NkLxUgLOXES7ooeH9QIDAQABAoICACVaapWs6kOPYvK3A5UtO8QV +fmv14/PAMXF/gPK+LLT82V1WPHZEodIBbE9VNKXaKe/CpjAr2MjqhaYoH9d9Fo0C +iHUrWzxS3wjj4sgxjB4t17z7K/V+dXqnLtBN/fH6zfWAsAKGCk/77Ch7Mm8WTRL3 +a46kmsjdloFhdf9OZXkVEP8lLSD3NnahUrLQhVY7xzLhykK/KbO09Sahz8oRVeki +ruojiiKqDZ7F90Wgqy7cm/c7zJgbOoreXiNZkgxPBrZtSjAt8uQfywzc+eCepaCg +rq1F/1Sf1frTommqC03z1kGtuPRFSe1JjxbDdphcNcS7dZ88gjuGbaEKGIOOUAF0 +IWL9nb59kxNNYL7MECFdiH4Tujg0epFZge1+LeY2f5Yt4ojFDTl8/mFJ/bBWQ/jR +Jf3i+gcoAB+bjCesb0SfT6fm5OmeLkLKWrEYJqz9/yf7VElBRoJVrn35rrPCQn4H +sNVzBNjA9QKpzeN/L+KEF9i2kjJNgdbOqD5co6G5sX7HQ5deJbBDJYnfGuJaRcfp +iloTaiH43j8WodKF2qIGo+U16NxxYWcCXFFn9PffmXVoObj7fNiCIKxsgdq5vjNc +AjShAL/YoeGrR2gPyPr/FOzKdM8h1sO5SQsWxtiluCahYArq/owbbs1UPYTjmWU+ +Hwj9aBRA4f5i+V0DkwvdAoIBAQDpRNkl8jYpd5bpqeAoIg6qf0OGxJVJ2U4y5zmG +0kSpE9PBVKmtevCFt06LRQRsQPib/oPvv6WTGiuMBQfQuWzUEuFi08s1SjU8YyBX +7aaTn7vJ6ZOW/mFi8IpiBvss8tn0V+u/V2ddxUH4n61P6QYZOeN4hYH17pFfyw5k +Y0j5ZWjnptpnddU/QhKkF9iptguM44XMDhJ1K0u7MB1wWNIVRMVlFj+tHi1cX5pf +6sQTGXaUv8IjVRChsv1lJvb0JK+Yl53WdXLE8qGnmx/fl37w4h+98sbhPPLxurxV +dfakCV+NNj3eJQZRNSlRwFyJ+Dv/CEJQ7Zjkp1k9+APZv4YHAoIBAQDDg7W+Uj48 +VsXYGWeB2wcsZ7STgBCMhezq9HTjMMQweLpKYk6/nzDduZwxmYHqtALjJeQItI13 +aMCd+vFkNlfvhS+MfOqBEjXtsgqVy2UP8er+8Du3psmrMqiuu91Qa7cycrvvh+Ps +YB55xUXrMhYkTAOxGEc0B1H7tC6lyo9XqI1Y75RHf42Kcfc3PMcCBWHtLP01Ji3J +lplSh9X3yqpd6+ZKZXlIGhUi6ZYk7AtoSltnBaXGJvZ4v1pRm070zK2r3mSFvX0V +RK9TsoO+IBEG8N9Z34iVfD0qgVgV688y8yvDducVM6u7Qv8VdD1epMhQGLOGfB8e +7/lNLalKgOMjAoIBAHRk6yk5A3eLeZzcK8I6xDCk0c/kNU2lBZT2tUilkKcBAq88 +DHJIns1J2wI5DOzrOmG0DKdLbFXLQCFcvTqT206yoQ3L+mB7x7Z7C790EKMml/A3 +AXLdOUDCH3qsWxZhkwmN+U7/UM+ERtfE7RirgGSD8xHHJELPqHAxBNxoghgXVtIH ++oCXVjF7SYvhbjW4ZWkGelOITgNy+BXN+1J8r073grte76T1ItMtzPzBStbw5K9y +Q2+X2XWltzSKzbyitY+hT5ub/Qlyu+DC0ZOipy+Q1R/VjREEdYDSmXjXJJtTJf9z +Kkm3FcDdkuF852/ckis+NsDk3V5ydmAqadlz7G8CggEAFOIEj4eJTjiWeTZ9b8lN +Qtjw2LBdFCVZ4N6rfXi/+81pWHiXoLAIMCabIFEdJ0yC4nAxoxxl39M4f6dGEUYc +rmCza3YMNi0TxYe2ybkn2kQkrYZLWppeAAMxMTivst9Oefz3ReZl2eGKX8dKaIy5 +ALd9zXSiZlRB1XixYtP364z9S/qLA/gDzj3OAgBj4Tth8ktT4FFropSLW91WZVko +SU/hESE1ixX+G/SHLPppXYJTsPVRd5DB0rPdmcnU7SDPjAP9CKvsqFDlyTLQD4at +Suh/csIFfLIAdoHKPs0pHHAMxJv2orUaKq5FQK1hwLIpEyUQR9UKHevT3QJ7ipGp +sQKCAQBLn2As6doigHKSiH9oHS/RJlIDa9+xtWiJzHVCeidw/zu9rax0MgqCrfKI +kG59UKBXxrqYgy9j5dd/jB0AnKnmgFp/uRLLxNxpXPJrEv6c0fg8YQ9NSDWcRK5w +EuO9SaosH5qBO1E3E3TD4iVX53qp69HxGKFmiJviuZ0k+EgenvBiAUgARIFTByg1 +NyA+fU1FlPDbQ+SbUNZOKriL5ctZNgtW2o7XJT53VkpFv/PSre0zXD1AfO03+ooO +r3DB8rwudXFNl8/2gerF0+SOrWMvifQ29QpDrbB950Bm6iRKcKoBQ3kGQoaVcoP5 +atDWuvUpYG4IcWtLJV3/OOkzilti +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter01.req b/test_key/long_chains/ShorterMAXUINT16_inter01.req new file mode 100644 index 0000000..46189f9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter01.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyJ3U+ +H3v07VK9SK7BqMpGofHUq+tjW8bfnpJKUaDIfekgF7s53iGyEtwdBGC2G8Fc/sA0 +zJRP38espLrRdcNqdJ3BqMe2MD2f9XyCHuUcfDBEnS7xO+ClrHOSxDhDYaQCSPKN +hGvx4e7no1l8q2cH7VeVI6EWRS52rMQ6uvOjasWsF43MZnTYx3G9stX3HY5K4BH4 +PTDFmyawCaiL+OuIs78ufcKZG6JXhI5UGK6FRyCn95Nrn9eS6t+PK0Rjzec/qPho +VSkn5n+OR9o/UNeAr49JD/CyibocdcReppxiIPrLCJApZraDjuIkOk0W1lOE1r2F +aiCakeW4o/nrhaCm5EL/z3iQ2inRCZo4yxywvqlVJZUS6aGuqeOi8JYcLUnx/OXz +JWTGFcTCR42oCop5XZ9iymqpwRzp9aTkx74s9LV4BuXbAxjmzpkPe66Ys7loh+kK +rI54GGsRrt8BHzKRREftoy2JlgEm9/wCxSB4Z4XOZFZt2dV6JG00X9wtHAled1Sf +fXow2v0R5gBPqAIwcx7LSUUxc+Bt2qtvIAX5L3ecwkhdd/cBOwfBW0geBQTJbR7o +/Ln5QqxLGsDXxz014v9TtEpaPSzx4GcFIYvevQs9O4KHCBgjiSS+LRSrafBsHnri +kjwn2SQX126ZmBkhI9F8NkLxUgLOXES7ooeH9QIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBACJamaZYmwPhLm5sR1EmTQQJ0hogp7mdafQkET92RgvXp+AaIo+joN7A +KzZaCXW7EM41FOd1R+e0lORpm7fgfGd3iO4GmPwo1IEaCn7vPPVjZwKKE5qvIkoQ +fYxuEFxTVh4GsUYRjwxqu4+NdQkRKXCV99o/1vNUu6DL6IDAU3f9FUbWme24FVJe +ujV2itMKiZX/sl/BcBg0JPDY2bCo3WSwvJIgbkmJRrtPzM9dcdZeR3xZ+/3FYz5I +jjOIGGLS+afhkWmNMY5DbPJRh4Z/dAWAF+FZxJPYB/n6FNxFOAYNR2tN0ey7Tvki +rrJuX0/soEe6CvWuHlBRUZwBEO1cQI6LlF6+MwDXww7HQyQeN4IqDH6DG3oVY5CD +L88xGuzNJIW1NO5/JYeCTuO4tFWQrlyqVcj3+6zKNTpHJtN7jMzLlfsCR8Ashn77 +1ayCP2w/I9I2Vj/vvPz+UsY7tZ/aZjiMAOeG4TdBGkZeXbqvE9HvruboztxvmO8W +66eIedZzbROrRKyjGCKUaDRd7sjYRNqS9QkI8LXROu4xYcTGwGbFgMAbhSn7n4fN +0xR+DmKMSHhyQdn/oNUmgAos5wgrSY7rb+UNzY7fSXV9xyoGGLtP7DiJF30Oa1Le +krk7NTkUoKQHO67Hi0MuDYKoFgKt3Xz8A2cd5xDuhizqAnuaSt4D +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter02.cert b/test_key/long_chains/ShorterMAXUINT16_inter02.cert new file mode 100644 index 0000000..ca36fe5 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter02.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEgY2VydDAeFw0yMzA0MDUwODE3NDha +Fw0zMzA0MDIwODE3NDhaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +rux6dqa+qZ7JOjRYd43WFVxRDZslYRIx+W4y19C/9MgyQzRjmEyCshLGiWSBmzjo +KlsOsN7TPOSn5vQ6pALIHR5H8afcyV7Vxi7rAF+eG8RAJlFGZhlj/j9cHUvOHyFg +1Ya8cWFmt5xprfHWX/V3PpU0VL8qnlv5rRX8E1XQWVWA0ylV2rVZRnv8wc82B2B4 +yEePphclfzsJLWftbqrwNlDbAxKd2R4fN+8p/r2gmnqBzWfuMcagL8N0YJT4kcG1 +wWTL5xKBEUQk8oBgbG8YywKW6T/Qz11uzDJpySE39GxxJqs2DFYhAW/N5uwuQWEC +S2GooikLi7DZ+z+GMi2cFsnnnySIMtIYBkNOuQNf8SfYAEvEGtXpDFJgrRCfcrpf +HYTm6e4XLaxN2108vDvs5M64mEBdJKjINy6Fky1w3uDci7nse+ytxBJXSJyMrVzL +qVo1nnzfX1UBoXogRfBwNgu2sgdEB0ScG0NikM6VTyQ6hV2aKvbARCqLv0Z1g6R/ +dfQAIxv9lZDOFdT61LGOyUK1oC2JopbEJGemiHrw3piOoa0SdzL4lcfDrEBU+TBN +U7owrQUVP5iVROJjmhZOcN/btlWdrZJl+MqzpUTqTbmWmaUnTWoOeKNW0u40Ia34 +9GJfT4FlyVNSEZf3RV0xQ9k0I9CUsVA6kFRtomQwG8cCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFIs7FN4FLTN2bva+YnuHGaug +gk0sMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAfI+pkt7lsQUEcruZuBKfN1o395B6OIhOBW0eVu+FLAXd2816TUue +3ZiCeYCVulVSZhdvkXoOy/qe/WVl7uWRoCxg/FsVojW6YeLcRAbeTqiuXiN2n7bn +X/3WxzMuyWf27lDWE0XwTOO7771FChYx/lUDm65RQUMBPybdPC4wfgokQiVdxTco +K0QAkTng4ydGfRVl+9T9HSQqPdAIe+G12UmRmWi/WkQNuZGtJ5xCkSSN55AF1Yyf +QST8cOhlQuMP1ZR1ha6ltZ9RX09Jv1t8D0bMSowRlfoIodWhGK715fX+WwPeYu6k +XVZKRRysaJOmgLXuGNueQGFXhlwc8BN1kkUwSQqKIU0NmfyapRYi4ZJ/XJs52641 +yxBB52aCxRY7CMLxWQul0R9rbm6+ei8DmJgvOVzcAbrIOtMlWSNu6+7rFVV4jKEI +Tc4y/rCA1fELoV8WFbA+Dv9L0xstU5q/GBsvHpZn6uxCrTJuwiAwg8HAUM2eRewD +o5UW6A1xM5FiskFyX/Dozn3whkIE1J2zk+J9z1Pp/lK2baB//YhtjmzNe1ZKM8jM +NWGFptUME/lGBsNCvL6VrqlYxplE3a4NxnMbvNaFW7nS7EZHIYD9jSPGOPBpPKb2 +kTMKLwxPyN3Rzf3Ce9jSmBanHNTtzUJJVSygEY/G6S/Z0Zu4d3R+dhM= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter02.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter02.cert.der new file mode 100644 index 0000000..bb8aea5 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter02.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter02.key b/test_key/long_chains/ShorterMAXUINT16_inter02.key new file mode 100644 index 0000000..dcbf7fe --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter02.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCu7Hp2pr6pnsk6 +NFh3jdYVXFENmyVhEjH5bjLX0L/0yDJDNGOYTIKyEsaJZIGbOOgqWw6w3tM85Kfm +9DqkAsgdHkfxp9zJXtXGLusAX54bxEAmUUZmGWP+P1wdS84fIWDVhrxxYWa3nGmt +8dZf9Xc+lTRUvyqeW/mtFfwTVdBZVYDTKVXatVlGe/zBzzYHYHjIR4+mFyV/Owkt +Z+1uqvA2UNsDEp3ZHh837yn+vaCaeoHNZ+4xxqAvw3RglPiRwbXBZMvnEoERRCTy +gGBsbxjLApbpP9DPXW7MMmnJITf0bHEmqzYMViEBb83m7C5BYQJLYaiiKQuLsNn7 +P4YyLZwWyeefJIgy0hgGQ065A1/xJ9gAS8Qa1ekMUmCtEJ9yul8dhObp7hctrE3b +XTy8O+zkzriYQF0kqMg3LoWTLXDe4NyLuex77K3EEldInIytXMupWjWefN9fVQGh +eiBF8HA2C7ayB0QHRJwbQ2KQzpVPJDqFXZoq9sBEKou/RnWDpH919AAjG/2VkM4V +1PrUsY7JQrWgLYmilsQkZ6aIevDemI6hrRJ3MviVx8OsQFT5ME1TujCtBRU/mJVE +4mOaFk5w39u2VZ2tkmX4yrOlROpNuZaZpSdNag54o1bS7jQhrfj0Yl9PgWXJU1IR +l/dFXTFD2TQj0JSxUDqQVG2iZDAbxwIDAQABAoICAQCG+xyVKp6+LTWCoJoTx3OI +EDDLmwkBGxVNMOgy+Xbm4QVILskb4Q6Jc0uZAeGxcfxVkuaHPasrthaKdbQ6k5rw +PUmvBKWvDmtP/yyAoUhUjOAjsVvttXIf46ylPrXT9+HNY6dOpqao0R4LiC6w5a4a +sPAs5Udx4++KzQgzs2iPRxed2qvRlVdKuKqWs9sxXhRWGEKVHA9nWpr+WtAxMd8j +Ssl2WYtM252jf/6cAKBKFHbNloGMD4XU1bKcRNh7QUuL7Mgbi3/lXvxT1RSTGDe9 +kEX7v67WFXdGQzC2b9fJ2VSHTl7qrhvSDACLTX10HfOzT6zdVWb/aH0NEDvxxJhJ +BvICJYvdAFbe1dRtzYRfDYo+nIvBANa5qruf+C6COVjfEoPvGfJ9pycxGC1X0i+3 +fAmAp653yBrPPyYQ0mZL6G5VVPy9LpRC5tVTHg9mbLWtOWpS6QBTmZRo0Znm66aB +HovS8FFsuoQ7dXVgrvCRMZRMz2A9nWJAbfSD7ZGV6DJ8k7izTKz4lfIHZT2rdA07 +hzQDiN2qMSJDIg5V/JWSib5yBc2ScpHvfmumIqluyeVNTR3GK5fjPgJMxfgUT4a9 +iPhBIn1p/wAYou2sat2UEDCZZNOdjAaJMm0AIcPdSAaYTHpW5hTnQ1u5BITSceHI +YWwpBbLJJeKy/SlzG2yzQQKCAQEA1X2W4RUIvYkgJgq1YeKHXtDNgqBMPuCXWW+M +2+T2xjXpoga5Gk9dVgLe8o5wZv1O1ePyDogLiXNpVul8/T2O4z+HGYfnH52yjcYV +8sg5GuN93oGccNY3YGjOUkl4JkUIdCU7p+/6S/96AcJuGGUWZcDR2h4w3ZMkCWEI +r5IfrPFtIAGGhi1KV0mjE6dX6LAcf0HjIpU4GOYzDO9X6zkHcrKB5NuifwIVGEz6 +AjB/X08pRJ4KqAFlrb2UT/NyryfOi0KbtFgx+7v6uvcedUmQGP5Ez/p/fSKXsSpr +/vILWwTWI/wlrNkF0lCFe0jxO8niprbV1sNEa8gPb2RhofUhyQKCAQEA0cD+UuOh +kJms2THFs5S3WNh8EhUuCakN4XJ/x3ncCG8jbWuIIPBfkM5v5XRdnLqRMdMltnvd +yBvEic8SewCZUQFHbec7oXXzX2PaGZYaajiLyfxQMFhNyjzDflOH9yxt+f2fIbDD +OhcU/MbhTtBtDhBq/FI4RdhGlIRX22apy2lR/pc1T8Xwx97PVZl2VkK5YEH5cG72 +vOXWmstQ/AdhYwugw0u/BCoqga+7qrI0/uAKVUgFy927t6rI+E2joOyd/7AI5hUq +7+2vPVL0eTKitVN1bOQPbkR6tQhTqhb7t989jWdBuKDdDlg/trieu2Q1oHSgPEtd +57pxBUogmZKZDwKCAQEAonHUe2Hw659KegfN6jRfAtNofIuSWIm2QBQ0HyHCcCGX +q3ToJc/b2lWG5RNjDcqS0QeIKGx2MtlBfyNcuqi7b8jn+JJDV/g7Y8sk6j5VzVLq +dIM00Vr+efple5FxvdTrUMz/7pIYZvl3EZ2q/h71AunMA+bTEdYjJovR+x35wjNV +8HOYs8IEfhSG5K6BoolWtbIhrS/TpoaKs73urQoQ08JmOgixRWkFOh9gYIgccx4d +7Zs/yoR9pMzK7Gb2jbaBX8+IAJrXNY/cgaUFZQNbhNj87S/TEBlhSSpZUH1GDLTK +aEk1NadQ2a3xU1S2UeMU9fvLDIY6KrToob7E12JZmQKCAQBVmTXwq7aOZTh1tmsg ++yrLliUj2ALerF/exjRBOojB5GEH0V9PWekWFjjx4cgmIrkIJUv5qZj7heFx/9Bh +4/+tYCE/R6M9I/56yiwCTxBeks7xUgeDgzXTt3JsRjhxdW84Gvlq7VDujubgtWTT +HhmzKJ4QdJlEX5uGFnAoOEBIo6VziU+XS4cUeegQ3by+PSKblrDt4krNEdq/dwOI +ppZmriMgL/Q3BeIs5INoiKs57EIrRWYgKU/nB0pWkpCZJpbf9n3bL35DRbNDCmx8 +XV6rMvDzzCpD7KxK3qgN/K0i/3aGE0JtzzAHH5p4veUBQkbkQVP25ybeX2aqKvMc +2QefAoIBADwvFE6ig085ZqoAoj4QCam4dvm1hTXMD+edKVcZrWTUmdkwsYZ6wmTL +ySZvRbHt8KRHEweXcy2IxtYl7zSbPHyAd1gx0nL2/WjDItN0CK1xd/MdUoBfNAit +khr3eknJyhU7ZDtw9LR1oKQaKuHS//NU5qtWwMykQxIZvvdf6sei/tSd8yGPeQsI +tXlBtYeVHV1HopKJuqiWYngkexD6XQi9cXdmsMKrJ6hWMeDh0D+kE2sTc5rOB6O8 +ZbkD5b1UNwL9N+BJdN+UrpOMF8Wc1vZPU0dkGD6PKFh9M9g+jRjb1JsOdZK+J6uP +ukmquqr+RViHFFP2URqUpzVH/kkmQOY= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter02.req b/test_key/long_chains/ShorterMAXUINT16_inter02.req new file mode 100644 index 0000000..d467a2f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter02.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCu7Hp2 +pr6pnsk6NFh3jdYVXFENmyVhEjH5bjLX0L/0yDJDNGOYTIKyEsaJZIGbOOgqWw6w +3tM85Kfm9DqkAsgdHkfxp9zJXtXGLusAX54bxEAmUUZmGWP+P1wdS84fIWDVhrxx +YWa3nGmt8dZf9Xc+lTRUvyqeW/mtFfwTVdBZVYDTKVXatVlGe/zBzzYHYHjIR4+m +FyV/OwktZ+1uqvA2UNsDEp3ZHh837yn+vaCaeoHNZ+4xxqAvw3RglPiRwbXBZMvn +EoERRCTygGBsbxjLApbpP9DPXW7MMmnJITf0bHEmqzYMViEBb83m7C5BYQJLYaii +KQuLsNn7P4YyLZwWyeefJIgy0hgGQ065A1/xJ9gAS8Qa1ekMUmCtEJ9yul8dhObp +7hctrE3bXTy8O+zkzriYQF0kqMg3LoWTLXDe4NyLuex77K3EEldInIytXMupWjWe +fN9fVQGheiBF8HA2C7ayB0QHRJwbQ2KQzpVPJDqFXZoq9sBEKou/RnWDpH919AAj +G/2VkM4V1PrUsY7JQrWgLYmilsQkZ6aIevDemI6hrRJ3MviVx8OsQFT5ME1TujCt +BRU/mJVE4mOaFk5w39u2VZ2tkmX4yrOlROpNuZaZpSdNag54o1bS7jQhrfj0Yl9P +gWXJU1IRl/dFXTFD2TQj0JSxUDqQVG2iZDAbxwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAIolJVF46XkrSjmx5Gk4SVAG7/wRpAEtNP8p7bSEoeGQrNNiFQGeo0eG +AwEmIIyER0zRBS5uQ125/cbIa1OngJEkN0mqWQBSiCLPlzrtATyl4HwDeKE+NJbk +Z0iT3nz0//FHXFW/DsQjWKBkZmIPf1rrTZqk5vADgkB5GLuAHaZBJ2yinmOLzoOF +X41isCiEDOIXDuXcxCcPAuMVpEHOwIuHwe4T+HWVBFPYaKr//JE9TGKhOfUJAd1A +P5NlEVv5ROYtWymiBKCp8jC1TzBp4cQ67i68dSr0cCGUYzNcJHop+D0CPmggMGbb +gdm3Tq8B5PLwL6b/8yJABIA8TGJPd98nvcwl4r4qaLpEWiMOmJsLDqmGvwvGG5T2 +Tr+B74C6gvIEfT8lDQ14P+KD7XK73vNpII/OGaLdkKlgwKnU4x7ah5dqM/5y1+Hn +wieZ5045he78FRVnAzdIOuUoyuUAOZQOp+yvKkMdo0RYMW1pApjdzRIJRXV6JRco +4fdrU+sFPxtN0MP6BHalScG0W2fypq35ULh5Ihuq6ce9DJZoQ7skrelM0f1QLOgV +Uj7tsnkj+1+uYold+l5J2sdAx4DIXAHMQK+zjEiEXo5NZkWzikq/4sZC0HxooNHS +MVtKjZI7WxtPD+8SIYIdwIivQMYMfJrPb25e/Ax5UR335/siqYZo +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter03.cert b/test_key/long_chains/ShorterMAXUINT16_inter03.cert new file mode 100644 index 0000000..0457ef6 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter03.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIgY2VydDAeFw0yMzA0MDUwODE3NDla +Fw0zMzA0MDIwODE3NDlaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +879lol5Hb6meCszMIrfeTECixHE/WYPBcCiE3nq2ZERlik1wynjcnAeO8c+3EecI +ArLif9TjRDuODeE/uNK04LBU14C3CpEpyzeaG2CIity3d8thb3P9M2mZ6SgKXfw3 +S3EjIKix6kpcRVJnt6ygBmkBjpxYuiPLcGvy9lzTA9MZsoXNokqGTfIkoOD4AdIO +tDR15hMbG+lmQvTUW1ah3ZnS3bhy5CTuIBtmnRBlV24gYWs8Hkbza8sS9oNR76tl +CQl14RyWk55HyM7dQKOTRHpA3Jm8n2xp5dATSom1zaD2b3jdxsdEsHHFtJC3xp34 +NAsGDbHaMORrH4g6JAKLokv8pUH1lJXS5fnHmvlFWkRTEdSAicfoc5sLYjU6QFiu +ETIOPP3zCLhU8aCLbpfzWLV+v40nax7kyoIVVeUYBVg86PHTOL7SSQYEeMBhkM0o +7f9O5jM5x9mtbu87xftdGs+8ZE3aJvBPEBIy2huGTlgBqQzkumLVn3RUc6PhUPil +NsqyB2dThaT1WximVEhu5YkzWwzKtG5pw+NZisINv2fORDyZYIRt/xMdBRsG7Bup +8LXkbI6nlRt7cL3tcY0EbHNpkow8e//P/0wKovFxNOUH/x+D5KOL5C8U3UHp9qjS +plLT+unfvG3h4g75n4D8QK2eoqv2WsQt0DQf/vCqnxcCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFMInap8WB+TJC6Ax0qNT+IY6 +jzypMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAaUqp6ym2wE45bcn3Fi6V0mHEvld0mPm0yKls9W+PMUWPb8onAXCo +w8mfgesmr/eJ/eY/uDevVQapJmhc9OOrsm27h08JDBtWIa6BkI8uIoEKfFLCbTUn +yz2JfUl60+GXAhzA18cN32kVSSz+UJMyxqMmhDyQsjuHzyL7Mh3zks7bShz31yH4 +5pQ23PfYyuHsrEehT5IrwEQ5bSvLStT0+Q5yk3XAC+7Z2Kst0ovW0q19Z+s0cvj8 +oaGdr4qwde5x4+fovlivaaTwksF59Z/IUA3LC2Ozyb6DvPAi0ZHlCUgKz8n43l16 +yQ9D8UxglFQfJX0fq2Rfd6ICUyjfoFbNT7svrTg+j4auJyy5xPjSrPaJ1A90ki8W +CsLrRCvlEfZ6pbLBFaCFtnBbdvVClkEjefmM1WlFFwhycqozSqMIiLhk5X5SULdP +Ek4pJtlOgSyVcHhjSY4q45U7hbtGVXMUMwf7/65FghLHQ9XfUkeOQrJDAH2RfVTq +y4V+DWDwBDUoB06Nqhtr1iS56vYZAy11UZux/KUvaTHIwws1iNI77JNmBUAa3v1v +bnLaVQY6wHBRRbPeliFe7k9L7VZPeZwGlEtNt08IHCU1V0XsIHQqO8SS5mmhlBFs +N9zMeFP14k+GBtwX/JsMIrae4sT3J2BNZOr6jTNpuCIVZmtcthgTn08= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter03.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter03.cert.der new file mode 100644 index 0000000..17e6ccf Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter03.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter03.key b/test_key/long_chains/ShorterMAXUINT16_inter03.key new file mode 100644 index 0000000..19a3e75 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter03.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDzv2WiXkdvqZ4K +zMwit95MQKLEcT9Zg8FwKITeerZkRGWKTXDKeNycB47xz7cR5wgCsuJ/1ONEO44N +4T+40rTgsFTXgLcKkSnLN5obYIiK3Ld3y2Fvc/0zaZnpKApd/DdLcSMgqLHqSlxF +Ume3rKAGaQGOnFi6I8twa/L2XNMD0xmyhc2iSoZN8iSg4PgB0g60NHXmExsb6WZC +9NRbVqHdmdLduHLkJO4gG2adEGVXbiBhazweRvNryxL2g1Hvq2UJCXXhHJaTnkfI +zt1Ao5NEekDcmbyfbGnl0BNKibXNoPZveN3Gx0SwccW0kLfGnfg0CwYNsdow5Gsf +iDokAouiS/ylQfWUldLl+cea+UVaRFMR1ICJx+hzmwtiNTpAWK4RMg48/fMIuFTx +oItul/NYtX6/jSdrHuTKghVV5RgFWDzo8dM4vtJJBgR4wGGQzSjt/07mMznH2a1u +7zvF+10az7xkTdom8E8QEjLaG4ZOWAGpDOS6YtWfdFRzo+FQ+KU2yrIHZ1OFpPVb +GKZUSG7liTNbDMq0bmnD41mKwg2/Z85EPJlghG3/Ex0FGwbsG6nwteRsjqeVG3tw +ve1xjQRsc2mSjDx7/8//TAqi8XE05Qf/H4Pko4vkLxTdQen2qNKmUtP66d+8beHi +DvmfgPxArZ6iq/ZaxC3QNB/+8KqfFwIDAQABAoICABh9vb+Py4u7tkaNh2FhqjNt +Ny2X126uH2yelaMpH1R5zt4To+akOD5xP/qqDVH+Lb7frIR9pow/k6lvXZC7kzMU +ZKH2q+2i4lkp8BEaJP4W6VRfGh4xwFo/HRjhThFde0zYRFhOuvm4mQbaHdPFw5qB +SIfEy+GAITvdjN8WOpmix205pozNAiuozedgU2sTaSjQMJx6hPnL/NtzcDbxQHhc +sWRX2St1TnvpZOkZMaWUSiqftL2yEVleYTxlu4Dibtd2nOKOlc6lU78okfChvvVd +d1DzHZHDOey+eIG/zoWny7stoNMNSKiV9fCLrfuF+d940BXmLe9FtEHJ1VWy78af +uOIAKO8m//CBXm/Kp1xM4YpuXf5AALqE9FsnCdJcHJ/r1VPpuwYcVLOIKHAJOfbZ +oRmpDMeXVqvkfQq91pDni9d6A8CeMBTuUjG0Rxo6fv+KKCUL0sgpNFnbhckO81VL +htGzj2M3M/I+rH87d9ilp2JqdvHCeKrU/XK4zECFmTAB72GYhm74qsHueZt5R08C +KKrJFmdNlYJ0qnVlmtH2utSbiuZKdn++3bD5CE9jw+JWcN/CtUzzzgrWUHSJkG9k ++k1UA82n6G4yEyqIQa7T3EmnTfcjxug4sBRHhl+SnkhBDfr+T6a+jBU8TLoakhnG +AKOtnqM+tCXmOoZdN8xRAoIBAQD+XIM2XFdmB6WryO1y5WM9LVctQAf1gifbNKOZ +3uI45d9k3dsUgDs14DKOXV+JDwuKmKp5YDgpV24/Ad1vDca7lVaDhZp9wML6zK61 +WAwLhCEPqOtStA6DOiv/AGgq5Ka0l/xTlb8Ddd+0o7d1WOOyu3bvuWkmofpgCkJB +dSDzPH7v8ufeUPR8TEs2cfN+wfwN0S40nNq0S7OI13cx9ZSoBxJ+giDlUzJV1wwK +/BVUJiH8yOt7+ZyFfKGuOl6/xkL2s45E1Us2N73S/tk2CFztYngegLxwrL+9fhYm +ZGTH7P9AH4xL3yf2EpMGIOm0CyUHTPd7zmf3VTNmEA+FtJvZAoIBAQD1UWFpcsc9 +H/tThHvMdnngPQrvs2a5rNYBbYqTO5ceid/pDbb4iO31G/9MznRh+GXAzrTaTUwR +kl3Pk8rESTH5CMzx99UmVVGzZEM9qVukFsjFNTEwOa7DjlEiFcoYTG+kBV/CjdoU +7GpOSnHXZEQ3aKMsAYRDdHqF6gY451+6Y6QF2F9ByaIG9xotQO/lSTjjT/HDGdBl +r3+SVnRwopVJmjOOIv7g5DWc/TPumQgmNOxzZOUKPbWtAqHzdsg8gfa81Gfx/KTE +OfoTkKS0mQwAY6aqQWFvPp9Y5BCjSoNW0HhUqy18+KWkweel1IjjDfDXytu8BTy6 +wN/kAsWix+xvAoIBAQColFHWNm8qTQktCDbvPj5+bk1nzRc5TLDzpDiFo2WVRiy/ +ohYvySj09Qkst4+4u8LvcW0SkoXGSI7lrWu/zYaYDkrPUj3o+FeBdySXRap9+20Z +/t8v6evwZx5/nBptyyr9Z/mwv/9f4MCJ7TOKz4XhkEMscFrTYukYu9PbpDBZZQ/Q +IdIw0sCmnL4AcJdrvE88LRYNgqOkeMOdfwgdkWCb2EwWklIRCwnCQItXwGi2Y6uE +6PjBKtbk1Ywmd8MSIOmCrdAtqJt3bIwfig4VtIc6QVfRB4tctfFCOo2dlk4A/v7Q +1dfa9SR7/yV4G1oonHZHF2iyokLfdpVhIGXZPLFJAoIBAF0/LMbXQRJj6LVLQ39p +fVQV/+UzDRYAs2vhhm4GlZ+fCsRcWTNJYSHtHXLFewmOUKckKyxbe1GmkBAJ/mXz +6JHfnX9QE+45Og/1SXXTvSi3HGORn3vUQTDGFOLe422vCDSRcl/SaZXQc2wE8hbM +Xv2swXFFtk+po7TpSqowkHuZykwKfdLU4MjC/mk7KLS/y2bkCWJ+mm88cUJfqGzz +78kFWxlpBfbX5+UffbDw7F8ReNs3+7OT103HFWYkvWH6iJ4oIsahoMORwhPTxDd9 +gUlYl45Zwb52UD2KmyRme1vxa/vLAURigxwINJQdIFcmAmkUC8gBOZ9HFxNlVlhU +o/MCggEBANruEyUNfnG0TATLb6dswNqJTJa7kt0Pi+gg4Ac2vJjakes2ZA4qsqHE +/nWWWzjCyu78azvO8/Iz3azrYE3PVNH6ACu+CehUTbxGZdTN4Vwy/NB5AcBHmQXQ +ATVq0+Csr0j8YhJN5IB6or4S60Lqkuo31KX5nCTmPQ5ydDKFEPIg+uHVK/E0rdtX +DKS4c9TkKFQHfHJiRo0ngwQs1vgjft2Ren/nPW/G/UVbDmmhcQQn5C1xbL5uK+bG +vo0ctVDy/Z2moNWi2IlcHYOUwDnGKzzGrQ8KFsx60Q3u5KOcwguUH+mS8hts47G7 +ENzcTXbdfltlwWzy0CvrSIxKutDfViw= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter03.req b/test_key/long_chains/ShorterMAXUINT16_inter03.req new file mode 100644 index 0000000..461b0cd --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter03.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDzv2Wi +XkdvqZ4KzMwit95MQKLEcT9Zg8FwKITeerZkRGWKTXDKeNycB47xz7cR5wgCsuJ/ +1ONEO44N4T+40rTgsFTXgLcKkSnLN5obYIiK3Ld3y2Fvc/0zaZnpKApd/DdLcSMg +qLHqSlxFUme3rKAGaQGOnFi6I8twa/L2XNMD0xmyhc2iSoZN8iSg4PgB0g60NHXm +Exsb6WZC9NRbVqHdmdLduHLkJO4gG2adEGVXbiBhazweRvNryxL2g1Hvq2UJCXXh +HJaTnkfIzt1Ao5NEekDcmbyfbGnl0BNKibXNoPZveN3Gx0SwccW0kLfGnfg0CwYN +sdow5GsfiDokAouiS/ylQfWUldLl+cea+UVaRFMR1ICJx+hzmwtiNTpAWK4RMg48 +/fMIuFTxoItul/NYtX6/jSdrHuTKghVV5RgFWDzo8dM4vtJJBgR4wGGQzSjt/07m +MznH2a1u7zvF+10az7xkTdom8E8QEjLaG4ZOWAGpDOS6YtWfdFRzo+FQ+KU2yrIH +Z1OFpPVbGKZUSG7liTNbDMq0bmnD41mKwg2/Z85EPJlghG3/Ex0FGwbsG6nwteRs +jqeVG3twve1xjQRsc2mSjDx7/8//TAqi8XE05Qf/H4Pko4vkLxTdQen2qNKmUtP6 +6d+8beHiDvmfgPxArZ6iq/ZaxC3QNB/+8KqfFwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAM46f/HfofoorfgrfO9zDThiNnCmjBpuFZ7dtizTDCE6TSUPhKdWZQMl +RZU7kR7amr7weB+3hpiVIgEon0Sl6rQGRXzPlE8UghBG5zjFW27hN+o8UEXMjO/j +gItZB3hyoj+Tqn3zUSWjvrtUXfoZpgZ2YTMionv8MKwhyy4YHNMCbUtDHxoUFQ51 +VVgHMDbwAgEW7lBeJ8wUcHSVQEStP19JJLsaEfyiKAT7zdIuUEP1Wc2zWzrA6/A8 +JH5h4iOJICVnkhg+fjCmjtQeVsPqbZ+cdnqBk3BIVg1IHeb7iHkhOGN59RdHSbOs +6Ik3aPPo9YWU72imCeo9hC2pQdO5+q/FeZm5MLSN/D7MQoC4je4zmYav/OMvXR/L +HXROpnw8X0hj8gEx+J7JW+vKYE792GliDurBNj9OSOmN39/IRgpyMLtjF9s0QoRm +Oe2RzGgIH/o9FP3ImVu9+AiWcm5XN0KYWtGe9NuDcneizlTI24Z/0jPAxRiszGoG +ubR6siaSG1WKinL+Qh7CqImQYhX69IfghW/8zhrmOQKZO+L6N9zrDuT3iJaaNd3/ +cAoqiLs6VcyTD62lBz1OCV12+RyxtxiiSe0EXdwH6YSatDmLzSJ0Oux5lgfzMbTK +2spBRhM6Ld5E2vQLk+EgoF4fCdhzkika/pLHf2tz0Z4xt+20SzwP +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter04.cert b/test_key/long_chains/ShorterMAXUINT16_inter04.cert new file mode 100644 index 0000000..a807164 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter04.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMgY2VydDAeFw0yMzA0MDUwODE3NTFa +Fw0zMzA0MDIwODE3NTFaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +q83SCFEY2FVOTqAIenYMfbGJxFmY48DSUaeq6i50M3RiOFjZBdmhrBMq+RW0mYQm +TGYgt+UF1Ki9UGSAnEPC9b5Zxx45bIBKPG1TdYE9tLMQ+c7Ioci6gRUJpjUi5ovc +1kBSfPFkQ0fN/QK4QrU3yxlKKYsBlJTD/ZrBcX+ubTDGdWkNuup9Li/7u+vq9yEZ +ogBSHfMtqcFoj8Or/q5nLoLNo1banmrXvYJvdoarcEzXXkHeA38kVPB7D39p9Mul +gCAA3emQERztg/LtdrRC7IgLvj59VmG1E9yVjDp9xCGFvmWUDoFmiTQYcH4/5Fk0 +l710LImFVjECYkCs7w40c4ZVXxZjU4MepgG5vYOwConQ0OGFa0mdLWtfhFErEJ1a +fM9Saa1Q7Gc6r8+xnqFhLEZ/urMcyuI+DeOZTNsaKrw2JCHDT/N7O0YBY0PXvTzz +YWx/wsIBHTBPKN80dkSBFCEIEDIy8ZBcfPt4o4+Stsi9ti6k2j8CslZWTbXW/T9w +WIo8sBnJMN6obQQl2XqkMVCpD02gO4+M4sgJrZnBb0A6JH9iE4wMxiK8pbx0Y5aG +jjHXdS6BaKGA3PL/A04xzW+jpGHzDQIDzrVguK+OF/etACcAbtKt957Z1VTQmBdL +nRpBod+VgwYMpETciaoNQwEqjBma9nSMxICtywHsbeMCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFBHuevUGqal6SLvNM5nYXLy/ +xJP2MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAL96MHgaXYWV1+bzaUV/4sNOjYCh28VFTTB9b3CjeyCjRAF516gtB +WwMhPuHc9g47/Xqcp9daDowTUNvVvkA9PKsmzPXkVErzbiU1o/c5Mi1U7RB6sXU5 +fPT+J3WrPm5nuT/L2qm3zjr06a06fs13jeNADACkcjxTuvs5UB9V25iruQmY1cEb +/u9TurhaprVOdWdNTk7ftWAOlmXGSsQR/GzNtuPCSz3jv3xLz85Kx8DzRBPg6Klx +63SVd/p+LxeEMghyfJioxFIc1j08SO5lSs6ftsdyXN5VsXcESdDfJ9OUC7zoqJRk +LEeXv6kcUVR5ObF7gm2HC4YREMK8GJRd+vd9NDlgEcuX3CAUKi2l6x0UJOCfuBh3 +FZjCZ04h9cslVbPQQfeK6Vdo/VAAMRhjvreDhsEQqB2YV6eNe505xWD/kEc0mOi4 +DrQVpJqOD6JBQ3tIT3YencfXZZcBrTchcN5tN85F+IjfX47//l9ljG84Zig+6Hu8 +UqtE8VZIrJurBUiL8YQ+Jbml40fMimqC35qJoXIV8c9T+lr6LXqCPJ8qgubBMTtB +t5LRdHtLn4PQhPQ1qUXQMAI2x35sFYtmvzDK1GXHTBIVY8fMTCMvkbuuC4w3QQoL +8rt13swc4d++bcUQAdVBDJHQwAdcY2IrAOyLtqrgmVJg5MtFAtFSNGI= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter04.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter04.cert.der new file mode 100644 index 0000000..a4c0f9c Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter04.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter04.key b/test_key/long_chains/ShorterMAXUINT16_inter04.key new file mode 100644 index 0000000..69ebd40 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter04.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCrzdIIURjYVU5O +oAh6dgx9sYnEWZjjwNJRp6rqLnQzdGI4WNkF2aGsEyr5FbSZhCZMZiC35QXUqL1Q +ZICcQ8L1vlnHHjlsgEo8bVN1gT20sxD5zsihyLqBFQmmNSLmi9zWQFJ88WRDR839 +ArhCtTfLGUopiwGUlMP9msFxf65tMMZ1aQ266n0uL/u76+r3IRmiAFId8y2pwWiP +w6v+rmcugs2jVtqeate9gm92hqtwTNdeQd4DfyRU8HsPf2n0y6WAIADd6ZARHO2D +8u12tELsiAu+Pn1WYbUT3JWMOn3EIYW+ZZQOgWaJNBhwfj/kWTSXvXQsiYVWMQJi +QKzvDjRzhlVfFmNTgx6mAbm9g7AKidDQ4YVrSZ0ta1+EUSsQnVp8z1JprVDsZzqv +z7GeoWEsRn+6sxzK4j4N45lM2xoqvDYkIcNP83s7RgFjQ9e9PPNhbH/CwgEdME8o +3zR2RIEUIQgQMjLxkFx8+3ijj5K2yL22LqTaPwKyVlZNtdb9P3BYijywGckw3qht +BCXZeqQxUKkPTaA7j4ziyAmtmcFvQDokf2ITjAzGIrylvHRjloaOMdd1LoFooYDc +8v8DTjHNb6OkYfMNAgPOtWC4r44X960AJwBu0q33ntnVVNCYF0udGkGh35WDBgyk +RNyJqg1DASqMGZr2dIzEgK3LAext4wIDAQABAoICAHNlHETPy8NKkP1IiklOzxcB +z4odsA6R7fJAjxEaQJxq+KnmK2a9hdThTwTc6mAOnfbExgcegisTZ4z+5E+RR/rt +brnKeEGDbdlmiR8svriHaciQdrwL6hFXgxKrMBTwLlWOAJnBPVnfeeEOGZtcwuvc +wa5jmp0kyvulHXdRjmPy1en4tOsuIwSJ4CiZzklNZz0jwAQz2SDjMosVn4nBtLZN +zzd91/t9wgic+qb+z1nvktzRmwB4Pnv6xn1jVFTDEBed51cmUMjdyD7PRWZsr2LW +AiU3LdJ+cDS1/ZChnOXGqmF3MtoHWkqfviaY9es3a5bb/pMHj5KT+ojp7f3naZxw +zueHlU3PD3D6R8lA1k86d+S/HeBN15yhByi/wObsFF3xTx5kx1L5CWyNnIoK3Zfa +yhBtDeJ2jwYAG4WZLS6Ijc48QGQEjMTVs63BjE90U9jOpvyJ0y2bk9OuMlJ8HhGK +xqlJlhzp7ePpdKX3ngSGw0ZgiQkL3lxcJl9Qt9/ouNwn+s+G2OipEFoBgUoERH1+ +yB+M64E9zSSdvJHf1VX1oEjRELxR+HoTO3ZhbCnC4WFEkX6PK7nwAFyd0apPALX/ +g/bJm1zjNV5ge6TEtK5HDllCIN6hJ4+L1FBpVnL3A8sTQQgix3EQyAhNiGoVBEtb +GLPn8JyZtz2uIqxguTIxAoIBAQDan0NWFi0gMjERPSUBTZyq/2IMLeALkNe+asYt +oa8lJRb2IwfQlzW+loLFp1jk0snnJzuYLuoWhpExUumqfM6jx2BtGVuifEphL+o+ +KCQf3WRVGqHsrZSsi2yN05Iu8tk+vReL3CHg2F/OadBKLe5nNFFcE15CZpd+fe76 +wspfm/u+fNazC24vHn7lY5pc+a1D59GC0SHFcGZ3VoruUMMzhv+W6lH5tXB9Ol+0 +hhrfjel8KpolmP5q8vtgkKqA3meaN0cCKCKD56hxke7wlr45JD3QgllCBj6q9ftI +TN1EkhcJ0DXG4VP4PZiwIdgiILNcrfWst4j1eRvUGFmaGDFrAoIBAQDJLWc91uLR +Xhs9eFjh22mFhIxsZn/W6GKhE2p2pQTJC3MEVkX9AQnQnypLRKV0Te5KGH/muFp9 +7egp1JmKAjYCmULEIsAFsKL2CpF+RIUcHOiTnPahTQvYeR56/tK6SXwl9/g8Q8eM +mxHAhEyjAjTPRJZ70ERU00hZCTsInj3cy4vwS5dNatN5x1Zg5g/uG7+Q2TA5WNyF +BlHVHB9G3Nm+WYKvCOs5pcUuXyqmxuBA3yKPouSCrjeDf+cJpRPRiUSx1mH1nXU0 +ZRSUjWsg+CLCNj6cMspH884IQGOpS1JjcXkK7GF18u4S+/EU3JzajoZ+AQiePLZq +zGinL0ykdbtpAoIBAD7RSljfEGJS6bRpXEuukFi1/uc++0R3fvZQ2dbcwWWr7ZgV +4rX17NRxjOvcNPey9Z68sCv/NvX3/posl8WMDRgUPsm6YpEio4CfcvAfOpoJVD37 +5BEMo06c1Tk/VJ622uNjE/P08asYoRa/YsEdx4XSC5qoWgo8TkVjTBqzg9DLEh/e +4RYbL7LMUWv6Ha2fdECxyIqNKuX/cQHTVSI7BIu2u5QSijF1B/iDoGJPskMQFMm/ +uAEbn+b9IGvTxZo3zY8LWRTukVRTaRwQ8ZYhylDC8BwMiDcncjRPb7+LjnyYeZQx +RnJ55lXK5See4eqUeNUlixTwu6LFBNEBmiVj1DcCggEAOtYjjqttFKyALP8oh42j +E+CLLRzhIJpAVjmWdnKWrrHBhrAwsej+1NvoA7Fk7lnoahU2OuUJ2jCdKLa73Of+ +oc3u/+vl2wQo9OpsWNBzWaB+yMUsQEqHP11U88XZHZBmVbhrCj0MfGvRyksnGrmH +dmLp2/YyNdjBHQEdGc0l7JA/Mhz5eDPY+5G4CojeedX1tcg/WVZK0EDj5/7cit4G +dKw7EzP5j5eSzpgYokQhy/c2ZWnPiQSoybW7fU+hNzP9OkGnzqypXZR+a1/cx/yq +NcClmQslq9t7E2C5hQa5ZsoGC5LMgjF1PWofvOk0mpr6bJmiypyZAS0dImAr+yFP +mQKCAQEAw2ErHJwlZZssNds3+zvLfmL68NX12LTbHiyUXJoHqCDnlXSg3lHOjJ96 +QzledvKDrE6GoThPqMNxhEMfUeRz+h1xxv1tfpiQWdzjcKMnh2l8cWWV6BdqIAHX +YlLFZJ1Q1YhqbK2cSQoqBOLTkGlkT8+m79T1cDvJqX8vHfDha8whUa5Ezy6vZzdy +U7y+cD/y6Jxa5tKJ/44qaOzNwWhy8y9ANegHEhdbfqxEVOCILcfM35ajBpzzFO2R +7T/zrvSXUhFwYYMdRQVN/VXi8At+ujk9OT0vBqGTj3WFZCJlgQ9xi3gK6A1p45K7 +LHzIzTOWBsFOkrrusaz6phhVftoNRg== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter04.req b/test_key/long_chains/ShorterMAXUINT16_inter04.req new file mode 100644 index 0000000..10150e6 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter04.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrzdII +URjYVU5OoAh6dgx9sYnEWZjjwNJRp6rqLnQzdGI4WNkF2aGsEyr5FbSZhCZMZiC3 +5QXUqL1QZICcQ8L1vlnHHjlsgEo8bVN1gT20sxD5zsihyLqBFQmmNSLmi9zWQFJ8 +8WRDR839ArhCtTfLGUopiwGUlMP9msFxf65tMMZ1aQ266n0uL/u76+r3IRmiAFId +8y2pwWiPw6v+rmcugs2jVtqeate9gm92hqtwTNdeQd4DfyRU8HsPf2n0y6WAIADd +6ZARHO2D8u12tELsiAu+Pn1WYbUT3JWMOn3EIYW+ZZQOgWaJNBhwfj/kWTSXvXQs +iYVWMQJiQKzvDjRzhlVfFmNTgx6mAbm9g7AKidDQ4YVrSZ0ta1+EUSsQnVp8z1Jp +rVDsZzqvz7GeoWEsRn+6sxzK4j4N45lM2xoqvDYkIcNP83s7RgFjQ9e9PPNhbH/C +wgEdME8o3zR2RIEUIQgQMjLxkFx8+3ijj5K2yL22LqTaPwKyVlZNtdb9P3BYijyw +Gckw3qhtBCXZeqQxUKkPTaA7j4ziyAmtmcFvQDokf2ITjAzGIrylvHRjloaOMdd1 +LoFooYDc8v8DTjHNb6OkYfMNAgPOtWC4r44X960AJwBu0q33ntnVVNCYF0udGkGh +35WDBgykRNyJqg1DASqMGZr2dIzEgK3LAext4wIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAEyJT22/enPn820QsfPBrRbQjf+Jg38MH+YgcIT++rMJx7bhlwy69Nyw +gMWmlvDLxzXD30n1aRM7v11vCrKqp4YLeWVlgSr79avDpSzAoT2A8ezbplKvvGAK +/HDjZqosAsR4ljPXFZrMlcjRK/9HfC32ABjg5VpzJ3KNzMDsbD/gXqn1G/m64/SV +Y6SuS1O5aaNjZM2Ty8OetHdBKsw9/MUs0QHQaPutWypkNRmKQxXiEsByGX48BiH+ +2xb9Upr8f15gjz56AfQhZ6Nstn9NsBsMXzCPvkkqiKvY4Olp48q5uxqe074Cm2Ig +4JZ+BEqD74D38ZwBbJk59TAUuJZOdPZAviI0tEP5rHl3/rPRFDNp7DS/+Yx4FcNB +1ybtnWihn6HurDhAfMG5sGAm5akMS/uuq6QqDHAtDeNi+Y0O8rwv9af5Au7HkIkV +aMJX+NxCzg0kiXuN2mK+KfaR6rst9vy2d1RG1y5scULJ0+TBvDjm2O4cQ+53H+qK +faGzBBSnagg6gn33xHAPS1fpdx8j5wBisKOqLvCOKC0T4RmN/GuEXFq02ws97hzg +SI12u9mSNnMxJpD2JG+in/cU3dRYvVog5rWqag4XG6uiC5jYGP78LIt5LGS5U/6k +9Nz0NbGLnFPQHgjYasEOU9pkursl5kvLmtivmMVRTPyqCMnDUGr1 +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter05.cert b/test_key/long_chains/ShorterMAXUINT16_inter05.cert new file mode 100644 index 0000000..634b360 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter05.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQgY2VydDAeFw0yMzA0MDUwODE3NTFa +Fw0zMzA0MDIwODE3NTFaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +02dUrggTFcDHoCK8gKxVMG7WmGa/OAMitp+K8bVC20uK87kP056jGe7RwLuQ4t5z +/HYTkea2h5pu4GPMTgqNaVLNABLbKrZQ+CJbJXZSR6ubcJOYZVF+7psS9q55xS7L +q/FxGbHq/nZnE40akeD+PMWmi4WvUOX8dF34bqX+/RW18U9bFsDf9YrR9zYlliZz +dg+GwBb0YFAHYaQNEGs7Z/EamD1ABLgleDXHUSKeVQ4QCuJewCkyX+1UbT7Uu6lh +06Ro/YtLJ0dIeI/UNVHaZTR1eSB53+9VJS2QZ+76lqz1IZScgViuIHX6EuMc6ymb ++LKC/GnTCC/UY786HZJ15jynuzWBJywZnpvQ+5exbmyeCG3W/KSm2Lx/gU5FX0Jd +fPLRRYtXgBAjZpzv6A9peGuaPDqBFTCjdSTXM7mlitpygBaW/KVs4jMpGkJ1QsiP +b7Q7wYF8uu8cbU9niQEwRmMsPiprwW+hxZGMZYIAX8X9AxcwOshDE4HSdyUz4ANb +g0Kv3mXZcVZEyIQBSPT1T4unP8kE7EPsqZ/zzuzf5VR9p7oBWe/xJEhs3A7DhTZM +5/PZv55AQpFUtWhLijohYlDeVSiqZWXfejZyPq+MkosCJL9oQu4Z86hgaMFk0/GV +JkBByg1mkcs/Or6WCPUGc2mpw1YOAf//xIWPlXj1Ty8CAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFChDM320qe0BTeo3+xTyrRjL +YrUGMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAOX1E7CcsCQTy4wJ+bcn/XcIPhTcHKA1j+7+kKZjxrGSLLRhVVJ4W +hs2o/190sR2++84ZWo7ujSxfbBiXNxCaNZtuWWD/um2K1IewDo7r+o5IerdttqW5 +S71AVwvBPdSUM/v7q8zLZqXyKTutpBFSRm0EbOaU9c8YcVx0ig57p6O0uFKKnAX5 +QwOyHspTtZMeTtTQSQlWRqPsgJ1ANI9+oJAosAP3VVvzEAN9oct7xmfg9/rO7JUZ ++eYHrQhdC6ETG0GYThmoeq50U/WdaloyYbx4mQ1DkXs+Yp0m3FOvFUFxBzbfioql +LB8jviI/kIG5YxCxI9tWcraK3lzZQfj2M4TkteJsmY+rCylvZ0Wmzbb4Zk6WdfYA +mr0HDEM3REUpYqpx6QZuZUXyIhk3a0XwIuasHQyTVQ2kSys0A2BAti3Vp+0/FJwe +Bc1PH4Y42lwRMKZT7eQ/Lh6x2Juax26P5/Z5/WVdFrzaS1r0YV//6EyJQ0ezPuHQ +X9dXmoWuzaPJA5UFWE4ukxpBcweNs2Akmz8cgcrf0AkpOJNkbcu3/kbx0ddJVAcS +ovhsmEPb7QUXNfcuXJJ2sF82H/xaabgTsb7AZpReaigUy28FtwPiISn9CKA/a4rv +v5SNeFDVdMTh6OOrZwpN4fWHSQmnH8/B/1mCMbiNOmsVDrDCK8MSY6o= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter05.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter05.cert.der new file mode 100644 index 0000000..23b5db5 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter05.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter05.key b/test_key/long_chains/ShorterMAXUINT16_inter05.key new file mode 100644 index 0000000..2286217 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter05.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDTZ1SuCBMVwMeg +IryArFUwbtaYZr84AyK2n4rxtULbS4rzuQ/TnqMZ7tHAu5Di3nP8dhOR5raHmm7g +Y8xOCo1pUs0AEtsqtlD4IlsldlJHq5twk5hlUX7umxL2rnnFLsur8XEZser+dmcT +jRqR4P48xaaLha9Q5fx0Xfhupf79FbXxT1sWwN/1itH3NiWWJnN2D4bAFvRgUAdh +pA0Qaztn8RqYPUAEuCV4NcdRIp5VDhAK4l7AKTJf7VRtPtS7qWHTpGj9i0snR0h4 +j9Q1UdplNHV5IHnf71UlLZBn7vqWrPUhlJyBWK4gdfoS4xzrKZv4soL8adMIL9Rj +vzodknXmPKe7NYEnLBmem9D7l7FubJ4Ibdb8pKbYvH+BTkVfQl188tFFi1eAECNm +nO/oD2l4a5o8OoEVMKN1JNczuaWK2nKAFpb8pWziMykaQnVCyI9vtDvBgXy67xxt +T2eJATBGYyw+KmvBb6HFkYxlggBfxf0DFzA6yEMTgdJ3JTPgA1uDQq/eZdlxVkTI +hAFI9PVPi6c/yQTsQ+ypn/PO7N/lVH2nugFZ7/EkSGzcDsOFNkzn89m/nkBCkVS1 +aEuKOiFiUN5VKKplZd96NnI+r4ySiwIkv2hC7hnzqGBowWTT8ZUmQEHKDWaRyz86 +vpYI9QZzaanDVg4B///EhY+VePVPLwIDAQABAoICAD6eGMMDuUN0Oq0AHP2wDfuu +mPnDVVht9VZKo4k8u3ThR2MxqbJxBrajupVv+VZ5tblN8DYDNIWuBLGKXfWvwnsz +/2zKKQjZv9n/syfBiFWaSwxpa3Z3UTWz0UYoIAF7/vALMAkAXi7JO3bbEMes8SFn +GhGxo2A+/ywouXFs0b59M8sqSjzPHIdKey7SZwe2k/SgXLWBFxmAGu+c/BGk8Y+0 +JsB5RAEh2ldk9ojdzDA9XhsbOh2JFla7oYpKVhDP9x4NUNvo6nXT829iiuTQPfRE +OZeLOw5NgdblTCS88JS43lL4BfN6JPmQeGYnx2UQihZ8KbhCUDPYlvyEo94mh60E +pvHSOtfkem5cXjFtbiqYio+Zb6spmvApYPKcOHMkghJm8WwQ7fPMIqbPu6FUNKa9 +3Jkm60x2YX0g5abWNIDOqPkKOAXWerqShPJ+wIqw5gfGVxFp7dfZMdQSXTIzlAz2 +lbcEenReT5VrO8eWxJ+uSgdYxL2FbSTx4MB9UKcHFcTdkX8l4VSViiIR7TznVUg1 +GQeJoy1DwG4bPgN4XYi67TBsGs35gwgIUdPfCRxSYb+2EC09WatMYWppjTCn7Orz +JkhM56mpqjODH77sqfIvWuZlwrq/vJMuw956eaz+S701rPbml8Zrf983r8FGcgTN +UoUB4AQIpXx8/s75VtXhAoIBAQD4SAk/xycm09khVZyAnkBf0CRGUNotlmt6pnwm +Bmeg43/Kmv4Q4x3Vnwa+9UkYPuJalyFqGHvWBn4V1cipC3OeNMnd1A2/0cChE0z8 +yEBdoOXPrxDNZAyQ8snB7Qpje+oCuwvFNR3i77ul99TnhltxdVDBde/PWbJjbZWp +mFiP+lk5JG5KiRGuyBGq+HA+INvv55fNTYSzpi9B+Sc88iNXhtedmQAhuO82+cbV +k7RqL9k60YJoZ93cmrxeQ0i+y9LqMpptpCvg3t1qayZ/IPOxCpwPuUiAUaHtcRYR +y2Md+w36VQDWWUX0BuJaPpzf1DWNNMpDmMm5v54DD0gyVwB9AoIBAQDZ+czz7Jzp +ICzi0NtgTGoLeGFVDsBiaS7myPvpEBSGjrv/EZPiIt+/hcKIVQWe8NZ+sJ2JgWZt +XeGpvW0Evd5vBEUibw79OxxU9Ack0yEZhxXWAW5h65vCa4INpXqmRfI1C67bxypD +5l8F4yBeY/zNGJTqbmgq7+OjJUjmabpOVoJZ2mWDEZFOxvCb9UqYhaXZPWfolbYS +Lakb0/PvAWtdeRA9LRWKr2dmq6EbeZ9gXnDlByP5q8HxRmlcAymfqKhZ8Q0jXbRb +28bf7LEpSZyDY3Bpgo4myeqBZWpyFv6sjn8DYJ6LoQnA4FIsVWes6sYtmMKTQxTR +LSUohHg2juobAoIBAQDfxyW2+0w5fcX9eolVj80bzqFzUxpi7mmvIXFSYIF0jLg4 +p5wJIntYeD3/TVt1Y/BmkEMIukqbbDymd4qlenHaDWBI9QDzfB1v0NKaH++LtCKO +Hw844E1HM91PUdQEOMKBdY81TxvB2Cu8enTFvN6ck42W4TKlJAZaAYJcWriwBIf4 +rfJOcd6jNyZdgBDCnqE9SPMUkyLhPQ7pGqUYFHJwSFP8ctOgkWvilBx3keqRrtDP +Z9hvO/bHCBxxpZlihplyhuuTmN4Hjzfn2+3VtaCPWK2yqmBDb9BQD5ZBsZyDgC1o +DMd1av9W5AGOL1L7luwxenw3kvV22tOTlGmRHcONAoIBABr4cqiX1U5vIb6q0woW +SmTC72Aj5CAJHbmGkszipXeEv7Quy5qGcCL1fP17b6eb6x5f4g46iZ7sp9hlzNBy +YcxgveEl1rf0kWvdiei/iu/qrAP/x1WsXmhu/veLSyK5st9nY6pj+VHPdmB3GvEy +8/u4l+xt3su5RPRRz7RazqeUwqo1gKv4B3+0096oOiOnHb9Efs/jflS/e5Yq4prn +FQ7KxPyc0HaJf4TPpa6NnO/Cn7tm58ejveqJqM2uwn6z0qjWT6bZmFBpYDEiy0Tt +i8UiD62ubsJT54U9NC+LstVNCGA1m0hxk5Be8Sv1IU/e+Mh5h1HLUg8Tw+5AfdNa +WZMCggEAa217NIk1Ui1kdnPQR5lMgs2euWQjb/H2IBzCjuJA76SlLWZs+GDsmuhU +PUWhoGrNbq9GUXmsThzPG55UhWGzOrjErN2maglsixvf1PHrsIfSCalXki5qG0Id +dRnjlgmvrmconFSOR4vD8GcNANtZRJkMMlFw4QOo4DX5umvNjERnhfvHEIVLCio0 +dn5GBd5KgzvOrBiNzrs2KcYDImytWpFywVfZqOtk/Pi2/MASGuLlAKb8n4cBoClF +XwjjxHdAwujL0JX3PtlynfkuKY4aVG8IC48CoBVJnGp/nnsQi1U8OUYTbmA3la7w +pIh+zhPUQbWVMaZt4+xpZ1a8nZ10LA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter05.req b/test_key/long_chains/ShorterMAXUINT16_inter05.req new file mode 100644 index 0000000..f4d6ad9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter05.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTZ1Su +CBMVwMegIryArFUwbtaYZr84AyK2n4rxtULbS4rzuQ/TnqMZ7tHAu5Di3nP8dhOR +5raHmm7gY8xOCo1pUs0AEtsqtlD4IlsldlJHq5twk5hlUX7umxL2rnnFLsur8XEZ +ser+dmcTjRqR4P48xaaLha9Q5fx0Xfhupf79FbXxT1sWwN/1itH3NiWWJnN2D4bA +FvRgUAdhpA0Qaztn8RqYPUAEuCV4NcdRIp5VDhAK4l7AKTJf7VRtPtS7qWHTpGj9 +i0snR0h4j9Q1UdplNHV5IHnf71UlLZBn7vqWrPUhlJyBWK4gdfoS4xzrKZv4soL8 +adMIL9RjvzodknXmPKe7NYEnLBmem9D7l7FubJ4Ibdb8pKbYvH+BTkVfQl188tFF +i1eAECNmnO/oD2l4a5o8OoEVMKN1JNczuaWK2nKAFpb8pWziMykaQnVCyI9vtDvB +gXy67xxtT2eJATBGYyw+KmvBb6HFkYxlggBfxf0DFzA6yEMTgdJ3JTPgA1uDQq/e +ZdlxVkTIhAFI9PVPi6c/yQTsQ+ypn/PO7N/lVH2nugFZ7/EkSGzcDsOFNkzn89m/ +nkBCkVS1aEuKOiFiUN5VKKplZd96NnI+r4ySiwIkv2hC7hnzqGBowWTT8ZUmQEHK +DWaRyz86vpYI9QZzaanDVg4B///EhY+VePVPLwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBANJ1eNsX/LVYqMoXfZWv1sl+17Nx1Oeb4GljGemOVw7C3I+MOLD9VF7V +ZdOlcv4x8NI0y2q0OP5dc0CIl6rUT/zfhbFi5HNWPZuK/ui/5InIK9jk9kz9BCNe +p2JfaqHdQUS+3FgovbdhiYh7twttlpSWT5j8nfKWlXFD3CPxGAFP+/oKQJ1Om8ve +1tA8X6U4HEBG9xaxzzW8pCTZHyaplXOoLl0SzrRFcRWZjSYARHh6djVSu3GDp9hA +PuDCxc1bpGOCoOcIppKp8PjfBMblQFoarddLU634NkknAor2Oq36Yf8HsJBawPg1 +2EhBosn+gziEhxPlJg8ukOJN+1ScKeERd+qaKno7pFdKWbzIiNvJ9P3e/Hu+Czs5 +bYf5tK+UMC73CiQ9AveS+8OEep7HClsHKRlI0ACDjSGNxey8JfZighaLy7W3+EUr +x26lsmwAJfoz3o2Rqi6Xk4jdAB0EXLVW93ERcSm5boeirdMgwGWjN+HQXDS+AHA2 +Kh5EOb3ma+i7z1qRsnT+/R0oYgrpBaHK3PVQohpvElHYZojNX4Wdt/RxWXWtZgmv +TOiEl4UFPuWq/cDL/bqPiTDtujUwXZoy6XZs5A0g6OrTBJ49neOPx3s/4Tbs6k3o +DAOkgMObNugqo5s2jXF/yoMwnMnSxJKqkUMQtLZH0u0lQ2TaPYmB +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter06.cert b/test_key/long_chains/ShorterMAXUINT16_inter06.cert new file mode 100644 index 0000000..b754f08 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter06.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTUgY2VydDAeFw0yMzA0MDUwODE3NTJa +Fw0zMzA0MDIwODE3NTJaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +3Q0qLOSCYJjfUu/an4x/fxnLdm9hTMoAI0eV17EaNGQtTxTy9mhccEuHUaLtNiKa +h0HyUJRqspNDBt4XD1byYKZu3q5wG52plAd+OYLRuIpyzblTUBiXm9VTsNr3186s +nKStLKOC+S0bLziRBx1FAzoEZfBgErtB7PVVYbdxeHkS561eRaR9albJXgdVnzPz +yN/aAnSKSODHZXqSelS+0K5A/JPNtS6/zAlTDE5f1S/LKAjSMxG5NPnnr92M9ZBi +ppa264MYMmb6AOjuqrEFZpvr8LoLnfClBnzvzQajmBEMUfx5WzMW/upl50ftJgdR ++D6i4sflACkXjR0L4trCVmsyGyTsUt8XUYfkSKm+x/QFaz7EgVxgF4yfzXYVdfAn +vwA6Ut+wKXu7phYQRhCpxbM63PVgm4ppYsJWT1/4zGoXNd55lec5BTSV69sBYWCD +4qK05A9S9b2/vss85kVe9/5jJjqs8/t/clrreXA6KfsKSHrt2BksJy0ztm7kMjl2 +qbOmJVOXUDu6NuNTjIhWIoxiL2mxkZbwQr14Hxxv8vvK9opX8R0Lffm+fOA+cQph +dZWk9iUD/brA5RepvNvk7RBygvlHSA7DBLnA1C7AWIPDWUsj0HQ+Piv1U1z5+wOz +SGBa+nledPTajV80iEDUTH6Te9LZwRsJyoApmIMx3ksCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFBkgY7o0iDHoCl1FIbnetn2w +HHT0MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEACcGsqSGLR9q+0En1RFQyY+E13ydYVRadc6pYtkfsJzKLIcCqUxOW +Fvv99Y4r4kEBoE8AEfdAECXDx+z1RiHC+Nxcj9DCX2+XQzD4x2oP6WUPy6+wb4JF +kQRyJvAE/KVTLUjDiNXPole8UcF0vMjIuSMWaxuYN+GPNsmle7w/dInVw4TdJ53S +druB/p0mS+LZvVmZ+C0SOTE12Q3HLWrQWnxynpGtVjrA1DVE2bIsgRoCQq2Mwg0R +y8TA2J3OpV06sVS3NtKYnug+L1HJr7WI6LjjP9YUHTHKOHMYosfTT5EHRpIx5kmt +KXNRJXiDCb+4EkDHs6TjLlvjS6HtINUTECG0DQxkTBLw8wGy4pvtvMUk8tra2gC8 +YvnviMsv2oAhMblB0wDAln3VnKPP+emKyh1khbhjYQn/STMiZkImQrgthTJmxrUW +eyDwpsswsTiz0mjN9YUpYxNYK1XoOuA+3rPqL5oED1hvMsH+ejC1+bp4Hf5sfz+1 +poeRkh7MLRLznfcD62YsPCalk7Bw16nYWKYsHTBrRKy09pZldz2U5jMrgaDyg0sH +N7BBVcZ1LwVdsVlhux7LRyWC2qzLeciz3PctuU6chMIbW3B1HiAUwiqILLh6gG9y +2np4fk7I9RPrRzY+d8vXKkBVBrwo6osapvruEhjG4zhm8wOqxn6Py6Q= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter06.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter06.cert.der new file mode 100644 index 0000000..48e4f4a Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter06.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter06.key b/test_key/long_chains/ShorterMAXUINT16_inter06.key new file mode 100644 index 0000000..005a9e8 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter06.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDdDSos5IJgmN9S +79qfjH9/Gct2b2FMygAjR5XXsRo0ZC1PFPL2aFxwS4dRou02IpqHQfJQlGqyk0MG +3hcPVvJgpm7ernAbnamUB345gtG4inLNuVNQGJeb1VOw2vfXzqycpK0so4L5LRsv +OJEHHUUDOgRl8GASu0Hs9VVht3F4eRLnrV5FpH1qVsleB1WfM/PI39oCdIpI4Mdl +epJ6VL7QrkD8k821Lr/MCVMMTl/VL8soCNIzEbk0+eev3Yz1kGKmlrbrgxgyZvoA +6O6qsQVmm+vwugud8KUGfO/NBqOYEQxR/HlbMxb+6mXnR+0mB1H4PqLix+UAKReN +HQvi2sJWazIbJOxS3xdRh+RIqb7H9AVrPsSBXGAXjJ/NdhV18Ce/ADpS37Ape7um +FhBGEKnFszrc9WCbimliwlZPX/jMahc13nmV5zkFNJXr2wFhYIPiorTkD1L1vb++ +yzzmRV73/mMmOqzz+39yWut5cDop+wpIeu3YGSwnLTO2buQyOXaps6YlU5dQO7o2 +41OMiFYijGIvabGRlvBCvXgfHG/y+8r2ilfxHQt9+b584D5xCmF1laT2JQP9usDl +F6m82+TtEHKC+UdIDsMEucDULsBYg8NZSyPQdD4+K/VTXPn7A7NIYFr6eV509NqN +XzSIQNRMfpN70tnBGwnKgCmYgzHeSwIDAQABAoICAQDI3iqiCq/S2XeuJNjUPNaq +h6UUpVeUcMa5SFaIXp3CV/m4MAAsG19Mh8WaUGQf2kfzeuCXipZ+WUUCG5R20vqD +CxoabgbfgWBUbI6t8gtjFyQFf0+OrBoweCSJxCCNUXgXC6l1s8vTY8KdIVjgTx+k +M/dFLq4Ot2zLx4/jsM+CuvqL3kWZIUT5+Y0YTa/ncE0qDwhLTN1QJjnrI/uxAAs5 +E+9n1WOLLcUJwrtdpmZ9EeYZJhLkZ0mWMzTu4XMyvhZ27OOhlUnKmzq40vH119Bh +knRPFrBxv/glsigydcL47xzz72nTjtRpplQdW4XLFcHNxBU94IleoPiOuYNQjJsk +PSgRqTaYFw3RYCRT87zcP6TUYx8Msl7+Byh8mkxEUXN89ogr2wYalOtoCFdPMMWX +fzktnSg9YAmUE4NbUJvbaA46GaimzowlNVJSq9MvnQ/JrNLmjToY0A7mDXZ7bVhk +w/s06z+dfroRDpo30voKh/vLbD49ioXrT/BScwznNYwd8IK1JIC2FaFPZSBo3FNX +DvGW/oaZwFkhkcrConxjydMprwSCCQ9ICOASxJjEh6tg2AjNkjBI1UsD6iv669Kw +r+RVd1wZkRlvqFrruKSkH0oj6hLK35v9iIe6f/laGHqXOfkI+O9BLYCyE8EGPd0a +PZa9tTCAm7l7PyCnXFL+YQKCAQEA/WRWyt0PV+20rfwFPzHlkeyH+f1hTdGrEgdM +iJTX4JBwaLO0xbLei9+B1y1D1Fb0kwhJlliphe+wo9qLNU31RJKh7KTkNC2PIyIE +Ttcufy+yDmFX7B8MTbr4KreAAxWqoXJi+IVYqOVIU2Ks228E1YDWcnXIiJieoP/e +eIItgl+QguUkqOVejpYURYtVu0zGGiT7eu8jJ+ZY7Zn5Rb1yhlPZn1u9RT/RjCwR +fc/LmwxQPlE57EGIVSlkw668PDhxm9Yk8E0It0Sp6S+kiMbp8OMP+ss2JJWPrG3e +ycYROLdzQka3lRj6jTzciaNWLMiywqiyyolqZH3gfd9vIjzu+wKCAQEA31Ocoo06 +H7tsJ+HtOib0K0RecHWSO4w75yyWA4VX5QJQA8H7GTzBiarMDx9dSBXt14IRWf5c +frESL5PW9fBYjOp4GSS4i93f532uA2B0d/QL3a5Z8yHMCKqcP7zwY7jq0XcaAQpG +B+WpvIRHheHHoxd49C0isegIkmlRUk36D6RSPFYLRmlak2qEgRfsvWoMyTUZn8kh +wP+CxudQqUKO8cvrb1UctHez1pn3F+l+Y1Ol0HluonlBjVjFAwGoCpr65o95WJHW +OZm3iu4da2Gxg2U4+T4zUBJ543bH1nBzkRPP1hZ75HjzQCipIiOrVP0Mi3rDr2lj +WJBYnsnODZls8QKCAQEAmoJGkii9pGYj2Dtmj6RDUfmi6ILihGsnHzUoK9hm0l4A +zTdXMX3iSfQd3jGRvLbRJ57UEEM8C5meYitu2zAQMKIg7oWVSWPGdivV6KU5iwBw +WGhvDmHYRMWPcay2+CqMAyoWw2e8KjC1K3Nt59gIYI/RM7Yyc2hswcuDwoPOcEMJ +gWdsNTi3scY90jImMrGb0nFejxWmoDvLWgabgzUD0njqqEtuW/2QLyLn/4lno8Gc +ZINvCGrlUNiOwuuXiDj6vYWUvJqch/Psj24nq+du2x35rnmfKCuykffk87A87BKg +y3cHlnjGvryv1ZWthF1U83Geo/Wq1GAVNWu6/mudZQKCAQAxLdhwc2k5U6ydm8MB +61IZtRSW700kj90hK1Bdth+E7t1v9me1RwvXpSUKr317Qlj9/EaV6s2zmIrIr2XH +AwZ9AaUw5EU/h7ym3aZUWAlN4RA74Qkt4WNtBSUjZBgL3czYE8JGOFzzoD+gpACc +Gvw7jg+0tbvOMaqxkz+1QDaw+x6g6tHQz6KClBJZ20rm61Ole2wJI+Gq/plt88Jv +g5i25pESE0we8b1IpN8lBOYwOVtqbVNPtCQbXFEGOHco3rghzbaLKpJiXNduYMFZ +xEmzBbdmK6xhFbCBxsZ7EohgilxaaNkflwL6PfoA6pnwPUll7cLp/etCtYbOcOJP +XFoBAoIBAQCSqn4FFM4loljYmrdZEOxoT20EXjqHEo/3qLeJpQpA8t4GKMjdKHU9 +m/BkTfu6mUQPsOPncDAoI9g1xF/r+fNSk1kJjdM6B5F6LXimAWumjkhGzB5eSH1i +PXDFLUHNgqTR+w1M4ZyMiiMyHBYgQGMqItPIFvxMWa8T252uuWxL/ItxXh8zDVej +OV6H5G1rXLHIuYs/qXvHMrwxzVatMadlhFoe3dDDPquDpHN68GACQlYEnSFoirRH +3/FlHEyx0JXr92ap+zFVo753BDGV5u3Rdm5/s/Q+48+r8/8HbPxITHaVHHvDmjpM +EdhzeR5CwkT5eVvpU+p0BtevYwSXgYv7 +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter06.req b/test_key/long_chains/ShorterMAXUINT16_inter06.req new file mode 100644 index 0000000..b9f6c1b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter06.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDdDSos +5IJgmN9S79qfjH9/Gct2b2FMygAjR5XXsRo0ZC1PFPL2aFxwS4dRou02IpqHQfJQ +lGqyk0MG3hcPVvJgpm7ernAbnamUB345gtG4inLNuVNQGJeb1VOw2vfXzqycpK0s +o4L5LRsvOJEHHUUDOgRl8GASu0Hs9VVht3F4eRLnrV5FpH1qVsleB1WfM/PI39oC +dIpI4MdlepJ6VL7QrkD8k821Lr/MCVMMTl/VL8soCNIzEbk0+eev3Yz1kGKmlrbr +gxgyZvoA6O6qsQVmm+vwugud8KUGfO/NBqOYEQxR/HlbMxb+6mXnR+0mB1H4PqLi +x+UAKReNHQvi2sJWazIbJOxS3xdRh+RIqb7H9AVrPsSBXGAXjJ/NdhV18Ce/ADpS +37Ape7umFhBGEKnFszrc9WCbimliwlZPX/jMahc13nmV5zkFNJXr2wFhYIPiorTk +D1L1vb++yzzmRV73/mMmOqzz+39yWut5cDop+wpIeu3YGSwnLTO2buQyOXaps6Yl +U5dQO7o241OMiFYijGIvabGRlvBCvXgfHG/y+8r2ilfxHQt9+b584D5xCmF1laT2 +JQP9usDlF6m82+TtEHKC+UdIDsMEucDULsBYg8NZSyPQdD4+K/VTXPn7A7NIYFr6 +eV509NqNXzSIQNRMfpN70tnBGwnKgCmYgzHeSwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAMpoPSpA7HvZtHv4xCmBDeims3JGZMHtNg2V0NdouLTG89B9fwW6IGJP +NcWQ4UyPANSu3sKvqoZNiqJPQ5xMLOSR4qx4GsB2sO2GbTNpSue4tPfLMeeHn/pg +4JVjXf6XLyYdOBOARewiF8eAR7BnsvKvzREkdIGWLN+HioTzH9X3U51ePhkXTJ0Q +ZBsbK0GZ823nYriiT7qhJ6Lalj41aWjKQ9DiVNmJrc7NBkJskDbHGfNlegwGwQYu +4Oe6JTE5F6J70c3RglpHkdwiHQj4Bu4t1uXEDJrmcrBQDQ/oYHmAkicBIgHsDqxM +t8JLPy5RqehbxWDz3xnHc/a/IDylEHRmAZAcxo6s5xnF+79KWEads5Q85ch9n3st +YTSMrQjdwI1L6XY6kZ8HujEhBPpHbCvqJC6+FhjiQAy3fT+PTTP0AdwgdVVPgKoM +0S8BAws5vTXx1yDC9H2PqF9iYGBVcr7KDkDnCIuhx2a5NdEbxvqHAdmYEmRubKSc +rDPFcAiQuJYEuv3Z94oX0jU8NCd/I4ocp9WS3obS8nV1Uf3wOiIrJA15MsR23zUZ +VNhWj6bDAnxQ9jaFB2FJZ3u2O+u0aFFLLiJYa9sVb534pBPcTpxy40NmfAIQQI/S +tYKOy6xBbGClENghkfOMY/jMw8+qUS8Q3+VOEWqUrTFezeEKR9sI +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter07.cert b/test_key/long_chains/ShorterMAXUINT16_inter07.cert new file mode 100644 index 0000000..396234c --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter07.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTYgY2VydDAeFw0yMzA0MDUwODE3NTJa +Fw0zMzA0MDIwODE3NTJaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +v/WqEhyJTVWn/OTy8Ak/T+vwxxu2mc8LHtxZvYOQauUmnuD4bqn5NaLv8+jk7wvp ++r9FcvD1Lia2JnQXQBiNw3VHoexgT8zK/EqB1cPBG4sEUVX6d5f64epwky9+q8n3 +S3+EMgwRydJV1Z7x6yBRXR2rUGKB4y10FhhsM/JZNQPhoZdLgnHvm03B1hBzI1bY +++Caj6QJgvLBee8JSRGS6Vc7GLCdm086b31InB1sx9B2Sdg/ZpDBF967h7qb2FH0 +21Rbe2Y10zcnjZXMl3Z8l8zXXMGJGLX7xpfUyGNf8Yq/pJMHMiqbZoynjrfByS36 +Uy5kA9g5qpZXVt6TYi909Qegbxn78Pt+umsXlDP0PjJ229q/wvUoVm7Xa2sTQIBn +Ar8qoVWEQyyvgE4e3B1gZan1aO8jm0KLS6erwyQl6DwywwRY/bGk0z9csmj1Ygpc +GhLXxWlWWBKhIiRHi25Wa/AbzrJ0q9rLf1VZvc25LjWgnNJdT7iT1deRC1Joh0XH +UJaEtAPVE4bk3D0Lr/+PIioYmwnUO6YdZ9FQDVbu24OBeuJrZgOzhly19On0xnki +MskahTvu/RMs9p1dl1Rv+dlx5RqLeH5bLsdQ2S9Y7317WodII+SjN0SHnXsOh5ge +Jl1yr9SjR717M1hFEXztRD+MLjheN4hhy5U1urG7rBECAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFGqIOIDPp7x5OXtmV4lAgxmm +ToINMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAajDwfQ7q7GTkrE7V0EL94QaDOX3hJa+D8/EDIEl6CpgeP6PJvCYk +Qwrgwv9Y7Ldd6FSyBud4PWxdhJpzlSXj+rR1X0Cq8vE7S0odL6Q7l7rdk7V8OZp/ +aiFpOo2RNxY9zLfN65OI5Pyi3xMm3CapmSLG61S17rEG5fyjR9PqsuA1h4AQ3edt +tVef2nBviSkRJWwufZCBvIKpsaTfcUwVSYg0M8kJdmqcPBUPYZkxObBI5JdPJwcc +yIvL3CdqR1Gx3RupPNn6Aui2465HCn84YY+wnluKsYpewy38vKi/MgjDtHvEkJpR +1W4btYgEhnsTME2uvyIG1HNw/mBN+g5WI6QpySXVrgnuHxsXlfm4aHhBaiNbmV6S +rSdJTm7svmqcsyr658+TLGbO9AkKC/Mz+HJL9BtzOisiUTfzp5WljAqfcT1KFDnG +YsOkTq0gUiVMd7pCoWnI82Ip+ryePocwJOgOKJtBPr4g6+hXDoanWI8A47XNTF68 +mNMt7a583CUBHwK7Il/6+DSkDcHJah02nn1vmsL91XOzs21cFUVMHAUorQV8jiZe +Ycya4mz9kJaLUF4fuk3pZL89yGLHFrqtcjQGMA6xUAttOp/Z4Vy9QA42+ex8Ah5n +rLnGXy+3SUL6ARmVGWb9bzTWTS/EEAbxhn66eG7bTCeOpI2TXrz9yFY= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter07.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter07.cert.der new file mode 100644 index 0000000..93b9d53 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter07.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter07.key b/test_key/long_chains/ShorterMAXUINT16_inter07.key new file mode 100644 index 0000000..3145e31 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter07.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC/9aoSHIlNVaf8 +5PLwCT9P6/DHG7aZzwse3Fm9g5Bq5Sae4Phuqfk1ou/z6OTvC+n6v0Vy8PUuJrYm +dBdAGI3DdUeh7GBPzMr8SoHVw8EbiwRRVfp3l/rh6nCTL36ryfdLf4QyDBHJ0lXV +nvHrIFFdHatQYoHjLXQWGGwz8lk1A+Ghl0uCce+bTcHWEHMjVtj74JqPpAmC8sF5 +7wlJEZLpVzsYsJ2bTzpvfUicHWzH0HZJ2D9mkMEX3ruHupvYUfTbVFt7ZjXTNyeN +lcyXdnyXzNdcwYkYtfvGl9TIY1/xir+kkwcyKptmjKeOt8HJLfpTLmQD2DmqlldW +3pNiL3T1B6BvGfvw+366axeUM/Q+Mnbb2r/C9ShWbtdraxNAgGcCvyqhVYRDLK+A +Th7cHWBlqfVo7yObQotLp6vDJCXoPDLDBFj9saTTP1yyaPViClwaEtfFaVZYEqEi +JEeLblZr8BvOsnSr2st/VVm9zbkuNaCc0l1PuJPV15ELUmiHRcdQloS0A9UThuTc +PQuv/48iKhibCdQ7ph1n0VANVu7bg4F64mtmA7OGXLX06fTGeSIyyRqFO+79Eyz2 +nV2XVG/52XHlGot4flsux1DZL1jvfXtah0gj5KM3RIedew6HmB4mXXKv1KNHvXsz +WEURfO1EP4wuOF43iGHLlTW6sbusEQIDAQABAoICAQC6mLlbpbWqISuM35lvz+1l +aTrCsaPM28A5nYT2fd9yqZHjO1kDaeLASsTp2mhAHtqxTiDaXHRZCnRh6NN5EOUt +LOIW+smciLyAhoSzIPikJ3xo/CTfADN2TAhmavK9VzQ2hZwhci4Qe4/Iehs7rkyp +MWAIYdlU1ihUGiWEUX551G4OQB28jbiWxP05cwAZSCDgpzJXkuNUEVoVh1EFYDno +7Uya8YQjJt7s5WIhr1DA41k46yamMuwgofi1Naasnu5gDh5nU7HawXCHZyhby2fN +v+dRWShFhxFZuNm0eTUYfQFRn0KNd3FcPDnct69+Ol1tYlkCi7tyoXYBEZc/CFas +8BwfSZfTcjIQ4se45eNW/IM72GgyPG+FSbGa0vvq6ucGD87vf3fJS6Qqq6MkKv+w +H/3iVDdhqO/AoD9ywBL+2V3mZvZLwP1lqvJlSFZ3VAZq6L/mYLsUjeVR8RNT/jg3 +HtkxN/9Fx/emeO9lSXehb02GVC7tGEM6bTPfE45ixEKVdodGKUFTKK5uWxofJngl +Ni/Eft2cQY3uNuGVaozAEKVUsINPP1cEw2pvhPtpVva2YGdmwZkKqSFvBk/CgJUW +bzegB0+ZqMVxO+djOIQEIGzOPFvW3jGjvpW1wkhKOTRZAFpd0a1K9GXsl4geg2sx +vsZUszRADs45/fKqXAG0SQKCAQEA9bNaj+xAiIBOWOR19ld4L6KbwZE+uy2ppUfl +a6bSyNP7BDNE2lQiTqjlLItsILaomkeFvKqCEZoK9kVtkD4Y/mGNl5FLIcANcxW7 +h6kxs70K6zQ60QownhdWNQyA3HhBShGSIycUipDqcgL9GYfimrldkgc4z/tEDCCd +VGjPWz06ILI2T0k35ZE1RnR7hefiGQsEn/wYarJ+82J5ua6lsWJP9nJ0oNzDcs7V +5LVlcm4l/OpUBqNtKpV39SmHTC1LIXGppmUeE8ELTnUN8XD/3XCiIoDtv/W4l7+2 +E3bXJdB4P3KttkJ+Nbr45yebwV58J9kjELPTmBnXaY3O8zN9EwKCAQEAyAGb4+S8 +XB1cJYSbEllEk7nQxbv0pwReW7NNPRiMMqTYG7Xve53o3ksOH8rgfLlRTbM7Eosk +TANahgxdcJWScuHKL1Gl+qjUphfyjaJgyn2ZBgRjyDc8pQiWdIq9N1z96SvOdxwo +KGZv8rCe5aoFtlh05BFBlHCp1uP9zJDjVDo99xv0KMc/xSo/9sYI/Cz8YunHxACE +xYHZEjNyyntgJUg9Lqms/UJb94+OIA4UScVtr6yVP2woqmTH+pg/YmmJc0j2G379 +DM6MG329ydTzQ50R53lowGpEKD8Ip0biT0CMB6C2vX8fwncQcW8Gwr5xo7nw/RUJ +BU30RCp4q0BKywKCAQB1dRJcL1MCbmQF9uG1rEcWbqQLO0ZD8SZijyZL+mpV+5DK +hz/pJ8Nm2zMDwnskgG3Fo195vAGGLKAE71fbVvRX14b66EiEj+1eEQufZPEPvdXU +bxmXCUoIqZtarOmFfC+qGxBDodEeFP0fF/KrG9zmnqruvmkYdEQpkAXmblyCf5ik +PM3dxWDlbC+NyO2sLBhYZH4HhVqe10n9TBxo+ebYD+muJTVAGYmN/vcd6OHgfGvI +prUYn1P2wZGhMAMwFY8PI+k4VKq2QtkG3sqVm7GVyNyZpg0CcZOXZ9zBHVTpDOoP +WuFUeiEfyoxm5PZ+0I6F9jXfLDiBRAlIurQua3TlAoIBAQCcEP1W6A6/Bj34HLBw +se2cJFuvYAn5JaSHg7MaoIQNpKnpfZ9A46hphUGhN0rSqDy0F85Zmu+YzOkfPpjP +GDeto1iEcf7FSGaesIMZWAKVH0p/8n72JXwR/1B/4h7iC5MqFn/GW9dOJxjl1EI5 +TeGlNwMHUBvPO9abk05hCRIKkGP35f0wsMGnFV/SLRenx2atvGSgIhN4lukOlczW +CU2t6d+sAMS23sgqtf8eLj5QjlkXwuC3G6vjwj514cVcAqQ5rE42iHHnQ2j6rrSg +wKWONgtZh1hhBMroaL9U4DAJzYE3FoZh+ceLlCLlkNBCuB6utpJAueBPHlQjuMxu +PP3fAoIBACW5/BvzLnXeAz1bJ9s6xSn9sSruKd3vlbDSRHVDt//CXI5KD9H0TlOz +KzKe4aUYc74VNnyzFVKz3oocF/dYFeQT+N/RnQAAWqXVRBP0aZiU4VU3UFUFnPva +BE1FDgV50ssGln0BROOIL+4yu7ZM3oYnygDOV/j6CIBXLEUZSpyD9pOggKRPjJ52 +yoiCcsdu+rR2gCQH+5pNTUx7Vxr6DfFnF8uHtOdSmuYTbgrLKwDYY9WF/fmrZWei +OlzMzVGNMhS0UmdP037//dAQoTlpooz4EizFhWfOmeJ5do9LQvfWkSHhuWj3I01k +rqv0RIr9T4cTEO5i2TuPKRBtJvJ4+9g= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter07.req b/test_key/long_chains/ShorterMAXUINT16_inter07.req new file mode 100644 index 0000000..da0dc20 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter07.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/9aoS +HIlNVaf85PLwCT9P6/DHG7aZzwse3Fm9g5Bq5Sae4Phuqfk1ou/z6OTvC+n6v0Vy +8PUuJrYmdBdAGI3DdUeh7GBPzMr8SoHVw8EbiwRRVfp3l/rh6nCTL36ryfdLf4Qy +DBHJ0lXVnvHrIFFdHatQYoHjLXQWGGwz8lk1A+Ghl0uCce+bTcHWEHMjVtj74JqP +pAmC8sF57wlJEZLpVzsYsJ2bTzpvfUicHWzH0HZJ2D9mkMEX3ruHupvYUfTbVFt7 +ZjXTNyeNlcyXdnyXzNdcwYkYtfvGl9TIY1/xir+kkwcyKptmjKeOt8HJLfpTLmQD +2DmqlldW3pNiL3T1B6BvGfvw+366axeUM/Q+Mnbb2r/C9ShWbtdraxNAgGcCvyqh +VYRDLK+ATh7cHWBlqfVo7yObQotLp6vDJCXoPDLDBFj9saTTP1yyaPViClwaEtfF +aVZYEqEiJEeLblZr8BvOsnSr2st/VVm9zbkuNaCc0l1PuJPV15ELUmiHRcdQloS0 +A9UThuTcPQuv/48iKhibCdQ7ph1n0VANVu7bg4F64mtmA7OGXLX06fTGeSIyyRqF +O+79Eyz2nV2XVG/52XHlGot4flsux1DZL1jvfXtah0gj5KM3RIedew6HmB4mXXKv +1KNHvXszWEURfO1EP4wuOF43iGHLlTW6sbusEQIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAFBZ5Shfuk2u6+feJwHzSVyr2n6BtbCR3xy3xTxIzWdfNB208Mmq/cIR +fg/UJ4jPAMleznPWkKPKyjPQj6MjS5M4WYbgPquop8Angzs0sPc6A3/7hakCUuqZ +KZi2B1U4NaJmY1xNckLu36WvSsJo6xzoOY19/pmawa72HvP9rWb1t5r5MiYyZzKd +cSxnZai0/Arr0/GpEjdlhHJ1PHVgcxHKt1VwjbczHeQGuEN/7aBE5pzaWDSEhb32 +kKlfnz2H5o4sZ9lWqUEO+fgyPGopHUZf8sk15D3ckHMqNr6CdgwazJE0Q0QVIPFc +AZW2i7FazLSEMVBzArZXMNhyXonpgqn5J7jSGOVvxIWI6Zjsmhv/yYNWB4pawWnU +rgm38Wx556DXvjWnLfA9YdDXCnLRyO95qJOBh3KiTlCfFfS1+EBvSN14+9wVZt19 +cP+OtzTyzDvVREqp1+Z7q6FpZbxf0l9V2fAxFj0sCEqEFEw22qB/BUst2gwAbrI6 +4UtNYNLCjDDlDOoLIV8Wm00J2sqK+2Dip1CyFuon59qbRTfjvj17YqibWFOdDgN3 +dwZfJTnWatb2JaoBet7pppqNWb0qC0eBomesHGyRKOBYoP/StZWBhivgLv5ydQf3 +j5vsBTTkaQNHCFjfsGccdawQwHiOffEPZcSzGqnTEQpPKRLFgt0q +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter08.cert b/test_key/long_chains/ShorterMAXUINT16_inter08.cert new file mode 100644 index 0000000..175c7e8 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter08.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTcgY2VydDAeFw0yMzA0MDUwODE3NTNa +Fw0zMzA0MDIwODE3NTNaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +sX7bqJMruO81F+eFACd7q788XnPjbxAKdZXhfPyIRO6C51NvZWGdFf/3Oxae7Fwq +LatU21gW8A2YZw4feFF+ilL0pvrhZRF7zBYzfOc0tvLTkwe0exkmMhpE33rKrkGv +sWcYzq4bY9iqv3keEzMMYrtKQtQah61SE9hAoegxKFLtItRiKN3hrTfm3PQaAnis +9tDa0jH9eUQj1+th0jK4qaUbvxEBS3fJ5NkKNyu77BNnS1/H6TS5FIzaRWVyEf75 +vMSQKMC9QN4eGvyedbwY8Sj2xiO0MiFtNrdb+/vZp1nOsnPiyLbafVdDJlYQC0oa +oOVsEDodGtl04TP9HdZRFkKGbjIdPAgQCWbFqVxPYOD9sp4A7bC3gpsHwiV3rVEx +eqzUd+EC3m+RudAw4ieTFVp/lhNR5xq6T7fD/UEP9wgjpWN4vhd+zyRPgZtJhnW4 +nnT2vuE8e8gksxjqXt5mT9+zec7kk9EW0fGPs0K6L39XI/FfVROhDpSErPx0o/Pg +/Pywo+KAFJujvo586gM+TCsAEtGgOE0d+sRFCCND1wyPc5tWuO9n7dpgNEGFgc2D +htQ+cFGbScE8rZ8z88mk+VdK0gMDEKVWkPNybqPiRq14MNPnYT/w2j9kbnH5PYJu +wnncQaYCa0ziKtYoWUwRCy6H58WnOEok0/hLXDIo21MCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFKg5UCEGaexdaqdnyPtDzVtW +mhuzMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAdPzrG0h8NJpGTIu9zHDuvfC3EO6Ni9/w7YO+cV/hKqLAOll4MNRX +WWNp3tboL+Dg5kdyifiJrMonHFkuC33o54jGYSN7/0KE3RNze0+uajKMRHu4GKn7 +A9tUo/S3KSmamF0w0SEOZfsB8y+E1eokA4dzFw4i4i4CBk0/OknmmpgjwebEAeH2 +3/nnx3a7E6tPbg2Cc+7tLmhifAkM7Li+WYXdldV8F9OuasLOTxx/qlYjmJmUE6P7 +EaV1ezW8qE4hD0S7XRBv+EoXv2olYeCutp0vysYN8m2ybPShgb0CwzX+Rm0F4/Bt +vT9gJOW21MvhyrEGlwZpn+L5nVtFOfzF5nhfjjiiWfcW4jbXYZMIPsNz3UQbHYvG +4S1UBLarjE/fDaWQhs3S1xETj5eazH/lSduAntIZAWyMQl39e2fzA5j1O/4yhVl1 +8P2AkkXBrOtdqwpaAJJM76R9EKHDDJ46FXMeQkzHGw/Ah0BZUqsmmOxoqoSnVBm8 +Q7R7RIUAp04CowRHktpkTfyFz7NKvdyWqZa1KWHpXi+ajb4i6mulv2R/EubsnP4P +wFOpAVNFxBkM1XhijKO+o2OS4x4nAb7PQYpGvMKBTIqv5yzCGULOC/FhwN3n5oC9 +iIyJWshYKj9J7wCRoJMb2FzXJ1E+aiuvnmYdEo8UfD/aHFu+2eLMVyU= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter08.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter08.cert.der new file mode 100644 index 0000000..cc911e0 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter08.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter08.key b/test_key/long_chains/ShorterMAXUINT16_inter08.key new file mode 100644 index 0000000..13aaf45 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter08.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxftuokyu47zUX +54UAJ3urvzxec+NvEAp1leF8/IhE7oLnU29lYZ0V//c7Fp7sXCotq1TbWBbwDZhn +Dh94UX6KUvSm+uFlEXvMFjN85zS28tOTB7R7GSYyGkTfesquQa+xZxjOrhtj2Kq/ +eR4TMwxiu0pC1BqHrVIT2ECh6DEoUu0i1GIo3eGtN+bc9BoCeKz20NrSMf15RCPX +62HSMrippRu/EQFLd8nk2Qo3K7vsE2dLX8fpNLkUjNpFZXIR/vm8xJAowL1A3h4a +/J51vBjxKPbGI7QyIW02t1v7+9mnWc6yc+LIttp9V0MmVhALShqg5WwQOh0a2XTh +M/0d1lEWQoZuMh08CBAJZsWpXE9g4P2yngDtsLeCmwfCJXetUTF6rNR34QLeb5G5 +0DDiJ5MVWn+WE1HnGrpPt8P9QQ/3CCOlY3i+F37PJE+Bm0mGdbiedPa+4Tx7yCSz +GOpe3mZP37N5zuST0RbR8Y+zQrovf1cj8V9VE6EOlISs/HSj8+D8/LCj4oAUm6O+ +jnzqAz5MKwAS0aA4TR36xEUII0PXDI9zm1a472ft2mA0QYWBzYOG1D5wUZtJwTyt +nzPzyaT5V0rSAwMQpVaQ83Juo+JGrXgw0+dhP/DaP2Rucfk9gm7CedxBpgJrTOIq +1ihZTBELLofnxac4SiTT+EtcMijbUwIDAQABAoICAG9/wlruQIwG8HJYxMrpAp5M +Ho8y+48cI4XkJmcOeEfdEKxiVFr6a+STC+q5dhICf5h6xW6YsqgP0koCrDA3+WbJ +X9i5RvfneL4mwCdZUlsOxWvabjzZ+o2ExPkiOMooh0bI/eNvqdMaG4D2g7cJ3WD0 +SF0cwqGydhnzQf6zTpYHKeI0SoljgM4AjO0GBoTA696MKrnaH2GbNW0A901FAY3I +I1ruQsL2uAQjd3Ba780ID15hB8LulMldBgyMApFde+JiFDEVio2COqU3Rg+tnnl4 +AzVK3nqTVvkFTCpJ9ltTZi3h8Henri8Iry0Y6TE+VuX12OGEsB3atrp1ny6sH/jw +Q6g5qiwoYieup4fAWC069xM6FC9tdBwTHnvjV8Nj2RmmfMMurGIuiN1L+QJHHF1k +5l5lgKmTWDvhD7e3QigK/wbWS1pek4m3e3+Aidmowo1Bk+bnLHo8MvOZGG2w3M/H +29c7REbL8DCndIakDhq67GgXOqr7jJ0191oR7v/IOOkxcsJabYIefr9+1gr8Vi1w +9flJlG47Y2jnEGc8dHCAw8gUQmpWwRTGnPlIOYeE7o1Kdc4wsxFbt+outWbJGlWF +0dXm/ZfMx86eU9Yr9dL3p70asQsy9O+4MhKOODMYHMJHGRPDE4PCAJ8+Ri3lju2M +x8XXRahokXY6KPendzSBAoIBAQDlJO5atAG3BNS0r3iIInRd1WAZsw3Y5fXDY0Lj +a3U9JOrdic6zrI+cu6703Nmo6K/tsWBQ+WhJe+B58dwSnjyIuD+CZjQ9oyZBVUQh +bYWm76rDkKHLjuVVoK5MrL1OXbYqgazvup3X+TJvWiY9PcH0dwmh7XUTrS+PGyOA +lu7huF2f/9cfupozlNPjGMev7wXXZVeC8lTqt4NjuV1CuwSOVC1Xclbs7mHZG3d5 +RUukuYm0n4iU/Tmks8BuGwaHyCFhCQ1+Xk8/DuQa6Jhf+i1bno+jLCMhOvab63OL +Wv5NHjAqEwVcdRO4pIeJz+lEPwCde44rPFxcKtmQ4JzQDhRBAoIBAQDGTExaJ2iT +ugBDrhHJuReyhSqISZyZ1Nx43DZ3zo3bBkQJVJZW2MfTTvOWyEg+ZumRXtOUZgUG +uOIieBpV00qS+b3PTKZ6+Vmid8MjNKGFefk7jjGPnBsHcsbYSqWzwrpZe82pKUnz +E+5rsqsIjaEEZFpV/oGPw9yEjcIco5Y+3rWlaEox0wlrpAyuB9MweVFc93A2SWby +Cc/w5p0yoU3IDy6C2vIt4cY1ujaySGipSG4A85zY1Zd8C7p9h1qe/8roqVp0RI3M +SXUUXigftDIIzLjV9MfvfPTsrnvPXQPqRG/wHaMP23aZSzrARroXf3F8rNiPtNov +5BW6umk4XLqTAoIBAAN2IVuhaH05R3VLSUjVLGjWdlMtD0J9hs7iyvngf67ixeF+ +2W6BZtH5S9VLGMaibTXr/gZ7HgYuJt/wtWBan5N5JQx1OsjLlCJchWDz5Jb2+99k +ae1HRVObz8Y8vcdXRw8xUkl0yjme/BIOjJFUQ3/L5ItbqO8ZKKTCxjCFFyq1vERU +ew1xpi6tSt4dW7bep3nvf/jsbDf3ebah8DS32oPD5cNyaLm/iB7deVqNn2znmJrv +5gJKKPrB9GA1bE3UyhxLJLcJ+ax8Lxnw9YxNnS3LIWRXoFg6KcuFLQOn5juH/zZD +f0s8QYYChkGgsGdlhD7cxPMGQGbsBslXe0bxT4ECggEBAKGEYiiIsuio9zApZ7m8 +dq3lQ9iQxOqT9CTJkeASMX92YhKLgI0qs9DNHSHy7s1NO/A5ofLdCjkIfMEAvMqt +eK+wlkd0sqG12qm4DQzvAKVczYIR9xJ3X5i4h3iDjOaXtPvQGJsx01cYI/o7JI6p +9b5DE0W6MMPuD/80DCkRof6Bnskk4lIlCCZSEDXsj7uLBZfIv/Cn5x88mNAqt14W +/uj2XLcfKWXv4We/zm93BTDlmxxRUa9YgrP6RaObjVe3GApcbx4G/MyqBKBbdSkl +uB9syR0U7YmHaWQjVxt3MwotRlP5f+kZpEeGfEtDEK61ErYvf5HGCHY7vOtEjRHo +jdsCggEBAIdRfdfsrxhIZ/f8+CqBeUnMW3ceb+MHK5ybe11nMP3GIYG28d4yCi9Q +aWeNQkUYZMPlvJoVHrw905wDUV8qRHJwFB8ghdRr+RXQ6ZhdT6ZJd7pUsqJuBpQH +pSj5UPii7Hesa5O1LFJqouakQlqoE5l8g99cfzIUGV4XkRwFMxJO9UrLqWPsCHh5 +I9+u75RTaBQ9UI/ODZ02QZ/zC0AgHatGp2YjY5QrPv4kDWdi0sAXhQNzOQvl/eMX +Mk6swzldr+kuqqKLsKghi2zYEka8/4bixarq09SCA3iNAE007UKT6Hmtjxd3TItx +aZvznScV66/kmTwv0SrUqWEh08QkHS8= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter08.req b/test_key/long_chains/ShorterMAXUINT16_inter08.req new file mode 100644 index 0000000..96d0942 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter08.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxftuo +kyu47zUX54UAJ3urvzxec+NvEAp1leF8/IhE7oLnU29lYZ0V//c7Fp7sXCotq1Tb +WBbwDZhnDh94UX6KUvSm+uFlEXvMFjN85zS28tOTB7R7GSYyGkTfesquQa+xZxjO +rhtj2Kq/eR4TMwxiu0pC1BqHrVIT2ECh6DEoUu0i1GIo3eGtN+bc9BoCeKz20NrS +Mf15RCPX62HSMrippRu/EQFLd8nk2Qo3K7vsE2dLX8fpNLkUjNpFZXIR/vm8xJAo +wL1A3h4a/J51vBjxKPbGI7QyIW02t1v7+9mnWc6yc+LIttp9V0MmVhALShqg5WwQ +Oh0a2XThM/0d1lEWQoZuMh08CBAJZsWpXE9g4P2yngDtsLeCmwfCJXetUTF6rNR3 +4QLeb5G50DDiJ5MVWn+WE1HnGrpPt8P9QQ/3CCOlY3i+F37PJE+Bm0mGdbiedPa+ +4Tx7yCSzGOpe3mZP37N5zuST0RbR8Y+zQrovf1cj8V9VE6EOlISs/HSj8+D8/LCj +4oAUm6O+jnzqAz5MKwAS0aA4TR36xEUII0PXDI9zm1a472ft2mA0QYWBzYOG1D5w +UZtJwTytnzPzyaT5V0rSAwMQpVaQ83Juo+JGrXgw0+dhP/DaP2Rucfk9gm7CedxB +pgJrTOIq1ihZTBELLofnxac4SiTT+EtcMijbUwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBABInB0xu2R5hAYQLxWxlJZ2/qmT3MGr/kp6nELrdSshO5dBA120vGpa1 +eF3fppwQIFD4FoZRT202zqW+iZiJKVQQgzOR2McebVty30JUdmNTuAmPoqVKuWl1 +VH83M5dTxhIoSnlZkzzq73NwIeERD9K5gGEsDmWF3MZ2hbiPjVtOXxnF6+FeoAqu +Cnrq9PB+Ty4a7hh0V570VS1aJZn73ztlTsafSOEuYSEv/MbpsPoqJ9u6C5e39iwz +5K1sIcsmpA3g21z2iI587FUEKj12WtouEly3+VnN/dn8cCHdTcZHzaxI7aus/hVE +gLiJ8xODFfdJIOilRBfh0ZHbXBAC0JRIiFmE8SOohqgPcJwUb3EpkxejwO9tU183 +ravMgHfV51AhqLH8/EJzXJn2oGHE0zlXdRvCpt8TDrbjKitdzuuwFtSRRX5SpYHO +ptl8oyx1v40jSauXSMIox2KGAeK+Oi7F75RimIcq65YxqFr0NMLWVX6a5KCExNBi +cwciZyq/WqVSub3czfdmV3Bu54bDEQ4Zk4igT6q5dyHmQPa0F6QJskQjyC0cqu3B +xOuaZFlOFLz/JkXgxEVXEJpxeba+kdqO7071CNS12r7rtONHniUsqeZwG/bv3gaa +v/3gZnhQtXPKcUeCSSL10NI3/we+hI93utjkSkRIwOsPD1228m1v +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter09.cert b/test_key/long_chains/ShorterMAXUINT16_inter09.cert new file mode 100644 index 0000000..cf65a1b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter09.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNTCCAx2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTggY2VydDAeFw0yMzA0MDUwODE3NTRa +Fw0zMzA0MDIwODE3NTRaMC4xLDAqBgNVBAMMI0RNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +2FF8f3VVPx2vC430USkxD6+gFdsU0S5omDGH9Y8B2Jt64WW3UGKGr61m9/gO6de1 +JEJr5EcYWFhg4SAcuUb/DjsGjt9F1CHNAyZmmUTFpabJRHaWFmH2Vss0LG+iaD2e +rDljz3NXKcM/K1L77RSA+nEcSCpkYVlR/yN6CSqZTBEklLMsgOZSfrN6Qt0uZ5BX +e+Ie/BoXedynaEs/aFEexFGPycdTA9RxaXqCEynM+F+P4biXmKjEOATQk9yJuBfT +ovHGCBjYXeAmhuaFTtB1KqCh293Pjjh/CG8W+Aw0QqpxOSNljVvKL7cE9fPFl7PY +LHQu0bnRidfNceZxiMm1IjtDrAhoY0Q+BdlSB7BrtEuZXI5qTbn/aeCQyF4KOsYY +39qOYJ796GSmRRsz0qFvLCwOIwqHx89Lyor9Dmd8gXS00HXTEnJi6cRRDLUfG++y +NOAGN79FNAGkie9RqyQ14f4JwlOymwHhoBPRG+L4F4RZkgn+d9MxWJDJpoINfrzp +dIaxUCdOGHcn/G6ZfqNQj4/UsrggStWBKcxxRRwIJauNtBRwty355asJGJb9ZZcg +LXVvCvEj5fiBbC8Naje+l5Nyrius5jv0nVhxNrXQ7hh6KczUw8Sk9QgkYAeVtx/9 +lSfsysFx4vyLqFD/12X3JYP/RlKXpfUP6NdcGglk7CcCAwEAAaNeMFwwDAYDVR0T +BAUwAwEB/zALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFOW5P04pnNtsAuqypXa/5c3O +jp5/MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEAWEGPl81XSRaflOrnNzh1r7N1KLMcwVv/AjBP8cs+mkwKKsdASve+ +5TIAp38fTxi0vECokwtmpX7RATYTQdgWH7ZfFuO6AikMzYb4RDgifjrh6c7rukBJ +Yg3eMeNOO/TMlGNa3dDIuesnDdjhaeGn3UcU9Tnv5W2L3ySh+UUlIj64VZyeqYCV +q6POL+zJqfyVJwhc69ZSJ8oIlWgFcv3ccMjTaoIJVRro/tfQbfcmAN/gDAmsvfoB +NbuPPGqQfdmp/HHhq+KgTidC9ZtH5LB2CBG6cE7Y70ev1aDTnlbfEUkXuuihQkOL +KeBPqyy21fyZGxkAcxXsaHKRXDvn4JlclwQVjp68BxCPC2rkP70HjztnoudC083k +bfZixbYHTdo02qy4LKoi7dymkYpgamZ9vuY3mrXD/A/sV1MZDbvUnDF+vHUbAfcA +zYjoy3qhNYZt3fuZquqlWncfmd2Ylu5b7eKU1K9N+lrvjT2hM7LtrfNWbo74xxRK +Ej2yadl82ZoUj3grGAwgjveFc782kyIRcMsRdkB3NUR0chDdPadPMzczTdo/YM34 +weelqBdEq7m8Wdy7eafYUCow1PJbYriAev/ru/K2gNCiWHQfIr4//6XY/EQAA5OW +KzjgHjESYUGhJ+WM98F2uYlqxDsujxvxQJSCZyhAnPR43KAYx662z4Y= +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter09.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter09.cert.der new file mode 100644 index 0000000..d86b1d1 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter09.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter09.key b/test_key/long_chains/ShorterMAXUINT16_inter09.key new file mode 100644 index 0000000..2575d77 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter09.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDYUXx/dVU/Ha8L +jfRRKTEPr6AV2xTRLmiYMYf1jwHYm3rhZbdQYoavrWb3+A7p17UkQmvkRxhYWGDh +IBy5Rv8OOwaO30XUIc0DJmaZRMWlpslEdpYWYfZWyzQsb6JoPZ6sOWPPc1cpwz8r +UvvtFID6cRxIKmRhWVH/I3oJKplMESSUsyyA5lJ+s3pC3S5nkFd74h78Ghd53Kdo +Sz9oUR7EUY/Jx1MD1HFpeoITKcz4X4/huJeYqMQ4BNCT3Im4F9Oi8cYIGNhd4CaG +5oVO0HUqoKHb3c+OOH8Ibxb4DDRCqnE5I2WNW8ovtwT188WXs9gsdC7RudGJ181x +5nGIybUiO0OsCGhjRD4F2VIHsGu0S5lcjmpNuf9p4JDIXgo6xhjf2o5gnv3oZKZF +GzPSoW8sLA4jCofHz0vKiv0OZ3yBdLTQddMScmLpxFEMtR8b77I04AY3v0U0AaSJ +71GrJDXh/gnCU7KbAeGgE9Eb4vgXhFmSCf530zFYkMmmgg1+vOl0hrFQJ04Ydyf8 +bpl+o1CPj9SyuCBK1YEpzHFFHAglq420FHC3LfnlqwkYlv1llyAtdW8K8SPl+IFs +Lw1qN76Xk3KuK6zmO/SdWHE2tdDuGHopzNTDxKT1CCRgB5W3H/2VJ+zKwXHi/Iuo +UP/XZfclg/9GUpel9Q/o11waCWTsJwIDAQABAoICAQCgd5JLWtbqAzMe9ycOLehf +IoE2tVYz9qFQhS2+U1+jN3NoUPQzhWM0XwXLXRBzF7kgNMWkibjdkHINjqzAJJKA +E/lBcw9x1cEnXQ0vFX0o7RjQ2Mdtwy3iJMuHSyjG+y8Bw3DvKzi1mkj58o0/yb4E +CnRYdFoSfRf+lGqq8hbV/sGMLX4OAM2hf7Jqd3k9Ci5bj9o8WX6gv7bP/0ICOGsC +Zx6rKFnEtYuMG3zyikeq1/j8ENskO82TYL75cNgY4FP2xDOLPiMDQIxT9h1d4fWI +sbBgUaLudaqGryHyz9rUuWtUX5WtzzGlQ7dCXJtvddIe5/DzU0zFXHjizXfbaQYc +CX9KMo51oVHm4teNcoy9F55txZKkP8CqwoCjPfgT2OlGCvFvKM3s/2sMpo7n0LMu +yVzoJpIPorazmHL+Yj+Z02y6+526zx+zqkVjqmSQvzCeXYmLowGskEZPTzMsQFHt +6BGLL1UeBbCXgBFJlvzGpoV2qitBb13xoYEDMBQUR6Qinb1gCcESxcux88J40raP +kxlgIQk0YRwubcKG4IOH7ZdW44BEmP+GUcNjKuUaYoN50DkVyWPLJ1+tIbSazR2g +SzmlO/5gecD8Me42VVyNIOuqL3fS1/OBvBh5wfT7nsb7l7w5XwQ5VB/u7L+0Jv+a +Ua+QIhQCoAxkMiwazCuDgQKCAQEA7ovLq8xccsjwusCMJmmaKjnXlEI4tNzQbxUu ++w2X9Mt081NkPw34QD6gnIYh+b6HoWjeFXjPeewiMJlV2S/s9rRlDBIowplfYSFR +BAehYxTPZfRpQruikQDbQYiCkvdb5vSuJAWrbZ/8nBHNIYyaxNHS94a45o5rnSaw +KHjOSjFe8yJv4YF6EfsvQqfzymmG3+zPwCEj41GzNUMgqVvBnSwPwJvDzBcknTtM +XnjR66BUgHMTA2CRpXMUQwPBKckpnFFfC8eapD7QKAEgbHz2D+Cq0vtytcdOFZlN +NDST0wHzbz+O7NtyEc3HcmBqLCugU5cQ/NACJ3YJ7wZC/0c1TwKCAQEA6CVXsfQR +sBiSloJmYXiwVDNilMyTIgH7CFxE7mgXCcQ3812PbM0RuwwflCTfixzeBQtf+98K +QQkY9eJbo+ugZd762biJvXcLB67hZU5EpnkYu54/p7sRiPkdvHmFpcTqTCn/lPyx +w/NMhCDSGmYQwwFLeu4kpRwTKbZmW3r4K1AwhvZkN01VBID4eugU/lBLfYSe4V4z +vXuWYq+n0rVG8PBs9XlTdxh36pPZNGNajIxLRIDCoFO2rA2wFaYtUj4nGtfBLBfd +eXS6Ql7wu7onT/T6OGU/SDVD9AxT2wLJziCwrtH2OJuJWSW+w9Z7DMjcAQwnQZ8s +kKZcHR4fiXjVqQKCAQEA4zcVENbfWBY99iRhWlVMGtxtkzJggSWzA5vR3B/elbUV ++I999PGBfPAqW+0Hf7MTzZLtttYUCbX5+wCS3QThWTwK46yIVpNwXjw1xvjdqFqy +EhL0EDRZbHS8Y3d7qDEkwKBfHsCnwQuaua3bDhG3ebHCmTMh+7m8lzu6n1IybEkK +f9xVZR7G/0magosnk61gYvpWCFOIs4WmhR0jhy13BhZqCrRTk5qXrYxF+dZrXVyi +IJd7jMP29vjeW9a/ruWFVPfM6JN/oOKTswcfszZzyjvdeok3gh4NKlWTTB6oj1xU +W6rWoJWF2Z+AUlmzx87mL7i83ZHj+2Jbo+j6990D0QKCAQEAsB9MphTuqnQqGog6 +Fm8TD/6gJxYB9oYcJx6hqWJNQDqe3EM6Qihe8FLlTmafNpKjGp6jpppz1B2L01h1 +gCqO2VrPZAjub1D2jFCwbkRwLwCmtAj+cEmrpwig99IWhEqeG0StxCHm2Cwo/AFO +hXqz8s5zroMoSB/Bph7dD0B/MZU4C9y48X/5JV6Xpd+Xtc3DSCoqw/7NME+oK5zq +rSCc/sTZVW9D1JI6wDyFSIqsMv9pR0KM5kg8ydHkqrgVoFTJJENWKha9D51whlQz +Pamgk7ffcpPV6/mFYY1MvVcjNgB1K1zd+dp+3KSXU0rQtkVZLG5FBjM2A1RDhE/L +S2fiaQKCAQEAzUAnfx77WxH6XD/hOTD9ROkUrcGIX1+qYCDMPaP6MeBw701ifdOM +SBDVrvmp291ui2HDi4qQj5p02sCGxSukn2LZmMF8drhTOscN7gwNBZ2L1LKfdiv1 +Zz0jKFvaq467sm7TsQu0qiK7Hdkj6e5MaCLc6W/nCJZg5bxbutxaxfQl2jk63GIL +YICle1ida8u1YlnuE0K1+9Yc7z5WyY27MYpF67Y5ojwMDgaxYzv69wMQzJSGkfYr +3elHvcTHVmA2wGGT8NY4hCn9jOWLWkFVT8Tfxxj2EQFyZxLOeTaDuJT8Anvl7u3n +ZPfFkAIy0noUIJAtBmP4+oVERbDSRq+IiA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter09.req b/test_key/long_chains/ShorterMAXUINT16_inter09.req new file mode 100644 index 0000000..c62a873 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter09.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEczCCAlsCAQAwLjEsMCoGA1UEAwwjRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYUXx/ +dVU/Ha8LjfRRKTEPr6AV2xTRLmiYMYf1jwHYm3rhZbdQYoavrWb3+A7p17UkQmvk +RxhYWGDhIBy5Rv8OOwaO30XUIc0DJmaZRMWlpslEdpYWYfZWyzQsb6JoPZ6sOWPP +c1cpwz8rUvvtFID6cRxIKmRhWVH/I3oJKplMESSUsyyA5lJ+s3pC3S5nkFd74h78 +Ghd53KdoSz9oUR7EUY/Jx1MD1HFpeoITKcz4X4/huJeYqMQ4BNCT3Im4F9Oi8cYI +GNhd4CaG5oVO0HUqoKHb3c+OOH8Ibxb4DDRCqnE5I2WNW8ovtwT188WXs9gsdC7R +udGJ181x5nGIybUiO0OsCGhjRD4F2VIHsGu0S5lcjmpNuf9p4JDIXgo6xhjf2o5g +nv3oZKZFGzPSoW8sLA4jCofHz0vKiv0OZ3yBdLTQddMScmLpxFEMtR8b77I04AY3 +v0U0AaSJ71GrJDXh/gnCU7KbAeGgE9Eb4vgXhFmSCf530zFYkMmmgg1+vOl0hrFQ +J04Ydyf8bpl+o1CPj9SyuCBK1YEpzHFFHAglq420FHC3LfnlqwkYlv1llyAtdW8K +8SPl+IFsLw1qN76Xk3KuK6zmO/SdWHE2tdDuGHopzNTDxKT1CCRgB5W3H/2VJ+zK +wXHi/IuoUP/XZfclg/9GUpel9Q/o11waCWTsJwIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAMYZyc2VkVMkuVnVP0Ad+dtmZE3thFiJc0KYJOBxcbbqhjnstmXLX6dB +WqdTwkxSKfGWeruh+y6AUWoyFFS4OGxuezY9GUamHmyxuLgzUIGsUNkuJX/Nqe7k +WUggK2tOeZMJhveHVisLuh1zokpqzbsmflBncbbgpStzvf3Aqdov9E6esfXYILY7 +MdYcfHzYAtLLToIdMdk97UrxrvHPRYcLqs6hRyuo1Iis/9J4Zrv2tSaFPzu6SQBU +Cvs47QI48v3Gk5Sy0cMcXQJsTDp0wz2mLPCmCpvjZV1/G7Tmqp+W54KU2QZ1sODD +Wvv/TgaXcnt8CDH0+pzO5WE7AFTI0fJS/5FSZBfB65mQmKJYraVzn+N0vzMBRynC +elHk+dByRe5Z4FAGMg1Rynlyzv9s/4VF5ciNQRARTqlqfzn/Hsd46Tt8MMnqWpn3 +wBhko8L6SCSidoE4a7ljjtQr3zaWSmwCWSYn2LQyPDYLl1uPFpd4tcSA3iO2qdnc +dXt+uG3Ss9U6XuHJi/k01V5cYjUtl+p1hxCobHu22J6/Ui6oEAJ8FBJJAQ2wTojj +GHe/C1s62w7kLK/0WnwuR6hqu08f+le3bsOC84hCJnkDE5Qowc8F0ZstTDtymfXR +0IW+J8j/L0A+KLNpmClX1p2C1RREBIl4RyxnHvqDC69hE63oLTyl +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter10.cert b/test_key/long_chains/ShorterMAXUINT16_inter10.cert new file mode 100644 index 0000000..3d0ecfb --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter10.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNjCCAx6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDDCNETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTkgY2VydDAeFw0yMzA0MDUwODE3NTRa +Fw0zMzA0MDIwODE3NTRaMC8xLTArBgNVBAMMJERNVEYgbGlic3BkbSBSU0EgaW50 +ZXJtZWRpYXRlMTAgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AMP9Ba1SW5qp3Gff6z+FfQF694EYGiQt6hxFbfDgfhQ5BPFReWL9pXiNTvK8QXHY +CprI6piGLhXZaBmVKVoOHSFFVX7JELf29RrLAxwZuMH5OEy3FqBVCWXWy6zFv5po +5w207aGMjKwnp4QmGzUBBp0d/ApBMmV4gms95e7YYzQRhiMS6KNaMKEkqTRfRnb8 +urErxtzEAMQ1u0nn8xK+PVQDh/vA17jDu4SRenR8qhZYRfoN7ywM4FHVzwCT9VsK +cHaL22X73U/AW0Vnz5PffZwjesu7JS+Y+2/BvSExxbani5sLov1ezURY5j1PgpNb +v/MW01H2jpmSYxp5NKUPR7iqdQel48jR44/tZtEc8MX8Bede/fX/9u/Dpj1xDHgV +qzxzIlNiDXqv9N2WLI8V/4gjNZbXKp6ENeubElIHLmLfdXUMyxs0TspQ0O6pFRBq +uS5UkMdJZlLhwNar/gQO0TWdR+pxgHdu5apig9H3JD2PwmJx/vMglMQ0OIV7wSG8 +elkQ56oU5Ao0y51r7SFm2BmcvYNrAJHuhInNi0quwi6mWcXImdIbdT7krxP5l1QU +iy5yitgX0Ro/wSaOoeWZn1/IdOzeWWHrMKC+WHufrGHPDWsmFiIb4b1yP6WydR7N +QUDBfKUoXqQhNBgk+6HKhKFMt/3kShzabzOBX7FhGseNAgMBAAGjXjBcMAwGA1Ud +EwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBSu9rv/cf8+aMM3ci4OtZ8g +0u5DfzAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcN +AQELBQADggIBAAznXWVhRARs38BzJyVKP3P0wgmcJKB2G6QQ9oVv/1wDqRVutjqH +as+j78HnTeAbU2Y+GMNdoT/oHITcnog30LwgvR+5tH3LUstQtck9RZjoA14lusDQ +DyQJ/LyY+4guVHb762/6q3T+bQXwK2vRTTHfB9/XirQjKbky7FbIQH8+odiSI3Wh +W/vZ6/Ek3AzfyAnmFm+M9CwdDT/WrlFN4QIaxrriSpgEnTU9yfK/hsBFUkGh2cjZ +HHFKCjxXikHLNSJZPLMcGxPiuy7Cy4YA4MPtHx17lHZGTiZKh+2vzOFkSwNduZRu +cjP1GRfRvvdBnHQEe4Tr5W3zC+nKxtjzc/ahesf2D1iotn/KKl4EE7Arrdma99ma +gc4UeY0rKgXayHVDrftE0rWAffHw+bQqpYehP1q4HZqk9v2LytlX/89XtI3jDJEC +I6tLbLnF3OjhxMqKxoUD+36PEJhJd+stVy5O3AFfHG7DWN8vfigbbGWwrRYldHR7 +/UHjtLlo24i/CWGyBcHb1mTOHTo/5zzqVv8wmSE100tQiQqYU2ZYhhAQxqBq9OJg +aYVR0P222Yd/0coOL/AwcpvI9YRTxevkVcievIkIl2WpQfYzYH9h0MChNyT97NQa +bbUHdBXbu/ZeOgFv4TG+iANyy2G5INAIk2e3VuzdGdVJA/d5HwYz2oDY +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter10.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter10.cert.der new file mode 100644 index 0000000..ff22733 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter10.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter10.key b/test_key/long_chains/ShorterMAXUINT16_inter10.key new file mode 100644 index 0000000..2e7c76e --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter10.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDD/QWtUluaqdxn +3+s/hX0BeveBGBokLeocRW3w4H4UOQTxUXli/aV4jU7yvEFx2AqayOqYhi4V2WgZ +lSlaDh0hRVV+yRC39vUaywMcGbjB+ThMtxagVQll1susxb+aaOcNtO2hjIysJ6eE +Jhs1AQadHfwKQTJleIJrPeXu2GM0EYYjEuijWjChJKk0X0Z2/LqxK8bcxADENbtJ +5/MSvj1UA4f7wNe4w7uEkXp0fKoWWEX6De8sDOBR1c8Ak/VbCnB2i9tl+91PwFtF +Z8+T332cI3rLuyUvmPtvwb0hMcW2p4ubC6L9Xs1EWOY9T4KTW7/zFtNR9o6ZkmMa +eTSlD0e4qnUHpePI0eOP7WbRHPDF/AXnXv31//bvw6Y9cQx4Fas8cyJTYg16r/Td +liyPFf+IIzWW1yqehDXrmxJSBy5i33V1DMsbNE7KUNDuqRUQarkuVJDHSWZS4cDW +q/4EDtE1nUfqcYB3buWqYoPR9yQ9j8Jicf7zIJTENDiFe8EhvHpZEOeqFOQKNMud +a+0hZtgZnL2DawCR7oSJzYtKrsIuplnFyJnSG3U+5K8T+ZdUFIsucorYF9EaP8Em +jqHlmZ9fyHTs3llh6zCgvlh7n6xhzw1rJhYiG+G9cj+lsnUezUFAwXylKF6kITQY +JPuhyoShTLf95Eoc2m8zgV+xYRrHjQIDAQABAoICADz/Sb4IzOPVC/j0UvZBKIfG +arOt+aza8Wr9HNuEMxk+KdClZ98sTEy5xiF7/+5bq+lCsOjpkfxQ3rpflzAlBmHt +f09naqGm5eAB4STkyIDufNw7e3pJHRSqBlfub9Sx4397mR3XbYzDBrr1VTBo8lMC +GwhiBDpaiFSyPhbZF/8DmTjfULJOhqYQj+zx3i94Nu6fTlQ1WHu4sWKuIxPpS5MT +SkZLXZhuqrT2xiLtDc7IiHbr0U1ncIVnwvZOFmXQWPI8UvtpqRaCKqXuSkeenixz +SmuQAmHO/ippJODo6b0QZj3KIF81GzOza20Xiu8r9hDFQN3Ym8cmLVv27zCUEeDW +bLtEW1a6ycUOepPVVxf8HFFCUh9Y0yJdCkMDgKQXlktAZhcuhyEFYwL1XNXEy2Dn +nt3x7WQ5Tp2XElobF17DPyPPs+umtvR8mt0H1dmSW3Ex7CjFF+t+MQFSj4xXjkui +GPg7P6WEE7mfAA9d596VqY2biQyHYBT2fjyo72/DvF/Ff2yo5VIfgQj6cgmbDM3O +8UufE+QhDYPHqTXltD1uPfbdMeQuBH6zngGUv0VjQ8BVvSeEvG1oSqZPd6q3jpFo +sALlv/OJZ1thDFetWwwCRNxN89KyfeT5I81NU5GChtDPEtTeu5mh96zVxbKsm2DH +RuNywvMFBxVxTeV555ZBAoIBAQD283A0Kfrha0V0QtmuvZUdJ1wlKqr9qK3B2m9d +a2fL2KniGmRicP17yc5HW0SdJ8kJgxqoy0hgoWcnBSk4A9EYzsdrMVQdNP3hvZYi +kOvMgBe8KO432fSDOGxVYpQPH7+d4B17oJoTQvRnEbPPLV9EfmOUoY+srRLSbdB1 +ZwuBDhnGl5hPw01b8rkCm4dLRvE2NsYugweWbD7v8NG2qGfo35wzSwmgOaGwIwgo +UYpzQvLAYs6wYyJEL80ezSXOyS5l/8VwSYqpASaF08iF2YPrK6NdfsdmCSYpEXUS +4flioOD+bcUivUpaE/pivZyxHaS4DZIT5Se54Pdop555uEKdAoIBAQDLK4WIddpc +9AtdRQWGsAfAWresTAlX8l7fL37vEqQ4+XUGkMfrfQRlLc3ZtUAo7fcdakXZ3Ps2 +NSg+/LDBMPJ1yX5d3fZMcme3/eA3dbRV3fl/czkN7M1XtiTv/jBdVvq32G2O/x6J +vpPcH3DN0jBFA3fam6Cezw0iWD3G4YbpYEemmMmCu+qVqRR2byib7qA6DqupD74q +10fzniSXOzw5BeCZE3nAPdoGfTItDxbZSEnVqBo/qBPPvUuBADxRt56S7H4sBWhR +Jb2dJGNBjPdm8JIX4tCFd7R6jvBi6weE52UsOfAUfA63btmtYEQAFid74cYfNXSL +OV9Y2YZPwc2xAoIBAA16ggBG3kuZaEQNNgZkkJPzxwK8TnLj1wACpRtrNlIY9ETD +/gClfCBahmi8oYUWW9GqFzVpSv0DMjcd//7vrmT1PEsseRPTBZxhlaUzVbtmrmT1 +svLXcZIL7VXHuJ8Os42xYsqRnHc6q05I2BCRwGZjo5nEK6xYEfPsTHlr82PK2jtN +oOGRnlJLcC+lP4ArUhUMbkqxmiNqqxC7iya2EF3UfpkKGm9lVd7gOpzAvpbF66v2 +eKOF9aPVHBP3TH352w90I1mamffZeTnKsmIj2iBm1FbRCZ8XFr8dFc+/B7aLY1xf +r2fS/xDlkD/9a2T7YjctfnCZjE6H6dkLdQndtb0CggEACaNd6VRV8JTvORR+J56Q +L5LeJcFRrCdmUsYpCmRjAATthUs3ALfkjnw2yL4tdgOb9nxFJgmyrSamax6HsBKH +XgkaAo/2EDhZLURQ77CYxn4KSP6JVVzHfQK6C9yOJM9sg24z/FWj+DrfPtELA+iV +u6Bnfipl20LNR7TR8W5ffRDBNWkIHjiV71WfD+NEFOmkFjz97b4+cj/WPPtilv4L +ZFUgC4L+Ap2siyRDThnqJpKkVgtse1qY3gEH5O3C7sl8L1IixinXggn9TcgdIU3z +qqF8/L8Yz0wXdrzzMG4f5DEp/ogdGIuuEwuiLfRkJXDnnJvgTzi096nYGRnwojX6 +cQKCAQBcg/2ab+TfGkR3W9791SVubyeoWA0iWCU12HgGQ5JRWtHKPwRMVvlNDrp/ +cVDt/mST0aDkKBmS8QrA2Kh6Yisc0ThkTNmOp1XqZivRjHV0806/fMt2RLd7+95r +9pQ0R4zifIXbvhw/QsPtEJX6kcDm9R8V/UGDdHGTN643k5K+VGJk/hEz0dCCoYeT +6gp3FrqZcnU9a5ODLrxJSuDtWId+NrwdmJnrHKAAF9U5DXOJjBtIXqe4Zz846H/c +7OjHoxbQYpB3IiuP3QQehg9wYR88tdTAmdP0Qzua+SJxPilR8Cbj3HDQQEwh0SiX +oHl7iorPGoYHffOqWYW9SoZ7aW2r +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter10.req b/test_key/long_chains/ShorterMAXUINT16_inter10.req new file mode 100644 index 0000000..82716ae --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter10.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw/0F +rVJbmqncZ9/rP4V9AXr3gRgaJC3qHEVt8OB+FDkE8VF5Yv2leI1O8rxBcdgKmsjq +mIYuFdloGZUpWg4dIUVVfskQt/b1GssDHBm4wfk4TLcWoFUJZdbLrMW/mmjnDbTt +oYyMrCenhCYbNQEGnR38CkEyZXiCaz3l7thjNBGGIxLoo1owoSSpNF9Gdvy6sSvG +3MQAxDW7SefzEr49VAOH+8DXuMO7hJF6dHyqFlhF+g3vLAzgUdXPAJP1Wwpwdovb +ZfvdT8BbRWfPk999nCN6y7slL5j7b8G9ITHFtqeLmwui/V7NRFjmPU+Ck1u/8xbT +UfaOmZJjGnk0pQ9HuKp1B6XjyNHjj+1m0RzwxfwF51799f/278OmPXEMeBWrPHMi +U2INeq/03ZYsjxX/iCM1ltcqnoQ165sSUgcuYt91dQzLGzROylDQ7qkVEGq5LlSQ +x0lmUuHA1qv+BA7RNZ1H6nGAd27lqmKD0fckPY/CYnH+8yCUxDQ4hXvBIbx6WRDn +qhTkCjTLnWvtIWbYGZy9g2sAke6Eic2LSq7CLqZZxciZ0ht1PuSvE/mXVBSLLnKK +2BfRGj/BJo6h5ZmfX8h07N5ZYeswoL5Ye5+sYc8NayYWIhvhvXI/pbJ1Hs1BQMF8 +pShepCE0GCT7ocqEoUy3/eRKHNpvM4FfsWEax40CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCRh4p0u6oKqV5OGgbIMVy661yAA5TIex2IJAcUWrIM3Gs93mIHrUOF +B8hUWZc2RSLwYl9Vva+azjfGrrq8L4sc6ZB3rTUXxe0SOlRoP9LggJtNcQjt2Zzu +8AspxZA9ni86RD9tTYMjrX7FgiVeEtfVHKzkbcxcrSzvVuF2ocOm9Q5SwEHl/GCY +jjTNQ8UO6fyihBB2cmxkzkzre+r9PrkWEKp2dJN+BLUUAppbcuKeJnpXUC7FWOIZ +W3ZRs7f6gHJL/VffHvXzYMWCPu5q3a3/iGxJLwl/DYT8mSdXh2dCEUH9KikVWgrk +cUSY5OeZq/6JhRgC/0wkA9pxX5Qk2EvVEzmt8We6ozvgZKAGL0nyMlrQQAkym3/l +SFlQQsjieUNFWtCpjruLlvKRykgnIzhk6MfDdli5SZSeBpW9AjtROb26HAMOO9ls +eXkbvwH6XfW5mJ4hCeTFKMVLJ0XeKpujm+MKPzHI/oRXUQyfg/tHTyn6HdRXcmec +TOzjjQilP3fGgdD0VQmm0UO6trKpdnxP6PtrR419WMSrQ9ruOZaeU/OMHoPuGnlG +NjgW3jejSyRLQ9SJIsV5CGDXGt0Cp/MQTWENnspEH0vl2ykgqIFexJdsrDkdF5D0 +JqgdWeCTcCb8a4Pbm9kNa6x8t/NSdLQLXyETBvUO7kGUK2ybtNlXIQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter11.cert b/test_key/long_chains/ShorterMAXUINT16_inter11.cert new file mode 100644 index 0000000..edd0aa3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter11.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEwIGNlcnQwHhcNMjMwNDA1MDgxNzU1 +WhcNMzMwNDAyMDgxNzU1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTExIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDDPm0cYIVmd+LEHUSbtAo91hoTOz7ShsD2agYvJpWhg3ViJWKwFmR1J7MQDmMU +waFmYel7mPT/l7Xs+ESWzB0w1tdnHzmx1eq+Hyee8Zb/KJaexa1A5y1sHWwXKsV5 +1DNZdUGg/2l3aybukDgo1eSS5+V6InIJAJRfn/mkw7entUfxopm8O6CkDEwu6Shr +JUc4yLjsdpRdOH3VEsrWhq34Ek/Eqz4/VqZEk+6K9aZXYGsnh/9Oy3MaZNRRE42Q +cmhJZcPuUgPvAMahU9GGuiU+bbRwC27E4RNjpNCKIXkeE+fgRhpuQPZHfDGvQMJq +Zk629xqq48UVEQrO/5eRNpDpWKEnFiZbbOSHw9UsjiE66J+fvOd9jDKM+GxG4TR4 +iItiysf8+h5sSMTeTh3O0NemdbAgfR4Tsc/UizoibcLMb++6/BOlaXu9xjBQBu3f +KAAXLUXcNRz3t8nN+0z++sbe3qj8ppJ2aHoQ1b/9DDNWbrxP87cGcPCo9A7MWgRj +kj8gYoC6WdyWrOOw0sKAsV8q7LcDnvDVdzCLr64G6ccodi0ddJ5zxumSgUrE/1IH +nRQQknZihpS6xDVSlJv5buSD1DgINopyKEihOc4QFooLQ4/iUwjQLStvmmcW20xf +DESqOKavKFAmRSLyI9mLN78aFseb3n0Kte9gA+j+IazCqwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUa9UFZrNJJstMXBfoxdk/ +iAz/dtMwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAYMiXyZmmNigZXtgR6WpdgbA0wjzXuXOXGrbTPBQo8SGjL5LnG +whYSvbrRyhw1QhYbmWlRxAXrn1mYbeMvHX0+PZUFFWN4Dah6DRLn2TkUjQqVDT0I +m9VA+/hAyLg4zVPxZCUYSipOvufFGf7UNIKalhjsykZJoHE9bfgCJaXefpZjiftu +nV0OTa2QucOErvPsmoOkoqVM7zCEdgDz/UNzrDXgdUw2ybmVSerjoBnOPfqYlKSj +XxiYFYKRSD4PrdrVAAUeUvn9WHL/XbfPgC+8+s0RZXsMoa7q8SdFQhMlxgiNTWRn +pchJP1fRzOtSppSpLxoEa6rHxiK03/Dt4IueSuDhpaJnL0lB111/YOqyWLkxvVj0 +J/mPk6BvkXNXYhdNMyI+jOgKE/R/5eRcoHHkIZNBnD8x+71DCzeuNlJYiLNbQIiL +CtKpV4GHOYE9DQKmmlxvsl4dqnn8SUVjS0FA6/AOs3a/IyjbF2hF1waF78of5c4v +Yzuq56vwHd2XqLmk8mAeHr3xXl6CSCO4p5rkNav0T3SfUAOvP+zMryg4tn8A/0KF +q6DJ52GlNjKrQrvI3b0NxCJY+pp+K5jsLYaac6Z73uVgDBWIpE+PMXORkhATQV1Q +2a3Te0UHrxJPb3MjHty8gMsZ9/Nz2l6cw3Tr9AD+QWu3tRCctz9s8uzbRQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter11.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter11.cert.der new file mode 100644 index 0000000..64c9a36 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter11.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter11.key b/test_key/long_chains/ShorterMAXUINT16_inter11.key new file mode 100644 index 0000000..e22ae5a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter11.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDDPm0cYIVmd+LE +HUSbtAo91hoTOz7ShsD2agYvJpWhg3ViJWKwFmR1J7MQDmMUwaFmYel7mPT/l7Xs ++ESWzB0w1tdnHzmx1eq+Hyee8Zb/KJaexa1A5y1sHWwXKsV51DNZdUGg/2l3aybu +kDgo1eSS5+V6InIJAJRfn/mkw7entUfxopm8O6CkDEwu6ShrJUc4yLjsdpRdOH3V +EsrWhq34Ek/Eqz4/VqZEk+6K9aZXYGsnh/9Oy3MaZNRRE42QcmhJZcPuUgPvAMah +U9GGuiU+bbRwC27E4RNjpNCKIXkeE+fgRhpuQPZHfDGvQMJqZk629xqq48UVEQrO +/5eRNpDpWKEnFiZbbOSHw9UsjiE66J+fvOd9jDKM+GxG4TR4iItiysf8+h5sSMTe +Th3O0NemdbAgfR4Tsc/UizoibcLMb++6/BOlaXu9xjBQBu3fKAAXLUXcNRz3t8nN ++0z++sbe3qj8ppJ2aHoQ1b/9DDNWbrxP87cGcPCo9A7MWgRjkj8gYoC6WdyWrOOw +0sKAsV8q7LcDnvDVdzCLr64G6ccodi0ddJ5zxumSgUrE/1IHnRQQknZihpS6xDVS +lJv5buSD1DgINopyKEihOc4QFooLQ4/iUwjQLStvmmcW20xfDESqOKavKFAmRSLy +I9mLN78aFseb3n0Kte9gA+j+IazCqwIDAQABAoICAQC2d2EBZDNH0ELdhXzZBymL +IMy9rGDJ36X2pJ+i8SxmBbVuRAI3DrZTxwZRuyBeBZgRVvAd0pUlSWN8U4nGZHvj +aOVmOohw6rq3c+ZTZPT5AbXCLHv+bA7HO7gI7rAfa3GR6UOscwbd1AZObfoOL9eu +c4rC2e44+5GuzJNCqKa61XCnIo8Km69FoTiRntVnTS+CohQw6aE+fc0blLR8SOHN +NU/XPTKvfwtki9wjgfAzOKjsCO1RdlHcGN9T5jInDMTp03GJCJ0kgFUh8HOgtdaY +wW4gSI788Fxug1lhvmay9Wd+8gVBhPSlWiwU3TDUv0hRNh52FufZCFRRoAzGaXiC ++bCVEootutZ1COLvrgNcZsh4fbdYl6GXvlG+lrvcEZvE7s2K5y5mgWmpjqMVg4Ip +LnvXz8rWbG5bXO00/rM2i8ZXribWtXZS/g6mRGiRzPR7xgyxqhffoKSWoPekN2Hf +Lku5r5OaKwDhHpSsXyDu2BMxCg5caOIIP7xeT0E2g6oyKhHI+0GP3YANBjWXuwbI +93Eu+il/p2E2FhuTqECCi7FR7PQQ26eGNdkJULetT7gKrhCVOCeL01QImRK77+0z +kQmr4cr8XzIMHdbJ2YQHPdfl+aOaS4MqChZDcFcQixeGLTkKixO1PYM4Aq+Avy+x +IXWOF6lrYCAc/Y8lwrO6AQKCAQEA357U730ymiYJ/K9e+bnmP+KzaSw+yrCemk8s +AojOhw1vPZio2hO0MAamVSriHU9A5ZTbPRrPfpx60zhYWNgoAKlWlyE7ZYSyy2N+ +11KLpPiKODNRVaPEZrXDGQGkPIGve2B/OrENRsRizmOlxeQ9bHrNmT1FcTPLLmW+ +pB+MVmajCfBmeeUTCxrfst4Jo6XIUXkm7dd9cVS/F5PC5o4x7zoB3vSUrSWyJi18 +zzoohIJRlufxIaNktXDiECs9Sc7rdthKZ6NeyJdumX4bXzH6HeLaeVyLR/yi98oR +fZL5D/jbPAbbBrw+WBn1sCJs812yEVBiclgMfM1LBwYfqu2XDQKCAQEA34O6/74G +BuO92Phb0fvASVpZ+i+D+fmTBA81LvHOD/ikDx0qLKR51hE7e2/2+PwJ36rkogqY +xG89DICCvhPh9ulrqjx99bufOYXG8PL5aEDCew5MDF+/QHm64KEzfcbUXo5ok2pU +zqu7RbtCMWNelrYaLDM9bJ4qZ3rq4vhYJk8JKkTyLpGMmOPsprPsBDvo5m8wgaYT +eL9SHT69LN5eRGRnskLkYo7E8qhjB/a1mibm8uHj2VHjUgt6fnDqJOmTjpsj0ALF +FjPTVDIY5Qdpaks+FHvEkIdi6pH/L5pdSF3tMdxRkprcFXWi0F+ham5P39qJWbjo +yHdtaDzeqCDSlwKCAQEAsLsjyN6mpmNX00d6hV0hlu4BIybfvWtW/deCjcI3j07T +0tea4zddWfN3c6n/qHBhdtBtcN6GjKb4/4Pxds3m15b9o1WVTsdQUyQgM+a+DLSM +8JvGNSvH5fDS7yl39oX7/UMnamhReNNuz3S7qCmZTenEIc7l2fC4LMQmpil0zTgy +tIE1TDL6GPW1Q/Tto1M7fQCF/sUnE/GJUQXrrDFHT60Fm4KrGijHohqjIFfze75O +4zgOP6qVxjwfve2ec33AZF3OeBgKqffcZhzfXx3tcb8/MVktjsgguDsQFbGZe8EO +62LzqWAO2awym3CpsLElMT/ZfksOG3hYSoXRc1Jw5QKCAQBW5zfowXBEc33YA1Bo +B1MO8iMzxA+zPJctp+AMvZVZ3lmjSrqgGt8IHTEcYD8NNal9HkvAuRAGqB17Y+fx +kXd08fKbgOOUjHtu+RWNj1rrbupuv/NPiFaq8el39xU3HPxrO0Frt5b7uAebKCCn +ZTRcsrbgYpfKSIDCNSdoUhir5GTy21WyR4L72vqjIidsygJWvfqFHhZKB1Ec78zL +yjWqr8Mlqx5zN4FZu6Ctcv3OzrtSygM19sHEn5Pj33EaIvrtImK9OKZ6aHINNWE6 +gzQ4UML1Yd3eN9V80IEAeCs2vNZBYaERuEZDzbYdAGGZKQTDS4vFp8BSWSTft3L2 +ubRHAoIBAEWGqeKo5zRDu/KexVGAelpbZNrVe93X861JqUnEq8/sFPnKX4GTsYtH +VveGE+3g5QuT7g7H1C3cXn93U37ababRO+N0VdwM/7QayxumX+eCnbyKAx5c+Il4 +zfw6lJ8jiQOFUolo/9ED5rL1oMtUTnppUSsnnDZK84oIQlXXzMyi4hgwQhxAzmEA +/OHLGw5VV1PL7j2Ff8x7Y/CdRWe1Fxt15/qlH0JUUIeyTl0SHjxWxmyyjIbvJPVT +0IV2cZMZHbb5NaGPKd4u4lmpyhEfLaSnuUpaAbUkLrN95/iTgjV+IJLzlw9TuTSJ ++JRJ7YMpf1c/Di1YVT8ncrnEEShsOu4= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter11.req b/test_key/long_chains/ShorterMAXUINT16_inter11.req new file mode 100644 index 0000000..4d50a51 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter11.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwz5t +HGCFZnfixB1Em7QKPdYaEzs+0obA9moGLyaVoYN1YiVisBZkdSezEA5jFMGhZmHp +e5j0/5e17PhElswdMNbXZx85sdXqvh8nnvGW/yiWnsWtQOctbB1sFyrFedQzWXVB +oP9pd2sm7pA4KNXkkufleiJyCQCUX5/5pMO3p7VH8aKZvDugpAxMLukoayVHOMi4 +7HaUXTh91RLK1oat+BJPxKs+P1amRJPuivWmV2BrJ4f/TstzGmTUURONkHJoSWXD +7lID7wDGoVPRhrolPm20cAtuxOETY6TQiiF5HhPn4EYabkD2R3wxr0DCamZOtvca +quPFFREKzv+XkTaQ6VihJxYmW2zkh8PVLI4hOuifn7znfYwyjPhsRuE0eIiLYsrH +/PoebEjE3k4dztDXpnWwIH0eE7HP1Is6Im3CzG/vuvwTpWl7vcYwUAbt3ygAFy1F +3DUc97fJzftM/vrG3t6o/KaSdmh6ENW//QwzVm68T/O3BnDwqPQOzFoEY5I/IGKA +ulnclqzjsNLCgLFfKuy3A57w1Xcwi6+uBunHKHYtHXSec8bpkoFKxP9SB50UEJJ2 +YoaUusQ1UpSb+W7kg9Q4CDaKcihIoTnOEBaKC0OP4lMI0C0rb5pnFttMXwxEqjim +ryhQJkUi8iPZize/GhbHm959CrXvYAPo/iGswqsCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAdpl6VsU0nXSD86xJJv6fjeZunuGly9yqmAz+oRd0QCcHrBVdeiAjI +I3pMPzvUu//Hww8JAqYeYlIvZe03x4nZwrhhVCEgxPk04F5NYjAv9GmVVV0KcBJ0 +9FoEYBcpSfsBz0Lz5WFd9BHS+EQjZnvZJqlsthyEk9B6P9xv0OcNHKJCaJXfrPSG +VaHPzrwbixO2kpJBnpcZPnjZfM0Hvb0gaKDOefI8hGVIbYDxo0Q/Pp9HCj19yyS5 +IUE3UrveXMBI7nasPnIA4AwliXYG5uREtjhNOqiDOJH+FJzCy+/DJiN7yY530+6/ +z+6ZT+sXUYsYPud2xqmVZUbMpHurXd9z5KPMhmZEMgAcT436jaL+QOuUEopSjYZS +F20oyu45wnjxts6vGAxv7UIqT69Ut+rfY8b/Z5AydXiyDKrizKibPh4W1KpKY82l +LBul6llEj4ieEVi38HHeB+c0ybnJxquEeB+grH3jaFHawbEmymV1/Ee+NYkj4MRI +1sZCdB1eHDwVdoLW0gNkZ3q9HIL0gjHEp3lTfm5bAREqjp2idGEhtTjAa1Y2KIF+ +jr4ugqkbPSBPnmRvQy3eGKUtg1OVDzhUnPo2xCqp8tNs/u8QS2kJbF5d8Udz9MyB +V+n2svRLBnqBuoYRFy9oa8xCMZbeSj6hK/YXUjxvvGiP8Va9IYQpxg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter12.cert b/test_key/long_chains/ShorterMAXUINT16_inter12.cert new file mode 100644 index 0000000..28224fd --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter12.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTExIGNlcnQwHhcNMjMwNDA1MDgxNzU1 +WhcNMzMwNDAyMDgxNzU1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTEyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCu16Gzp9xf1WqXxaxO3d3qcEkRfzBPMag/vRyB7yFgD+1hWNezAb5TJZp46grq +wvgkMff8H/awl5p+SwRBG/gIr2VTLGkCrnFZlS2hru9lU/Fxmi9JKcv+agY+Ijpz +mZvkYN8v/+wangQiDJsNszVfHm4L0KBOPwQWgd/M2WD+G0EHKmElhIsp4z31LSj8 +8OL80XMNCTqbJYOytk6+uMmsEmQmAKP4mMhwnI60uzMogWb60n8mQO8TUibs3jSB +EDIhZLJzKrBF5SZmJOUrSH9KbLmNJQer5mHXhc8la6AtZDMl/fOAWjsQ4reBB00d +oQGl8QkYw3KENV+YaRFSUM52MbCtWXXcF0t2A7ydxzphjYjWWwpAix2JIAT4j9nt +iyjCjh2ae8gHvY9DDvrbzV6TZYPDwkS2w9/1rYgz2mfKnN3MpobRMdyVNJGeHU/Y +P4B9VwYIYQdJcToAkDQU9EmGDlTQ+VDPv7iQxA1bCldhlgpyunHxMo6J6zWoTJsK +qtSf61B5lK3FZ/4VHO3/IMtwOXB2IWOva2VYga6qACBkRXPrKrUtv9fnR1BPM7Sq +IomgMnp8Hg31Bw6JR+gyXBNdE1M2beP5mB8uOt2dWnhjspf9onlXkVDkZGEUpOpq +vbKjHYyQW9VuIDDpVstUd2AAMZIr84M4nWq3B78S67BY/wIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUo6xMtfkdLrSJUE9PTaGv +pCy/v0UwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAbI04Uk7uqMZCnrzVS5DX0xzEO6vRKrdPvS6DxRAgc5pUGX1Et +dlkWu9hrt/TX7qOwz1qjoGaCJwchetEih1MrB2SqcEpiz/n1ZYF37k/6kSEvNQWJ +2VwlnPxdGZ76VLUjPWdU8fJTsFDqVMI8kkiueUFZTQfExCrWN3UfuhFQxDK9ugk/ +XXvEJ0QTy8Zx6FJCpRpjwCiDWhHw4hFBA+HDf+kVm7uyqfxTcLmRfufqSW6jc1Ig +qewpSE2E2lmM7xXIrOoe+IF4TSltZ8QOzkwvfF+cR68daZgGefR5wIwdNuiqCiAc +buUK8uMKP88oYd0rtC1oWWba/vZzlwI+9jSc2V/qhbqCdS6ALyGnBVLp3xVFgVZL +6xs7uJRl+QDNPL6+GVvujcZ6abgbDkhGlL/9DG45XKFKPIwoUeOiceOafrDvT7fJ +khduuYAK7RTC31pAf96t8XRhwhzjwPZtm08pSKI7gxkNKjVo63SKoekEz8kg+LAh +UDeWBxKBEM4Jc9uc4eh17EmFFXHazL1rik4ZZ0rvJ1DQ2V0eb6BUn4wDSOTTjksQ +eW++SwZCQcBW2GV8wYrLN/s+wK0VncwJekRJoLxRyXpOGKI/rAOZufVgzm3FjS0n +jB0k6Toj+0PtJdNmBlJG7+UQyRsCRcMslhIArW8PivKy+9CWQUxunt62KQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter12.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter12.cert.der new file mode 100644 index 0000000..496ec06 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter12.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter12.key b/test_key/long_chains/ShorterMAXUINT16_inter12.key new file mode 100644 index 0000000..65bd230 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter12.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCu16Gzp9xf1WqX +xaxO3d3qcEkRfzBPMag/vRyB7yFgD+1hWNezAb5TJZp46grqwvgkMff8H/awl5p+ +SwRBG/gIr2VTLGkCrnFZlS2hru9lU/Fxmi9JKcv+agY+IjpzmZvkYN8v/+wangQi +DJsNszVfHm4L0KBOPwQWgd/M2WD+G0EHKmElhIsp4z31LSj88OL80XMNCTqbJYOy +tk6+uMmsEmQmAKP4mMhwnI60uzMogWb60n8mQO8TUibs3jSBEDIhZLJzKrBF5SZm +JOUrSH9KbLmNJQer5mHXhc8la6AtZDMl/fOAWjsQ4reBB00doQGl8QkYw3KENV+Y +aRFSUM52MbCtWXXcF0t2A7ydxzphjYjWWwpAix2JIAT4j9ntiyjCjh2ae8gHvY9D +DvrbzV6TZYPDwkS2w9/1rYgz2mfKnN3MpobRMdyVNJGeHU/YP4B9VwYIYQdJcToA +kDQU9EmGDlTQ+VDPv7iQxA1bCldhlgpyunHxMo6J6zWoTJsKqtSf61B5lK3FZ/4V +HO3/IMtwOXB2IWOva2VYga6qACBkRXPrKrUtv9fnR1BPM7SqIomgMnp8Hg31Bw6J +R+gyXBNdE1M2beP5mB8uOt2dWnhjspf9onlXkVDkZGEUpOpqvbKjHYyQW9VuIDDp +VstUd2AAMZIr84M4nWq3B78S67BY/wIDAQABAoICABzZm+cHJcfycTpF9d61oW6T +xJrMf+4xZW/PBqsyCDHPrv3HKSBygzM5GzokdFS0gzmFvUOvCoetHGMGgdc0hEL6 +nh+RTmqQ2kdL5FGvifUQWuDB7leGPBDo8crC3x5AFIckrO9ArXbe6BOuPM+P6Jif +bs0oSatfno8QMxucKvMDEEHcbldAfa4Vvx17rC3AmdPZw8A865y6HfcZOfkiiLSJ +/FiA9o2IuFpMmwebdB+U6qcsoKpxQIHRpnajW8qIH51+/iseuiNuYl2sbNwthEOF +mUB/AbsNsstbWwjzr2SOChqUwt9FBEYPAvSZfdILxTfahAPADF9gZzvA6ojIqKh2 +Lg33unSw+2yI+xbReHHA9jHuLdW1jTjHqVIFx+TvDst7BP3fGtASoJHZPa+qVXHW +TH1qaJKpk06g87mNyEm21sZzIOCc1sTEzUAAKGdCzlU1NM86cjwUbs4TcWfEel/m +nuHrXAx8oYzJq2nG6zyIjXl7teMBcI79L2nh2dQs0iZYy0IO8k3OqnMAfcUbxOhb +yrL8sQdx5YqeUe0/lwCQ4+JL3W5+EZTnDuSHji8LxkQ6B8vAwoN9Yj/J+QPay/gI +MtjXGwBzfx5jQAOQlTSeyJ93CKbKNv/nYFEX2DOScjYOY49nFasbCr826M8fHuFx +N09nO5EinRHEPB4W1wixAoIBAQDgT1gh5Jn4UT/KXm5EC5xcFlpeX2n57TQUmejX +UjurGIHRj5Utf6z0h09hSCcTlAXfaqUnuhJMuoLD2cHqHkjR2Z58ioheAkrJHHvX +pvYQOA4OVn+ApkhJ0vRX0nDJPLs6PrUBhY5wLTKPTvcjMmCSOS8NhPX3dqAtPncA +GidZH46WEfFRjMt7z0BXs9tibP/RZW3oAddB2DQoRlDvAHJm48xgaB7Zv5iUS3II +MEQ9+YEIweMiygQeQFTbhAiMkkGR/p6TenQLGO4HW/zUrcnm4KMvkIovsOj9J32t +L8cMwT/Gu57stsQuZMiCfPBSvwKrxJRXcVb9KTV4faav+nRVAoIBAQDHiy7rVIz9 +Bw3UDmmLoLQFRkoTTeaJi0ath1Wf9Z2KkB8sL384NAPrJv/l9MeRqbDNfPqlks7W +K6V45RIG+DnM5gmpmVZgDxc/tZmlPeUvq9xtbQDSVHIC1JgrU4Dl6+C54q29mz/4 +DE4UWrFOSZ2Lv2n/atuGYkiVDJFVgYzZlS0aTsyT5H9eO8O0He5NBamJWYNu1eLj +UFZltGVXSSHVXgAFcVEZs0ubTbEgqHYiLSsibeQDBhnp2nCMMFLREif0B3EgD9vZ +1HIMPzqGb57crxv10YMfTFGciAfud0eimiotolwKxKePdpFhBKAVtv4u58KKJmu6 +6Ce2mlS6GQwDAoIBABAMfUDHi2Ch54+CHB+QORq5mrOf3gQ8vXov3OHzB0PhmAA3 +ZrP/q48/UyWhtPIIqDbo+XITNRX6TjrXDLHEgu9Iw7cjbkhTn6gt+opebsKQUCkk +dTDuNMPbbRIPg3RSfQ7Yx7iZJqzN/w0T2EjTZOdxYfV0quiOuz0heAAw3tnYkSoZ +lIuCKFjuZisgOjUbmV4RBMERyKX0Yx7ykP3YqVbFO602Jebsd208zKbbVTad8GaB +ANBPZeYIMkoWc0ojeL+KWSwyGbVljjpGkZth5802C1bu34Q0AyeBuNM4VOSLuxVr +/R3woa60FUiIyeURt440nWx4NoIcfa/mRZPXtpUCggEAdJh5Q/zVnQvAIsaBGZs/ +VU2q/vin2nrNQ5wuhhcohMyNym2+coLCP2c8Y4vSCOUUcB20/4Z24WIDgE6pZ/Un +IPjRcI4ukFaBCTL9ojY2ctKDLFVjA4NgUxMSD07tpGtdloBDcOUETdYy0WXk8I/H +RN8F+r7fovhO3PjI+yOFv6WRAyxEEa6UVeWqBtbuZYcHd0Acsmi7+IL62Na92HDd +GiWg8Y0zDEddyFNvSlvlGzc1WxrG/pVUEvcWiHO8EHoBam/mxAtANVoTgeB4PBGA +zAZt2gcgDOu1TDeYGtkLvJFEUAHsskYSepuXew8O02FnyNSXMc4daMs6WVJ4a30z +LQKCAQAEMGxqrE4EhGdiktqpGWAYDESpRLGt8Cw+x8DEnFac7FDVwBVz9Hs2R96K +yJfEM9z1HRNr41hyZz3J5ODYNK4+rtviV6G+NuLLnitVlAbdIXJmuWBMcKgbb4wd +d4gLTYb4Im6htWS+4l9VNVJ3XDJ48bTRT+XHPX+IwX04gNTNHmcU/y1mJeVsB5Nj +MJiByfaucBsnrYadLgt6HBzpKK0TuMp1xjJxZsYh0BUX8g6WwSMayy22BS5cv52x +PiXiCZGjjnfR7aNlxuNhPeuwVqxKwV6dvMEqub4trfplBd5LQ2DN5P14vAKMqNLj +jobQRvDJDarOhs+EWq2bOk96Pntr +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter12.req b/test_key/long_chains/ShorterMAXUINT16_inter12.req new file mode 100644 index 0000000..b47c552 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter12.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArteh +s6fcX9Vql8WsTt3d6nBJEX8wTzGoP70cge8hYA/tYVjXswG+UyWaeOoK6sL4JDH3 +/B/2sJeafksEQRv4CK9lUyxpAq5xWZUtoa7vZVPxcZovSSnL/moGPiI6c5mb5GDf +L//sGp4EIgybDbM1Xx5uC9CgTj8EFoHfzNlg/htBByphJYSLKeM99S0o/PDi/NFz +DQk6myWDsrZOvrjJrBJkJgCj+JjIcJyOtLszKIFm+tJ/JkDvE1Im7N40gRAyIWSy +cyqwReUmZiTlK0h/Smy5jSUHq+Zh14XPJWugLWQzJf3zgFo7EOK3gQdNHaEBpfEJ +GMNyhDVfmGkRUlDOdjGwrVl13BdLdgO8ncc6YY2I1lsKQIsdiSAE+I/Z7Ysowo4d +mnvIB72PQw76281ek2WDw8JEtsPf9a2IM9pnypzdzKaG0THclTSRnh1P2D+AfVcG +CGEHSXE6AJA0FPRJhg5U0PlQz7+4kMQNWwpXYZYKcrpx8TKOies1qEybCqrUn+tQ +eZStxWf+FRzt/yDLcDlwdiFjr2tlWIGuqgAgZEVz6yq1Lb/X50dQTzO0qiKJoDJ6 +fB4N9QcOiUfoMlwTXRNTNm3j+ZgfLjrdnVp4Y7KX/aJ5V5FQ5GRhFKTqar2yox2M +kFvVbiAw6VbLVHdgADGSK/ODOJ1qtwe/EuuwWP8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCQWnYHEua7jTxug2VoAUe5Q1V2Vat0nqWNxYdT0h0fZY1l/g5jNzB7 +b0Qf7kU7RlECrt0lZL0ocHNmnsRyru/wBYg22+W8fTUOwvNwGExgP1WJanspI9KP +dJpjsVDvhN+PutEQ/wH+Nw/tOf0bFsAMrJu56NNWVZhGZ3K7mnahx+4IdETAlOz/ +M+0hikcLjA3XCcatYBN0Q+WuL5eowe3oEcFAQMgfmyIMbnqfbfQI8Wr7iSwq4Yq6 +6B+ekYwvxv8xYmPuBDvDAA2MeETKHyPe0AQjApk/Oo25OtgdZhPFZg7eAhTIsXi1 +chEmsdK5DbYCDpfNy1J2ISbUI8T66fk4a7MEZ4y7TOw36K7VpZeqGwi8+vIwfMAI +767itzekNU52BU34X2yPYS/GYERm5JyjgNfaRnbYZjagk8B/fIwX79cjW8IA7DQl +YK9hxWr2W8nNsNbLSEBBs+/8GW6kaPBo4bkgwhE0xzfaiPaz1iO6vpPeGyfe1+9H +Y68FENymCG19hYBbtKn5QpIl60tLcVE/LE2Lz18N9ycqAqfoSMnt96NYd03L9fOf +CDPACvA+csXM4KKEVqPAK5XQzFuObJJheVxZ6YaITwBkaRZ3FJ3jG9UMGx0Sr5n5 +mvLLPmquyagV3d+IGUI6setB4MKdjCGI5HsyiHAlYPzDar1NulkhuQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter13.cert b/test_key/long_chains/ShorterMAXUINT16_inter13.cert new file mode 100644 index 0000000..12a6888 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter13.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEyIGNlcnQwHhcNMjMwNDA1MDgxNzU2 +WhcNMzMwNDAyMDgxNzU2WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTEzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDoWaHiEp7jAfHMy0ko3doTqt8WL2BNSdtdPG2EDvbjNwztElga0fgqg73czVdk +u33ng1FyJ0bsslU6J5vxwY9g+jsTi1P/AZt/WivbIn/GVDmq0MUWyCmlxDX0nv1r +/8fv9qCrg9/GoOX4mFzrWwRQ7ECUmTM1U9WhPfq1MGpCxJVVv36rZYz9Df6AHlh8 +yv3yoz3/hbbD81vpDp5jkg4i+5A9clPBGxGim+2BoQxOFhZVOjEQ8dye1xl6ujF0 +tagmzJ5YUC8X6upaLsMHaW6q+IpxCzXTUtwRP0uVLwZuV/3RXm83/MFEhm2ZuOdp +6lNQeMXW5jQejrXNV00+1oQ/ABvZEPe4r4hE7xjY5yfWNWnX8cPy0HVtEzWbiycM +3NMitRywlQaSoM9b3qiCkU+qhXan9nes/DLXIYWvTdz3Wv4ON/rjD3Ujvb7T55kz +RxHEqY9RG9xW8ekVkQWMONirIBR1RtpN0PkB7frc2LjnNTorTwoOM+KbGmurpJiV +faT8UwD30JkOyUGSeXvFwNXInICqsiUTk01CA7e+IzuBYA/IzlntPudbhCng0dTm +H0tC+p37fhIkks84jKeSzlpUMmE/qDi9Wq71DUXo73CKdO0IO/Cn/5EpR3EBhTRZ +K6IbnuhlZpyy/4/BO2jMa1R4DPA+H1D10Y5XCydO3z6+UQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUB2gW9PauZW+pc/SSgJUG +6l0oYMUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAtddhUVlgSNoLcgNIt7YUqlki33Y5q3Y3cXZ8e3yCF7MyYhDPv +lnUZa663qZatLzVMCBwzmAKrY81Su8lIxvVeYrP+kLoGDfbjxx2YxfSNrr6CJAaF +Vmrj+h90PPJ+92uNcInmtQLyP1qqnzfACzvmWUcDUcxvisdoRG6Xv6snOHBKgS05 +dMG4KTeALHHCWA8mGcXzapf9C4c4/zAuFI7t+BsRzJ+Gy30efKl7BXM3rhx27JBu +ocovS+S3Jm4hy0we3Q1etjYJucPy9Iov/5bfJ/9ALDixPqbg5cwY1v8mxg0aVVno +c/33XBXuYtxvEpa0HcvSxpPGS/wQwdmlX+/Q14UMDlp1LICv3EzalACF7fNxEz1z +435Iax+Mpcewznagd6s62ADVT9QkVXaP7tes5TQtvymXFYYaVMFKDHhbc2OSbEBF +YfJfYnKHNNzur0zLvO+MI7wLD/6MiBP0HKzMFlbfHL06sZqmF0zDQT0lsAzBohaL +UCwukErmullz5FwdsS+YxXZ7W0BdEssl7zjXnI22bviqvKHIqIygVZzwAdj/Ga6K +fSRTd/iCMV5ayKfaZ9Tt5AJeMxrcO5v6bwIXVsXHynVB8fjdyynZmSOexK1n4PuA +jZqt8rLr/WL1z5foEa1ZCT8SbxYvAQ7Ypzub0DdCNRWNhQnVepY+kRtflg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter13.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter13.cert.der new file mode 100644 index 0000000..a543e43 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter13.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter13.key b/test_key/long_chains/ShorterMAXUINT16_inter13.key new file mode 100644 index 0000000..78d069b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter13.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDoWaHiEp7jAfHM +y0ko3doTqt8WL2BNSdtdPG2EDvbjNwztElga0fgqg73czVdku33ng1FyJ0bsslU6 +J5vxwY9g+jsTi1P/AZt/WivbIn/GVDmq0MUWyCmlxDX0nv1r/8fv9qCrg9/GoOX4 +mFzrWwRQ7ECUmTM1U9WhPfq1MGpCxJVVv36rZYz9Df6AHlh8yv3yoz3/hbbD81vp +Dp5jkg4i+5A9clPBGxGim+2BoQxOFhZVOjEQ8dye1xl6ujF0tagmzJ5YUC8X6upa +LsMHaW6q+IpxCzXTUtwRP0uVLwZuV/3RXm83/MFEhm2ZuOdp6lNQeMXW5jQejrXN +V00+1oQ/ABvZEPe4r4hE7xjY5yfWNWnX8cPy0HVtEzWbiycM3NMitRywlQaSoM9b +3qiCkU+qhXan9nes/DLXIYWvTdz3Wv4ON/rjD3Ujvb7T55kzRxHEqY9RG9xW8ekV +kQWMONirIBR1RtpN0PkB7frc2LjnNTorTwoOM+KbGmurpJiVfaT8UwD30JkOyUGS +eXvFwNXInICqsiUTk01CA7e+IzuBYA/IzlntPudbhCng0dTmH0tC+p37fhIkks84 +jKeSzlpUMmE/qDi9Wq71DUXo73CKdO0IO/Cn/5EpR3EBhTRZK6IbnuhlZpyy/4/B +O2jMa1R4DPA+H1D10Y5XCydO3z6+UQIDAQABAoICAEo5mAVofWl3jY8mwdBUTv5J +b8reh50pIvK+Ax5UyXn8dByn541p1iV+wIBw+KItYyM6SCJ3eajTr3ZMgPzSIMOS +LJ0pvUORd+NPIwN2Get5rJJs7wlAGE3kSHhE8iA2LeDyoJEqJ6qEa/LmeYiWIuLX +FipiZoF6rpw7+IM5XDjIJAyoiAapAkk010CGcS4sisOgcoXWaXRfodTp3p9gYTO7 +uXBnvWnLA+82cMEgeZXYaHoBhPssyJXVkUYrhPELtxPt+gesVd8GJKd6mMMdY0Uq +8M78Dc3cgoDf/31A8IT/hw4DZPQ1wmfpqcmZ0BN9z++9JTZpg+zfGiTm5r5UORpr +PGt+kTbgxGYZd6IAxI7tav/GVmIAFCHTIVLYUDA17GmHy/AmGJjB7gii6tfQxXYb +L3+IlCZdd3mv5FZxilSrEDt1YEXxXH+R4fPG5QHWDMUdgO32q22m2MeOG0UjnXnT +h4Fib9QQ2pzATGjQzorT1FUYpTPyMe9HV97mnsivwSeQkH0khcvCrCnpl3l9YxPU +yEDyFlewa94fVowhB8NdVqLhyyiv+dPn1cDz9oANM2ixx7Cv8HP8+m01t9DsgCpQ +PEtlkIrZYLquefN3WWn3xOUFgaIkO35BXFUUYMhnpTr2KhhXa24+WMbOtj06N0kr +ICN0pW876TjBs55s5LihAoIBAQD8UZNPn13sCNmXv7VjRCLWqnDpN8zfg7fZNMED +SBrvr9XBX0BNlfDShVWh2KADHNHDVMagrnDINjuki5fuvyCOPEwLf9Bt1zmmgL5C +acvuXGWlPZ2tVGIFwW81nH0DaqEKz1/b1pE/6Q60SUcm6CrjejMG/LXEr6PhMx59 +k9TGIPF6mVDFvkm9RNc5Lans0Ku1amUvN8BSXvGcSPFNwJ5HB2N9hxql0UpYvr/m +WVS0pAbNH8E6vrFdgxhLmp9VtuGyA8CLCnsrhrOWJyIgPTzu1bx/Mvn9xxGMJqML +kn8dIm7hMmlGLV7boSYRI/XGbEntIt994tODLj1gnPlhpQ7TAoIBAQDrvXksTgRD +zM9waxh016wbbDC50sWB8Gm3kXWO+YvSxGuE10Oluy+27Ku9mdqWcu8NxyqBRZRr +L0obqxJPjavjSzdkx9KJt+x1VB+D0XxXQhkk6vIK7mvYnBPVXBtzOKjvAVSvYJaB +bU0vmpU9UTqtIDcevj/KZSFegF/ID9CuASo5o6U4Z1YcbBg1oCTEtDMDHKhhewwm +9vCx6oCiwruD7X32KqLrnf355njwSFuqyDoPW/WxwMRVgArtWfQabDE/0dw3vXb8 +DOnspUIMkqnBYo9mk4XUCaWDmSKAaHg6vj+51YB2FK0i9z/OQSu+Yh9r5Eb/OwYE +59HtTJtUR+/LAoIBAFf1IAM7rQQhOak6vUKzd+mZVO8X8qVgR3DCgR5hvnIbu8pD +KCljwaXBsU5QM8eh/kW3gd51sP86WKRNvVMO8Yxj3KaNkd0YkBJJAwon011ufEiU +KClKJzmWauwndzT/sNAR5nq+W7gJyIR0nwcjHABckvk2ky7Tg693oINqS1weE9AH +Li8g3JfMLbLTBk91lsYRJuDE8JhGXLd8fhH6ubJNExOpS1LOmLpDFKZ6MZsfKvfK +wBN4cmAE2S1R44V/0UG7KR3PM4zC0kvfrHfMoTco7yLwZFFhWe6fcWsRUJqZbEm4 +xxYdrtmlXZ3QCVd4XHT8GSjLL6ylK+RIFG9DmN0CggEBAOVhavuCOkIikqIHgzeF +9/CC+HKHtSj3XlaBEgt5o+UEvL34m9kyZ34tkfqeLwR/dz5H0oMQyhb1X73GWr3P +0zYKJS9KBAF/VnTf0v53ou5g4Yh7l+KtFYEidWYBBrC5rB9LgzRW3nu3eAhe+OI+ +HMMCer/OTNHKT4rdjNVlFh+KAKUvJ3/XhQGI6JGdbsl7sbtQckLP8QYk+BWWYW59 +3unC9/LEj9yF0fAMoxbiwVdPFreFOm+oayHqwjcrdQsUxWMc95PBJnqgsilSsA79 +0nHaTkB4QRsN++At7FVX0c0O+4D+Ts4W1lUUkiBGZ6MLZRmdeLu2mefCDhFBnk6G +5LsCggEBAOhnP9oghiVLKSf/6F+T5xu1sY8Z8a48XnUDD9jAYHMceHP+6kSHMgbW +90OiHcGPHc0kyz+KZ+Du/xuEFTD6F7vu3l47LI3KaOmd5bcAWANwn/+Tg/qU01eh +XgMZ8blSpIqJgjUSpPzhmSoqFNNs6Ux+DfmPBLwt7xQqXm+/1MK1C/JHjKL0p+Ut +yDVztsDBxJOW+to6suF+UXOUZKHkvsbPLxDO56uX4YqFIqpq4CslwXiMH89NPHkh +ng2jxitQ2ThE4o59yZvR5Cm0fxfureTXdvQcA/e3eEy4OHtoev2Kg8DBM8ulZsgm +xf9JYl3NNlXxDCN659/Q4dsnrf2s5Hc= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter13.req b/test_key/long_chains/ShorterMAXUINT16_inter13.req new file mode 100644 index 0000000..1211169 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter13.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6Fmh +4hKe4wHxzMtJKN3aE6rfFi9gTUnbXTxthA724zcM7RJYGtH4KoO93M1XZLt954NR +cidG7LJVOieb8cGPYPo7E4tT/wGbf1or2yJ/xlQ5qtDFFsgppcQ19J79a//H7/ag +q4PfxqDl+Jhc61sEUOxAlJkzNVPVoT36tTBqQsSVVb9+q2WM/Q3+gB5YfMr98qM9 +/4W2w/Nb6Q6eY5IOIvuQPXJTwRsRopvtgaEMThYWVToxEPHcntcZeroxdLWoJsye +WFAvF+rqWi7DB2luqviKcQs101LcET9LlS8Gblf90V5vN/zBRIZtmbjnaepTUHjF +1uY0Ho61zVdNPtaEPwAb2RD3uK+IRO8Y2Ocn1jVp1/HD8tB1bRM1m4snDNzTIrUc +sJUGkqDPW96ogpFPqoV2p/Z3rPwy1yGFr03c91r+Djf64w91I72+0+eZM0cRxKmP +URvcVvHpFZEFjDjYqyAUdUbaTdD5Ae363Ni45zU6K08KDjPimxprq6SYlX2k/FMA +99CZDslBknl7xcDVyJyAqrIlE5NNQgO3viM7gWAPyM5Z7T7nW4Qp4NHU5h9LQvqd ++34SJJLPOIynks5aVDJhP6g4vVqu9Q1F6O9winTtCDvwp/+RKUdxAYU0WSuiG57o +ZWacsv+PwTtozGtUeAzwPh9Q9dGOVwsnTt8+vlECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQC6579ETswXZpTOWh281skDd5U6hM9UmwKSeoEjpd/SlfR8ardIWiea +fXHhmgSqN/Ols6jHe9ZiNDgLPREUPjqP9XVJTKb19yZHl7+1X+cdYJ4AgNAX0CuU +O2pWAj6xCy76/LBZuDuc/3JMPFw8OXyg+Eht9eehoe/E43BjsnHiuYtKOZH6wumg +1PZelDTJ48aaBpTtCzPOrsI8kGnYDHfak4UXlytERvlbBZs2sGCeik8nHH62OdNC +gVgCBGSjJqVn+Wt9xr169QczSsCw4wzWImh+GJ0QN1Ax/+tgynI58I4jTWk0USRW +uh2AO3OHvOlLi2mpYmpGjqYOlwarkGKsv+x5kw6cwM6jzMrlDlC7gZF23iWoMYPw +mMF7BwyUk0KIIt8S6uJ1ZuFz5mLPwpKj9z1aH9X8xlrziBWBrlll2rZLNMznbFMT +DthyN0KS+yYwsCfUpmED1+SbD9rDTmXOawTzjqR9FAORNk3UeSOJKK47J/41G+EW +mwnMGYLI7iR2AbDGuUACXQgIke7N7DOyMq5n/HUx2aOAuP9oPWblnYEC92aq9Y9T +fOYt+6moxqtw2U7j5x7VLlgkE22NKfLKmfZE7lExM2nKow2Ct40D+9s7fEXNytQh +/6a2UmuEnZWrzIzXnPIx5Ktl0caW+T9eWO69gjK5NuM4VcQizLFhJA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter14.cert b/test_key/long_chains/ShorterMAXUINT16_inter14.cert new file mode 100644 index 0000000..8bd5e98 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter14.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTEzIGNlcnQwHhcNMjMwNDA1MDgxNzU3 +WhcNMzMwNDAyMDgxNzU3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDhwy/ET7s6XckN15iAUFNoebbAVS/ULtlJ8zoJh3Is+sn3SOh/rklWJSl3NLaN +EcB4VTqdKwRPp5UXcmAfXUASHqpDFPUqI793JRaFhuAL3IT3ruZ7mgt2cjAdcpmj +WXBedpAZj7llTANvDx7858jWq065grMVhUdSOznD+mHPk/KxjofGRSg3gr5ptWQg +rhpA3pg9Jngg6Xpn4BRC4Ash5HpwxOI9etqKfxxXf0ncOWh/bsmZJzPryznqqK4E +1VE6SWs1Ag0nCby1xeK0sFRPI+dBAXUwG66/QlpL2wW2Pg0Ii+B43txp5nDbiyk0 +ePFo+bWp2/bwlHrWHlKxTgzVgCyGy7PpT7lDF6nNod+zeLkASNtlpYXO/OdKJj/J +4shWrmV9kYyS+JhsRMpnqlZb8QNRtlHHyfCIhRcalBD08L7JQ8vHKqK+2inslaZp +Q0TmDDqPrUnpZiSR0w5tYULQUGOpMUfupg5tMnTQ0n5GoSbWrTjQSxnVwLw6nojx +dG3/xPfSsCrstjUKXOG7Kin/368elL7k0TZsZychK+rrnV5sWoJP269ZPg9XV7/J +pIwNTUVjl7H+BB4VO5RTcRExi0YOBm38kWyLbrblXxBOSDTUDp1TKx/gH/ihmfoc +fLyAke1I2MSwgnk4fLduluSoo59YTFiOLOf75ADeE/T9MQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUY92+ymSwusRDR5IMiyAz +5Pfbg7QwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQDc+02xHQESBIieW9GLhctYFT40hxzd+9BOFKhePKDlbfpRIZ8Y +bwetbvW3E+vhyZVp/EhgavmXKHsCuLcCEo+fzn7rgTWk898NjFyn1UMnEh8wZI2Z +JXSPKD23aXPtkHz4rt0zZqsBYEGxkIOMNzkj2gQXoQhh2jITutKssIAPhGoIElhj +glcVOqTJsJ/OSbFz56wV3fN69kxCcvFj9KHvEatwU1DyCZH3uZOFvmlid5wOG/kt +ZRoNrFLoUB53/dMITVxMuQ8OeKYhI6DT13LZQ7XC8aqeN9StHVqJLDprqWFZ6rPj +rmnRgYx2z7MRc7nqJsPBh5Ba/o0se3HhRImKws/3D3MzP8cqsF76BaL+Gb6omqp3 +pSlzU2utBJ8CXV3z8TjdVD6Tlov0agPj7/saIgGxcG4cOheDr7j+FyCmzLYoT3rl +ao2j5ttndnf67bClbcjyKbWApJ/s/BQZnn/+ET7BN0jSD1PvgXpOo4qJ2Qu7gTog +DNdhWFdU2h68jRSjRdLFdZZEzw3MnWhh8GnIEpOKMMOjwFM5xL01IVSNN3ym5aqW +Y/e+30br0W1MV6GPg3KGhVAISPfVxSHVZEXZ6OTRT2p4dm6oMlqnsLI17dj2DceY +KeqHZMdozVNjlRnW5/VoypitxSGOGcGEOpwbBTSa2Rbsl1Ra822R4MQvJA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter14.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter14.cert.der new file mode 100644 index 0000000..b06f76b Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter14.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter14.key b/test_key/long_chains/ShorterMAXUINT16_inter14.key new file mode 100644 index 0000000..5ab5931 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter14.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDhwy/ET7s6XckN +15iAUFNoebbAVS/ULtlJ8zoJh3Is+sn3SOh/rklWJSl3NLaNEcB4VTqdKwRPp5UX +cmAfXUASHqpDFPUqI793JRaFhuAL3IT3ruZ7mgt2cjAdcpmjWXBedpAZj7llTANv +Dx7858jWq065grMVhUdSOznD+mHPk/KxjofGRSg3gr5ptWQgrhpA3pg9Jngg6Xpn +4BRC4Ash5HpwxOI9etqKfxxXf0ncOWh/bsmZJzPryznqqK4E1VE6SWs1Ag0nCby1 +xeK0sFRPI+dBAXUwG66/QlpL2wW2Pg0Ii+B43txp5nDbiyk0ePFo+bWp2/bwlHrW +HlKxTgzVgCyGy7PpT7lDF6nNod+zeLkASNtlpYXO/OdKJj/J4shWrmV9kYyS+Jhs +RMpnqlZb8QNRtlHHyfCIhRcalBD08L7JQ8vHKqK+2inslaZpQ0TmDDqPrUnpZiSR +0w5tYULQUGOpMUfupg5tMnTQ0n5GoSbWrTjQSxnVwLw6nojxdG3/xPfSsCrstjUK +XOG7Kin/368elL7k0TZsZychK+rrnV5sWoJP269ZPg9XV7/JpIwNTUVjl7H+BB4V +O5RTcRExi0YOBm38kWyLbrblXxBOSDTUDp1TKx/gH/ihmfocfLyAke1I2MSwgnk4 +fLduluSoo59YTFiOLOf75ADeE/T9MQIDAQABAoICAQDYfTCIAqEapiaPRIfzu5NQ +Iy8xHj9ALDCnrjqgOqctJMyZeeuhzIJ8viQWMJFBk51KhwgvALognCXnFwG/8c7n +0UoaC7XRU/hdi04eeyjLlwpW7PwN2LlXOsaS5nsX3kNYAj/Kkz0IOy0ryYdApA++ +cwWJ9SA/6c9rtml9WdODl27p/zCJ23VmTdTET3IVuH5qaEn6kbIudVWw2Hr1ahyi +wpL7IoGEzRNWLfACo4gzS0W+tYFSgPpUCUyfjmNZNSmwSAkrCq2MGtVAReNQu6oN +PfObLYevu0wGEd2+0eeXS8d5w5Bct/ELCDR/AuJfc/6jWJlwqgMRzoBAZVGMvrik +EgV1ZSU10P16rS2YGUn79i8FzxT2i6NzxDn2hjVSkjgxlIRm5d9IhQeOoeR4qxRS +GivH4joe+WaDDYg8Y0cAEfbMA4UfasAH6gX+MQ5gwl4eeXQ/nCaDwz2AA/1m+bBl +wVwzK4u/7N5OOgyli2fbRtQlZYXD+QhEw0kAsuXiS29OscJ508DOfGCwXakPXy5+ +kXyBFEmRW11qs7uKaJ1gtzNe9Bnb0iYzttAmls5bAg+rgzvqP5zKOwpCNX+LMSID +w0ph4Y9LxZDmQNBElXMSj+lQe4LdYvUD/0PAKwNP83RoEatJL6cY+RcNhUy7rFSA +3GAoBZuyAYmWI6jEsdc4sQKCAQEA90XrnhIHObdwuZrcGKZEvMPZQfn3Z2A1QcD+ +eQttNWFvVZJBTXD7K97/HVITJejeX3gPDfcRxDt1cF13rCrhJa0Q1JJ5GUe8HSmT +Hw8f2ON+WO3l1E3ImshJJ+9ej4gfM5U9ws7/zaVQNt3qw8yWrWstKiB2Rt+RgGRs ++lYnkqQgPqZ8x8JWBMygMyn3Sav6jD09Q99suoe3pCGHFe3WiMhD1YtgGJejmkWO +uqAiSwQh20PVldvW5l8EUZP/DVlH4tlX1SJHPGpVmUnMyKju0nMDaOCffSTpG7RU +I3f1fGWLpoPv5F0/eWgRvwV5wH9/Cwpy/quZJch1nsEHklMgTQKCAQEA6brri9V/ +sYheATrjL34ddGb/wf2As5QB5GH/gEx6ZkqlhB5XV3GrNnn8ojy4WlHgGtaTSvX6 +9+3AZpGq19Gp3JTwznlqB2bva+TdVb1lL4wWh3pMfTp8XjOSdlS49h/lgMMsskW0 +5agfN7otTIMZjh4V4p1CnnuCQ6bROwap29nbagryalfJ2wfDcurKM7047vJmunnk +tYnHiC3RsmZzWfVJU1eA7QFBwq6rL9byQYG0jAaj/FdZWO65pOMRGKzfubZJa/x4 +Dw9BIXbd5cDQo3mCMCuFscZ0E5SGTTehsk9fr6KkXSUqwA+1/R9vr68QOxHpBgP4 +Drz6twkD3uEidQKCAQBhJOwLHsQN7b5wfKFpYbDxg/PPkreaulZR7dNLlKyj4xKN +SLc1CGT0+Fe7mioBo7nxQcaQUvd842sg6OeCERqA5bwN9zlyMBd8UYAGHLgDSmSx +5Ux8ms5r2LG86bJ5qx2u8zvfU9l1XjPkSkzX/YFYwhltSnGNKHoOOeYCd2R2nNo6 +Isg05mlK22U4lI0dOV5mSAzQpG8f3P/NkIp0mArHk/3qYCYxoylYC2mmchDm7cmr +TbwUcti7iqq0rfLuuJugSIjUJ/Jajt/wJ+k3D/87WIoHYu/lh2G5S6Aeixs7ct1p +Xr4ZNnUgaj1GkY0ijjRIDyPcX2f8SwPCic1CtDulAoIBADfWwTlKC1S1mIfAstAA +2Dab+NQ2pQ3B+WW/h9P18XQIt1xGB2XLsTS1lgaIbR6e2uRuiQfqlkevFD0s5dzj +qSoapyEc3pjgHajwJ3S5Z7ghRqydKjLsyxOSTJZajUm3uxO1DTOV9a68KKEeqH3U +AEH0rBPUsDq+lRNmgiwQ3nm4pXPDI8EGMiJSy33j2+TaewSTArngLySzwuik0alG +Up6WPCteB14X48cIBbvLJVtDCog9eeXqVF0rw0xCNy5m9pgelZHn4iLu6Qd+p2qh +UvcLK3AopasgF1EqNZ+y/71iuyBxwcTDAWCbIEZVwU/+ieki0UHvps6WlWsvCy6v +KJUCggEAYoaV41p6HFes7rVe+sa/lRnU68BzlQ+CtPDK2j48Bt4uK8CQfznnCIc9 +IfX9HJKocaL/REEcgARm2dQm5e36eTwGOkcY5m8GDLr8BOa3lEhxOeHBqPHLoESi +fKPTIrj68TcQtY6oWJD0YFgznK5ObCYEzaFQtWgIF/Tr9EW7oZpkm1bVLl//AYnS +hyFQNqcfoUu/+tjm0GO2k4U0kbElFLpfwha+a5PRsbbjBPwt1bZICI2RERuSXVIS +ltl5VYRyTKpMg3FLz1D7JT0D9zoG7hNf4hBTWni1hN+BrylS1OZY+BLua7GWqyz5 +jeyp13yfZOVP8TpiIZQpGqkefuMexA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter14.req b/test_key/long_chains/ShorterMAXUINT16_inter14.req new file mode 100644 index 0000000..8a50317 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter14.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4cMv +xE+7Ol3JDdeYgFBTaHm2wFUv1C7ZSfM6CYdyLPrJ90jof65JViUpdzS2jRHAeFU6 +nSsET6eVF3JgH11AEh6qQxT1KiO/dyUWhYbgC9yE967me5oLdnIwHXKZo1lwXnaQ +GY+5ZUwDbw8e/OfI1qtOuYKzFYVHUjs5w/phz5PysY6HxkUoN4K+abVkIK4aQN6Y +PSZ4IOl6Z+AUQuALIeR6cMTiPXrain8cV39J3Dlof27JmScz68s56qiuBNVROklr +NQINJwm8tcXitLBUTyPnQQF1MBuuv0JaS9sFtj4NCIvgeN7caeZw24spNHjxaPm1 +qdv28JR61h5SsU4M1YAshsuz6U+5QxepzaHfs3i5AEjbZaWFzvznSiY/yeLIVq5l +fZGMkviYbETKZ6pWW/EDUbZRx8nwiIUXGpQQ9PC+yUPLxyqivtop7JWmaUNE5gw6 +j61J6WYkkdMObWFC0FBjqTFH7qYObTJ00NJ+RqEm1q040EsZ1cC8Op6I8XRt/8T3 +0rAq7LY1Clzhuyop/9+vHpS+5NE2bGcnISvq651ebFqCT9uvWT4PV1e/yaSMDU1F +Y5ex/gQeFTuUU3ERMYtGDgZt/JFsi2625V8QTkg01A6dUysf4B/4oZn6HHy8gJHt +SNjEsIJ5OHy3bpbkqKOfWExYjizn++QA3hP0/TECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQC4KZzwYDtfH8QbO8LBxAW3MNGiyK+ieJX62mfWp53C0loKenOZCq/9 +CgoN9U2uaQ9lCrqlor4bRJbqr0kL9etZun5ypwZ6eSUUYfXG0C2R3g5CUXwLBCyA +iNHk7wGtqIlidPZwMYLvRRZou2WK2tbsfvqt7JMh+LXsp6X+26n80z93I0PwT2/y +oAQo5TP/NGSO6Q5hJ5uGKWnIzMfK9n0QAyemqk9YH9JFC2yO9IwJiSRzvLnzJSmX +cgPdjtXUg/atxjR5TTLSqCyIxGR7lrkUBPNru+TeObFaCEP4vRw1T3ypM/su8p8d +laOZyKRTbhTe/7DUok7kvo2Gr1iQqSIlZvw6FjkTYJZZr9mybX/yntmB8cZhk2ZM +40EEEtYD3YERK7vViCdQjfUFD719tNCk48nO4tEpUXSqUu2rAPqcD99HZ/yV9ipS +QkuWCKtQp51elFNrKXECDbqNxrEozu0ILs9kZysedFXN04Gwbh6KPhawu57j7OwT +f1Sd+U6jQIce5lNqRveVsaARhJLc9R2ltNOPhPWPH5rMAOmmupp/TeasgEdMdvUw +EW4fBL4PnIPERybmKDJwA+CZPMSF0mLM3HB1hRQ0M6GClsjFGwUokeA/X+7X4MfX +QQnVyvxr16GRDAoYIad7fmRJE6icqRRkYz4T8hs2ZQvlGZ0NWt8lTQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter15.cert b/test_key/long_chains/ShorterMAXUINT16_inter15.cert new file mode 100644 index 0000000..e6233eb --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter15.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE0IGNlcnQwHhcNMjMwNDA1MDgxNzU4 +WhcNMzMwNDAyMDgxNzU4WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDVXi1M7p0AfMJIjev91/pzhUMeuFuuSNdAlhwdxg7akL+NNVADhKYQt4F+Ae7U +LCGaiBEf/7UJgZ0DEOLUIYc3RqSTVRsHkdYwwQUHEH0aenDkwUsONFDVP7OGmy8V +e3exObbWpfNLXDnLs/q/xjv5E+NpyHJ47xcQEQqDPcWa+RVETX506hV3vlZLIUqh +r7KBr+0Hs7emgx3mjjWPxk4O0+V6jd/nUbPm0E5kC52+auuRrbLpxEfAclMMthdn +i/ML7mSWEF/4ZnI+Re5ixD9/c3MrNGa5vmAqltPMSJjy1gpOHRe616k5sRgU/fqg +fVDOwU4ZtDkDBWWiPxzwoU/iZRVywnmcj+0J4XQmW5zdlfgnayjp2N/zXcfIl9ec +4Rh2ussZNvn4DlbOF/SEkThKnuGzCKbFto7vtK/HUbQ9goe8A0t1d6MUQVRLqfII +qfZvjf560Sei3Zyhw5WnfxUbadpGr9Q8nYMJEJoRMiwlQ89x5byEHp4W3Byd76OR +8+zWv9UZMXHVdf75uV0uHVGk+kff46jKT0IbvdbuHmA6IDTFoR88BifikRH9fSB+ +5EtysLoO9p3o8xHdCi+s2DDS8GD32q0V8gwSDA1O+p04Z1kLxjZG+/z3Be8PyjfM +spIeqLD9TOErclVoeiM2+bW0hCIUlDpZKTOAbBUg6N14cQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUQsH3goXUBix5BvOSRwDw ++b4egqIwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAUDaGRYcsZBYX1Wzteor6xJe0aj1zoAFEeOgz03bBovTa8PmPO +CQEmxVcRWSZkSHrhhIf9u2QPe0bgU5IBfo6Vc/gphgOFZMfS8vVRbZB9uV7j7JAD +uOGBOaz4m+LB18myE5jPMAwj80GHeen6pCOgoVQDqbItW1PaYQMVpzhnboZ6e7AX +YmFi8KTCBioRM8rTgeVSCfLdVjFil70csUPVhu7o+ShrTIRdZEGGaZnUF3j0/y9k +LOdGvfWuVjZ/IVokCsA/SepKnWDhF5uInD4wSDk3ir0cZd7sRr9miVptPeOk7ip3 +VVERPpVJ792HXaXBbmoyOcv0XpPxX5TcMFD+axEDDFXGR1qyqIArc5+uAM3yNYuG +7XajS7/fQNaNrRCDPXm3s6NbIVXuwoAun84FuvlSQvMxzwMHW6M3U2++A+UTxjEy +9NUCU7hXeepm8nmCYzSbZS670VH0PBib/E0A/41Mkues/zsC5rbvk8HjP75nrz4R +eM+5RH1zpVflOHrgy8PnJeHj/m6d3L+iVNXcf8GGFheUlC30SGoQFw/CCTwLV+fI +VHZLCMx2HRWHNF16lXrKwk+hyIw9xbW9AblNrIlqBRqXJG+IHeEUw/c5q5zU3izA +xa+3YP4LzIkuKKNEPwv4+L0fqtARIPcZWIUMp5OxyAPqzeWQ0P7u2UGnfw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter15.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter15.cert.der new file mode 100644 index 0000000..d256139 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter15.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter15.key b/test_key/long_chains/ShorterMAXUINT16_inter15.key new file mode 100644 index 0000000..e29af84 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter15.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVXi1M7p0AfMJI +jev91/pzhUMeuFuuSNdAlhwdxg7akL+NNVADhKYQt4F+Ae7ULCGaiBEf/7UJgZ0D +EOLUIYc3RqSTVRsHkdYwwQUHEH0aenDkwUsONFDVP7OGmy8Ve3exObbWpfNLXDnL +s/q/xjv5E+NpyHJ47xcQEQqDPcWa+RVETX506hV3vlZLIUqhr7KBr+0Hs7emgx3m +jjWPxk4O0+V6jd/nUbPm0E5kC52+auuRrbLpxEfAclMMthdni/ML7mSWEF/4ZnI+ +Re5ixD9/c3MrNGa5vmAqltPMSJjy1gpOHRe616k5sRgU/fqgfVDOwU4ZtDkDBWWi +PxzwoU/iZRVywnmcj+0J4XQmW5zdlfgnayjp2N/zXcfIl9ec4Rh2ussZNvn4DlbO +F/SEkThKnuGzCKbFto7vtK/HUbQ9goe8A0t1d6MUQVRLqfIIqfZvjf560Sei3Zyh +w5WnfxUbadpGr9Q8nYMJEJoRMiwlQ89x5byEHp4W3Byd76OR8+zWv9UZMXHVdf75 +uV0uHVGk+kff46jKT0IbvdbuHmA6IDTFoR88BifikRH9fSB+5EtysLoO9p3o8xHd +Ci+s2DDS8GD32q0V8gwSDA1O+p04Z1kLxjZG+/z3Be8PyjfMspIeqLD9TOErclVo +eiM2+bW0hCIUlDpZKTOAbBUg6N14cQIDAQABAoICAQCHk5b/WmNiyuN8zMlWe+VF +gDj9DTIcVWaJQJjPBmmr0ewVYvnbsm7/Ekty8PF72irkEW+oQIgdaUGGkDVBi6hq +pDWw9JP/RFiwlAWIzp5fs8uGX5g8h1uRlS+S6YqKgPC2KTEXxU0J5qlG2a8MKn8z +LsMDFX4/f9TMvbdLW3XzmjA8PW2MBq3rb4NPq/DLOmQX6dyYV0brxEa8mEJKgDxb +SaN4MyxBxPWmRVh6U7NBKplS8OdNiQ36p+pDmnTWs+OVAj7h57fDk/0lurPWCFM8 +vfRBUMOxZNmgVkRwevTM4Nqddfj9HUoHQZNGy3d0gQxWxBfHV3AejlBdPvM5p5ak +4IiDKpwzCvW6MvpKQlWRd20R7meOlrRRuGyOne05skYoUYbo0bORJyMkGNPoZjn6 +QmkUD+W1Nki2FETZesIpj/bhVYBF0EsZkYXyNAYDay7NC8DoKJFFr7IgkorYnywS +g3d59r4Yhr+j9qgyYOkPP9e/+EOB1pnVe8pR0DzHlwZXBEMeJ5f1w/5JGMG+iKWS +vqAlrTpd+lnL57hjFxW+Wu7PZ1yLlvEWjxFFmm2MHh/37YYfYboUu6Z26PnmzRKG +p/L5pFuYXVcGIqr/QDavCCX/QVBcAuSwzD5bXQT7qpNd8zxXkLtXw/aWiECe/xUw +Z9irQHvywEuEdzB4KH+2UQKCAQEA6jk2TvEXA7vwXrPKHs77Dasjt015Dd+a4lfd +p2uWn7xpiT/g71ekXRf9pd7ZBs1FKSjSP/h02/4FTFADECWhwdN8pQ00Xm0+kIDs +ZTIppgdPa6EeH9rMgNVVexbF37sKMjy0ooO1KI12+CyqOX6K2Gvrev52ZR3HDqH0 +EomQ5y1jSaHN4S9tpmMjbfr0tDFmVhx2m9gxp6TuZaEmUPFedNZT3qG3RhYcxXCL +7bnbsUwTTo7maPpcylRf2FuVnMcmCwOjQxYEUjxzP48feaon+kE/2AUxeRfRHHzx +uFzQLE4u8P0ayyhQJeai1gYhQC+BoOmIrNX9mb+w241UHxP/5QKCAQEA6TST0ylS +4QdSAHoWPQOqFH24BiaRsuqB01zwrx/Q+NBdVYxcdDzoEFuIrIKoVkdjMcWZuBP1 +MdlAPsloG4sNnaX7x7+0zARK/ksPMQbqPU6pi7PHJVGxO1TGU0HfZAyBm8hlvuWU +XhiApA98nbYEpIFPkacwwi1mZaF7MdQtAWyzCqF3i+bS+W4IFS6mssdFBv29W4LZ +A7q4bBhtaCd1WkBy3X8eARZX4isbPSo9vjaO7NZV/YU2g5FzfCvXZyAnLc8S53aI +KRzkL/uswFx61xs0uyB72ms1VhueV0ucQ3wm5/PZxUu/dfmr68L96UCQKcsrcuPB +v6WmZYkKI/DVnQKCAQEAovWtSF1K8ukmgu05+hdt6oOgtN7tE274lvQlHl+ni3mO +P9S2zi8/Bxoy+t3CR443yTxClAlsXMcurnqYtvpHwdA/z6IRRoVhWy6nynyNJ5u8 +cRjHGcikMhq7f4lHoLLElFFSKCPUveM229JPmPLm7U6gppE2lIGURiT96IvXyk/0 +3Xz6/ep+sp4VP2a0LE6WceEZ0LIpUgdZalIlk3lri4S3E5WWKuglmmUEpiCCrqdM +Y4Le4jkWqBruGF0YCd0xJcahJ4LA/OpcEOOmNYLij6YoIkbytdqRPe3cS7YfjEPV +OwwOQTzKDqSZtKjNJ5gl62uwEPhNmlQZW5fH6FuE1QKCAQAqlxicSwLA6DZYsfNX +x1CLl35BWU/orh1xvZqTUSs4Fc3F7vF/pRP40M7AOsiFoVoDYAQ38yUnqnaqQNxL +k3S0Ivk9vMxHKk2L7adjm9Cxy6j5Q6cOMMI+hLgHwpMK0aHmEo5Kc+FJ4g20aMOo +hfKJHLiscC1eeS4nR3uZWRezF+gG/AA6Q7iqJydAvxlgszXvFe48RURfAv3ld/yb +NgGfrv+LZkjTiAIa4yaBYDKQh6RIqshfmbGgC7NcrSEUy3F8U0IvlZ0+bPFbtgoR +w5IHsQdLWZ5lAIloJXkglkV+qbDtUcKm3rOj1ypHz3/R1qG9kEZqICBlYNpn1sRM +VhKdAoIBAQDmyk6bEZ7DD9DHmD3oas6knIoDYopIes42IMkilTomrvLS1hgS6e2+ +PntpKLYvz+Hfm6yfXzYdQS0Iff0zonNw0GtRU6cW/spHBUPOIR6g2RtBWfsiRF6K +iv1GJc7hBxDICTLsTpkGjE0/hdxgLWcvmrgkUh+J3A9971hkGnN+GQcZc/Pn9J/m +nNr5WztyjZNnlwvSRzJSwobQdJLx82HCnsrehWNgqPzpwtD1ByVNredXcgXTgxal ++XIYMYmdF3B3bnnueKeIPvrtATQSdLvyB5gNA0JD/JX0zEzx73Ai3zhPgrqe9C91 +nkoBWCRjzo1WwvF7v23XrbRzC7s2k3YL +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter15.req b/test_key/long_chains/ShorterMAXUINT16_inter15.req new file mode 100644 index 0000000..63b6fa1 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter15.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1V4t +TO6dAHzCSI3r/df6c4VDHrhbrkjXQJYcHcYO2pC/jTVQA4SmELeBfgHu1CwhmogR +H/+1CYGdAxDi1CGHN0akk1UbB5HWMMEFBxB9Gnpw5MFLDjRQ1T+zhpsvFXt3sTm2 +1qXzS1w5y7P6v8Y7+RPjachyeO8XEBEKgz3FmvkVRE1+dOoVd75WSyFKoa+yga/t +B7O3poMd5o41j8ZODtPleo3f51Gz5tBOZAudvmrrka2y6cRHwHJTDLYXZ4vzC+5k +lhBf+GZyPkXuYsQ/f3NzKzRmub5gKpbTzEiY8tYKTh0XutepObEYFP36oH1QzsFO +GbQ5AwVloj8c8KFP4mUVcsJ5nI/tCeF0Jluc3ZX4J2so6djf813HyJfXnOEYdrrL +GTb5+A5Wzhf0hJE4Sp7hswimxbaO77Svx1G0PYKHvANLdXejFEFUS6nyCKn2b43+ +etEnot2cocOVp38VG2naRq/UPJ2DCRCaETIsJUPPceW8hB6eFtwcne+jkfPs1r/V +GTFx1XX++bldLh1RpPpH3+Ooyk9CG73W7h5gOiA0xaEfPAYn4pER/X0gfuRLcrC6 +Dvad6PMR3QovrNgw0vBg99qtFfIMEgwNTvqdOGdZC8Y2Rvv89wXvD8o3zLKSHqiw +/UzhK3JVaHojNvm1tIQiFJQ6WSkzgGwVIOjdeHECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBL1cEaPV0CKYv5CAEfFnh0QFFfwFQjFRLJaYPI9OdvqQAkcluGAgNG +dsqDZOPmq0LE5zdrzkqtkSox2HtRJXwj5AKhlcgd/XWp6ahUXyyunNDGLaU2wISK +4AinL3eCg1eBUCDR6MICNzSBNGm+S6IsDY39eABN5d8clm1DfYKvd2NQxIxOA7z9 +lIhSmlvFwwkWNQ3JzzU2CgrbMiFcW9z52Zniyv1HhSL2JiATzpIFfWvJRaHFx6HQ +wDBmUH2mIssTzQQnxCmomAn7v3Z4EAl9dM0sXBDwwbmoVExv51Qu1tXPeb8bvoRG +1fGZ/WJyzj6geflMUEOAJ2CESa/AYitAFLTzUq0fZLAkO2tiRWvn6jZiq2ndhgxt +aK7EXZaZKYZCwMGU5rwNFRjj568cxWvVWk395QcYsfWmpR2c+sc1zTbWi8uQuFF7 +EvDSpMOCbWS5XnVnPNROzJ17TwhkIBTgyb3nN9bF9jVyX3I8RGxMOFUWEzdsZqhr +e94Ig8UaeqIXSR558stJhj5q+Ubgnjj7dopnNKmYpls2gwbxvpMQaT9mAr4zXCgM +7mgktSDLx01gF9wRsn/tr0lNiDPwvUtS7Q63WhxU9lKxt2NjtJI6wwDpFGMSknJ7 +vYW27kkJHvqXPyRGw6pXmV8Ojza2+QKoBhpAgNe1CTBYT/PRy1rL+A== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter16.cert b/test_key/long_chains/ShorterMAXUINT16_inter16.cert new file mode 100644 index 0000000..e3ec07f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter16.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE1IGNlcnQwHhcNMjMwNDA1MDgxNzU5 +WhcNMzMwNDAyMDgxNzU5WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDSTLd9jYyNdgwi6mqbWqsYbXL3DdKKNXZbmwcOZ7cSCV2kgsJaKLAaREUQq3zg +y/WrhUJBgSQylaHdV9O/+U297qYRhcg85vhUPoKioLr4uo8TCxgs648ql8D+9D3s +77y3RqC3tfyrposymkavfsy7Qz2FW8XF/+g8uMKnI0UqkYCyuJg9/96/dqqaUIpW +MR97ZyuQysFbB7zwHzP4rnsIYnl1/nV2YiukUVKo/dv5V39c/yARzn5dmuJujnQ9 +af1f7EK/PtR7iDqf6R+U4FyYpcE6cBcF+7+bNSpuCNOsOFIRx3wsaa5IXvOFbODD +rpXOFeZNQIvatWbwDTcyxgbfC4JVd98lRNQRTkU+tppPcoFE3h4XlrsB8Nwcldbg +J+8ZkG8qitql3l4OH4bQnlS+1tRAlLcsJYgp5rKshDSm1evZMZ970WYl+5KWxpIG +0stnc7fAatiMIX6OCYoIIfwbV8Zr/CQgiNJHJX6AVIOHV82GrMe+Vu7vjJQKG+yO +yxahuIHEUAlEGzjYECI21mvHd3g1MVybw5TEeCDOyUH7YlKN71jj5ux7O3LcaWBF +uTJ1Rn8nFTE+mR2jv7hL1hUZ+q3bQR7mthJOBXI9iOecPhlqBxhcA95pMqkEUYId +M+Jb6BWs6VZLd0/f0avzGnJU5W4SkeGKtwtu6qHnq/xwjwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUbcoAk4uTOvdcKRxTNRDV +qv83X14wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAXVO3fwwLLG3QQq3e1HmSxN7xvrj/35ZSDjN7he+G4qqfqNtxL +MguLm6aDeWccfJNeMwalXb2fUChawTmYJ2dq1vy+IEjCk/ix2d1W4taHDCMOLEEb +e7/b8SVwFPDq1QzTwPiByYAc+90k0MvVBQpkwx9g/JeV95csVLRSGTKQxxEwPKfi +kBALRVxet2XImRiIXWRs45yQR+s/EBb7yeNhhmkP+vo4Nk0/RXURoRdqwiSIyMge +APyDfvD3n3sGaRBAtKI0zaDypCqYjwipEKSc39Je49pw+yU5mS8bO9zAd28tH+T9 +d/C7cOMgAhG7B+F5GHFgOvVfu0/86glKG1XkaYaf3Ubhy3eGJze8ILh6wNdlYe3O +8dDBrOE7SEx77cThlqFCqmf/UmgzJ2kJ+wrSUeEGPEOFdS2F731Nj7LTL3tsCluH +c3WlU91/lGteIfrOUEyqtvp2nMjPtRSYg2f7CpLplfQjnET7FGz2Fv42jwkfnEw8 +auBoPa7e/JYNMTts7gGit7JTp4A0x5L1Oaa83TNXRwp254e9Huw/frO67BrFiF+u +qin6n2ZnyPybC3BkMzv13K3003y/dGxmDo/27J0MRnQDjyPze6KluuG7hmVnTYE/ +v+k8jtmJWsgI24I64r5sjDODBLLvOA9eOMgaO4Q1G3x8G2ZNEsUsDVxKRQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter16.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter16.cert.der new file mode 100644 index 0000000..c96104e Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter16.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter16.key b/test_key/long_chains/ShorterMAXUINT16_inter16.key new file mode 100644 index 0000000..d6faf32 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter16.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDSTLd9jYyNdgwi +6mqbWqsYbXL3DdKKNXZbmwcOZ7cSCV2kgsJaKLAaREUQq3zgy/WrhUJBgSQylaHd +V9O/+U297qYRhcg85vhUPoKioLr4uo8TCxgs648ql8D+9D3s77y3RqC3tfyrposy +mkavfsy7Qz2FW8XF/+g8uMKnI0UqkYCyuJg9/96/dqqaUIpWMR97ZyuQysFbB7zw +HzP4rnsIYnl1/nV2YiukUVKo/dv5V39c/yARzn5dmuJujnQ9af1f7EK/PtR7iDqf +6R+U4FyYpcE6cBcF+7+bNSpuCNOsOFIRx3wsaa5IXvOFbODDrpXOFeZNQIvatWbw +DTcyxgbfC4JVd98lRNQRTkU+tppPcoFE3h4XlrsB8NwcldbgJ+8ZkG8qitql3l4O +H4bQnlS+1tRAlLcsJYgp5rKshDSm1evZMZ970WYl+5KWxpIG0stnc7fAatiMIX6O +CYoIIfwbV8Zr/CQgiNJHJX6AVIOHV82GrMe+Vu7vjJQKG+yOyxahuIHEUAlEGzjY +ECI21mvHd3g1MVybw5TEeCDOyUH7YlKN71jj5ux7O3LcaWBFuTJ1Rn8nFTE+mR2j +v7hL1hUZ+q3bQR7mthJOBXI9iOecPhlqBxhcA95pMqkEUYIdM+Jb6BWs6VZLd0/f +0avzGnJU5W4SkeGKtwtu6qHnq/xwjwIDAQABAoICAQC2lNqeC/3id4Hz8nfaJ27y +h1vP+NU5H0+CGueWbx93bmA5yzj30+mI9IrN/UUvWoURhGHQw1FtBZKBvJXgT49a +fk76WZ9OmO0zHw6GKWwLNNWxH+m+XklvHk/2SpFVG5NJv+0bcspLMQ4bQexqw3j2 +gFtyZAoibJrx1StStwF/AtKs2C19bp+ytVFLJu/kA0Qk/J7LV+1lniNAiqaxmrLA +xdZURjcvL+5Z/Cz7AWQxZ/DxCaOLMi9uD2HVwKJVC6dq15Hfvqn2EoFrgpfjxqM9 ++HL5zIWAsWBaXV9YJxu3ozJFs18wpBQnSyC8T5oY6oOvaD4KBicmHGahtaed0mX1 +PsoOD+WL2dlIXFDOC5MsyCrHb+e9NFinnuRA+ymylGw3b9+l20izAmlOucrvyCCl +I7KZhW4Qw4qhbcapoNLJJddCCO4uz3g53qaACK1Y+ufz762ozLA4GzDUiWl40ZaX +fd9iMBTf8bfV8O1KEXHT/5rb7qz/8kA81ly0A0Sratb9dtIzXpnDKLCNJHdgj210 +o4pTWzFpDUubLIhtlTLotpgB6gMa/C93aUPSo7OX2fukmDCphmnwNGmHWiv2ImJ7 +UfoSNyrk/V3vforBUVahy809a5N/zelaDPj/vKj+mdPvL5H2PU+Vf6VaidbGEU/6 +Kny5Y8yt8a0tEjZ0gXSWcQKCAQEA9jtDv5QqxjV9S/GwtKodWr1F/In6DjkroZm1 +88v2SvnLv7yEVUYACP2DPJGpjJKmZskJZqzepjNMFtHg1z2ffTlG5e7vrFzOPzLj +PO0ByWJlwTTtEz2NRmC1C8AdkfZZkYUWuZkMSUrjkFhLmSzOo3+J2XTEz67CSE8N +t8kyMiZiCBb52GLvrpyw8iDk6mmXlU6yQoxoDQCy4GzJREVDrth4FYeZz+ez7f8W +A/SZoNcbPPd2a4Ww6glDQv/uMjwTznG+5oNl+DfEzT17HJRNF2Ly1BqiCPAyRrhu +VAngKEfI3fxdNh1qSMgGjRImHaNTMEXPjwfrTLAQ96MzA/O7RwKCAQEA2qSG+5bU +5uow1urX3DhxNehgwPHw8h4XC8/7eUEbiKO+O1nb1w8XmrJ2ngEgfJuXEO1pb484 +wyjgvmFbwqY0h3S2Z8gbPkktBDhLU47ZYmZxWwoWXX/TZpsHtJmm/SPGdeQb/fUK +JjekZ1ZcZwYyg4LuiJswRyikH7Tf9NMpDolnmjXqWX//Z8QAwu4U0IzDGg91AWjX +POrEJbDV6kVd1z4HGjXC1WnubcYAt4n4zKasupFjHBZTYI+NdUJT8C2sY6G3IBcg +cIa3buWyFgyKaIJHRSC0wBI/sZEi/NKwb+buJDh28yuMobqV2eDbZejkljQJZqj4 +MlLFKLskeI20eQKCAQEAt1F4JvGQxvCb0CaogFkGcb/okxPGb0BxE2b06AU54KgI +4T7g5vuumwLi6f0oVdf4ux2BOkgJm4MlavfmhVkDnJ9AAX/aQGD3zGV+eKWbZusz +Bpz4xBJXU8Y8A/uMCFd4Z7bGLHedhhOTSKvz3J5XWbJiVttwi454Zo00kVfhXyTk +Z1FzwX4nI8DUm++RflQO3sIwRQtzi/qxMhTL42AN++Z9wMmr4fWHJ/F52ogIuI5t +YP5706E9DYDH6uHP3OaNeG2GyueYyyv6ATN8rNJccsTgNLl/WVg6lhxJR5fyowqO +qXZxjxBnSLhi6DRS3E30aUQQO1SSAg4zE6sVGCQlkQKCAQBpOeew692ZKLrKpImw +9gUeUbFHCunQTMUArV808y3CLDQgslWIgj30+ND3qEkvT158ChbFVyOVYXYQiiC0 +ZHNBgd1Lw1XBO0yMDF/MXiKnJfCGRSuQYjWm2xPxSkXA7NfV4yvJpIX28K6SAVFF +UAk9m+UbH70zcg7TJ6TlWj8XPO/8mtgnrN+J3B4VsqmX2TcIssm4HPIB4mb2UM4T +CsFoFvUqGxeiyHG0qSetLZztOYZF4DTXzrLf9Ra6iWqGXCTsamcM7bRyE5Pyrl9w +FycBtzl/vobfLakz10sEbI33vSd9jSNKUvpC197I1lwhBt4EoBSqMMYKyiUTPkYG +MwTZAoIBAQCXTNCavLKArL9rIVlYGnbCLr+p43AhuY/WYNx0YxPrewwi7dpK95Ol +TfL/uLfW71TgrVLm4LLakSyzmpwIf5ZS0eo6LxydtoGiN8yxpaplsT8aC3vYX7qo +tAK3JJFq29TjyI2ZRQljqTNxf2OuTcAg+kQZ5LRFrv75VIE3l3JrrRO63R1os5X2 +zHWxIfEL6fkwaJD9xIaA6DPr+SUonEfPHkz7IopMveShCBf9AuJVjWyme/Z3FXpI +U83/TUW41/bq7URIf4Nwn8K6O8l6I60Yq020CbAiVUsgsLXKwFwdFkLnrY5UiGwD +egdLkh3PErO6+4UCEfWFozp9fUwvh7Jo +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter16.req b/test_key/long_chains/ShorterMAXUINT16_inter16.req new file mode 100644 index 0000000..f4598b6 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter16.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0ky3 +fY2MjXYMIupqm1qrGG1y9w3SijV2W5sHDme3EgldpILCWiiwGkRFEKt84Mv1q4VC +QYEkMpWh3VfTv/lNve6mEYXIPOb4VD6CoqC6+LqPEwsYLOuPKpfA/vQ97O+8t0ag +t7X8q6aLMppGr37Mu0M9hVvFxf/oPLjCpyNFKpGAsriYPf/ev3aqmlCKVjEfe2cr +kMrBWwe88B8z+K57CGJ5df51dmIrpFFSqP3b+Vd/XP8gEc5+XZribo50PWn9X+xC +vz7Ue4g6n+kflOBcmKXBOnAXBfu/mzUqbgjTrDhSEcd8LGmuSF7zhWzgw66VzhXm +TUCL2rVm8A03MsYG3wuCVXffJUTUEU5FPraaT3KBRN4eF5a7AfDcHJXW4CfvGZBv +Korapd5eDh+G0J5UvtbUQJS3LCWIKeayrIQ0ptXr2TGfe9FmJfuSlsaSBtLLZ3O3 +wGrYjCF+jgmKCCH8G1fGa/wkIIjSRyV+gFSDh1fNhqzHvlbu74yUChvsjssWobiB +xFAJRBs42BAiNtZrx3d4NTFcm8OUxHggzslB+2JSje9Y4+bsezty3GlgRbkydUZ/ +JxUxPpkdo7+4S9YVGfqt20Ee5rYSTgVyPYjnnD4ZagcYXAPeaTKpBFGCHTPiW+gV +rOlWS3dP39Gr8xpyVOVuEpHhircLbuqh56v8cI8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBsQxGv0CN1YbwK5kTxWRYvcDQYLXnli1MBU+evikdBWdG2O5WjZYph +3x+XhhbgI3BL9nvWoQgH5BRQD0d+xdABPwHKZKo9t0AJuKnhyP8fS8004EIO5ZMr +Muy6yPXijHrsEmLjsfFkjx+d2Eahvndw9Os/WK0kZVygo1Xt0VnUE/LPcVL6QhLR +IVVeu/JH4pwF++BR+uJzuVI85S5qJEl+bcDJgSWIZ5hvfAz9qQLCzDkO91Vbv+OU +ciwdOOFirzPMLqDVmMWn8d8ktBiIQ0fxo7oDOxruXnSqCXPMpzLrn6UmNVtX97ZX +UDgnNv0X6z47mMIMp8kGNv9FdTiOuObBBKEYg1jufl6X/4wydG3ccrpNqbDkISK3 +Iw61/O0dj15SVy9NkF5WFsaVnxhnlyi556m6bWGL/S9ga2/ZMgy2QklB7VKNKie2 +79F+6iG2a91aPkaL9bkHHHpibxiKVyiz7fkCq9i18AaVfZLYd1/S1eULMrgTKaEk +YfigB0krz/lB/HO9/rz/oqkXGArBe+/7boImdP5EodYJEUlt0+p1EAdLt87iQkoJ +lLz+ehwDw2lJgQEon2jF3QlWNyePJcJA4UIQDMse0qP8/x09Okzmk7IYfDLj8Tju +9bI2Wssn8VWm0grTHIOGeXrNeB4KgtGxhTR3SGOqezMZ+Qzqa8LVuQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter17.cert b/test_key/long_chains/ShorterMAXUINT16_inter17.cert new file mode 100644 index 0000000..85bfc40 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter17.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE2IGNlcnQwHhcNMjMwNDA1MDgxODAw +WhcNMzMwNDAyMDgxODAwWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDn4HDvQWQL+z/twooyx+lCasH9MjujdtWp7XDX6ZOggYZMQmvh3mb4xOx2Mv06 +PaCBUvdhdIAJZkDxf/Str6J4ffmDzHrAjcBdv90jzry3S7eeKibQ727ZqNvqITV5 +KUhuVNg48fgGYcrCaShti3zEW6WD+smnxepfesw68mYlebJeu9330Cf8P5UVbO4A +Ajj98PXPyvhkeJtEyZltmuIpsrY5p1NRtjtHN/ciyPBamjBmA6+tWe7XlwgJNr3A +rBLZMdpr2phJ1cfP6zb0ABRAwUutwWghO0FcbsXWNADKQ1jDzbCewR5i7EGvpVJl +noQOw04NVE847l/QSk8PnGjBW4/piJtDWi2B0gPaYtfoYCCisotZmMx0VN6AoIKq +SPCDkqi9k7SvCIuVsdwwnN0YAqJRRsmmhr9PRYJ2uiv51noHKpkEi4XN0y/M2Z15 +To72SgQcySZTZmhi2gTu9lUnWKsWnBqPpYXKUDYr7XcnVJfq2Id2mznLWk0j+J6r +r58dNzlBrPnkBE1/VeqVzIeWAMwCnVoz2c4RtsfaUI93hx4ivWrIbkp2B5BoW6NJ +P1W5BjxF/rFsT+dqu9glIzEoqcG6ymU5XvNuBDhPGYC34gfRKTh36BX3+x/ETxcq +CGbqSl2DughglrQXHhgPFkU5xoqq9jhniLKDn9vxG+ZEzwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUmV5XyczcTfuH6XarQ+G+ +49JbKqkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQC1NYDaTQu161dVNv5vArYf06Vbf4RV9O+nMkiFBdUufqJllZHj +cFE+N6cCCrPxmOeLSmKvk/BtVVLhq/02L2bSu2/hMSToBiAYcfVLkQnwExwHCkGD +Cye833Kj+6hAau5Xiea+DXGYaO+6wufVPu2ubSCiXTy9Hsm6btWU/mKbm/doK218 +3K5mU6NtYPBHTU/kODYiORlc0uISODhFnYGEZ8MgcB/IVga3bBLx/GrCH2VWCpli +zPCwlVz1UQGhDNuGkcyiWYvilpJ0RjiBXUiUwjH5L1RDighi3obvxfdRj9mB5tQ3 +vinfGFzEsWVw7jiZMLcDhavVjgF3Kd/leoe34hS3JJ8xhk2yb7cIuXhz57JkTbvf +wxLBHJPHPTZXxBN7ymMpEinDKS8NCZ9C5x/oEPXJJ3xlCAjmELGi6bvxlRrt4CUO +JaJrU+bdiUt1Z9tI5KLpbyyiqp+WhB6QUFPmyNY7zthoBcsucwKu/N9yDiaPWNDf +myQYm70jZn97/wHQV1ea67GuN7wBO+czNLeBIKlmdajZGdyKBIiF1Mg9GTGKkTuH +ZJMQ0hionpO3UCn6FGnRpMlw0pS5J8LY39GzCd2bQ6PJgyNicbMofNxP8o6G2YJS +8B0c56iwt5JE1RQduCI4HZ8pNSiiWVFPqL+kffbxu52OLnjJRrkHDiId5A== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter17.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter17.cert.der new file mode 100644 index 0000000..b0bf86a Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter17.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter17.key b/test_key/long_chains/ShorterMAXUINT16_inter17.key new file mode 100644 index 0000000..e57a6b9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter17.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDn4HDvQWQL+z/t +wooyx+lCasH9MjujdtWp7XDX6ZOggYZMQmvh3mb4xOx2Mv06PaCBUvdhdIAJZkDx +f/Str6J4ffmDzHrAjcBdv90jzry3S7eeKibQ727ZqNvqITV5KUhuVNg48fgGYcrC +aShti3zEW6WD+smnxepfesw68mYlebJeu9330Cf8P5UVbO4AAjj98PXPyvhkeJtE +yZltmuIpsrY5p1NRtjtHN/ciyPBamjBmA6+tWe7XlwgJNr3ArBLZMdpr2phJ1cfP +6zb0ABRAwUutwWghO0FcbsXWNADKQ1jDzbCewR5i7EGvpVJlnoQOw04NVE847l/Q +Sk8PnGjBW4/piJtDWi2B0gPaYtfoYCCisotZmMx0VN6AoIKqSPCDkqi9k7SvCIuV +sdwwnN0YAqJRRsmmhr9PRYJ2uiv51noHKpkEi4XN0y/M2Z15To72SgQcySZTZmhi +2gTu9lUnWKsWnBqPpYXKUDYr7XcnVJfq2Id2mznLWk0j+J6rr58dNzlBrPnkBE1/ +VeqVzIeWAMwCnVoz2c4RtsfaUI93hx4ivWrIbkp2B5BoW6NJP1W5BjxF/rFsT+dq +u9glIzEoqcG6ymU5XvNuBDhPGYC34gfRKTh36BX3+x/ETxcqCGbqSl2DughglrQX +HhgPFkU5xoqq9jhniLKDn9vxG+ZEzwIDAQABAoICAGvv20JUUykMpN6df01SJ6/m +GDUvq/lUuPMn9y5aqYC+qnBXPvbeW1qT+GqxI5V32H46y7MO0wcNFVAVuyUaq+ug +4IRMrBt0IMbDKEKh2tEMKwYyIu2Bdz1U0EH1gXnMEM5jKl+fq0/1N7g10T7k/og9 +DRgZpsM1avtVIzqRWaE6PCDDHPldaS+PvWtC0KsqXbM/9nzqw6OpTMXBfm05+utk +KFVAIZXY2VE2qREFLnVObxcdwipUwcyTnocDd2L39rIp9b3c/KTqIeAUYvlEDCl0 +kTDp5foKJkvLuMYUYQXGQcyrs/rCdM2hopYLxAZPurNQkMW9qD8dH3bLEHB4432z +uBXyYH17jk2T66bxiUANpfXF1V+yDE3oAICHIYVOCC6CBm1nNe9CdSc8SuDgjJTy +Pg65uB7B5IgSLJDnhfzdIZOtmCQ6qqIuLoApGwNx5upU1mvgdIqeUBYyB1UcfCd5 +0hZlTS+z5Y1lO4TSm5ZBAEicjJAe0sQtFcNvbchR9SE2N3E27bxm76/7NEtA7GJD +53FuPq9e1oysa4nzPdE+rSdOvubXhHWz+qRxH1YbKZ7nsK9ALhm9/Fxg5T3xn1SY +yqJFWeuZr5wHlkugaysKuWa7R3UpUiHd3MEn4nD7mvQ2TOBrsxREme3BMpB43+0R +BwPEThz1Engr9WNNU4qhAoIBAQD0dNBx3LuJfw+STCLgBdevpSANtShJ4wc4GEsb +JlgVsdWzuzs2oxIaZQQk7xuxgF7b7yCoQkdohv0nve6SETR5LPxv6cglvoK1PK3W +fruTlK5C7Rh8xUrmcf3zs4Ot73v5brPDqYPuwCVAhDefkYExSTDkCGOD4y1+q4E0 +FNR0YI2Wlb0YftDaLqnHYAzW9JWFjuDja9+b5aSj2hNoISDB9aqzidGrv1/3RorY +Zvi+PZ6D1SBV7rcDcU0rNYTXw2xptKxIwC6X0Q32jB1u1LOTymCiYKk3zyUtFY0+ +BJW3xwr6I20vmvqd0rhAVD3Dl1cKKLQANqi/nWbDWl5/tJ3fAoIBAQDy044DKcZ5 +Zy81Cq0wGGorQjWi/UR4jxViibOoKxFP9N8LGewEClVn9Vz/w1dEfBHeJZmh7+JH +ABbqpk4R4FiRRBKu1lM5XyoUxaUHK/Yn2J77j+HYBM0qJz7K9zWHPS5BNNCtxA36 +nYXBHiD/FsHd8FESJonYPC7wq1++Oee/hB3tjMX0h81Q+PBVxS3xbGhf1aUOX7Oh +19k5XDTL88BoJKahDv6tkgQGzaAWtcEsSIwWATdB4tK8Qr1UM+bEioZZt/3IQfjm +Gwj27/IAraY4iStOy2JdRhEPwc33SfB2OBIfM/KjEavCO697hdLsDDLMuonz1Zyw +btl9nDSG31cRAoIBABgm7m1BfLnh9tzibtOpYBz3eIpCKr/aEV2GcO02xZ8nGdEP +H5OPWvuGnXk0soy//R9HqfdVzQ5Tv/FMP6To1EFgo3Q/Kcoo32semqJFlSzIlMsB +99hj+bl467lHNCxcK+iB+nrLZcCR9VxBc+ltC9GdxJnTBloCeP053qMRp8fzvilx +k+Q2q1XTJG0RXVNjiN5QNoHhp48UikayBhbUpxLivcHNTQzl9IpOyusEiXDqT54A +0ZgL5MMPT6uENyLGKRDsi9UIP9I6EmIYh9Pqae+hIBkK6c0cxzSEG5dUBqLIpJoA +JAp/CmHLbu7UI+IOMshLKzWWMOf1mjCU3h9J7gsCggEBALN3wiz6UjNmHNDSDEBQ +ux8vtx64m0OTVNXYOk0fT5NNww+cYAB4drj38n0hrbzzCe2q0oqKFi4tlcJlmavC +qRLsQfawdyAfAqYJkbfkOPEoPBBnPh7/JXdzPAicfxZuFGKjG1xiW4aPp8ycbPy7 +oBtdQz3r99M2X+cGciPQ/kRg7BGnCqN5PzkKU+7AZf1aByZVa8Fc4BHMy0KGsIrQ +o7MU64Z746T7FzjD/v7p5FTLZaXZzjJG50O2++Fg3r0CONvUjZ/VipTfBFgl7TGt +Jf4A+14oGZIgd/myXnzXS/7D4DjplvoI1G4g2Mitlr9ZIK6Ja+4oQb9wnhQlP/ky +1lECggEBAL0Bp8PGIP3YJYKC5auV7gOpAGWEq9BJ43LiBCwGlc3ayzmk4g56pICe +sWXoQiTR8oKpMxJB3DiJ4iv9mYmG5mjKx0WQfpbTuvnEvPDx6PzhxT1Fdrt7jKh4 +jAZcnpeHumx1AbDHEkP84/pI8PsHqZsl6J2fWM3TAGzcfISmUw10wqiM/U+Mw8Hq +oDHrFB6XxSxqoNdUdlJRDZYCSax7U/aVu5b15ntq42uPdI6xqOdbds66MLorYspd +aP1vWaNK9A4jBt9+sfq+yoJM32Xfjg0t56LKww9nN83wOoY/JCSCZQbQ8CWK9yiK +fF5NHa7Tv6XKPvl9/Tr/v3L0hVi0jG4= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter17.req b/test_key/long_chains/ShorterMAXUINT16_inter17.req new file mode 100644 index 0000000..72b9173 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter17.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5+Bw +70FkC/s/7cKKMsfpQmrB/TI7o3bVqe1w1+mToIGGTEJr4d5m+MTsdjL9Oj2ggVL3 +YXSACWZA8X/0ra+ieH35g8x6wI3AXb/dI868t0u3niom0O9u2ajb6iE1eSlIblTY +OPH4BmHKwmkobYt8xFulg/rJp8XqX3rMOvJmJXmyXrvd99An/D+VFWzuAAI4/fD1 +z8r4ZHibRMmZbZriKbK2OadTUbY7Rzf3IsjwWpowZgOvrVnu15cICTa9wKwS2THa +a9qYSdXHz+s29AAUQMFLrcFoITtBXG7F1jQAykNYw82wnsEeYuxBr6VSZZ6EDsNO +DVRPOO5f0EpPD5xowVuP6YibQ1otgdID2mLX6GAgorKLWZjMdFTegKCCqkjwg5Ko +vZO0rwiLlbHcMJzdGAKiUUbJpoa/T0WCdror+dZ6ByqZBIuFzdMvzNmdeU6O9koE +HMkmU2ZoYtoE7vZVJ1irFpwaj6WFylA2K+13J1SX6tiHdps5y1pNI/ieq6+fHTc5 +Qaz55ARNf1XqlcyHlgDMAp1aM9nOEbbH2lCPd4ceIr1qyG5KdgeQaFujST9VuQY8 +Rf6xbE/narvYJSMxKKnBusplOV7zbgQ4TxmAt+IH0Sk4d+gV9/sfxE8XKghm6kpd +g7oIYJa0Fx4YDxZFOcaKqvY4Z4iyg5/b8RvmRM8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQARKEONB6Fj9FUISJJbep3R3TusP60BQKrYjXroCb20EyjIt0dLKHId +2MJWUhN01KuSDBMfZ+arOzjLlyc04N6JNyLDC5+Gb01niQKA3F6iMvNjufdLJ71Y +9wF0rl+Na/jJ3ZlrWJxSrgRbemOctoH12anb89zg03g1pk7bb77+vgD/ciRHqP2Z +cSeOE8aOCJrYTpFAfRhetDFrtMJeoV6qaoDfFFyQgLogjCTyKwYEvhJqigWcLK4m +FFSehGCpvpQ0UtAjZNX94N11MPKXWSX2Y9uz7l7f5UHOr5yErP04LlwfSkw43A5I +sVsH3csE39YfqsSe0I0GgLv2ChO85kMXE155BB6I4tgXDRd1opwHhFCLi0xPfYC4 +yTN1a+VU0kiaAWZzTBaZLcofPMen5A7eBOl0Bo2qqeeRJ2ACKDJoz9p7MBlHAlPA +1xlI3NKi1mD/riMK6Jbn6BP3znSXUMvCeYpLKKcTNTVLyIe6FOKwyjVFcoE7AwAh +dA3GwbXwhmz9our2Oe2diM5W2I2cwXEin4M2gtj1rs6dlaswlSvpymsBerjbu9Be +U8irRcxI3gkcoN2qF8Rx0uEWgJOfUEAB77Jkae0n/qfAEO922mlzgmUvgrIIW0Bb +MLL9tjiGOKdZw8Grm6LhdPOM8vMievZu53Ccn+Fl68F7y1vNV9M7PQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter18.cert b/test_key/long_chains/ShorterMAXUINT16_inter18.cert new file mode 100644 index 0000000..bf1a2dc --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter18.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE3IGNlcnQwHhcNMjMwNDA1MDgxODAw +WhcNMzMwNDAyMDgxODAwWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDZCIX/a9TuPY1JYEe5lZrieGskGlWppYNpdsr5kurlqmUoXp3T9M0lZX8Vj3Lm +DmhyuDnGtPKVlYMmObJ8p5z3CJ+hraBucUYMjDrM3BoUVKCELDeld2e9smQOSYh1 +6O2ySV1qTBL9WVtWRmQ0nQJp6t/CCrcD9EoBwsEhic6BKB8+rmEsrUnHAf+sLUHc +jbGDKhYP09Egsm7FBg8N6yUV2PeF+0+INND1sUSIOTZI2j0VJ/9iTARjao/xcd3a +6IdG1/b8OXS2bd4QjthGLiF+eGssOq571/RC8TVFDSqc2Wcv9RMyoO+aKlbuJjrA +m9FznjasoDPORbi4kF2T9Sd+6jWedT0ZFn/gv2D86IFkhtVO9gVGliodb3l/B1Bm +GVcTuXymk9neoYC1PboYHPrkU334eToj9iAoE1Z4x9S1jF2onPOTivy1lso53JJK +2auNT+Siv0Cxu9uqh4sTsD0XX432q1isM+Z4rvQK0MuGLE7rM+tmwL4iuUcCj1+p +PAI5nJNk6uyzskwlsaMd4AXm40UKB3hnZk+lyuFoAWeo5lF8xqcooucIzkVqJ3nZ +lmKnTqDY8Hk7+r/FqemJ+Cz+JNFqXpsSb/0RNH8eTNg9FMQVT0c+rprTEEk6nqeq +voZ1vofen08+XVUVSu27bAmxp9Nq1a9KwZxcoc50O9+BKQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU9CcF0tEs8Asv7vql/JAp +KEAdAS0wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAShXwTZVf6s7VCHSt+8o/Mm9nxMP0btwZpsUy5AfR9FN4Wv7go +aX4hdz4zWe3iSSghM0ksEPGT3qTrWvnYXr9r4lNiJsHK1wo+KGv97JhcoMOrW/An +LRWwAYvamggJz/gRqe8RGwqKBoS1uiHs47E2U9RqGDkC0Z3aHXmvLliFAsjrsAFK +OEsJI49G60nUFdzy5M+yCbeCth3oEArB+GM2nlBX0lXYyn0GGH1xyW96PqTE3sIk +92X0z7JyHzUgvKJ612RC5BTioH3T95p/0LNEY9d48yi0h1Z5I6FqLXngThDsvWsO +238wfOV3Xh9tzkegVBQWqY0rdk9mTvOQGIx2GTyn3Tr6w+z1N4W0tnCSz0KnJztq +AYw0siGrSfqHqfL3o6GNrwjRXg11dNvN6KNTbLBr5XS3GQm2bwqxglD3Bve9MUkV +Fj4Lp/WDPq2nDCBq0KxE/A21jRvxk8lQVFVmDAUKaFnehA/janqC0Gw4/4fvKrIh +Z3/KjJCYYucaFN6LLBI60FVRQor3MYo8lQLDaWDQ5c0S8yAKO2i+fihCRqCmOuAv +AtcuhhjXuDYytQuKlvw05MhfiGEZ/l/C2liSGAvkjTnt+A//dX2gXCHjHeZpqCa4 +rT1OFJSYiuEDIsAr6vLo5fay4ChTfrieIYQvjRTcR9wKA4OqFo0iDaAeyQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter18.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter18.cert.der new file mode 100644 index 0000000..c3a8789 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter18.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter18.key b/test_key/long_chains/ShorterMAXUINT16_inter18.key new file mode 100644 index 0000000..386b6aa --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter18.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZCIX/a9TuPY1J +YEe5lZrieGskGlWppYNpdsr5kurlqmUoXp3T9M0lZX8Vj3LmDmhyuDnGtPKVlYMm +ObJ8p5z3CJ+hraBucUYMjDrM3BoUVKCELDeld2e9smQOSYh16O2ySV1qTBL9WVtW +RmQ0nQJp6t/CCrcD9EoBwsEhic6BKB8+rmEsrUnHAf+sLUHcjbGDKhYP09Egsm7F +Bg8N6yUV2PeF+0+INND1sUSIOTZI2j0VJ/9iTARjao/xcd3a6IdG1/b8OXS2bd4Q +jthGLiF+eGssOq571/RC8TVFDSqc2Wcv9RMyoO+aKlbuJjrAm9FznjasoDPORbi4 +kF2T9Sd+6jWedT0ZFn/gv2D86IFkhtVO9gVGliodb3l/B1BmGVcTuXymk9neoYC1 +PboYHPrkU334eToj9iAoE1Z4x9S1jF2onPOTivy1lso53JJK2auNT+Siv0Cxu9uq +h4sTsD0XX432q1isM+Z4rvQK0MuGLE7rM+tmwL4iuUcCj1+pPAI5nJNk6uyzskwl +saMd4AXm40UKB3hnZk+lyuFoAWeo5lF8xqcooucIzkVqJ3nZlmKnTqDY8Hk7+r/F +qemJ+Cz+JNFqXpsSb/0RNH8eTNg9FMQVT0c+rprTEEk6nqeqvoZ1vofen08+XVUV +Su27bAmxp9Nq1a9KwZxcoc50O9+BKQIDAQABAoICAH5SULPfDntwRgj8SiMBqbnB +PxMvZMauOHOtGezzj1cHu4MotxJEPRdUIQjqioTOxAppoe8/KKbZ9BDOqk2VvW2n +jkorZeKCebQZ9quAPImyzA7CMc1UV4R5DXWnZQ7D+X245+9TwgXF+byYkgBxlpMR +ixVE6Usa5+xob8LWk+Rm9vCjzJmVbwiu6CJN4TS/IB/o4hhqQCGY2ZJBuYdvYxF5 +THCmWp87ppgqimoDas4ygDUNJ78N4cv/nTJ6BRhCGWKplu8tffokrojSq50Fgqc6 +7Z47tY0Nn/VKsae0RyYt/7pRGdBxDaScmiZZB/9NcjaqUsZdJGod+KssE9tnaImK +qp7baifRFmjzQ3QT+biTJVU/8/w9tjhkQezv1G3PpZsVLmw17P9DMxE/QpuzI7q/ +Kud6YdEZIIejlYV+rTf/frL4XxZhLnSAqxboww4wPc7I6oN1+Yno06+Om+eJXG/H +Ss3HMnmWrLK1HoaFU8qmL99Y1gQZjdG5QsNJ2+A7jytoSqY5p2sKw4jtoKPKOZ4T +DQ2WKmKB91vJRtukUT26vAGJ1Il+YnXOJbkPW4yNQHXUKulR7/cI3leFUJLSlyR+ +1wZyv6LUZoFITXw/Eto2iu4Z6M2xiL2IBg04R54zg9dEECZnmBrenBun0daaxjUf +ttFiWB/husgOJeJfhGqRAoIBAQD1SfO3eCKMqw8Ily/kp8sW2IWbll0XUhedJ8RG +iWmOUFzx5QN7y220HfB2fK3HRWamc9Exp+Z+UMytQRQ+DHYe64wQ0dGoy2ZbCcXu +y22L+bhIoFoJ0Twz3HDh3OcNAaRxdmTTZ9aaW3dh3imcrtST5rVJBrJu7LNk5hMc +9hcH1vtpjqDSBNEaaBzlhYTfP9jR5wDQ4gvKLlXWVRek6O/KRg8XZycJksh58oE5 +HKClFkKFirjpdI/b02UWEOMYiJOJpkfWUj+h6svnOMjv4JJXx/5y8fr1d0+Fz4Sw +YMfqPmR/YGdpD1WE3lcdr0bzBXNbYNiNWdjjYOZbCxWcMxAtAoIBAQDigrTa2V0X +VFbOgoFPN+97qmWTTzNBBFDxo3G1qTl+dcKGlzR2smN6BjKXjQSAD4eTYNTWPJaP +XLlZOwB/zfYRpsqknTLg+OdZceu7Zwxry2iR6zd6S8a4pkB1BVUJl5YnBQGGcBZn +Bo5rYN+ZvrJEQFzIxWIrl2oWbIrGNS6/QawQ2DoPAJ45ilWGmMsAq5V2ZbrAMB1J +ebiXsaEAl5g3zCBTRaXxs/PDeMX1VUG+CbXYpRI0CsC+2zGifwybq84PXQEO6UdI +7oI4lC/RF1y3rNhvEW/QUQCLwpRhC/pzrgMxqyMOBONKYx4RPBOLg5U+QPDxg4rx +NsJGX9M6jNZtAoIBAGpoEE/Qz7wSIM1rOJ2KpLFecGdUTUHmnNPSAnVO+vl/pzJQ +VLiJQSfXrQ7Ze1Fsq+EdcOyHl5fIWWH3T16zbTJwoCxTuQ3uXpKzpKe4m+cTB3yK +A0Uq/WDKCjYQ7DJaOgn2gDqtWw1PDHTqOUb9GL6oYJAzVYiFKjVlEXmIz+jYu+vI +sb8p08QO0ipHR6LJQbec7F+xD8g/XYFDHKSvYAZxae6PEwI2KL2uE5zA7HdxNp5T +1W+A3z9PbxSpcrqb1NTry1IQEAafoqDFo3VcCGAIJDuc+W8uuNKleTxCX7cgJdyT +54hN3J1tDoGUHcUi4i4LzyVSiqHo0UVBg7hk9mkCggEANtmr7esA7etQcgWMRqCm +721d14QwRyhCaaFIodLuxz7A8lKfM7cS+7OQgL53PoOEMx4ZrB9T3jd38rGk903q +rm+TVrVyYqQjcbdyfBkCGwBQvDUXZBgBcSlhJnU6GG6Kv7womGOAKUafKkV1IAfb +p0dmsH+LvD6YRAHYwRKT1WCTyCh0NrnRluF2wHczgWALe3Y6+Nst3GMLXkB3Wmtb +Qve9RCzzeEo5VzZhyXzxxJEZZfLjK5MHBbCSnmThqri512KQJQo8Zt7KzeSkh59+ +pkPGzW6NgwZ6eV2PDMkXxvd2coqcnIJ2f8bsuwOvP/OHKmITdoiCFtNJzDzcK6t7 +KQKCAQEAt1QAUfvlhRbTu3vTct3lNKirY7c5xah10U4ay2uztxHQOStZq4ybbPsH +9DlNUwoHpEClBhS9HHiPPspTmq9EKv7Cie8AUxNasDv7PUBFzUwrOMtVqrrg37VN +GBwSW5AvAeVe0O+k+sTClrp3ysvW8g8LcLq3KjRiQqMMkOYoEdi+PLDsVa0/C/Sn +HfOJSesT4g8HHrQ6Fw0anxB19uOYDqvO3WRJBLxgBo0B0aYhvswEdCFkRjf7vVw2 +xaRJJ98M42g2uzPqqnBErMWiyuoSFljtHCHHRlyKqwtEAjmxZ2T7vLEwqjDx0A4q +YfbP00hkkVH6D9XmtoxxOWs8ZKpP1g== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter18.req b/test_key/long_chains/ShorterMAXUINT16_inter18.req new file mode 100644 index 0000000..d977398 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter18.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2QiF +/2vU7j2NSWBHuZWa4nhrJBpVqaWDaXbK+ZLq5aplKF6d0/TNJWV/FY9y5g5ocrg5 +xrTylZWDJjmyfKec9wifoa2gbnFGDIw6zNwaFFSghCw3pXdnvbJkDkmIdejtskld +akwS/VlbVkZkNJ0Caerfwgq3A/RKAcLBIYnOgSgfPq5hLK1JxwH/rC1B3I2xgyoW +D9PRILJuxQYPDeslFdj3hftPiDTQ9bFEiDk2SNo9FSf/YkwEY2qP8XHd2uiHRtf2 +/Dl0tm3eEI7YRi4hfnhrLDque9f0QvE1RQ0qnNlnL/UTMqDvmipW7iY6wJvRc542 +rKAzzkW4uJBdk/Unfuo1nnU9GRZ/4L9g/OiBZIbVTvYFRpYqHW95fwdQZhlXE7l8 +ppPZ3qGAtT26GBz65FN9+Hk6I/YgKBNWeMfUtYxdqJzzk4r8tZbKOdySStmrjU/k +or9AsbvbqoeLE7A9F1+N9qtYrDPmeK70CtDLhixO6zPrZsC+IrlHAo9fqTwCOZyT +ZOrss7JMJbGjHeAF5uNFCgd4Z2ZPpcrhaAFnqOZRfManKKLnCM5Faid52ZZip06g +2PB5O/q/xanpifgs/iTRal6bEm/9ETR/HkzYPRTEFU9HPq6a0xBJOp6nqr6Gdb6H +3p9PPl1VFUrtu2wJsafTatWvSsGcXKHOdDvfgSkCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCcs6au50fInszNACbxEKDWoKaUclFUCLG296zaVW20zggl/QHL7wmi +aEgviTKME9szqrkvlA0JkENuat0tQDxJ32e7ckRTDIPndVE/Rrp95zpHpo7oI801 +bmyp5DnpvKuHaLKqy4M6T5J5boFsVZ/qXu2X1SNN5LKHgkP1QKqrXFxK1egLoh9p +hFllFaBY2MW4k05ukoCol3Ft3kB5uHsa4t12rB/6Gdn1PbDA7p8MVxlR7lOa6Zjg +kqrDu8vu+7sRO1robmZO8Q8oTOsBmGqJMzju13tyqeRBUWOisJ9hlqxVcQ5nihjY +Zst5OlHPDXejkOiFponVqDO1f8kVasv927L8Dz3fSNTdDCzWP5tWnejnYk6RG6bv +FxHuUvOitoFX7BwIgN8fQgi44NHQBNlkFVpbSjCX+cJlP9b8qMCOZgW98D6ZhYVL +f8WAtBunEC3gi4uq4pzN7zQqjtygsqhsDgg4F7QLwVTKL9Cvxe90ihQZmqBdIcgI +FYBM8AzGvc3mRFmrL8uerkKJhcWq02sl7PmMMi9HJoxn5xBh9V8SL7GRAnarC2eW +zzOaExuda6X5rGzEkLtCYDVLIjBqxuCZMdGIW/CTslpkxPIvEMuq5ssEt0/jOvNm +upaWlUKBzCtb7mjAAdVRtl1QOhyFbJidcxPotQLL/6ruOw2theRN2g== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter19.cert b/test_key/long_chains/ShorterMAXUINT16_inter19.cert new file mode 100644 index 0000000..72ff063 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter19.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE4IGNlcnQwHhcNMjMwNDA1MDgxODAx +WhcNMzMwNDAyMDgxODAxWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTE5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCaFy84tVBOXmFnrFD4OkFX1d5uWKQH6i0eby51tsjz2s6hgNkykS0yrXzc1JD2 +R3orU8WwYky+XRfhEAWRl2nrp36Q3KzdB+T6HaXPIHzUkPi8pKQpPRRAqBNgn9Xn +b0diyABta2RdWmwQRm3/azIA6gOQEGXbo9f2Z0rDELw7P/RjpjYZP5qtGR/IUPbo +vB7I8TtufcWlxPDsaEGYw3m3sAZooP2jRD6c81OxKDHI81bgxXXLJYG5VCproYsC +iNmz4o022rVmq4m1rbbC2ILzoQYBl+LgTBzkFWKfFs91LGmCNMi/A5j9e+4r3Iux +Bj4VfKLr4BJ6Qa5k9nTttw1StQJ3ZOYLdajouCgT2CwbvsI8bIhEuOHQSoqLhEwM ++2Li9EstTMtQpWnofHh7eRmOBMqSne6UCr/c+ugHr1RiOyg4wK0jkdpxF/KRKbbC +4jh4WLAO3VBsTkpZufrYBjyg6D1XfkaTpVViyDz7oD0sgdAoWgoFH9GWjEXCv8ZD ++hsI4LKXi8h0sy9S5LR9RJLcuxPCOKf+e3S/Fio+tMQY2LhI1aumodg34rStosw9 +7DKxj8fdWKp2oI6KSLVQ8va38kiaAnq4Y/n7xKQz3GCghV2pz9U9WY59bPT+6QRu +UHqAx9epGH2zFwW/bVSWPKZpOV8Wi5vPyzf+N2Q0hNr7PwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU3biSBmi/HGve6H+XAkZb +dHFqiq0wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCIxd+Rkx55DD53iTTbepZAvOq+boyR8zmrYqPMA0cXup8TC2QF +SR1pxVMn83ws4FMQDsTBjUYNT+BqOf2YrcXUgDLwmVjxIAqgt+Tt+OFejGceem7H +zMMFHB+T5LPShjYCO2xUReaaJCZETWbapTmZf/LmtU0fRcoSxPMgSpAUhVQB/4QN +10lJYx3ikEfqFsQMbQJY+TaVth01Kg4IECMSnTsdRI0panw/dQFYhkc7P8gfIsPt +j3ywddVM7/NZoh/u1g0Qui68gXgnBJCGKlbujkRcZCMK2HI3s+inVJ5XQUxO/drJ +/CelGmYSU/q5u5wnXvkRrpOG5+BA9S0kVrN/1W2dVkZrfGWYgwt/aBJRKpHgEy3K +M90R6PjeWKravcm+pqQiCJIwKbyolunJWiPW+6bOJP8pgix8MCP+Ue2QL2kHz9/I +KZYM1LWP9ydelV7clpLIaSSWNp64cv+CmU84q6oKXKAcbypvRleZuQhosECrBpli +sB7KkDR4pzcylpObuMgqvIyyqTjPCFzTmI9zwJLsWM3s6PzsKXdTAvL3Wu47KU0N +wbixvIShC7m1tV0NLH6AuTXNc7n9Hu8ZPFYWMgXgfM0096C76OOkkFNGVnqUroIk +9u6mf6Yw3o1Y1Hpvio0ZJuwCoucxKphvpRoy3Nipqfxzo/Md0+v7gvujYQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter19.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter19.cert.der new file mode 100644 index 0000000..f792bc7 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter19.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter19.key b/test_key/long_chains/ShorterMAXUINT16_inter19.key new file mode 100644 index 0000000..d0ff9aa --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter19.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCaFy84tVBOXmFn +rFD4OkFX1d5uWKQH6i0eby51tsjz2s6hgNkykS0yrXzc1JD2R3orU8WwYky+XRfh +EAWRl2nrp36Q3KzdB+T6HaXPIHzUkPi8pKQpPRRAqBNgn9Xnb0diyABta2RdWmwQ +Rm3/azIA6gOQEGXbo9f2Z0rDELw7P/RjpjYZP5qtGR/IUPbovB7I8TtufcWlxPDs +aEGYw3m3sAZooP2jRD6c81OxKDHI81bgxXXLJYG5VCproYsCiNmz4o022rVmq4m1 +rbbC2ILzoQYBl+LgTBzkFWKfFs91LGmCNMi/A5j9e+4r3IuxBj4VfKLr4BJ6Qa5k +9nTttw1StQJ3ZOYLdajouCgT2CwbvsI8bIhEuOHQSoqLhEwM+2Li9EstTMtQpWno +fHh7eRmOBMqSne6UCr/c+ugHr1RiOyg4wK0jkdpxF/KRKbbC4jh4WLAO3VBsTkpZ +ufrYBjyg6D1XfkaTpVViyDz7oD0sgdAoWgoFH9GWjEXCv8ZD+hsI4LKXi8h0sy9S +5LR9RJLcuxPCOKf+e3S/Fio+tMQY2LhI1aumodg34rStosw97DKxj8fdWKp2oI6K +SLVQ8va38kiaAnq4Y/n7xKQz3GCghV2pz9U9WY59bPT+6QRuUHqAx9epGH2zFwW/ +bVSWPKZpOV8Wi5vPyzf+N2Q0hNr7PwIDAQABAoICADbTRPPyXy5jGlke0HhhkdpE +uC2e0E4YnhEUEf3EGV/aXGbOR3lcei5r199iqmlWKTu9RLtrXk7lJJfpcXHJ49/6 +6md0fPTv2CK95b76mi+vnTDRi684kjonEy3v8NW1nDqjWrOT4FPu1kA8LusQIux8 +VuQtUXCCrVZ4jfs1uyOBr9y8yMbXAJvSMqK9W/yW4oUwf6riiS5gEjCrL5vBAU/A +C6eykExE/douIXsJCB2tpx22ZCDxqWRdc/JzudgfBQah9wirbJupMQg5VKujCYTR +qCds+UZBDo6ApWRhY1MXiDrRuRNtnkOikq18fR9xTymp/PXb9fcV44z8u8HQvaZA +beZ45sxBvxVN7g1vco6TACRl6g906lwyMgK8EFIJgFq0Ohboo/g9/iKKMWwwMAcZ +RjnWpsKk4kRDCdJKsjdjX6W0CeS0hUYCw7OC+Qmpm+g3w6LSbTY111yg4pL1w31+ +8nmBiskcaUiBI9FljV1NmZHONTA9AjXC9R9aAVg5PdnPkBLn17EMSlXDVoPGTUQw +AD3KU3b6vaJ1T/7i7hLr75Fqn7uSI5hVLSWjI7RwKIU5Uz/Kozi1RTIISf/Grimp +mGu+F1aJ6tAk0zK3FXsSyCbFePJ+pozRLmV5k1aomlG1M/3d1cnnp6MAwFr2vMoC +xict2i/5COHFb7x0Q26RAoIBAQDLOqlmQaNSypALTo8jocb4WL7aStWpuYFY1cCP +UIv1e2yXcZKSls+luTr0QQoYXHElt4jYFg15g3KisurkzY2zFmPhhsWT67dTyfFO +F+Yf+bxBOO1dVc7Ay9gunq8a32/o30yAX1OuXtWtsLQLP8AYg2s/OEbNUHy+oHDc +BKnLQwARoO62wi6V6ewEOj1eZ308BTT90rO8b1AHIxnIjSjSR6bk8lCGFezT7CP9 +/I7wmprU5TUrRCjeGbAcXeXAx6HxVYTSuB7PEUyhNTPrGus4uwr8yGr8ORW5Fzr/ +swguaGz3f88lbIQtDxkY6YJ06UpVQRKGFnvHNY+N/RXp6oqrAoIBAQDCGhzVok7h +HRxY751H6vFmtt/lNiaiJDvsTW39LtErSwlRAZ68zvEXVYFfVR/8i5XBABOqev7P +MICB0MwGyznpri1zaO74qbriufTpu6nPjk9Rob5XEnncTbY3mgmESqVHTLxRlE9d +lk1mpfxXXpM4ogFfVktwiXVDuOyh2tQkzv+X3qAo8E6Lz5QXK4rfz/WgVuGa/gfG +Mcvcm+cUsXubhkohi1sM2+8i1ghP7n6GSaoFbNgGBOLul3buk0YJbo+KOb+ippjz +/bfyf36npbnGmDIS+IiXr0KZBWm2D4vmd8IYFLdYwU41i6UHr0H9AoT5rXDznFHD +OeM1H1emd9G9AoIBAAXd964ADxsAxg/NgMxiiz/4L+pVZr2zoUxTP2/jv2ai3Yux +t62LtQrvwgfzKLtzT8Dq/4Rdfp4XcWPJDob0eDbHWrLUFTgkAfLlTZYXkokxyIGJ +hzC+nW1rdR5DboK0GKL8b1T1a5EJI9oT097PRFhw0tPMaB7dR/yo3Rk8+TnpAUOB +BeM4z+d8DVhB5iuniTIGZHU/c/jorcLG/KORj7AiaWsKo9B7KY8krhVTCT1g+T9U +LqjFGvjufOsUuuFJ4h75fRAoSJtpwHCW/Jy49jl5DOQnVQ9bBomFZiqjnITadure +Qbiu3VH/sZXKh/2gDolPi51bYM9reG189Pj/0GkCggEAKMtwL/5S8cE6if6iYdEh +N2NMH1KIQB+5cGq9qS7Dy4OTy7C5ehlMVokkDbNIa72ylcO8XmJHV6hr+dy2ZN8l +ptVyvATb5OtXWfuXW+CTSgow5YlHBeneLs0udPUs9t7xadDY65RuMc87KU3NgVdh +Pc/e1fi/FkHtoXQmV8Y0PCA9W9/wbWpEN+JCz7PZFj0Q9MgN1pN5ctBYdl9V6+V5 +gzBwOCif1E4NLpcpXBNWCEdHMqizpmA0iczPtEjDuYvBI14LxtWY4/75QEBHkFim +ePTX4WDW5HpzVtHqa9dMof2dj44bEs5d76cP4lOVXOXAqPEpAipijNOHy0xxEY2x +SQKCAQAt6YKQ/qmFM1hbRJYwquRfAsAPpZk6HwZ4x4EZ7V0T3Oky1AjrgUwLieWA +1L+xVm+vHSMzbqgsdJuIu88bOTLdJjS23oEQjbNYH05KvLOWT/sX9WH2HNl/mYyA +yEgf7hLUwdvF06d18T/Vbksnpk5NDsoKTVMaHQdHAvX+QXyLYYEL+X8Hc1VICf6P +EBE2BzvnpS3GM72mDAJSGjKO80cF/FNErQ8omZYPyep30zU5jl+hYvy7DvVJUN5A +nb1KgQHYshahQQiI4yB5alO6VmRc2pnbAHsM//fO10MRHC4Bz7sIdtp77qVuBCaA +q3eTcloL+17pPhe8xyL2emAOMFMR +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter19.req b/test_key/long_chains/ShorterMAXUINT16_inter19.req new file mode 100644 index 0000000..f5b6e14 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter19.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUxOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmhcv +OLVQTl5hZ6xQ+DpBV9XeblikB+otHm8udbbI89rOoYDZMpEtMq183NSQ9kd6K1PF +sGJMvl0X4RAFkZdp66d+kNys3Qfk+h2lzyB81JD4vKSkKT0UQKgTYJ/V529HYsgA +bWtkXVpsEEZt/2syAOoDkBBl26PX9mdKwxC8Oz/0Y6Y2GT+arRkfyFD26LweyPE7 +bn3FpcTw7GhBmMN5t7AGaKD9o0Q+nPNTsSgxyPNW4MV1yyWBuVQqa6GLAojZs+KN +Ntq1ZquJta22wtiC86EGAZfi4Ewc5BVinxbPdSxpgjTIvwOY/XvuK9yLsQY+FXyi +6+ASekGuZPZ07bcNUrUCd2TmC3Wo6LgoE9gsG77CPGyIRLjh0EqKi4RMDPti4vRL +LUzLUKVp6Hx4e3kZjgTKkp3ulAq/3ProB69UYjsoOMCtI5HacRfykSm2wuI4eFiw +Dt1QbE5KWbn62AY8oOg9V35Gk6VVYsg8+6A9LIHQKFoKBR/RloxFwr/GQ/obCOCy +l4vIdLMvUuS0fUSS3LsTwjin/nt0vxYqPrTEGNi4SNWrpqHYN+K0raLMPewysY/H +3ViqdqCOiki1UPL2t/JImgJ6uGP5+8SkM9xgoIVdqc/VPVmOfWz0/ukEblB6gMfX +qRh9sxcFv21UljymaTlfFoubz8s3/jdkNITa+z8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBd1gYCiTs2dHZI6H2W77jlZXSQZ+K+EbYbETSCC58vWY150n0+7Tvi +ep7WSoUgySVgmxxF4z5u+s3z+XE703/1pJwDGSfbNJbaZ898mzb0sNCdhLbEQZDb +B/qEmBgB8BpjV8M2PMiNACVDLUl+7rVvuOBxEuIqfJW5ynV41ubYBOyTb/FBtMk3 +1e2Pw9nEDHbtwhyB37np0izYZDNuXPCsdstcKLYgI0dbUh8NhMR2mZ9xvAa1nQbC +QgxAca+Qalg0K/bSXa9YlIxDGN8Bo0Df/59j1BGhSX/sldtX6SI96eN58o3/BiCq +kT6d14evjcjSrHtLAs9Idpzoz8qk/+2/VLrNlyl3iIcTbPbpbpc8vL07/XE5Zuio +LaGy7wFu/SpINXRDRT+Mce1XOk12TeEByd8KcuAsWDATtfpLbU+aunTHMEd9yrX1 +e12NcNV/lYksXfRpdZfwj+HhUIGTVOROQoP8s7ZGJ6D5av30MOTsXg2kcXwS2vqq +LlVCjnHLhBBp0q56P3+D8XwmM/GlLwVz5abf97/J5hHVT7qsQ/JN08mCTZsyiwn2 +Pwq0iqCCrjXDyfGf0ifDVp8Bnzx2t0JyC5/HTbEfiTXKJ0tE6sRxW9jC7BdtY/1I +zhj0ayFnBMQcK35AjxNEFugjIjKk3jXRR5sTT/6avfpdoMsubCCaHg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter20.cert b/test_key/long_chains/ShorterMAXUINT16_inter20.cert new file mode 100644 index 0000000..8650dba --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter20.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTE5IGNlcnQwHhcNMjMwNDA1MDgxODAy +WhcNMzMwNDAyMDgxODAyWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIwIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC+IBRk7ScPHpMZJtXUHtKrwC8BmsorvVV8ax9npDCipcGI8uMvXGJavvUt//RI +4p7JlFeuuHPI7vgC6JMFiSfDI08/jgTJjfF1I9gQFMEzrLpT7c48R+khlvm0aj/M +j7Z9TTaa0+xqkeqief25EK1hFjGCoRDNjXtTU5LH8XIXgNnk3KxnbBn3Y1/Rg2Sr +VuXP7kcChZjCN+7Ia/XWIMgEJ5g0afcV1c2Dnff0n5WS3hBykP5ynpGzbmCKRjPe +At/rfKieEhAuHtDrvhii1QyO3Q6IiBAo/zuk6fTDPsTyn++kx/32exiHaIoQlME4 +pdCbTyFAbQeSn9i5GO8VbIpsWy+DE9c0hARBTR7yP3or+Op/ca5+c+D3ic9S5Uuy +TdZk+v6y0ntNFOGnVJFCXARS4ZoQTdnc/zHfV+I0FcnTOfBtUigl7CDpcqUOMMtI +IfxM3xDuhelRS12F3hmJLOL02XZ9Mw5YL0S4CI2Rz/3Q5+q03kgZ9MTCR+c9U/uD +hecEcJELGBlWE2l7jSKtIGdqPd6nINEaZkq8EnmUHDnCrXqYQtg6h0/lOoe0+0VI +O2dG4DV6CZto0TN8hjgllVCMKQ7XmosRt2y1PN5nIFFeZ90FLQeOcKsW0A8ZLiCn +Pl9ORmwq32t5cPs16TWbbr/ds56SObrWBmhtBilA58myUQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUJiUocpW29wdXhcdcXLiZ +bxqTvq0wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAT4Lo2t+TmSJFz9Xw+BVXUb7ejHtDlisE7OwOBO9aur+avBUF8 +ldq9+hZlbM2vt/ejejJs2sWT9J77RvuHNrt/zWGSiAxVO+J9mncWuDFjW9Z1ubLP +dwTpK9ToPfgBSH6OOCtNHrMJg40DSuS/aJTRbnP4uUtAa25iWX/SMOQAoFy/Gchg +sxVVBgqKCoP94rvbN/zfCLwaqml+tll+COPRTynOBdwd7BQ04N3WH329t4wi0EHf +c5KUdk8TU8F9OabY4/tbRR+M1+73pDU0cnbz62kmctgDwWtP0TU1MknTw2JTKyAx +M/XOHr7YHxVXnK4VDAL+cv+RuMweAjmOVRgVedndjzNPa/KC0nEKdaMALNj51HMj +01QSkw8ZecPe7+XXOKPtcvlSrrN43ZON+zSqoP9LKBLOUPzbdyLd5UqLMFa2s14V +C5MLORLqLmV3Jlx2W5o1wr9lXVdd0AeA4F462y74eDP22kVKbySEk8L1lhHkplkq +kd9hk3gu3wU8rQxu6ue0hhWi7qQ604un1PUvt9KbWhmtK3+mv1eNfwNvkN9yQtGf +uaJXPnX8Xo/jFM9gz/sUS8fL8+/hDnzT2B18VuSdoK34EHSkoZTfplBji7dx437s +fiLzFDN50uY60ia0hptmbElred+NndZof4Z2tTpLzEi00HzDKtMoMDL3tw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter20.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter20.cert.der new file mode 100644 index 0000000..e52647c Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter20.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter20.key b/test_key/long_chains/ShorterMAXUINT16_inter20.key new file mode 100644 index 0000000..f5bad38 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter20.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC+IBRk7ScPHpMZ +JtXUHtKrwC8BmsorvVV8ax9npDCipcGI8uMvXGJavvUt//RI4p7JlFeuuHPI7vgC +6JMFiSfDI08/jgTJjfF1I9gQFMEzrLpT7c48R+khlvm0aj/Mj7Z9TTaa0+xqkeqi +ef25EK1hFjGCoRDNjXtTU5LH8XIXgNnk3KxnbBn3Y1/Rg2SrVuXP7kcChZjCN+7I +a/XWIMgEJ5g0afcV1c2Dnff0n5WS3hBykP5ynpGzbmCKRjPeAt/rfKieEhAuHtDr +vhii1QyO3Q6IiBAo/zuk6fTDPsTyn++kx/32exiHaIoQlME4pdCbTyFAbQeSn9i5 +GO8VbIpsWy+DE9c0hARBTR7yP3or+Op/ca5+c+D3ic9S5UuyTdZk+v6y0ntNFOGn +VJFCXARS4ZoQTdnc/zHfV+I0FcnTOfBtUigl7CDpcqUOMMtIIfxM3xDuhelRS12F +3hmJLOL02XZ9Mw5YL0S4CI2Rz/3Q5+q03kgZ9MTCR+c9U/uDhecEcJELGBlWE2l7 +jSKtIGdqPd6nINEaZkq8EnmUHDnCrXqYQtg6h0/lOoe0+0VIO2dG4DV6CZto0TN8 +hjgllVCMKQ7XmosRt2y1PN5nIFFeZ90FLQeOcKsW0A8ZLiCnPl9ORmwq32t5cPs1 +6TWbbr/ds56SObrWBmhtBilA58myUQIDAQABAoICAC5pKlFQyt4X+pSDNGNpesfO +TCs6G+v9dea/R5VHMVAi4lGJ6Qdgp+m6/6LQ/lLkbxqKCbVu9WSxYP1kxK7vQjOS +ZQAArQ5+hdiwfUe/qUHyAjIGtPdmHnTCpAX0gcpvsn534MJ+xRFmuT4cRWFtvsUa +Y8+dfbqPtPEsT4JbYBx4qbgCXluIufX33iYIywRAXC0b312wOw/+E139bK9upSTO +fYsd6uD7pgVhBGxEoICPkLhGyLY2Gx8P7KUUagjh7sNPVOHxSt3XS+ygJOdq1nvx +XmDZxggb9fVV3xfiNLV9cURqRYZrmhtD26Acj+ZCI+Aluto9Q0H5ny/f9EzoiAlr +N7iBcwNJNxrdt7V+IR57zDAkPCCZUHhn4y85vQuVe0euydcDJX/XpKvtDqwTjFPY +rv2osmMMs6rCITiqhebXX42ASp7lBnSHVB8q83FrVJ74uLkbwQw1f3KB42dNpv33 +eJVoBsxR9XqALCagEHi3bpZGWKtftplhLsvrkZL78Qwunc8JnHWuoi+8PoTNn1OA +80VHgC9Lnp9jPrh12dNPECmDmvmObJC87tfLz+J6x2nO6TQ5sgebI474hG4EBX8w +LGO1Ha9cOCA3GD4WWI4Ls9TvtEVQd5wJQh4GZIJQHThJ0mhR76s0+1wvZdGcvh2E +R5zd1Rw0kxKZZNzCOjQhAoIBAQDxwaElFZ2TBSW+tHgy2GYtLF1H/xULIo+9Ykk8 +chZA1imIeWecSEeznAmTtn6euAKRttlS3f+GK9tv19CZBcSmIy8tpptZZ3V5hgxq +TGD087CO11Lr+gXJQh0/4mScGIKDkBL9bFKTaLPqcNesogcZHcjEu014CV0Ajbo2 +d604z1UQryZLwvF4jUxBhQz59Hru0bZO52dv0eerZ2aGvkNPUjUJKaivUURlJXYa +pHdyAEztu/7GIm/edeczREClk1nUoo5GLRLNIa94+f42lB75pkihJkpWJWwq2/Hy +xuz8TpnbVl6/9t3COZ8PYDDo39bm3xLPGRjaaSDKx0T9MhHNAoIBAQDJU7UsHZbf +rRSAlLwTgMRG6lT6eZmFJW5KJOo3hQB4jXJ+PeVkJhuKW1qUzraErTMTg73JR+kj +BGx3e5sle1qhZanvP9mg8dG3X98AeikXfopeobg0iyev4NdczPdsTTBmX5Fnln6z +KVzGOAOFFMp7P8oQirDkxwcP+tvTFO81P8CIuDrl8t8x22km1szLI7T2CPfxzCWK +TL57ZE4XQQonqdWksgof13gBI9N+WViRr1wpiYeBt1wDjlf4nXFlEtHoMTV+t9r5 +61LX4yy8cXzwJuqTWX0fd80A8+zAm0rfyddp/GJHt3priepmtxeXcxzgUQBmyqvl +DlIlLjsrvK6VAoIBAQCPUrC7MI5ja8jNv2YHFr20iDmhBjuuh0XaC9vJJwXEWHL1 +AqyHPV6sv5P561YzuHllc5Zxh0UGgRetva9gGMhVikRc9wngPfKqIetYVYGhlpsU +g9kYJvipMTXv+sKUu/8cCh0H+uEVnRwUn+Ns5/33SO4Om9A4mqx1OJCt29No+5m9 +s2irv52yT2pm6X8g7Gy5CsDfFFcBNtr2he2FcmSrMNxaW0Uy8qXupP/Ymapqfn0c +77gCNMZHh3SSsyL0RmAaLGjWd8BOtmq1+NdZ+gRHEuq6Bt5JJhRzcEOHH6G9jset +/g1cFvmvPMPstKUqWhGoe5VGC+XtDigvr2VaCgX9AoIBAEmQb7P1/+otaT9umaaa +t52eBH0dr64KNlmbUYYF8F0cekiMv2Qv1IJizR9wxRqH2xD3Y4LH5vVnqWajYNZ6 +U2yEJGsKrq/zjIjv3CFlgdxW3aKkfxWb/11xz9/V+Va2gcf2hcAPKq62n3LChu66 +4R3V+jS/KNH/s6HwLSDdFmcjq2uJvePGMi4amTqa5GwZ2QbJ0ielS9ZUIood5bbz +ig1iLnGmqLJn3i60c5RIe2eIZym6WixY3qNiAN0UUpn3HYI1cPGjpr0JctT16qPU +6C0sWyyKV4EHGn6NouXiGKLbMv5EPXktHutqkp8DqfgqFNQWZQoqZlMlP3jcgryB +jl0CggEBAKMAdknLrB69WEg1QwQShb0PlaHWzaScTC9Tzb8tfm3NxDbO08zELvFd +JgAH/goHPEkqt1JovUiYqaIGK3caXIXKt49Ngfh0PMZhnvHZcNDzhGP/DOyaUSaz +8kPJ1XaQqdNwhivkslNsZqXok02DehazxYU4bFRkVmNCFYeADS2yfXlPoR282kld +khcMuJuud+KP9nn2DJf84HtD5IPn2XRhxWtG8uuc1wAmPGPL35iumjaB6G1elkb9 +49HPw6xD41Zsf+uzEBRqFw3m8Z0ObLyzGwDPLtuxOlbXg819vhzcio2EQ/Op4WZ+ +90RNxy3AlCrfvsLy4gBD3GVvamd/CFc= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter20.req b/test_key/long_chains/ShorterMAXUINT16_inter20.req new file mode 100644 index 0000000..3b68e62 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter20.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAviAU +ZO0nDx6TGSbV1B7Sq8AvAZrKK71VfGsfZ6QwoqXBiPLjL1xiWr71Lf/0SOKeyZRX +rrhzyO74AuiTBYknwyNPP44EyY3xdSPYEBTBM6y6U+3OPEfpIZb5tGo/zI+2fU02 +mtPsapHqonn9uRCtYRYxgqEQzY17U1OSx/FyF4DZ5NysZ2wZ92Nf0YNkq1blz+5H +AoWYwjfuyGv11iDIBCeYNGn3FdXNg5339J+Vkt4QcpD+cp6Rs25gikYz3gLf63yo +nhIQLh7Q674YotUMjt0OiIgQKP87pOn0wz7E8p/vpMf99nsYh2iKEJTBOKXQm08h +QG0Hkp/YuRjvFWyKbFsvgxPXNIQEQU0e8j96K/jqf3GufnPg94nPUuVLsk3WZPr+ +stJ7TRThp1SRQlwEUuGaEE3Z3P8x31fiNBXJ0znwbVIoJewg6XKlDjDLSCH8TN8Q +7oXpUUtdhd4ZiSzi9Nl2fTMOWC9EuAiNkc/90OfqtN5IGfTEwkfnPVP7g4XnBHCR +CxgZVhNpe40irSBnaj3epyDRGmZKvBJ5lBw5wq16mELYOodP5TqHtPtFSDtnRuA1 +egmbaNEzfIY4JZVQjCkO15qLEbdstTzeZyBRXmfdBS0HjnCrFtAPGS4gpz5fTkZs +Kt9reXD7Nek1m26/3bOekjm61gZobQYpQOfJslECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQA9bAyY7v0biB0Oo/KWxybfw752IIENCBr6yN63ZtgXiJX28Hrx4xtU +0GTo8gsWcFzzdcyrpt1pV3eSYibVB6HE9+sVPAEnTGzaOBjXW2kSxHzcHO1DGIkB +3BZQJrYoHvAtKpVQKenuSbx12toI+bL8rvbLs3MZfPm9uB3/Fd73wiOqE0D6zb0j +fXLWC+cw5HGVJsDpyYIDqCx35tMGnsyh9OEe9yhjIMPPNCFMShORNctsOEtN1NZd +bBLkZzJi4wU6WTxKvy5iDgYhz2GlhKf4ijXPjeqCdOL6AKxseDf/Po5RvIutBubj +HjLQpk2Oa81VQKa/DkwMqL7CMQ1ylPuPGZddCsycu7V2yu32x4yc56NstsDv6EXT +SdECBdGE0mUeDKXkXOJ6YPZ6GBhO/g6+aol1CYSJbq1oppqvA8Zy2pTTxGmUOzve +ZS51FZsFFnDB6Gvn3/tuge0N1sa1Wb885zSQG3TNheKl9Wzi6EH+Ye7dsLy8B0rY +fuezy00wfzvhzpVdvj2mc5UFMMVDrE/r5ror8Tdq9T/RVJXbi400clCV3ie4mAVX +kKHIYvGGRd37HiPfXyJGYUhlzKW/Cb5mmkZf9ZJK6rVd+hodTUd3OtZ/QTXfWrcG +NygOEFgh8qbELKfLZz2MK0dkZDJiizeG2JN7CgixePm3esqBYKgKXw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter21.cert b/test_key/long_chains/ShorterMAXUINT16_inter21.cert new file mode 100644 index 0000000..826db3a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter21.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIwIGNlcnQwHhcNMjMwNDA1MDgxODAz +WhcNMzMwNDAyMDgxODAzWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDCFlpcBwfP5Zk3Xu5T0ZRN5TWYeA9ZRo16I8qCb27bNGavPEjmVPU1L/Emfw1l +91Jdyz5oP9XjiYqXrGhRkvgnd5wxenUVEqaeOmXeT4x3Mr9WAitaBvMxlxJCaVcV +lTGvXYsvNdkbe014cWM8G2+4h2Ow6QrAcW/Cj7ZPwbDMyD+gPHcW44fgOM6h4WAB +mU+tQSFrEnoKW0GjcmkXhoTrDFmIzUuz1rgysT5zvxVey9UTIarvyqr924Hxxez2 +bCvEwg7wtJCNh2rdP77VRe8v0Fa6RU7D2jlev2pmZWNhpV9tpkyH6EnAk8cTgybQ +RGjr7eQbXGkVi2VOjHs8qWW2+ve/EzvyuPPIv9nyDSMBhOvDWJmKXkeTbUmXe5wK +xEl4FGyy9EMArpeHRT2zT+UVT5Gkn+BbWYhnafgySABM8nUss3y0LA1Lyzwfh35t +47mpXkGFrak2VCbGg9m5bEpQ2PPRA7qMM2KIhqZZmOCrSatCFIQLUS6J6HGl4XiW +4gPGHUKPvz8D39BcwZ+EJiZ2kcgUotHBqq2REWrjmbDG04pQra2XtLtJz3UqlXso +6GyGiLkqyqzyXZ76AaDHz3HWi2Mj8NRHQR2iClir9Hu95r4CyMUPCNsonntOJvlV +9nhH6VkXnGAhGqIlisezj9Nj52L3O2D3dTHAxeVTlugm3wIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUVYF4yv592QB/kmOGzOIw +PWDUypowIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBRO+D9aFjYg66MTRCJP5BiQ6K9+hscHn5s5MzA9rf6S4ww3m8e +MqmLLAkdmgU8sRHn6QbSzlgeTm7AFlKK7BKLyXRyhiP4adGebvwgz+r+KYzXbbhL +qSfwh/n/CdIs5wXYx+QafJb14vOPPzhUtNJaKE5xvUBnguoYNIhMsfTZb267oVHR +eq5I/z42FkjzHuGZTIdAO7YwYEXDYuZVsxEZ9snJTswMTsmfNhdfcihyurIih3GX +c8Xa41LQNHwupgpY/lE9M9w0XlAruXjnRHV8eOgObMLgyqm7/M0kibRmHRzCuU2h +lZ0HsFr1KNqzu7Mb0pc2HVCSU3rOiX8qXh1IJoWcT9R37WCLldijFQpUOIUL5aX9 +83x75wGTGFPvKOfO+C39ACFZOt1jdkt2WVDEzazjDdlxSVaUj1oLa7pE6IACMhjW +RLJmYXuYw2VaXZraOuzZe22WRkeJjXHSVa6nFLADf9BbT6AKMBcy58E47zG1Y7hQ +US1y6ynlG76kyUThXq7N5vSV+fmNVUcN8WGq0qxmpxzRqkY3w3FvOfLBCghgDDms +EzORkEjbL7tGJ+E++6kdZZ47cDNCVVNGYG1nfF5yucQyLyw/EB8tKtNKNe5vrZje +PsqvN2y4vUhpHji5QVUYEHfXjRxJM+BFNHoNRFWWmgd1LwrA8XRD28I0yw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter21.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter21.cert.der new file mode 100644 index 0000000..5765228 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter21.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter21.key b/test_key/long_chains/ShorterMAXUINT16_inter21.key new file mode 100644 index 0000000..ac7b5e2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter21.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCFlpcBwfP5Zk3 +Xu5T0ZRN5TWYeA9ZRo16I8qCb27bNGavPEjmVPU1L/Emfw1l91Jdyz5oP9XjiYqX +rGhRkvgnd5wxenUVEqaeOmXeT4x3Mr9WAitaBvMxlxJCaVcVlTGvXYsvNdkbe014 +cWM8G2+4h2Ow6QrAcW/Cj7ZPwbDMyD+gPHcW44fgOM6h4WABmU+tQSFrEnoKW0Gj +cmkXhoTrDFmIzUuz1rgysT5zvxVey9UTIarvyqr924Hxxez2bCvEwg7wtJCNh2rd +P77VRe8v0Fa6RU7D2jlev2pmZWNhpV9tpkyH6EnAk8cTgybQRGjr7eQbXGkVi2VO +jHs8qWW2+ve/EzvyuPPIv9nyDSMBhOvDWJmKXkeTbUmXe5wKxEl4FGyy9EMArpeH +RT2zT+UVT5Gkn+BbWYhnafgySABM8nUss3y0LA1Lyzwfh35t47mpXkGFrak2VCbG +g9m5bEpQ2PPRA7qMM2KIhqZZmOCrSatCFIQLUS6J6HGl4XiW4gPGHUKPvz8D39Bc +wZ+EJiZ2kcgUotHBqq2REWrjmbDG04pQra2XtLtJz3UqlXso6GyGiLkqyqzyXZ76 +AaDHz3HWi2Mj8NRHQR2iClir9Hu95r4CyMUPCNsonntOJvlV9nhH6VkXnGAhGqIl +isezj9Nj52L3O2D3dTHAxeVTlugm3wIDAQABAoICAGzPp10Mu/58FEgMusTXLLP3 +GvMd7Ez61vpw8mnqG1ZdrGv1+lDXtJlbBXG1rUdLPyxCc/xyPXHRfJfIGrwRD3rg +/fpnUxi7Who/Vzkpk/CHzOllUfSpDNLyhVQiRqZc/Hv6j7uqDsvvduFdgGsEXsAv +d16JaHO3pRaJB4bzajGE2tb0zzdP3K+CaaYr+m0rDJZve1LSCwWfX89Ip05/Jim4 +xMGDhzuN17rjz8WIjWyWDiEpsPG6x96Gn/VyJ4WH44nt2f5s3NXb47eis1RSXuSJ +gvXvQVdgEuXhnr9FfFAULMoGf8V6H08OCoAP+USt9by/pDEKwAdKHUPKUpURy2mu +S0uQ3lZ17YapwKfOxZ7ycMBEqBvzn3Uva+Hd+MoQgWLDzFtKdKOfgNE1r8o3+J8/ +mSNFKAOQvp185Ru60C0MVKubEgQguL3ZB/zkqAOgsjCaMRKs2tUTry6/1ZDvbTOD +V4kknFcO0x/y2KKLCRuMGybHWnQ8bMsKdPmLxV9cUOs/ZQH+LUBmpe05yThjcDBE +DVE6siOlZ5k8fZ/8DuK3llYzMbBuZOM6TAMbVGw2EvKtNVP7sPZ8iszy5Xk3Ads/ +Mi/CxFcR8lTBiQSIs2Om1+XHHn8uzOW7DV00Ztqj9+R9JvwBHMrICwUmye9hiQ0Y +78EEFhP3EkOHuV+gTVRhAoIBAQDqiPh3Idc+6BzRyBjLHpbaYDrQ2SMFKxT0PH7b +nRv95wyLQo5x8R743Z5YRk7+jGuYjgj3R1KWuC0NukqyFVqgdz+pWQgRkDnZAdxk +F1TtW35TgReO8XwKSDBjEvvFNlRyTxGP+GkptZfDhn6sFKvxs/PMAZB4bF943qnE +lrrQJdCf0OGXmvA/lbbXiHKtBv/XvYWiX+axhiu8ctfNkwcBXx+OA1Ug+ob+LCEy +/1o0LILzndngdaGyNYs30m1kykZ8Do4CDZ8nAM9lA2g09mM2Ro+kB2wPe0NB0Jjl +ISq+3MqtITi2oGzdKcpd1QRYCHCto58K28vjUEtjisxeGTOZAoIBAQDT2bbK2scD +yxCWaMrPrzvizYK5N91BCSWIlMzcgtA4ax7e/xb8h8SOjUVlFEQPVJJNdCewfXAZ +A5rO00Fz+QWaUQjlwfcxry0psKeTy9FYbgRiNcVTZTuhMsdac3zcpK41NXIR8C4x +Dfp9Mcs1ZpML1ZAfZJB0Kx0wWdZbkcf92rqj6rXIcTW5veceSZv7hc31S7lEOqDo +xYabq019OVzy5Qtnp3Kjb0H+e1ifrO548tKgr8kHDhD2UUXkI+nRg+pLr9bgjDNP +iyfDBCYDRgDVtD5vKmzT3Gpbp+fCYWhNdClTRTnvJkCkt0rRNM4Lvb/ONH8VT7ql +f+U2c7orqTk3AoIBAQCBSys2echwnIMuvxG0AFQHZR9nfRzKP5rYnfUNWspQqawH +pZRjihqZ9YrSfUgVGhJC0qJst7v27Oehdr6w+AazCapl0HgbPpg1Yso9v4MJKvQ0 +UqlLGyNXg75xD8kOSko5jg9PgBFxdfOJTb7NXMQBhkPzhjU/vfbP6mhKwRGRqBcf +04ZaDoc9dmqK3WTisEYgiBGAlz/VQ/Mee20unkwxXGBH6NxoRtRekLNoqs7ujk9O +wAmZrR+L3+q0xmOaOcyrnVZ6GUpQtSigNkWfVOkSxclwEstmqXxFbxqqziMDfzKY +SQU74KrDLcOrAMDZSyXbA6Ws1cjLsrss0BqkEV6ZAoIBAQCBg75useWtef3AFny3 +D4hrFfzvQynu0qqxn1bHEOo/M64B4q2o4U/XXqKoMwWQ4cE3vOVuzqEzibKg8yI2 +xm0YdKYd4MFBDLltnWQ1xQtNJqVjbUAfxen4mNSrhaM2OS+PtAby1IVI1CTpWQHE +udr4By4/Ivn1K06C+slD3hIILiqgf6N20U9pKKIdMB8+XAUYC51OCxHIfMnYbZfI +EMO0czbPvd0l8aTE8Z+yrsR0CO+f8RfTSlQwYmt6GEKgJiec8flJ+ix8WrSKUwTy +R1/HRpRM3gD+XOhg9HuJqIddosCI+e97N0WZ7by9vayiHPUgGZP/8WhIObJl4cZV +XvVtAoIBABH5eZdzgatYoTn9Ja1+vO9sgoXdD3y4XDBm7fpvJmqLe8u1eeTKeHOn +9/JqwHwWFGVmt+OhpBqG5CdM4oitHjJGdg34Yv14exWG/UqRfaOzVvDh9vu3vVsw +7qw9O3Eur+eYZtiI7WxA7rI7euJRlgfXTB5q/rENKkJGIZHbfl/45HMXMBmDMVZS +29KhPCk2scs8kaWi+NCXdopmmxDqnHbfI/DWMoVO4HdwwcNtxLrf53JJPcX8bkVP +l8i8GyCiQIJe1riYBbo8msPwCusAMpLwsEmn2eoMoRW1jMX6WdAcXA9t4RLYaifi +OoEN/r684g5YRQTXCGTIJpSDYXBhQfE= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter21.req b/test_key/long_chains/ShorterMAXUINT16_inter21.req new file mode 100644 index 0000000..b5afe66 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter21.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwhZa +XAcHz+WZN17uU9GUTeU1mHgPWUaNeiPKgm9u2zRmrzxI5lT1NS/xJn8NZfdSXcs+ +aD/V44mKl6xoUZL4J3ecMXp1FRKmnjpl3k+MdzK/VgIrWgbzMZcSQmlXFZUxr12L +LzXZG3tNeHFjPBtvuIdjsOkKwHFvwo+2T8GwzMg/oDx3FuOH4DjOoeFgAZlPrUEh +axJ6CltBo3JpF4aE6wxZiM1Ls9a4MrE+c78VXsvVEyGq78qq/duB8cXs9mwrxMIO +8LSQjYdq3T++1UXvL9BWukVOw9o5Xr9qZmVjYaVfbaZMh+hJwJPHE4Mm0ERo6+3k +G1xpFYtlTox7PKlltvr3vxM78rjzyL/Z8g0jAYTrw1iZil5Hk21Jl3ucCsRJeBRs +svRDAK6Xh0U9s0/lFU+RpJ/gW1mIZ2n4MkgATPJ1LLN8tCwNS8s8H4d+beO5qV5B +ha2pNlQmxoPZuWxKUNjz0QO6jDNiiIamWZjgq0mrQhSEC1EuiehxpeF4luIDxh1C +j78/A9/QXMGfhCYmdpHIFKLRwaqtkRFq45mwxtOKUK2tl7S7Sc91KpV7KOhshoi5 +Ksqs8l2e+gGgx89x1otjI/DUR0EdogpYq/R7vea+AsjFDwjbKJ57Tib5VfZ4R+lZ +F5xgIRqiJYrHs4/TY+di9ztg93UxwMXlU5boJt8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCz0PRtpXdBKdhEXYVGUyQlgBwW3rYt0Jcr8pfrfWtj7+K4XSQxtqzN +3SXX0jCLMf/+B8AOSh1o4qP+KSNBbJA6ZPaGJS6iudvUxcXKoWq58zwrEcXJpYSV +JkS7Tj4DN3u9PNjZh1dCHvSeSvfwelWP6/vic0+KNVkWCOmWDg+4YPUcBL08zo4R +onvT9OoGEqq4ug3I3I0zOCTtLrwXrqIrwjhwIgZu0t9mFvKOw0rjrF6AzhiJXDdR +BXvXA6fNh+5g1pXys7krO0p5LEmlT02YqCiwFQbNRf/4HeV2J80yPei1esRNQxA/ +oKJU8i5VBswQ4lZCUJM3vjd8+SXVDq+lsW4opCb+O6sJqSf1TkCzz4KImU3aP2Xu +wEZxUJTUMHaE1JI+lU/vAIElhdUtF4gWoi4HUkKod1jnlp00BNUo+6gENzD55yW+ +C7tFb7UYNGPVZJDHSQSHSXeMPTUhcQFA0x5OWyhEV65VUHCWIeWZ7HX5YVuME8r4 +tmWp7q9C8nEKTj2rI2MiWP9E1PB7QPAJzpnhAHl6mT60hJyXytl52oQu7T5o+gUg +08POMlvm4cU+6rGSKfvz+VP2Wu4In0g1M552Vijc4qECLKRD9/VuIf62aUEj3hJe +Ug4ghUv4oERt+Hr/ZefI+y1vEnfB9v0GJOamXhM1RFtVoVpc5urGhA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter22.cert b/test_key/long_chains/ShorterMAXUINT16_inter22.cert new file mode 100644 index 0000000..e928092 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter22.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIxIGNlcnQwHhcNMjMwNDA1MDgxODA0 +WhcNMzMwNDAyMDgxODA0WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDP4pmtcU9liwTstrHr2sOlY+aGsAPQ0Ov2zfU5ABfkNtx35PQX19F7RfNjGXpk +eTTHCwz76Y0X1WQcCoHY7vb7v7j7+6HLvjyyz+KxMEt9ViP0nCOXNQfK58AE/QR5 +xt4ayiogoaCuaZ8iqxo58afXG0F+EXpmZS29CjiloUFFDYzKLz6S3x86VXct81/0 +A875cepUuoiE8GjYB2jm8dgTTYjVg10sobQNyncbcl+K7jnHCamUC8i3YRl7ggrK +CqkyukW6DMs95WcD+oqJ/rILLQnMh8IXc71iuhODYlcaCLJlJbX5UjuyU51AZvya +AF4JzHzDU46oPBZGJRUH5xeFR3XUuPnPktildYYTqNJhhoI6nqSfBHXWzq05odsv +gijFlLZDYkx2G1HqGQ9e7gQ9eZZAc1ISt4Yho7JXDNNEYGpHwD6JXbZWGEIE+ZzF +q96++3af0txkxqgJfK0BkYl583RDZcucm6hjiWfOaVZE6jivLKkloOsHizgfcZFh +EeDelUCMhC/3MPLbUSm0lzcvNiDM0o2G6l7pPXkKf+wbq7M/9jyDFMP+XDJYDQls +0xsQ2sR1a9EnzqPd9WWjPDX9h5ZSyQX/lecGHNv6b51dn3rjregM783nKbGcX6Xx +Gn/Pdnkb8RuCX+PxnOXflR2mgDabcxAUpLPKNqldyvlrrQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUJylH00vnv7WTCFC7v0PJ +0gaDqhcwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCQFrUvdsDj0MaNQW1/Ewu1zb1Ujj95YMp8wO63D9GB5SWp1A7a +0mWtOiC/qbIJTfrRK8Wrl78256qKJ30/6qSKNC4OXMQyzlcAF14FzRmY0luoiuuq +zlv2tWoZaaVD+W+lSxl6YtMaBukRJF4Ea/yxcrFujXGFUdTjnaIx2DX6m4iCBmn0 +h881ecCLWOKfWtGL67H0oB15zAU4bnGA3/wFiq9doY5I8ZyJQBDsZzRx79irhJHX +LT74wm9DR0YZHbOoo/j+wBpK5yXuulYoCiNOCh2fM/4PxLWigXX/FYdOxrPVHIIE +MuXidco3CLD3Rnb2+PQoOJegn6xL1/y1L9tjcQGEphTGFEl6G4VQfVYY1patxeAB +KYTG4Bv6SM5KfjCJ0XtVzgalC3qz/RSvbxoPv2abC4qY4hYQ3fhs8bN68IH2+xIt +tWHKV5yWa4tELEslyjQhV1k0p2WWpberJ2mCFXLpClB/FtSSvnp9gWM8+WULqMXW +OEMYm14hDuImq1EWsVxEPwel5ITLvtr4aGzjOScY4JZfv3fv//UbYGgM8tjes2t9 +FFsl3/b/clqe994QJIYQVN/BODhQ6e5rCD6QwRrSrBGStqZHnaTe6MBVfckySDPq +XTToH5TNWnxo4t8GFsl2THw/B0IGft1fTsUDr7ukefL1rQrMXIraeXBecQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter22.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter22.cert.der new file mode 100644 index 0000000..851a2b9 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter22.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter22.key b/test_key/long_chains/ShorterMAXUINT16_inter22.key new file mode 100644 index 0000000..a889dba --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter22.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDP4pmtcU9liwTs +trHr2sOlY+aGsAPQ0Ov2zfU5ABfkNtx35PQX19F7RfNjGXpkeTTHCwz76Y0X1WQc +CoHY7vb7v7j7+6HLvjyyz+KxMEt9ViP0nCOXNQfK58AE/QR5xt4ayiogoaCuaZ8i +qxo58afXG0F+EXpmZS29CjiloUFFDYzKLz6S3x86VXct81/0A875cepUuoiE8GjY +B2jm8dgTTYjVg10sobQNyncbcl+K7jnHCamUC8i3YRl7ggrKCqkyukW6DMs95WcD ++oqJ/rILLQnMh8IXc71iuhODYlcaCLJlJbX5UjuyU51AZvyaAF4JzHzDU46oPBZG +JRUH5xeFR3XUuPnPktildYYTqNJhhoI6nqSfBHXWzq05odsvgijFlLZDYkx2G1Hq +GQ9e7gQ9eZZAc1ISt4Yho7JXDNNEYGpHwD6JXbZWGEIE+ZzFq96++3af0txkxqgJ +fK0BkYl583RDZcucm6hjiWfOaVZE6jivLKkloOsHizgfcZFhEeDelUCMhC/3MPLb +USm0lzcvNiDM0o2G6l7pPXkKf+wbq7M/9jyDFMP+XDJYDQls0xsQ2sR1a9EnzqPd +9WWjPDX9h5ZSyQX/lecGHNv6b51dn3rjregM783nKbGcX6XxGn/Pdnkb8RuCX+Px +nOXflR2mgDabcxAUpLPKNqldyvlrrQIDAQABAoIB/1BkUQnBx/J80Gq6PBP5ha9v +8rYjW1ZldNr8ythAMP0QOjIjWEHgNCJ36qdoMuyn8sEGhP7mUqnk29H8PjqmLt0s +R10q8mbYKqD7w67B/m954G239AuFdn4BIUDMl+5/+WRiyefUmU7ZibDeekXuLfoB +kFIwcCUo+4cfbMigk50goFGP86LYpjro0i3y8ChtUJ0mcHhTqne+gM0KEIc+/1B3 +q3LmWiHoZrjukyEKGeigN7fBBNM7u2MvKauZnpKDjOsRHeXVDMPi8vOW7/xtgmzP +/foahfSLzbFgRCuK3CQ1OMfkzXqdUnij3SwKp6Tmf3dKnPTsWz6z/ekibf+gXnd5 +u6XlFfDKva07NbfGlXN4Hy2J/3J24QZ3taO1rpF8bioPPiV9NBjrXxrHb7jv4SWb +aPc9Uh67JZRUq8IWoHqjdqXFMNyRHcpt+BbbmESNHZ7o3x4N39GSyhxL2GVw7Ubs +kSNVXZ9wOKmnReAQyNaRIWoUZnF5DQC9XEpDhA3yeugnAeA0I7JyJC+cTDEIaLwx +7D2OuXGAvoDWVtuj71M5A4NxGA1G2Wm99FybRsj7CCRPpJNlXqP7dasgkt+dxfhs +YMhu6Lkpelnx6H10SxxhYsk7fQIbXHOfwOGgwk0AeF6Iv16qcavMOHNF0loDIb63 +lgRTHnUB4BdLwNXFejUCggEBAOkfzWoZsIwEssprFgOo7cX7+ZmYfRl/FhSL70+j +oJko5DerWNUq5JI2tfez4UUjTgPScCZDQgE7dbq8931Puixq6FB5YiXy3CDMmbF3 +G2Y8UHFQNvC2hgcsAM7zwQdSWPBLOtwSdfaKc1pjtQHrH60VZoHi8tJl+fN4+2iZ +1sIrBrXaXno/ZVm4RVFYfIW6+LNOsY6UAqqxBCEiH4Jety7tdx9egWu4Jo+ymWp5 +iZSv5KxNrSOVCFC6mtVruR41qIHDERjny6XMiaoL+f35uXMyQalsXLuJgj+HZ/hR +utd+eLskFLTJ2sqp9hnVVQ3dwbi25AE65mYI6Zjn+eizX/sCggEBAORIx5+5wkCK +VQC7cgvQ8lJv5M5KOpTJhvEebXBqjnnPpzUzwd75Q6RWncLeEqx+dKqgt1k/BEuU +285z2bfkVcy2OqFRvdL42tFKtCItGRYY78RaDpIB/zTchyn1hZ4REeHykdiVD+D+ +pYSEBm14UuAgvxKwKMqoBmCBAM3+eZlRX0mkKuhIvt9nf14+Vj56Oh7bUumPfn1B +Rd6voA2aaUBr9jT5LKlNSqIsupkncM0dR70+L521kFwJMheXpmS7lSkgTIT0bKSX +3Z4Z3eP6GWFNX8W2inaLWpwPCgsrBb+3+aEr5yLxG1JGRTn1EWwkE7cgukLvmoY2 +Qm+c2XoICncCggEBAJek91MoSN6cA82GYTiaP6mFIjUWq3HVaICPEmnEr6hRoDrS +PCPWFf9ClZX+re/yakI0Nn29TIdOrWN+nqMmJJ3WIS6P9xdmZmjzjpqRNwKHA3Di +VAq7QG4T4qa8ivj/SRluZmhXneJ051qJ92m7D8zgWeDtxzSz3ybQsQG26Ks/n8rV +tJVi/cOiCX1DySSYnkTNUNTFVQLByUTgVIzSnehp0g5WxGtUy8i3zfIkAyn0TRUE +Jjc6L8GL0UI5I58SGn3mbQ29YoyEg5xY1BKwykC0FWBnO99GMLKwmyI90ANzoodh +jhKYJ7mjW5IsYnp1oRlN5v0h2lPPQl0TsU38uNcCggEBALDUQ3VRQcwWm0OG7w+C +GcKLlBPLYddQx6tMY395usVWeXH3lowuTxwkT+3bcWGWTq7A8WU7MAuP0jf4e0Q7 +pc59taqyE7UxOOZ31FLI1i7MwCU7kR++Vj5POI/i9E59cHmyGRFIXdVtyy57yjLP +ynp8QyWpuN9KCi6Enufx36VIZ+Q2O1pUxy1sETgiV1HsActXHsF2eodxoTqelf8T +hcX2Gu/rt5GpIk+/EAeEipcHwEMxwVaLhrgUE2489RIAT8lckIlIgEN6s5s89Ckc +2L4LXk1bWaP7zAMojyIZgEmCq+YRiOgDFaPEdOkxEP7Qb0kiG8WvreWacBneyIMD +aX8CggEAH0EKL7wu1cbYnQEf1wytDH+SDf9aBeFBXgTZlZBSs905gD8fOxq0++4d +Q+z5ZT15YiqTO0hwCvJ6nnqJK6pZ/neRaldNkOMD3ImbxgqJJhUUDAYT3lHFsF+W +s3VlLbqFsKokWW8nSDknpbLb7TzC9o6WACEMrQ8A1KLKUmMatfMSbLalq+AQQH8l +Fx/uqpimKhXuOxGM85ZAY4fNwGG6qDf8rialGHSEhyB3zBWILGJmAm6dly8Kfc/z ++M2tjMrsrAdRpx7bFEKs8KK4xqkYqDSvz/uDOEkvCi/DOzz6YFax7EZqSEqrYIwZ +s1NkE8wNBNMx0F1iQdg7atrrYY1cig== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter22.req b/test_key/long_chains/ShorterMAXUINT16_inter22.req new file mode 100644 index 0000000..cd73b97 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter22.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+KZ +rXFPZYsE7Lax69rDpWPmhrAD0NDr9s31OQAX5Dbcd+T0F9fRe0XzYxl6ZHk0xwsM +++mNF9VkHAqB2O72+7+4+/uhy748ss/isTBLfVYj9JwjlzUHyufABP0EecbeGsoq +IKGgrmmfIqsaOfGn1xtBfhF6ZmUtvQo4paFBRQ2Myi8+kt8fOlV3LfNf9APO+XHq +VLqIhPBo2Ado5vHYE02I1YNdLKG0Dcp3G3Jfiu45xwmplAvIt2EZe4IKygqpMrpF +ugzLPeVnA/qKif6yCy0JzIfCF3O9YroTg2JXGgiyZSW1+VI7slOdQGb8mgBeCcx8 +w1OOqDwWRiUVB+cXhUd11Lj5z5LYpXWGE6jSYYaCOp6knwR11s6tOaHbL4IoxZS2 +Q2JMdhtR6hkPXu4EPXmWQHNSEreGIaOyVwzTRGBqR8A+iV22VhhCBPmcxavevvt2 +n9LcZMaoCXytAZGJefN0Q2XLnJuoY4lnzmlWROo4ryypJaDrB4s4H3GRYRHg3pVA +jIQv9zDy21EptJc3LzYgzNKNhupe6T15Cn/sG6uzP/Y8gxTD/lwyWA0JbNMbENrE +dWvRJ86j3fVlozw1/YeWUskF/5XnBhzb+m+dXZ96463oDO/N5ymxnF+l8Rp/z3Z5 +G/Ebgl/j8Zzl35UdpoA2m3MQFKSzyjapXcr5a60CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQB559lJYQicRlwpJKoLJf2K5zf/joRfPVToEEXfEMA6E2zLOuMwb/r5 +xyfQOjbnQYXqZk2mfw+GmNiVHW9rL1825Lb5EGH3M5+ADH6Q8K7qM4zCfb+ohBPb +DNOBDB/+oDYByCcn/oHdtP9xa/MXKOowkznZF6muWYvToWqfHQM4FdpRihwlbMLs +bBjqvBb+cNiFpgMCLShwUQ6Hx/IhOUXhnnQVvSDIa94MpurGeyDqPKGpWO5kYiZg +3NPyg3wsuntJjguPwmiFWBjlfYrCN+rPVkX58lcXHJYELCqYnJ3ejfJSSmfGlizt +x7r34j1g3T+QAGxTgsH4nWXsBcFxxv/lt1bng5nePxNCHl2ZrTCcjqln+kkqSpbW +IREOqMdttr6ED1HVTvazKD1df2PPXwbY6ACSKAOx9HFhQhnilKK52784lnHy+ho2 +BdahhizdAQoFlUSxTLHYSIeWQlpqefSL0UEDGOGTYXk7pjnccXjywhlW6cBdFaBn +knA2hjepEBSow7a/TJChaLJ+YqTtlrou2MoWUbV0izIDHOsj9vtYQZ3Zq9/DD2Fs +zl7LZwjgzRcXlP86SiXFpyWGPDxFN2ki0WJ6zIXxol1B6zkmCy75KB1/zorXRX3q +NvpxH6jj7x5q7QIdDJo2GWacB/s48O7Bbblpe3BjxPY4QqBFYe3YQg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter23.cert b/test_key/long_chains/ShorterMAXUINT16_inter23.cert new file mode 100644 index 0000000..630c97a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter23.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIyIGNlcnQwHhcNMjMwNDA1MDgxODA0 +WhcNMzMwNDAyMDgxODA0WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTIzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDlo8FGLtRM1FKBngHIz5H/AOIiYENg/9CgLwMIf/nufrvUMnxiVNTKrrOiIP7S +lFDOKXJPDabAjJ/bxjZBHHmDsQ94FZylz1Nt1YbkjtO70wj1UiuPCtf+uP30Brt3 +Pry8nyEbrGNj3/ktzLSAINimhogQwSN0f+VXOAmL3PnOhLCdIYY5AhKum44TuK6s +u0EcX80Cd27KjpG5biOaaueDlPJO9qgGHxG93bs3egWWTHP930gNj5dkPCIyapAJ +ntjlqpi7Df9r/+08XABifcJASCRTwIAWJ0ePIRsokirFtvVEWnmCj1Lce9/QHxD7 +hvHyai5RBCNLjz/88HeizEvoHKUSzXjAhmJCRDW+OBXU4dMIkmuT2gO4jKufXaud +rvE0P9NnSZVVihIRilznNZftRzrLagmCkR7yPYGpw26ZLOC3xb0CgzPvePR9QtrD +kkCupmLW9obAf3mmtIBmt3mAmGXchf9BTlyvw6rCZIawsyho6mKgSq79YY7FbDRk +BEwjjH9H0wxFyCPP3dk4qKZom4eHSJUfOHs/tLH7JG3c+TfYvgH6ytyUHGUaMdAn +3QDcuiUdGUhTZomRvlECfqb8Z8PUtu8ybvzR0ZeFe+FcbTrZMhhe4HpDzMwl62KV +EjAg5JfGqhP8tVLLe1GRdbY2Z3eQRE7eY2iL/YlrtTtHawIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQULdoDyawvJ+yhdoPhHzLF +hA6mJuYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBf2wUwH4GLqsZMzHyUE+uYsewSmrcreINSB9pUDKJk0oaijtgO +vz3hQB7tm5A9zSzrqbBCkutpQx++KiqvYrm87JAvvo3PBffGLNSUTDh5XYGuyg+6 +hTLgM6jzfYidhpCvvJ4A3FQ5dCjBnYYbYPaUdHoRzLSXZ+bzv8w9N6SQBPIN4qY0 +soUC6WnLOMf+OeZQFoZsQsvuUI2HXjKuDFSs9sSqDNuQou+gQurWikB3ZWtonb7H +FZNEnebdx5rUMqAyisFS0Jgse1K3nkxKWGdTrS6NirP/xipyhFA4zeUYSfBpwQJt +4MfypY9rtUQvtEZ46UpcGmIPLvi4GM7jy/skFYDcyO1Z874mvq/dHAPHD10gvfZJ +ra8emk8Ju0OiVmtbCaEYnuxuFkN0g+/Zu8770IZ/MRmInIrVpc7Dso7QSnLnpMdf +CFfI8S63SSdWmCBr21EIscrrULuyviUVt0Z/fCgRZt6GLdig/BBurFIuLHIpVtPK +ke322BNfKPD/ZIRbLOiIDSqlRmTRR01Zvbf9+0kFRO7M3P+FSbvVFnRLOHFxMTI7 +iKreNRKBxHGdvOq1AFJKAPgLnaqK46T4T50sOaUQc9JMnAu0gBjcE0J4se3IBPYi +M6KkSBQDRGpEN3x+5dds14X0sf9Zxx8HEe4PN4HITVCURNZieyp8QLlK8w== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter23.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter23.cert.der new file mode 100644 index 0000000..f6ef282 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter23.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter23.key b/test_key/long_chains/ShorterMAXUINT16_inter23.key new file mode 100644 index 0000000..4cecee2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter23.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDlo8FGLtRM1FKB +ngHIz5H/AOIiYENg/9CgLwMIf/nufrvUMnxiVNTKrrOiIP7SlFDOKXJPDabAjJ/b +xjZBHHmDsQ94FZylz1Nt1YbkjtO70wj1UiuPCtf+uP30Brt3Pry8nyEbrGNj3/kt +zLSAINimhogQwSN0f+VXOAmL3PnOhLCdIYY5AhKum44TuK6su0EcX80Cd27KjpG5 +biOaaueDlPJO9qgGHxG93bs3egWWTHP930gNj5dkPCIyapAJntjlqpi7Df9r/+08 +XABifcJASCRTwIAWJ0ePIRsokirFtvVEWnmCj1Lce9/QHxD7hvHyai5RBCNLjz/8 +8HeizEvoHKUSzXjAhmJCRDW+OBXU4dMIkmuT2gO4jKufXaudrvE0P9NnSZVVihIR +ilznNZftRzrLagmCkR7yPYGpw26ZLOC3xb0CgzPvePR9QtrDkkCupmLW9obAf3mm +tIBmt3mAmGXchf9BTlyvw6rCZIawsyho6mKgSq79YY7FbDRkBEwjjH9H0wxFyCPP +3dk4qKZom4eHSJUfOHs/tLH7JG3c+TfYvgH6ytyUHGUaMdAn3QDcuiUdGUhTZomR +vlECfqb8Z8PUtu8ybvzR0ZeFe+FcbTrZMhhe4HpDzMwl62KVEjAg5JfGqhP8tVLL +e1GRdbY2Z3eQRE7eY2iL/YlrtTtHawIDAQABAoICAAqRZqucLBj9DG76nopnQwjB +OabrVy53l1pHz5Psj8vx+SLiz+aWkNRjBdFIQ3HdcXqLXb9VmX7y+chbbtPAQ7dT +xqp4FCVtTSGY2gRarlPOenMPvQFwNlB6ovU/+hCayoTDrfpgDJLkE8uPyB69ZDsF +pe1fdgo+eIdzBL1zBewDHz2b9VlaRxHSBs/Rh/hbBbwQjJa4eFjKBtrJvsm0ccMU +b7JCl6jwdRiPw7Xh36/zBMOCKwa0vPrX6Zr4XHiU3tZy62RwWHjX5ksI0Nu3feEH +cOSJz1s1o41qsJ1FXMKMkOz8XOstPVr4OGyTgWyR4UCOsmL4Fce8Z+10A41yaWvG +0wK23CWAo9ma9iJyyPBckmq282F1l/a0/qcb/HS52gQPSGrfsrr5O9jCo50yjJNW +AQz9qTEnbpCejTDu/gxwu9msyfwcAl1aZJrK6cktGXNgXH4/7AvsAEg2C1Yyym2Q +Wd6wvdbzwuNEpH+o/iudrZ8GKsQiJrmHZyN/lwxIIcL35zdZ/0XnoC/QDhQuBy9c +Jf3WCTOmVqCY4rAGirGZnlHhLMCBzsS4nYVS9gB3s0yNAP8pK/7AQ01Qhcq5RRl0 +7SouUlSThOiXwnPm+1gWOPcDDYwevOx5d+gInKxB/YptqNGDtfyV4ob6+TAwK8gW +Z6ZT+xtYyRS22k16NhkBAoIBAQD4aHMNHBiMF1PtEI9yahnXynJQ7mQi3we9hk07 +B0RFR3qqWgyMmXGyKljvsMAv/pklblk8Av4j5tIVk5bLzqCgqTmMKKrzNInrW6Ws +oDJuUdIUdID2tMjOdxjsqXVC6nrW28mdUjhCUqa8U52nLjRJ3l/BuXOU9K3Y4HEX +LQo/si6slxd/8/+PPoym4k6F3gpFn1nEmIMdyxisy8H3XeUcTcnDXjNT7aE0ldyv +5K2TaddnsAdHJ+7Mx3uHUH4QZQMxUNCKhcy+b3y4t+ROnl6FHhmFIu7MR1bkL3ZL +QMKB6FvKz0aDVjzO/FgL2J/Omb49RHKF58d1+dX0Ahdk+Iv7AoIBAQDsqHYrv20s +bV8pq9p+FWUDAdtm/4c6wd00jC/1hbtWwas2tO1m8tXtDkHmWq5OyQqTgX8w5Vg8 +WhLR4Ilx8HxixTWDSORLiyoShhFYueFcv/eT+q04qkG0DGHI5YWlZZIVHCZhKVOb +KVqNz6X4m1H726GfV350+dQbTEz4dmKqSOMUAg5E8507xhL7YzPNnc90An365ry8 +yV4TKgzvCdhCxyFbLilejJy4FgkuHW+eJp4U31eBDWLhkAsGhrFTyjroeeHs4KnG +1aQmMimLCKxJzjbYta2CHZoznTzSqTfa0plexSzsYrt/MrpEraQgUsVj8NjaHyr3 +694bRGpWv2dRAoIBAQCOAGeEnwMJUmyPoF/gL/cF/JzM1vo3VPe/x/5uOAE2+V2N +9FwoI69zAfJFUu0KgqhZVXN9ctiE/XYrD2uspjn8ncBf9v+CeA4/lOxoektZ9Tv6 +pX7ziPUh0cNVxqlZz2DZYlsmq9GtWEIodkQxRaBueciTncgM5rJawDLl5MFvGBTG +ZLjyVDFLWZ5d6BCrRfrpQea3E9ggN/GrFe+T0QEf5PfpzvfYiocU4HZ/tmHjWyXg +CCig7Jr+RSrAd6sZBCWHE4OjLEmWs3TAw56nsrCluEcubIHGFSH+34LoEeUfDg0r +KsJMYgfw6yAJ5ZO1Lv4pV+9/zLehIWjFTEzDU7HxAoIBAQCzGQZdM0Bu19Kl2a2/ +r3dDYFtnRkhT2jUKuHDvESbmkCh/fUsQlwP4o8qRhtzVOOYtHVphaZ9uBQirFo9N +0B6CLRbDZR2IYigT3qwwBnQb2heGQLZo5MhWduxlufV7ZzO3kBcnfrwL967VFWlY +jEruHJfi27cS1aKEiijR+93NWt2m3ato2SiL/OmOn9Orbxt5gw1OHOKGyKnOPQuO +t1eXqdV/iJ68NBPCaMLHyHUZLcaCq0cwni3P4E/Hv5VhgPE10E9/EcLKfBH+6gVw +d77TGCF/vXYyuy5gk0Vdc7yWeLyi8Pt/ZXTZ3U0D/pjv8VP6v2GNKPs+ppzu68bC +IZYRAoIBAGeImFJKo+QLC+s5WKCtwnE/yyhpsKcjR1pEjOmTNfLUYoHp49AJwqTv +2DoMnANTkDvfw+LJKcfcOGaTx7pvC0J5FmX/QKpjIc/031o6y8Q73PPN3y1NPjPX +TY9QRiK2Xf3B/SJ7XsVDaIqPrOp663KyDpoTWkDVQbMrHT2nRgfTdPrnaXX2Ii1y +Mpfa6XZMNbB5RkHxdpQBG0+Gu+2WfuvROtG6cE/tzuf5Py83VaJwTAoB9YIZ6hx0 +cv1WXSPCWEBG+zCryNi8m644i0BykJYc16PybZ/tWGVT1v08yjcDT7i3ndByST7z +yOPjWOTKuC4vvp3tLLk7CuybsGqsI+k= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter23.req b/test_key/long_chains/ShorterMAXUINT16_inter23.req new file mode 100644 index 0000000..51e77d6 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter23.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5aPB +Ri7UTNRSgZ4ByM+R/wDiImBDYP/QoC8DCH/57n671DJ8YlTUyq6zoiD+0pRQzily +Tw2mwIyf28Y2QRx5g7EPeBWcpc9TbdWG5I7Tu9MI9VIrjwrX/rj99Aa7dz68vJ8h +G6xjY9/5Lcy0gCDYpoaIEMEjdH/lVzgJi9z5zoSwnSGGOQISrpuOE7iurLtBHF/N +Anduyo6RuW4jmmrng5TyTvaoBh8Rvd27N3oFlkxz/d9IDY+XZDwiMmqQCZ7Y5aqY +uw3/a//tPFwAYn3CQEgkU8CAFidHjyEbKJIqxbb1RFp5go9S3Hvf0B8Q+4bx8mou +UQQjS48//PB3osxL6BylEs14wIZiQkQ1vjgV1OHTCJJrk9oDuIyrn12rna7xND/T +Z0mVVYoSEYpc5zWX7Uc6y2oJgpEe8j2BqcNumSzgt8W9AoMz73j0fULaw5JArqZi +1vaGwH95prSAZrd5gJhl3IX/QU5cr8OqwmSGsLMoaOpioEqu/WGOxWw0ZARMI4x/ +R9MMRcgjz93ZOKimaJuHh0iVHzh7P7Sx+yRt3Pk32L4B+srclBxlGjHQJ90A3Lol +HRlIU2aJkb5RAn6m/GfD1LbvMm780dGXhXvhXG062TIYXuB6Q8zMJetilRIwIOSX +xqoT/LVSy3tRkXW2Nmd3kERO3mNoi/2Ja7U7R2sCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBXd13mMtT9YvdbxLfFXcmh7VZbF2433XZJypFIL369xJsW5uFtnOMX +szk6tHcPE07NQG2lcg8jIE+HaIzvPM8LhNSYVN1+srgdAx0HHqOJYVoJXctZW1FQ +CWACjqoBVkpOwrZ/MqAh2eHOlQH6rhL0pQIeTo8dIdIc/Znfvwc0DwglqNX/M4La +R3mVUSxzG27hW7z+n7EMmtO6utda9kPbXfvtX5vgR4jt8S18jnYYIfFSIG8uxNP5 +DWKlGHT4/ZsvxTX7dQwXoBhfetvojNWh+Bdz6QqHjWTDj5+gQDZytzejVfoxiAvs +O5ChOMEawggKKH7RGSlhRgAIlOztJRB3g/3FTc7hJ6oOoaXD/Dk17ecQaoF5/Nfd +k6gKEnjds8OIsUOLycixEF/ZykIA0uRx6LKGmPhlNBIeupVYdPC9O0CkLN2BVM2L +P5i1ttFB6zquiqHGNlsnoTwPFIPUqpIS83jKvnXN4VoDJoJxDwVho7NitW166WQC +J/hoEU1afrjx2wBk+cmqZu99xveFv/DtxRcafC1sEQNhLeUw/rV6OlkD1ThWc/gz +n7nX+f2SnhgrgsvrJCY+Rn5BdNaS8JfpQbgFZ3SvVwMieQ7LPJYpXp4UIrE5qxKy +eKVP0T+iy8c9mHVdO8Oz69Gp8F4VgWp8BATJAvRyB2lcHhwZVBINKA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter24.cert b/test_key/long_chains/ShorterMAXUINT16_inter24.cert new file mode 100644 index 0000000..474e720 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter24.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTIzIGNlcnQwHhcNMjMwNDA1MDgxODA1 +WhcNMzMwNDAyMDgxODA1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC0DYYTryltvbI8P+0G/Mhuc83+7r0BJZw3Qlwp569BupTHhGXdRCRGMVFYvIMj +UZrBCsu3XTys2AkOg0xkMVnqDeXI52KPcUtl7kTCV+HBh5+qk57szfbT/zHmJzXn +hRw1DD16BeoWB6EqsHCZcODu84H9LGgObxlubjJASsQeznqfgI7sm8Wj3Myp8C9z +wi6774M6BqCF9xxj/dPp3Sbpxmy+gH0EpkmpxHSZC+2HeBLHVoSBEn9dhtNZ8SZu +l9pXq897v2ViXeCHMpkz9YXrMHY/+mk9QKoU9U7eqpgYKptLEA5AuGjlNyDOtAIE +La+gwhCCUu0iN3eP/Qnkv+Hpv21FDkF+vZD4wrzZtSSz/aiADnsyGblDdJPza0FL +z8rxrTeMeipP/XZ0P3nKswL6tyMwy5KnXfLLLIHmLDNvdr9ApJmRk6DcHLpTT61N +9V50t/NsclqJ7rd7yjyRDDxWUco8sV6NjoXdIYsoSJr80AnukDs1mvumvauSfdWf +0I1f6tXZIVnGW8uI6TkpzUQLPG612QTbJQrdWrDTfpiGtaGEmdKyVd+77WS5kvxQ +dg5SFVqVS+bUSBqxVAODg4v2TiOiwGtHf2yK1lfsTq4mfLY5t8qD2lefovMqFbbS +z3SkFOV8NF1edEsFLkIcD0fK7kWPdMnxMFcrxWHdYISZywIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUfoNGpyfamyVIoTAdvAyJ +xj7GaOIwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCmnmXqVYDO+t4vio+5jogy1zS/cF/v9nKggGqWxDrAfF6YrMKP +qXhgA1YWoazhe3wibkz9SEKA/YF9W/uG1ntI/+Skrl/vFE4qkvWjZZNfayC6vyLE +Zw26ZLn4VhYIShAwTNCSekODa1L1cAWUIU5FiSZi28LMTfAeyjcw85RdmV9yTU7y +gZmJ7WFgX/pGjvN0KaRiauVFu63ABq88b6SAgm9IUw01vCe3dUaRr5L6Kiptb47u +Xm9QgRj226fXlL7RiYMVxAJBxhXlxrg7Ge/ns43knSNVV7S8jtwBnWlwbhSRhiy8 +dWtOgr17Pm8ZRTiUZC5WqItqbR4GkiNPO/XpPGLByQ3T+eo/Nk5F3kvcHvtsrI1f ++jXfUkFUaiCP+K7c1IgNPrxkSkEaL0X2Np1mmQ+Ze6kYCkmcqVD6ULESn5HOc0XH +7Kl5SPQjjMFQFHtntnhASSM0pkHlVpBYANvmX5Z36dX8eGZLYNi/nQaKa0aFuSbR +lwDlt6mw+Ak2TmTVLutliELG5SbD+bvKxUQzYEtFO82aDR7nqkP4tRCiNI9hXl0A +T7g13rgHjjEaSsji/cSozG3C/lscECUsxbcntHYziv/K3P5R2JY0wNAiE52SBXYn +BNAvP+52rzelOcqfzI8GF8bEs9F6HGECFjCNHqTokNg1xIoMlkggIGoUag== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter24.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter24.cert.der new file mode 100644 index 0000000..be12dd7 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter24.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter24.key b/test_key/long_chains/ShorterMAXUINT16_inter24.key new file mode 100644 index 0000000..865c220 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter24.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC0DYYTryltvbI8 +P+0G/Mhuc83+7r0BJZw3Qlwp569BupTHhGXdRCRGMVFYvIMjUZrBCsu3XTys2AkO +g0xkMVnqDeXI52KPcUtl7kTCV+HBh5+qk57szfbT/zHmJzXnhRw1DD16BeoWB6Eq +sHCZcODu84H9LGgObxlubjJASsQeznqfgI7sm8Wj3Myp8C9zwi6774M6BqCF9xxj +/dPp3Sbpxmy+gH0EpkmpxHSZC+2HeBLHVoSBEn9dhtNZ8SZul9pXq897v2ViXeCH +Mpkz9YXrMHY/+mk9QKoU9U7eqpgYKptLEA5AuGjlNyDOtAIELa+gwhCCUu0iN3eP +/Qnkv+Hpv21FDkF+vZD4wrzZtSSz/aiADnsyGblDdJPza0FLz8rxrTeMeipP/XZ0 +P3nKswL6tyMwy5KnXfLLLIHmLDNvdr9ApJmRk6DcHLpTT61N9V50t/NsclqJ7rd7 +yjyRDDxWUco8sV6NjoXdIYsoSJr80AnukDs1mvumvauSfdWf0I1f6tXZIVnGW8uI +6TkpzUQLPG612QTbJQrdWrDTfpiGtaGEmdKyVd+77WS5kvxQdg5SFVqVS+bUSBqx +VAODg4v2TiOiwGtHf2yK1lfsTq4mfLY5t8qD2lefovMqFbbSz3SkFOV8NF1edEsF +LkIcD0fK7kWPdMnxMFcrxWHdYISZywIDAQABAoICAQCLru40eTCfxYnv+fwN7rAk +GE1YmKgiqqXtrNrJW8d4K6LewlUwenvVxM8CE4V9MgLn/lMa1weKZDNqgewS0sKZ +tNxupyuscs12r4nCZ+Fpfakd8VZbClKSFyoEDqlgCsFeWjebYdk/6/1Zm/ZO4+Zt +Gpbe7cNwZzqIlI8Bl79c0v0InvjCkPqcbGCO+homKSCOhnr82kVQiOwKmtH7Xamh +tWGJzS6wG72MKi/2x+0nqryOzw0PAWW0DjQLU+1n4QDwAQd/TnX+ASx+Vn/KcpDJ +bBhg/AkHDxKkHcdpMVm7bdp6OmOETEx8fu9BzR6/VR4qjkO2h1UWtYdZOoqhX0eH +/dcUYmdbQXshyw5yOj9hOqlb9d92vSwG4TyLYB2/bstJK9ZM6eMIuudqBX8yZ/9R +g7DyiCOhKoo8WbdM0GbuCbX8WDmU1ozoIG6HUy2fqF2L3JYEIULyX9rGGjTgbVvQ +5JM7lHDmFJ//JoAu+vZoqP9OkINHK3XAK5vGiVOLF/EWKEmUQNeX8pZgdS7Ef3WI +Tzz0NosOc8i28ZwvikOfvG/cJJu6Ioh1EE7nVq5drF2nJqlupYkrlIX9r3yGeuYG +Cbo8/AnxX4Fj/UVwvXdUxsnzDxdVIbR4z7vz/zqjlG8s4Ug1IYYqYxfmODhTsKCC +q8A42pcdcerLOVr9coKrYQKCAQEA28wPlLnWnUB+BNroZ6Oj0ow18dvzt9snLgo3 +NTSPDGvHjw04wCCLksvIJr6ti9Je8ZKjrYmoM51D6KOjJ4IKZqPgHjMFN4rS2BM1 +mOfvtj30lJm35ZM/rvu/EoiyFwB+g5eBfgBGYAXRvMyT+kCyWnLVYnnRllPhCVq1 +IIv4iXBhQDgMSBszDyaJfA5LtQASvlmgFZ51hgYddPkBtbUv53q1TcyHQJIs0pZW +lt9GOp03Cf3U6KUTScy3mbTH2Tzt0tDkeCTcbfv/Gu1mY7PJEH+LM7+udemldMxn +fctIrWE3WbD7qJvCsm7+jqYxaB+A9LCWOriF1zC4f3zIy38bWwKCAQEA0bWcKc9y +84ZvLh+/QqaDC0+S8D2PO5yvGl4wQck1cSEz4VqdcJOBKwb4oCtPyknaGKRAo31o +KqoVYFF+G1jhYazyYDwd+rp/43oZMFlUplSeKB/Str7nQ8fkY6lnn+w2JCq+qpzB +jqucAR49KaelqcoTdGirLPeClu+xASzPakw1YEY8p/YpWYhjVx4ZokCjexw+H0jJ +FyzvqKLxcsBqYvI0fsie1DdXUmoCLpJdxBfPeIpoh8CSk4Wth3EboJQPS6T2iHz4 +t/OsMz6WMmVGL2F8ZWggwfLbMCqoncxB5ioTe08iwiEBCDlCZ5sXYAFYj3FAXmqp +UfgLx9mTf+N2UQKCAQEAyAGkm/2PoYCyK9DXcpeh11HnNLKl0EQIHwkEu9Gb6f2Z +lj69yXbUCzyMYVVZrsY7xy9c6ek9udn9lZByQt0+ga/VnSVoNeaJfj3co8tKgldW +XHKUuL+JT72dXUwuYmf8t9oB55pwb6hb9qVicnK02UFtkzKu2VBykoSMFZXJD6fH +lxxpcKPvjnXO3ahUk9wBMl10IrgS0WZ3H54HREYf1U//80+OM9/QEcDkAl4iFexB +zUHBoAG2z40N9TxgLvoWn6OegwVn4F1TAjnM1iUfbXfiP7DJHFsESIhIFFwLQloY +d/Foz0ENpjkCQuRQSSOBwSd/TOfkQrD+8mOmhCahyQKCAQEAwnSmo9Zq/wmvWpOx +pDoG1Zwp4n8Sq/I0JD0mfjn3RjnFg7ekudjtM1q5fLvstuUYSTU1guQsjTM9sxyd +1Pnrs8jMzxOvsOjy4Zo8dSrAZaOdLBOmLjKC+8UFMKzLG+3KnmrMdiP5DzRt6lOB +33hHE1QACjdsUrwH6bHE7hQBGM4lyGoYoJ6P5SelBgkxN9S8QtIDgLrbTJQsfrDp +NsDZZXq11sJtFNdkL1WBRHIQZF630Ux2dTrKL+UK7caiGZpxPHFw8UsAzoIzMSld +2Mkz9Ydt9BJEHdP2D4ne5MOcb7Kgcf0FfAFilZ+SxcN4P1vAJPKc/2/kJc/eDKji +LvpaoQKCAQA1zZnQ9ci5oPQu5G9oMCOimv9+xYYfJuGCK3UeXk1Oxp5PpEPBh+di +YVqaYXJGgg5E9lX/65A70zd7DgkFuFj7QZqIAkfLPMocp0uFOd1jjz1NIEbglw5s +VP+CrhriWhoP6R/ycr92N1mv9dBsoZJziImPP1OmczHCE4moGRAY0MHpwLa2JBKh +/E+1Ucn4tiu0fm26wDrZKSNnqojeYS3Sz0tGi7K/n8gP0wmwH9Cal21ieh5SGNL6 +kEvPxqee2sWfJv7zB5E9qI9MW17/YVrYsrBSdkYCvuOcU67bkaGwSzqqsBbcuJMB +LCl+V1ANvybsspeYTTa5XYI/ni4NezQN +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter24.req b/test_key/long_chains/ShorterMAXUINT16_inter24.req new file mode 100644 index 0000000..d22bd2f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter24.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtA2G +E68pbb2yPD/tBvzIbnPN/u69ASWcN0JcKeevQbqUx4Rl3UQkRjFRWLyDI1GawQrL +t108rNgJDoNMZDFZ6g3lyOdij3FLZe5EwlfhwYefqpOe7M320/8x5ic154UcNQw9 +egXqFgehKrBwmXDg7vOB/SxoDm8Zbm4yQErEHs56n4CO7JvFo9zMqfAvc8Iuu++D +OgaghfccY/3T6d0m6cZsvoB9BKZJqcR0mQvth3gSx1aEgRJ/XYbTWfEmbpfaV6vP +e79lYl3ghzKZM/WF6zB2P/ppPUCqFPVO3qqYGCqbSxAOQLho5TcgzrQCBC2voMIQ +glLtIjd3j/0J5L/h6b9tRQ5Bfr2Q+MK82bUks/2ogA57Mhm5Q3ST82tBS8/K8a03 +jHoqT/12dD95yrMC+rcjMMuSp13yyyyB5iwzb3a/QKSZkZOg3By6U0+tTfVedLfz +bHJaie63e8o8kQw8VlHKPLFejY6F3SGLKEia/NAJ7pA7NZr7pr2rkn3Vn9CNX+rV +2SFZxlvLiOk5Kc1ECzxutdkE2yUK3Vqw036YhrWhhJnSslXfu+1kuZL8UHYOUhVa +lUvm1EgasVQDg4OL9k4josBrR39sitZX7E6uJny2ObfKg9pXn6LzKhW20s90pBTl +fDRdXnRLBS5CHA9Hyu5Fj3TJ8TBXK8Vh3WCEmcsCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQA+QwEUzit120eb8BKZt1m4f/rz5Wlgxoh0d06HeSLv0p4Td8jeVZUH +4ilNjwVTlreSzLpeL9hFl0f5vc9W3AB0aDEXGBzHxQ7ZWpXsSejyYQvly+zt8II/ +YMi1C6wxrtA3p9B4Qiu9tk1sN0uVYR+53R1jqB1TzOYKGiguaOKpJatjlBO59kU9 +wFzH3fSh1ebLP5mxVNPAUaJUd7VXadzC4GHYPZMISVXPD3+3fk0ecN/qpsMqcBz4 +vAvmiSBqhOVwvdB6WqSDH1SRkwnNLoEhc1b10OM07tGx3MfshESWuDsqV+ehXaDh +fV/wVejYkSfpxMr17W/0l6Xy0JShtpllOQQWLr75twYPEmW/rZ5Q181PFDVkNMim ++6Fz6qT/tzigvR3rATYrcDA2KykC15am2fHNZaw1qma1m4vEiQgEktO4HJV6Tfrb +gX4HLBHCSngjQkFAgicm+DRvAbgeM+pyr7xSaqhpqXeKy/2bBrcNP2Taj8blkkgG +0Y2VFxMK6L5oeLlrPGJSQuplasR2BbzFNYUTeZj8v13xpfKp3VjQeKphy+tVFvPP +xvuit/DpavlaJfQv1dK3UECVu9sezU4+InqKxi7qyhrUTQIAqXa4olYzm4y5Mf/T +yVWwBFtdj+2/xpV3hHTvG5ZIx1ePPgjZ1LsOyUedPYBH+4aTwMuVKA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter25.cert b/test_key/long_chains/ShorterMAXUINT16_inter25.cert new file mode 100644 index 0000000..53d5b29 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter25.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI0IGNlcnQwHhcNMjMwNDA1MDgxODA2 +WhcNMzMwNDAyMDgxODA2WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDW7qT7EWA/BjfgoMFKp2MJCmr7vmjSMwKXd8m9wk7S4A5v6bTbcTqxGfoSEFSn +AOx7kiq3TvSj116wKgDHziiHjNT7Q+paXfjc2dUNTSFPSaiEjngEKDJuCYOqI2y1 +mqvwRfQ5d/16fUE3jNudr6EtYAfGHD69ix7+CAX0rjuvl0x17KTj2ZEZvusI+Hni +099GJ+WUWL/YS2Ax0Bsts1q71U+50TgNrwOG9EGe4kcRTKBNjz8XwH6Hv8Wume1n +cd2L88HZkkEZdsWw/FW6UteWaB2Cs+Vbrkq3cxo2HXfPTvZQi9uUWEBp9GSQ1/rk +aNRfsA0y6+K1h/dGmDMpQoW+9wT6at3Sl5wa531S5IfUr2mr6vN1YyVFfoWtHEfL +dOVpqxOrb6WviDKqbiwK3pKibUlf98Opjp3dhODdyRvJAshOwlY0zY92/Ru0C7an +AkwVGW/xWqeNofHA43HTX1bHwNAgVVwJV9n/FSj1lBBB8Lz9cYCzDbkCyQ7jF+f+ +xzgobyLE/SaU6iKkCWwmCD0rY1AkCmgmmppw1HY//cu0SPBU02E+er2cIuanQ0Y2 +Yy1dFrXlGS6HheCAI1bb5pB9XQrzOl+saFTJgzi/GIsypyZNv30f+zP9Z6vX8xXd +kytJbKMjQNv4hoHpLMQ4Q762zF6IjkllM9ir+7RCCsTMewIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUnbLYjQu6jFg34tebdXal +xs020AYwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAIUrp7TBC9KBVrQMs7EPe/GLCsQ1Mx1oIfg3S4Wgv5Tz6QNuAC +7Z/4b+SwousYvbmWryg6Q/e3Kr20KGtdfiVZZoRrYGCqtwWUdH9ziUhyvMXWu7Y4 +hsBAjf7+m7UYBLsU+vuEEPdPPOPZpsnBTbFoKuuyVlBCm6tvtoyJUcQVvOm9cNLE +E3N70OJIArDIQq0fsTd+Rc4qXoEUP1c0DBXl0E2nd/D2Me8I6IufivUMkg/7V6/1 +tNC+dFXQkK9rh5ZejC2q5sIvnhla3NNGQdzweHptotnz/KUJZzGQzVVML8rbxApe +3gW24nfNzIgrRjbVGsTV6USsoaYi90DNssd00s3rotRHSh1WOjgM0c3esQZ9AZHR +8cbuniHt5dS2ob0vhnwtmTluMo4LlQDK3hq77+SW7gEWEI5Uo2XFxQOKWlhEK08l +Nw8TuCDZ8/ObfwIxih20RV93PvzUEAn1EJOo8LOqVzS2DQT8tI1sLHHep2WtRfrB +bE+a+3IM5s9yGHX2G64sanGGpQDt8KeHrZJEPnMzv3sIQ34d5k6ZPnSvuUWYPxIN +pS3I4lRWOvueFk4d6AopsnUDqr/aq4fwqNBgzIlaP+ZFhZDj6DCMv8ci+RlQRtGf +yMW9J8QEg8snGeas0r16F3Ja4sRjVQnhUFOP3QSfoQip1lWCiFeU7688Zg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter25.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter25.cert.der new file mode 100644 index 0000000..a5f982c Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter25.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter25.key b/test_key/long_chains/ShorterMAXUINT16_inter25.key new file mode 100644 index 0000000..6dbba5f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter25.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDW7qT7EWA/Bjfg +oMFKp2MJCmr7vmjSMwKXd8m9wk7S4A5v6bTbcTqxGfoSEFSnAOx7kiq3TvSj116w +KgDHziiHjNT7Q+paXfjc2dUNTSFPSaiEjngEKDJuCYOqI2y1mqvwRfQ5d/16fUE3 +jNudr6EtYAfGHD69ix7+CAX0rjuvl0x17KTj2ZEZvusI+Hni099GJ+WUWL/YS2Ax +0Bsts1q71U+50TgNrwOG9EGe4kcRTKBNjz8XwH6Hv8Wume1ncd2L88HZkkEZdsWw +/FW6UteWaB2Cs+Vbrkq3cxo2HXfPTvZQi9uUWEBp9GSQ1/rkaNRfsA0y6+K1h/dG +mDMpQoW+9wT6at3Sl5wa531S5IfUr2mr6vN1YyVFfoWtHEfLdOVpqxOrb6WviDKq +biwK3pKibUlf98Opjp3dhODdyRvJAshOwlY0zY92/Ru0C7anAkwVGW/xWqeNofHA +43HTX1bHwNAgVVwJV9n/FSj1lBBB8Lz9cYCzDbkCyQ7jF+f+xzgobyLE/SaU6iKk +CWwmCD0rY1AkCmgmmppw1HY//cu0SPBU02E+er2cIuanQ0Y2Yy1dFrXlGS6HheCA +I1bb5pB9XQrzOl+saFTJgzi/GIsypyZNv30f+zP9Z6vX8xXdkytJbKMjQNv4hoHp +LMQ4Q762zF6IjkllM9ir+7RCCsTMewIDAQABAoICAQCEWYe2IskFhiq6Y8Mi2Vge +pQ+j3Whmp4qdAuJzu0cWi2nYeC0qQ9tEWx6mKPA3tlXo8eTj4/a5PVHNYNACOWyz +q4ErCHMzGlK4jFqpSimMzWq71Y8J4EbNg4ZUKmQyn//ogOsWyFCKML8MGezSeOfj +LRMcZyArT5PSEda5COEwCxbGNuaCd+Ll266XY4qKprUCWmcApnXcFu4xPli+F4dz +yrLBVZgStQaS/624zNW+TVUY7XCIi7xekzSDg72wyWkHWR6xf2Ie8AhkJ74SchjX +QV2KsoQ1pGnV9Ubas+KnAZSjnLul6YIgvKGAn76bEAJWue4mwSJlbkhSbD501cXM +5K6LcW5PlpJeIWNfnjMCpRzN1eXDs5R5O3cKCYgniemCH4fdzY1XFOQieouCQRa+ +BVlOjFdwlMbScRxEUiqUoA1TQZANpHo2A1JSSXJHTz9Zv+S/BOu/o65mPI9SGBb0 +4j+waqfb4LMur1pkrkK6Tb6P0LFPTgjnzPzP9heWM+5T9Va2yF0Mmvs9gzYzOcom +laT1nsBLapFHC1wbcQ095g6v7W4/0fROJ7A/DVZc94/sJ6E+DxU8JqlbRzeWIIxV +BvzWRBozQ8MX+9nm+pGz6psw7wrEDn6yomZKsDTZX0/UMlOaUKvkKTc3iM2sWBOj +xiCspgChw39OkQzEFEGo4QKCAQEA+C1/3/nfDDq5xiSY6/4r8RqbYYCfFdAAyOym +9JU2Wmj2215R7HCQMU7QHeGnHxZyE8EXce+1+mLH+BNWCx6nAMc8j2h28LNQ5xVU +rY9Iay/ORXB7wkZ8QvKLQzkabikl7Y5ggSGEfM10KIbvLaP6SqMViO+fnEZ5W38c +fx9kr8ou/NqWCVuZSOtwZbqxgdqp7bN+OOwIG3KySiOco2GHgZ9oFpYtO3XBBGJ6 +32vYqNItremKiZJ+gUkyHm8KnGX4TI69vAqeCEvVcXyNMN++UJFK2QQ6jcDIv1iO +rW85Qc3E5IxSPoVAEU/ZbkTLMPL43Pz7Z9JSovqRxkJOSielPwKCAQEA3bTklNNz +oK6qKJ6TPWl0N9RJISnM1DiXJoLWZbK6VvI1tCowcrhAikCZcLTHSX0ooqo8Dbgp +MXpyzO57chOFQT/m5Gzli2joq7r5xWXPfuL5uIb23bWPbv69lldVDDhvcylFj7dx +/8V5OPOaTU5pMMP6o6svnNX97yTEUfEY46m0tbwkgQbPH436bjTNQiuX97VKbCDV +oRn7NLc6mewFbXzitsQH4gEjLpAbdJdJnpDadaD0BZqYAIWH0WC3iLkjU9EAYR+l +xTZS8zKzIfMr5JtiFwpSP9XNdCzwXtm1xjSrHK55SfS+3tUI+BbnD7NIPQxtxVMe +ajDIoOiyNFWdxQKCAQEAnER6ClvZuGeZ5kvRBnfqz0wDnqdQhHmOpPVuQv9ZVCBX +n9WKHCjcgk+v98DIbGjDt/CThKh9m4VriKcUPLg2S+UoGtyaWAFw5bCmuwpHfUaC +yXKEWtXrFHSIf/GK1OaP/T7zQRwLwlHT3FjqbYCc7zY1Lx5DEDHH5HbrSJhJ2+6h +G5G/e3Dz2dh103h0oOFAsm2dAtaMXEwiO1ClJrMYkeP/tIknPhNtUAd6ewf7SoHd +RW6STwGxKlMefc9JjSUf7YTLr4W38F1frq/Qb3/S5AQ4buGcxPko7mMio84u7WJV +odtBRiC9MKlorWgf0ViMnwmke8ERS5IfDAlgJo1EHQKCAQB/DyedH1357X/5TYAG +xwPi5xeOGP2ZdmExofQrTnW6VI9wlGk1peDfGsyVKhW4STFboAJQvoVlJM7cIaS/ +qO5KicvSh5I6BkKqALsaZRG4n24MUdTzFRWBwB55Jc3I9iLxNer2xWRg+BRUDlAV +E+X3G6nt2LKtyHoCbujQKUNhXiYBrTSieXuEkwK93CbyUDeEr/JZ66ti65frC0Nb +aUdnCxaHNetqm8pE6jPB6t43ML7ygO64s3N/gQdoeGxWv/u+El6MSu3fCxYY6Kp+ +v3UdS+u4VqLykJ5xgTu0sEKbuB2Ej31VZB1raV39iGqdtdqlmhTi7JLWuuSQSyuu +EI8dAoIBABs2/S2c6lJTIJ0VCZgPOa9MwLokb+SezIqchQ+/bf4Ar/vZt1h1h7NO +XwP0d5PD0MvOmmtDDj0w85tlbbe5YnTmN4F12tuKWqhPnMwW9BZcH9vPCQC6mxUG +CsKRLl3x8KchK7C+VC5vk46ed0sXG8WIK6KsKaIj+2U41b1vL4MhBhOoJPzFl1MT +7JAzxk70zwTfZGhQ53WU0b9H0OKeDRE8hb50mtUjeAC2+wyE+z4dsySV0JZXNDaS +ddi0S2syvgAuLXJx3H71BXJ4J2W6MvRosCFKtH97DkhKJMPJJ3FkpYgyK/9IgJqa +dpy2UoNptkAl+CQ/D6pXRBsqE9XvECk= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter25.req b/test_key/long_chains/ShorterMAXUINT16_inter25.req new file mode 100644 index 0000000..faefc8f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter25.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1u6k ++xFgPwY34KDBSqdjCQpq+75o0jMCl3fJvcJO0uAOb+m023E6sRn6EhBUpwDse5Iq +t070o9desCoAx84oh4zU+0PqWl343NnVDU0hT0mohI54BCgybgmDqiNstZqr8EX0 +OXf9en1BN4zbna+hLWAHxhw+vYse/ggF9K47r5dMdeyk49mRGb7rCPh54tPfRifl +lFi/2EtgMdAbLbNau9VPudE4Da8DhvRBnuJHEUygTY8/F8B+h7/FrpntZ3Hdi/PB +2ZJBGXbFsPxVulLXlmgdgrPlW65Kt3MaNh13z072UIvblFhAafRkkNf65GjUX7AN +MuvitYf3RpgzKUKFvvcE+mrd0pecGud9UuSH1K9pq+rzdWMlRX6FrRxHy3TlaasT +q2+lr4gyqm4sCt6Som1JX/fDqY6d3YTg3ckbyQLITsJWNM2Pdv0btAu2pwJMFRlv +8VqnjaHxwONx019Wx8DQIFVcCVfZ/xUo9ZQQQfC8/XGAsw25AskO4xfn/sc4KG8i +xP0mlOoipAlsJgg9K2NQJApoJpqacNR2P/3LtEjwVNNhPnq9nCLmp0NGNmMtXRa1 +5Rkuh4XggCNW2+aQfV0K8zpfrGhUyYM4vxiLMqcmTb99H/sz/Wer1/MV3ZMrSWyj +I0Db+IaB6SzEOEO+tsxeiI5JZTPYq/u0QgrEzHsCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAXDZ8AHFMq3rPRiefl9FCVaMyiP2QEpCMuc72Iv7GeoGZMoatxJ3SA +/Fli2gpDNDV9/bjAglzEsCrMzLlgP95YWENT1dgE40CafPoCDKuErYV9HbXbQHR3 +37VjIixEx49Ibfl+l3irx5sCYq8NvFpea4P8mjrf2Klw4SxFTlw50FsCSVSLNYvz +dCRo95ezD3NZb1sLxXdVsyOs4FjpN6IzXQ6z+AgdIyB3RD+KJsHM8naHErpcNOKi +oTdkIfmmeuF/20UGJn99AVyPhsblzTsjH8UAS8bpYBxlsWYdylKmplIjgknjCWu4 +UZeCR/wCrImXywgSUSNk5uwSz8DdBJtZ6HN/af/ZaBJ90ieTxZMXc2SL4cOzMJ2J +B987JgGFvd1B4flVOrWg2+Gv6g4Hx571WaUGI4U3wd0i6VoS2OMr4vv/MpHriPSO +XOVS0Z4rLJckg/dNO6X59ducRs3YsSaxDf6Rcy07/FQ2UuzsPB+tiW5IE62avn/T +c62JCMuMb3cCOVPOolVc0D++HAUlxclLN2AQcxlITLWowwK6DHp0+mikrENZITby +B8p18Gk4Jthp+egcFSj8Lj+egylAxto9VQwsxHDNrQDMo0BsN7cJFEiseCxmvYji +ihrYcc+WZxLGayf/3MumIXvR5uv4i275vJL/ahCCLyxhxj464VrdKg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter26.cert b/test_key/long_chains/ShorterMAXUINT16_inter26.cert new file mode 100644 index 0000000..ed0f04d --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter26.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI1IGNlcnQwHhcNMjMwNDA1MDgxODA3 +WhcNMzMwNDAyMDgxODA3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC1ZTtQ20OES8TcriQ4UXr5wwvNh4tmP3EpB+xY0Bt2zjvt4WBz4D2P7qwKnW8C +1oH/8MEumEUoUCdaOgderezX1X9F9DBXJT6z/ptPIB8Xlw9+pAWHKEAl6n7KVYra +xIVb8SWhkw4mD4q+zUV29lQYlxBTUfd/jYoQ9Npplr6GETLhJRb8EkLnNULR+wOX +XOeWL2LP+QuMMI++sIBoCh0t0bytJh5IPAx3AFiJM9FeHKRdV8nVO1po9juJeuRN +XRHfZ7Brr0mZxjdjcJzrvhjkjobKPl9WK5U+R4ZA9P7lDOHm+ESmWjT8hfs52YtK +eE01pm/t408I6mQ5qKeq4uleyKfbU8qsR6VT3k9Tw3n5sv+ScRusCiKzETvwSz9l +ApIUUa/WpuHCBf4fmaSHzPUv11m2N8WanKFfhdF/LL2uJftqa86V4Yn6EwWCU3Zh +owQC8CXn1T+T0zk2Rf8B8/uxRjY5JFoUtemQHiYB0XhkmMP3rzwosXCejAabnZVk +pVtb4rgSTwM/9Pjx5zQQPBBr5lA6GEz12VEg3YWPf1bVxPtKgdmYHngp8ZGgespZ +R0HzNS/vtUL9kJy+oN7Gr6gW2AZxgOuDSvBdIrBwJukW6bbTBfBBLjjXGetbjLsn +m9iOkbvd9PP/wEyZ5rPyUKG8Gsd1trg9swwVO891P7k9awIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUCyDca/TgqfD0+B9urYH7 +AoFHU7owIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBgLJgISwTnXhxl4/P99poOd9TGBzTl7HM1jLJicdA4g9WNC3IN +yLR1BVmzl7MW5DsdorEjAsu0Nm+lFtaRAIHFT+l0CdBvmuQgMaH4YyTqmo5/AmeH +2b5D12bpAnGSF/Rb2eno+09vTsSVz4rMqllL54fmJsRq1uksXnmAAJoKTtbSTVoS +Wq0ryAmuGlMTjNoIqzrai4WiWmd86tBrpdZPorEe3BgFPRf5TlEbFZP7lFY341OE +aJeLPz7Rq5/4tmtMLeQFkzyPd8eTHNSKgX7zVztNBL6HU3U0BKKBqHYOQu8Zmzf3 +566aAEMYrrJWdjR7OS9q3hRJ0N7DN2LrHj9LPin2s9YbD65xiONjtEFfQQmUPJ7v +es6Kn0begdMuzp+ocoxP6JghI7tHrMWtbKTFdnb9mbqvq6nnlOvKng29ICpIgaSm +ac/A2uBJSrcIzfA3gXNe6sYqs4Oh6KW1OQV4o0Oap6ANETyVFlNSssc0su5o/CpC +TSmnvji8p8MwfOdl2KdtrOPB3ZN3hCRtnSlQWl7H+Vc9dTOM6KAzKV+ZWSe8zDb0 +lKxwp2bMEjibH0WNaz6wDSWn63hr1lt1bjK632zRR1ncKUfk7I11SJCnrG442KbN +TVaU1vczUzlkJtscJByUfasq6+l5MB51YHI4wbn8/Ff0RmU0ou5zv2M57w== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter26.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter26.cert.der new file mode 100644 index 0000000..f1083d7 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter26.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter26.key b/test_key/long_chains/ShorterMAXUINT16_inter26.key new file mode 100644 index 0000000..c6342e2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter26.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC1ZTtQ20OES8Tc +riQ4UXr5wwvNh4tmP3EpB+xY0Bt2zjvt4WBz4D2P7qwKnW8C1oH/8MEumEUoUCda +OgderezX1X9F9DBXJT6z/ptPIB8Xlw9+pAWHKEAl6n7KVYraxIVb8SWhkw4mD4q+ +zUV29lQYlxBTUfd/jYoQ9Npplr6GETLhJRb8EkLnNULR+wOXXOeWL2LP+QuMMI++ +sIBoCh0t0bytJh5IPAx3AFiJM9FeHKRdV8nVO1po9juJeuRNXRHfZ7Brr0mZxjdj +cJzrvhjkjobKPl9WK5U+R4ZA9P7lDOHm+ESmWjT8hfs52YtKeE01pm/t408I6mQ5 +qKeq4uleyKfbU8qsR6VT3k9Tw3n5sv+ScRusCiKzETvwSz9lApIUUa/WpuHCBf4f +maSHzPUv11m2N8WanKFfhdF/LL2uJftqa86V4Yn6EwWCU3ZhowQC8CXn1T+T0zk2 +Rf8B8/uxRjY5JFoUtemQHiYB0XhkmMP3rzwosXCejAabnZVkpVtb4rgSTwM/9Pjx +5zQQPBBr5lA6GEz12VEg3YWPf1bVxPtKgdmYHngp8ZGgespZR0HzNS/vtUL9kJy+ +oN7Gr6gW2AZxgOuDSvBdIrBwJukW6bbTBfBBLjjXGetbjLsnm9iOkbvd9PP/wEyZ +5rPyUKG8Gsd1trg9swwVO891P7k9awIDAQABAoICADoWp+8VuEJWbT1qOskaNrJi +5pWz0U02Bcvo8KPkSNc75e8gnF2fMrez674eel1DSjAm7gY41vS47lEzggas1cqs +YOyK7SwLDlBfuWaWV76bLmgUqHyGxDwgIugyipvSEQ7HY5ChYgeINJszawpUicuy +HJVCC2r6bXtOnd7wWiTevxdgZELmqiwWX0aVBqpjIvpyREdrbmo/Ztje9s/aZUu1 +/aDJMytYp3k4UCHnySVFMNF/em/haOtx5tD43MF1i3KqZtGlOYGX+0bJ2kaYAqq2 +ha2gWbFjlZBzISgODM5W2MS5PmqzOoKfeTsmUjfP3JHQsclRYI7vWJcqTj8oGSkp +km3cspw1wsaNYSfaAoRVtDzS7AWKshA2O8hOQCQUYpW5IO5vyNXi6Xu0TwkPuO// +TbZAj6e9jx2RCMhyfzOGKqT1CHRnrINF5b79LHg9Iroeej4ZLFOEQ6CvRLKRVrIE +IM2mDKhceOEy6IuanqJ1Ca7NbEP/ehfrn//7Jb+2fD88DqEymxrzse/TlPdaP1nW +wjGKLq8ljExi59k8u7hIWhaZlwI+0c4GDHJR+KZijgV+C7q4YV6EDHHv9GXdFpvK +PGY2qgi0utu+DQ9VReMcrIVkcMhuzfmwHK0keoKyAcSZO453tLMHhqxwV4BiDpsl +fNIK0Uf7vvRiIFOV697pAoIBAQDt0Z6MjZWNSx6/AWi0xP1G3hJ2dtSoSvUWRUWA +lS6CdRF0BgVbmWA15rFJv8PoL7CP1vHIZ51zSuqHpaAFwYe7nIItY3BJu/yh5GiK +/hWE/Rjm572DjFPN41rZzqB9bZ6PhrhgoVNhjvNXXZZIKo5wPf0Dy9ePASuOKNAj +L78Ffv+rD15PlhmB7nOd8FZw+nFcD+pJUp55ecrSznD9A/JEb143J+8Pj2CH7SVh +FZ3u6lozboibbWprKfIX7Bsn+0dvppeXmYHMHY63ixXtoPOjiH5e+kls1xNanotE +NW0ev18Rx0pd7mrtkdv3Khi6c2bCG6SIsxf3ITyCPcDYPp5vAoIBAQDDQ1ft9iuq +3G4JUJxziyegBseg2ypq6SM7hxwP6FuZtXkXt81Cjs4oqCpJRfRfHiGoEu3U8PWS +WjAlNobiSjq4gl2II23mvTTHg/eUrwZckRQBzDEuerQs6o08Cej+tMXqv7qlXoiY +S0V0EjldJO+FoRKskoPbZ7X2V1c9xrI435JcWjGJd75UVwRyKsT2zqS//s4BNOZn +1m8q1HEFidpQ7uLd2xMfR0lrqWFFp+UoTSfVLmH9FRp3UnMxFNnjhTqkeMdL47st +OVZRX7cer/mTDrNMEjhP+MtrM9EWIvV79VQCLfvtvEx/kSKIWyjE+QaIpXrYtyGZ +PTfhddLStM7FAoIBAQDOQmfIb2Otz+Eyt/4gClnBBQnuRNHbxGcckafeBYT5EJ+6 +iR5Me5G+Lf7Ff9RhpDr2Be5dacBdJjSSwUswstEOHoeo5f2Vdb1+i6NAKW5wkTLv +0T3EwghNIUrCbTs0jcZfpPB0nna6vki/FSQqIv62yoyOplSmatVjznH2koqSMbt8 +mS+qxvwIfM85xCC0jAGVXxhLz6QypzcJ7pKAXtPYFt8X50KntCp8uWkZ8q2vcQIa +aVuBsjwCBbc6mERVQNKMO2huy2yPo3MMLU0vc9DbnJ49scXM6ByZE7ilx9CEQmYp +/Ta6kPWcZkzo6VHZJA2TfHYPOYUniWP5caW351dxAoIBACMTrO8NguitsoKv3XsQ +K20e6qul02fjO7YM3mipKBNjuz4cgZ4MQ1KgawBAtdaEdi1YQSs4ohTJaM62jeKG +zSeqG51CKBMEOEADH+2wx2bHlR2BjfA4kLdk5zw614Ux+j/ic2gTpFwfYXmpcG6g +HPsXZWBk7ZTze4emRwDM+eUnnIZEmZOFVEaYXy8XKczgcE4hOuaSlzVeGxhJk4gY +LITPdSe/nB7JUpIpmlTGBW+I9LfiHi41pUx8Hj9Z7I5nt5ImND8YyN4l57C0jhPQ +LvhQ8rqep0kOe5RleZENdKXw+0ds9U3OvrtH2jk+jwNbbOYNPBVESJ/blHdHEDlT +y7UCggEBAOmWxT20eljQSZ6v6kajHDa44ydXeURnmk5uOQJoaz37jKciFboObPEA +3+zP1xnXHHpd6DeDBxalhuIZ6rN+W98zbVE9mTi6Ft1mwDISZ/mcti5z7mTlakVQ +DcQ30yXgMcHdLsLk2Lk+9BkW9zIsqCIDKk4d9kyU2VdFwb5FhHW/kKWaHAPVBhyn +aDVjyJG1zu3G2Fg7hEAwVn3EAz6lPdNNr81gnY93tvm7UxjxYflZLxnXy/Kyrq17 +PdXabgJMAlln3DgUfnOHG2wxByOx9Mso3o0CaGvLST9XPm3cdVq0fcxX4FxihsD7 +INt5D2NA0ZYg/VKDslAk25Vd/Obrp7Y= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter26.req b/test_key/long_chains/ShorterMAXUINT16_inter26.req new file mode 100644 index 0000000..48bcaee --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter26.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtWU7 +UNtDhEvE3K4kOFF6+cMLzYeLZj9xKQfsWNAbds477eFgc+A9j+6sCp1vAtaB//DB +LphFKFAnWjoHXq3s19V/RfQwVyU+s/6bTyAfF5cPfqQFhyhAJep+ylWK2sSFW/El +oZMOJg+Kvs1FdvZUGJcQU1H3f42KEPTaaZa+hhEy4SUW/BJC5zVC0fsDl1znli9i +z/kLjDCPvrCAaAodLdG8rSYeSDwMdwBYiTPRXhykXVfJ1TtaaPY7iXrkTV0R32ew +a69JmcY3Y3Cc674Y5I6Gyj5fViuVPkeGQPT+5Qzh5vhEplo0/IX7OdmLSnhNNaZv +7eNPCOpkOainquLpXsin21PKrEelU95PU8N5+bL/knEbrAoisxE78Es/ZQKSFFGv +1qbhwgX+H5mkh8z1L9dZtjfFmpyhX4XRfyy9riX7amvOleGJ+hMFglN2YaMEAvAl +59U/k9M5NkX/AfP7sUY2OSRaFLXpkB4mAdF4ZJjD9688KLFwnowGm52VZKVbW+K4 +Ek8DP/T48ec0EDwQa+ZQOhhM9dlRIN2Fj39W1cT7SoHZmB54KfGRoHrKWUdB8zUv +77VC/ZCcvqDexq+oFtgGcYDrg0rwXSKwcCbpFum20wXwQS441xnrW4y7J5vYjpG7 +3fTz/8BMmeaz8lChvBrHdba4PbMMFTvPdT+5PWsCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBtL38saEWyR3C658pg/Vf0qHszT6f8tAQ0LtHT6L4NLPXtuNvbPb7/ +Mcz8vV8qMrZBI0g/DQUXQSIjs229wbuaJpAkXlqyZ0cWcXoBXYcU66O+0aOrTQmj +r+jjWbYQo8zqabkBLCZTC9K+Y67q/BT3rLfu1FkHkl1MzgjK7XWmbrmXmv4jGxx0 +l4rTBg/xS2Z3VdR4oFLc87tdboGtTtxJu9cS1blCtyKLOUu+wBAOPSVSxVTiPleW +lFTFMzoE587HUDZCS3q8sMR8UUm6V+sShxO/EvDSudcHSwJxlMS4WSbvPW3ndCwN +8tw49IGrkqPeB/7qHt+SoH62JxfZSVeq8eWVN0sBbGQ7pfGXGu6lOXxc+28NOJy2 +3Mk9FavHteF90V4Itc/55ScrxZ5BizVheyLTOKD+ktK3pvcFZ38T6EV7UJ3Ao0J6 +FN4K7pKJPCNBX5YYifBbIh8unYZrf1hyPZvHATTLEeCjOrVMLnzj+ZYwtZClgkos +u9FIJGL6oEUaNP3wAHkNKdSAvJdunCcr6Ho1HeLuTLBfqbOb50RYB2vhLl+mhaqE +Yses7vM6Kc999sCAUoXjmGvGfyG26zsHSXnnvCXEgruW3/GBYyv1AF8umDz4sE8S +8zG5BRzlB872Qp5PkMCAzjuPQuNSKZy/CdPuS0KXkPOCmyiQYAoW5Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter27.cert b/test_key/long_chains/ShorterMAXUINT16_inter27.cert new file mode 100644 index 0000000..21a61ff --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter27.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI2IGNlcnQwHhcNMjMwNDA1MDgxODA3 +WhcNMzMwNDAyMDgxODA3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQD0sJKW1foPdn0MjJJuSTPB7mfWP+E4STSNIbHUPWC3aZelYPKJV1cAH8R4crni +Eo8yfY1ezK+4SMMzc16kHJBvn1mEFw6Rwtox/u26Y4Qt1I6JOk620m2xkRMBmNdf +k+4cfxU7lytWOUL7hAnkwtmrBFiLcjkRjSBfsUNuBXUUQg4kCb/tgqoCVCDwYYzz +SrIEtMfTlT5rL6P8ou5m7M9GjxDPiqop5bUkXePIjQei4q71w/7fW2MkyI892eZq +25HZsK0fr7Rfz9wmMNoUWbo291/dQ0c5HLMYmEuiNtWRwSF1n+scB9N1zFMS0u+g +mPoeW1uMlEtCCH+Zgdi5/LRJp2TPtzZ+VMXaSj/ERmD+JfiQa40z+a0MOupVzwmb +XyyBM/vOzbVTpGQD9nsRZcoy9Jqny9lKwJ0COui7dQkph8u4s3S6NFHo1bXiOy5R +DZ8JK848iLgs8v4Pj4Y9WnOYcvYherdxX7oRfBKsMizgKhpWjjV0m5cuy4MVl7RZ +1xqj8X7yAgTfv47Abk6H3y2nmRmFoG49pGw8/MNBX4ck1lvrOFGKRhsSWSOSP+bS +cbNTkftabITF4KCxN8T1J+3aVEvnNCGTI0FsHAGAOmLCHheLKBrfT/EvyrGsSllZ +YX0PtDS0MZ/RXrYx6ePc9awBiiQw5ZRQzSSpmWGU0qAmnQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUfPMwHMKR1TVSoN1UY9pG +LQg8RzMwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAbH3rGcVjCALtxjEk6J3PiduHzIQwy17u1Mft1WmHAKwj/XOB3 +r8NFJeR4rKTDDq/+5kIGJoaXmqE4kXzHCKYLtHOCX7alMAPPa0W6amAb+y7QBsm2 +Lwwq5k+syHLKvg92Ixi08oIlYkweXsPnxTlxapsErViIBeC3s/ldvHM61CH9QHqL +wEoLcSK7uOuD9BA+IFVRuF4sivY3mUSjR9JZPDuM+wUQzM0qs6TqdCLMYD9YVC0j +RPo3IBOAKK5cVqKFW96FhgEKECSgdXbzOj14S6kc9u4/O0LX46WF8Fg5voyBsrHk +oDk4wigYuV2nislp3Krbd7Z388A5T3Ez7MDuuSpwhoX/eX5FimQe2psLGVtR07Wb +34IjV77pu8wBERqmACAM7LtzicNZSa+V0ZSNj4dn7zQn1eltSnzMo8SNv3BJysNk +Dl/mWA3rVezP6bxHFavUmPOIrCqxeEefrHOysZPAwd7XglKBOlItHA53EKaMn3sF +1xN80xLinSGcjrhBKqHeKWEp7FJlDfqjptx1A7v+umrvw1Z/b3S73cdMYAsaMfjX +LI8zNckIaCYxZuLfYtYM8tOe0FrsbzZ7InwamcJAc7wT9hFXOhYCZ8EDcckHFvw+ +8aPCb2F5nDucWxwufglJ/47j6nrcTkY3Kg8/Vo0IJRr8yh0IuxbBUO+OZg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter27.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter27.cert.der new file mode 100644 index 0000000..6bfb429 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter27.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter27.key b/test_key/long_chains/ShorterMAXUINT16_inter27.key new file mode 100644 index 0000000..d5f08f3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter27.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQD0sJKW1foPdn0M +jJJuSTPB7mfWP+E4STSNIbHUPWC3aZelYPKJV1cAH8R4crniEo8yfY1ezK+4SMMz +c16kHJBvn1mEFw6Rwtox/u26Y4Qt1I6JOk620m2xkRMBmNdfk+4cfxU7lytWOUL7 +hAnkwtmrBFiLcjkRjSBfsUNuBXUUQg4kCb/tgqoCVCDwYYzzSrIEtMfTlT5rL6P8 +ou5m7M9GjxDPiqop5bUkXePIjQei4q71w/7fW2MkyI892eZq25HZsK0fr7Rfz9wm +MNoUWbo291/dQ0c5HLMYmEuiNtWRwSF1n+scB9N1zFMS0u+gmPoeW1uMlEtCCH+Z +gdi5/LRJp2TPtzZ+VMXaSj/ERmD+JfiQa40z+a0MOupVzwmbXyyBM/vOzbVTpGQD +9nsRZcoy9Jqny9lKwJ0COui7dQkph8u4s3S6NFHo1bXiOy5RDZ8JK848iLgs8v4P +j4Y9WnOYcvYherdxX7oRfBKsMizgKhpWjjV0m5cuy4MVl7RZ1xqj8X7yAgTfv47A +bk6H3y2nmRmFoG49pGw8/MNBX4ck1lvrOFGKRhsSWSOSP+bScbNTkftabITF4KCx +N8T1J+3aVEvnNCGTI0FsHAGAOmLCHheLKBrfT/EvyrGsSllZYX0PtDS0MZ/RXrYx +6ePc9awBiiQw5ZRQzSSpmWGU0qAmnQIDAQABAoICABkFzZfbPf1C0rrrzTW2CrL0 +XG4OjkuhQNyF65eWx0M6ayWgam0dH2qF1SO0J8o0t6wkJsbhC78+waeLTsxdl2+y +zgayDO1fDc07EriS4LuHFyR1cANGNa2I9nadWLkPebQ0UsmLRgVFSdJKyHA6dOQG +R7/K6Icg9YSTrh+cM0LlFmkdDiGN0TD3xX6Pm0huBRJyIlVC1+VCM/Tr/JFN+kxu +6PswZQJv2Txk1Zx2v6cqo1XCu1fAEr16PRvIIsYeuiWW6b1pzHpX2V2WdVbLbj2c +wpLwBGKUysPjHyjxjpmfNHrA5dwx+K/9OymbpKG5wypDkXMo3yFbmSDrpGwwqYcD +grJoM5JaH3Z0Awc9O0Lv+0hzxMIesJYBnMGHl1LilvIPJc5hS3dOLqaTQzIrsyVk +QDGitQYCnMiHjxM/fwi44+3YRrZUa0XwxDCXHVIUn2gvtws0Y3P9tcV/nnAcPDGI +At/7aJ4TVHC7GEBqL6vpA0Snx63LG5pdkaJaChi7m9hLqDlP3KP5wLI6Y9qgmgbA +EHdjIsffQwUEl1cY8stmx4Wt5kctmb1ClM1UYG02ip2UR0nU6dr3AU+0oafsV8kI +0RuczWmP0+zoFndzsIUj6QqyYsFOi8KQFe4FHPMAjK2eePvB0vGT/FcK+iw6SYEj +DqPJ2e4j0f94wKYn5FCBAoIBAQD+v3ZszyCsr3TUleLJLwYaTwMPZ0Whlae1GHF5 +LzgNRa8zfZVD3cofUvyZ8w2hlF3Kbz/Jw0tkgrAAnoKlxjxuQ17a+U8m+tOiXgRR +Z5rsEv5y/jurUzG6M9u8x6l2r50Db0xL3TpMQbh8pyKE4FxMo0wsTI1bgn0THfFc +wInhcWWlhzJzf5e3z8+9p0iS+o8v8LXKjDGo0Lqy0C0kpKkGEZJihVbp126FQSuS +TPoCDQAu1vEDFOagD2A7U36jKizgOtOJKb6U7or3rLT5yDV54FVIQ61O67ex9eMX +EPN4ARo2s3qpYmuwxz7HaUtjXMI6CrjXNZ9EQnvAyNNCSmLRAoIBAQD15HRM2WcQ +mmKToVppnnGK7ZqJQF41Jt/RHcj5ABvk0N7BoAJqX39fZ8jfolD3ugfqA3S7UaJ6 +LBPgT8SXQMddCoAJDFEI2RfzA3mOfMqu+VUWgJf++7HC/2dWOQylCJgJrS7vuiYe +TGsLc/XCYXGUnY5t96nzjlXZPrfC/rUUbR/B+nYjQ4LqdfvNX+6H1tW24hdHtI2f +q4qN7XALwMewtDaOSyDNEJM82VA/1Jvk7Dj/Ly3kcfB8EaILIq2tCST9HTUOUagz +DRpI8svvF1jn0YFf5lVTQhWhFHoD4X1O32s/X194PxnImTH1IUsKkND6Fk3xlGZL +iHEfGtKAu4INAoIBAQCqdNp8/CtU4SI/jPtuurROrkfR6rxA3q6VEoH7IIlU+Ce/ +QGy8OI+iXhj/ug6I64nGhqIcEz1DR98UyvuIiRiufw3dX6yC3Jr3rgkdn0GebSct +MsgiX0yK12BU9RSDggaB4dsfeCwmEmOrpPoIB0g7T5kMmzyK2sluHT7/XSXlX8cv +90Le3aVbLQZIVMLO9jERVvONUDl6SBBkzb8nIbanhOJ6YdZCKhCdwXmyLyeqb6CL +tu8VrMqUlzVA/SFjdDkK4NHimbgYV3VNPJbr+/csUds+u2ofwMHtpiYJrSH8TmCH +8ZhF9sEwTGHJdL8pAUxFIh+EgTDMr9+2o6oYVUXBAoIBAGbk0kXWM2qfL+DXBB5u +TtTz2FbWuJVFTyMSc6a+hO2a+ZvMeTZJ/+LMayIpqff/wJAMIizAXF0DVM3okzs3 +wDUOz8T5gm9RaNQoABW/4pCVhSWFahUo/Zm7hmJuPPxSPEzQS3PFUW4cTC7et1g/ +rmeiBpe9q0Bfr0zZEcxnCR8jCscBJ65Z8c5q0JOAMTBmlceRlGxNAXZvMetyEBDa ++rTWtH2WsoMdDH/J7+rF7PY+Yxtlgq61fwxr1IMUX9iomvHP5wO258t1ECq2bt/9 +xRY8dQbMO6g7XxGon+Y/1U/L7fT209xdi0yFzoHlDKG/N7Nu4e7VSnkQ/0Uk1DFK +RYECggEAdhJ+qsaMeHldqRpgHJ29rUdC0zegsLdFvgS5/Rt51soUHEGR7u03WezC +mEEy+PAWyxbncgnjrHEtWqPGPwx58CmWmh0GNYu/PefxIyblISTRpdgFvoZ7+DUq +P2OuI9+nz+Y72Z4CwG22txh7BzSrbPkPolHYTKomcM9yuhQ60D7Gr29Ghy2Eb0vr +WDNmklb3nqz4HQXRcvOHCLFluy4y0ri0ALjlGsKKKiSEQWf9s/GHERzDu8EwH84C +eyNki2tvEK0ZlBOYM0tFnt4uiHA1MAg6+aniukAAH/VEQNm/oVGTB08JYvksbR44 +WmeINPfUOo+EtXjF3Pp81arVYv5daw== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter27.req b/test_key/long_chains/ShorterMAXUINT16_inter27.req new file mode 100644 index 0000000..8592b56 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter27.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9LCS +ltX6D3Z9DIySbkkzwe5n1j/hOEk0jSGx1D1gt2mXpWDyiVdXAB/EeHK54hKPMn2N +XsyvuEjDM3NepByQb59ZhBcOkcLaMf7tumOELdSOiTpOttJtsZETAZjXX5PuHH8V +O5crVjlC+4QJ5MLZqwRYi3I5EY0gX7FDbgV1FEIOJAm/7YKqAlQg8GGM80qyBLTH +05U+ay+j/KLuZuzPRo8Qz4qqKeW1JF3jyI0HouKu9cP+31tjJMiPPdnmatuR2bCt +H6+0X8/cJjDaFFm6Nvdf3UNHORyzGJhLojbVkcEhdZ/rHAfTdcxTEtLvoJj6Hltb +jJRLQgh/mYHYufy0Sadkz7c2flTF2ko/xEZg/iX4kGuNM/mtDDrqVc8Jm18sgTP7 +zs21U6RkA/Z7EWXKMvSap8vZSsCdAjrou3UJKYfLuLN0ujRR6NW14jsuUQ2fCSvO +PIi4LPL+D4+GPVpzmHL2IXq3cV+6EXwSrDIs4CoaVo41dJuXLsuDFZe0Wdcao/F+ +8gIE37+OwG5Oh98tp5kZhaBuPaRsPPzDQV+HJNZb6zhRikYbElkjkj/m0nGzU5H7 +WmyExeCgsTfE9Sft2lRL5zQhkyNBbBwBgDpiwh4Xiyga30/xL8qxrEpZWWF9D7Q0 +tDGf0V62Menj3PWsAYokMOWUUM0kqZlhlNKgJp0CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCARQP8s72z3/ibolU/f88caTcz3OhepRt/oNPAFX2gj1ZMXYaKlENe +mkuFi77i2Fr0jUwmz768CLIuWSqpoOgMPWpRc5emOha2x1KwFDz1sYp76TB+bHWs +Fq8OKHKpIsBOkjZ9ecBTIBlgfOLCr4wmMhtKwFXJ5twsihTPT3GQ7JBm5eWIgfyT +PNygiO8dbzxZGXAwIv00SPgFopJ/Ul10mKwmWAtxBxoYbXmxObwFaEKN6e4cIwLJ +AstWEkiHd/DMXFdKaNkS24/RluhMlCSCldSJZMm1H7Sl/bwWjfHoeMo0PW/69kAS +1KiOOupAUsyW2SM+NPDkslhKn0TEK6ehGrlB5OKCojRgfXqjHlEcJmcPCR2y3Jpa +PgxaynhtKgr3/YEqDZryy/A6Y2MGs+RztoUL/YRwovLalIYlOQDRycnIEi5yfEDG +tPwOyHV8DlENJ1Zj6QEv/jR3dRGYa5OVcC0I27rotzqdVs7OfI7GYMSgZmtcLDNI +PIpe2F53V7LMm9/xyhe3NBcnzneaRff2QleMSm4YBvLM8AeKG+YCJuIyOmJufKIj +8i7+vSl/YVr/rK6BuSgF9tnpCHDawDSnMWBm/1N3L577Gm5kCayy76ND9LXPHKZ3 +oCzIngepIjDqEngCSoxn+eKR3EI5X1PzmQ/HP8HqJvPpEbIqZoosaw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter28.cert b/test_key/long_chains/ShorterMAXUINT16_inter28.cert new file mode 100644 index 0000000..87edd43 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter28.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI3IGNlcnQwHhcNMjMwNDA1MDgxODA4 +WhcNMzMwNDAyMDgxODA4WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDMFJ1TRKSG0F4Dsuz11vAXdx3h8K9S2siB5Pv34/gJ2Mk6ZYIgrzY23bCfvWDG +DdAxFg24fJZXbzFPP5s9riDZm9lmWH43DuPA7fGfcpc9rrl+2vKlE51QBIhdCX0w +WQFaYtbuRGyS1i4nxtKg4O/ompSxvPeQu5U37OMSLT460/UgEqXk/a1PWuLUVKZf +Ksh+3N3w/ZW1V3fqgfPQ0krRkACHmNd3BT80d2rZxufXi9x/kilFFVJ3vKV3v5Pn +7FN4cmEAQ2+MFfV9iCdcdua2gWo7WVUUzrWclTFoopqwrv3dppyr6d1BuYEGLz7c +wH/9st4wRsIBJlDbUZUigBcXP6FIkvXF4VruVEVzWh3N36YqPQo9hD+xM2H37Njp +tuoxIXKrQkB36RVeT+BTXu7XZ0pSnBesF3BnDSuXFRCtjkRDo7UYZMnDF4FlDCWn +HFpK65IXoQSMEy1Du9OPe1KNFnfffU3F/J+b4XLjMabnFVob4EzJZRZctkSVlcmU +jIfWyHqmiuO35fhW6dFqBhttX8YuUumLe/B7Db3hILlbgswe2ZO30wLpvxN8INBw +rZyzOzXNjbBqzsxVnSj3Kj0yFc+HNNQY+u5LA0B7KUDH6v7cxzN/W3W/I/EhtEPp +sQUmyN5lrmcu1NwvN7eGxkQuvgiVEhAtGeJcIUalIIXzIwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUf0ahgIu4YC1cDLeF4Uhw +1WZTThowIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAvJcknxZy31zVgCUhmVGyCU0ZraI9PhODFF81jzkOZdXMJ4hFp +5zWE6NtK1iDbEdDWk7kvFhGy3MUyFOssD68EmqehqYnXtIZo4b9Sz56ar84N5ONh +iM7GwYxnIcMuhyOt0GidNa/UXgy28q/IxOdIANuhFuYxceOrZJzcPAC+p/S101H9 +Ooz5afgDOyTJDbWJUwCPUYLm58P8R6zR14UcJnQ7C5NEI5RViNwW4Jr7CQVKJNLC +zUKbiygFesiOJrPf+LlsuPJUw6UNai7AbtYcQLr5iRs8R4d8SM+Y6xruMjkhBZuk +cEYA3JOyu/oaMqW7rNPf8GcQpHHAz1xTArFBIlS+YT5NBU+ecsTq7k9XjEIjVGIZ +9ZLtpJQ5j4xXL64fjIDxV3Cc5YrgM8uAlGhZhLCPby2kRUXtTiOPnfkmfviBD4UQ +44s84m58xBg6N2NPp2P1z3UbLfIOi7nrOM/uFGxdBEf1hzCWTAukjJ3xAffdr2Or +quF9UpMeT926wHm5vBbic36DXi+4coul0RafloXtpEAWIrjxbKL9PxHGbLu3iMvk +jrNZlMVJYhvx2y0AU4YszleM7BYnBue+4PKdTlsidGj6FKRa9BzOeLjY/GQHQYJI +YdTN6z4/3iNAgf+HBkF88Am7vJNb8cuefewjfa4YItAuXixf0GciBiNMag== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter28.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter28.cert.der new file mode 100644 index 0000000..58fcb53 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter28.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter28.key b/test_key/long_chains/ShorterMAXUINT16_inter28.key new file mode 100644 index 0000000..4500f9a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter28.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDMFJ1TRKSG0F4D +suz11vAXdx3h8K9S2siB5Pv34/gJ2Mk6ZYIgrzY23bCfvWDGDdAxFg24fJZXbzFP +P5s9riDZm9lmWH43DuPA7fGfcpc9rrl+2vKlE51QBIhdCX0wWQFaYtbuRGyS1i4n +xtKg4O/ompSxvPeQu5U37OMSLT460/UgEqXk/a1PWuLUVKZfKsh+3N3w/ZW1V3fq +gfPQ0krRkACHmNd3BT80d2rZxufXi9x/kilFFVJ3vKV3v5Pn7FN4cmEAQ2+MFfV9 +iCdcdua2gWo7WVUUzrWclTFoopqwrv3dppyr6d1BuYEGLz7cwH/9st4wRsIBJlDb +UZUigBcXP6FIkvXF4VruVEVzWh3N36YqPQo9hD+xM2H37NjptuoxIXKrQkB36RVe +T+BTXu7XZ0pSnBesF3BnDSuXFRCtjkRDo7UYZMnDF4FlDCWnHFpK65IXoQSMEy1D +u9OPe1KNFnfffU3F/J+b4XLjMabnFVob4EzJZRZctkSVlcmUjIfWyHqmiuO35fhW +6dFqBhttX8YuUumLe/B7Db3hILlbgswe2ZO30wLpvxN8INBwrZyzOzXNjbBqzsxV +nSj3Kj0yFc+HNNQY+u5LA0B7KUDH6v7cxzN/W3W/I/EhtEPpsQUmyN5lrmcu1Nwv +N7eGxkQuvgiVEhAtGeJcIUalIIXzIwIDAQABAoICACS17JsG9QWfQ9osfH24nVXL +Qp/bGN6xpnHfTAgKhRrYWVJc4iyY+AqklFoXyem2oGXEDtHJ741o3hjgWz+cLCKY +62GCt6mVzxhsdRN2nIgm/w03u4BAaAL13cXGqDNjP2AP+ZPA0TsUthbHqCnybJWO +AQN795icdboqraoeY1xXtnd/g0IO8/cbZURGuerSmmBfwLjSFPUa9+JCYCaHPZg2 +7DF4KAIr+nOoq5rjMd9PNGnqU+wuarhJQgapeqS0mUtIX/SZLN6pMJDVRidW6Cea +Xg6xAiINERRKrimhXmw7/kS57OLr3bYt9Wy0YP16z0tGurs6bzmft9nL8iTTn9Nn +jT+hr7QSq7utSfbh7m3RO2BI7DapwR9YSQnoEDakDpwfPv9N89sNq/PNUfJ7Uj+d +b9rvtWo1s5yRl/GvHVshDH80CAzA2IkNyxmzXcyF64tgb9AfnBM1A4HuSoGRF35I +v5CVlu8UzhX/8TWGivsY3e8CjNw4Zk3xA6t8jpMu+AbhRnVddLfSqJDEuUtDNagO +8tm/piFVAKMX5JBP/Tm+KeJge8pQARk68X0IJlTFf6S4LsapLhj8GYzqcctrjgqO +OFMHkhW9ZYIcwVUdo3rWwTdOXStWTmU5mAt6TnsJCX/PcNMVFwCmJ19ZcGnzNtZ+ +EKTPpP/2WUQqfQDaA8HZAoIBAQDmnBfLdNKjuJa99GomtU+eQTHwINZtU5vim8b0 +tOHeQ12MC0bK8nFufXP0fRltpwyVFZ0Zfb/pL5ACU8175GFxlquoo7w4hUh/kmOB +u8vk/aHKlBc+N5Z+Sx6NkETtvrPy++8VhIX16PDOlae56gKXfN4Hz7IV2I77gTfT +xMbwVGiIHqcUa5oCFXzbLtxQDtv4rX7etw4Ks4Ah+v7qm0ZsTz1RQzOHn41MzsF8 +AoHbzbXNK/gV26GiitEuMwDbNq+SFMuHhWLDFKSmvcjGY60bUk9TXPgpFoLwkCIH +sX0mwktYeD2ZAsYdAuDxU7tTr5XkK6cFidbNglQ4weW9e7dVAoIBAQDijMaoo6Ju +NxVa/59BO+VNHcxSHM+8TzuGfTlkfyzznc+RxlzSyYp+3wW2UH2Ow75oKRri0EF0 +HWUexCw0oYg7hZExspmKzxxSI0OAThtTVGF4IYl8fD9/gAmQO2701PEsCw50sgWj +zCCHxikfsZCnGcOv+JGETUd1MjujcUapDTyrTJaD6Lm7UFSRW976402o9eHuSFBs +htTSMDF7PzQs7XvrVP6ZRX9oJ8L38aJiyqn15j8BNN8wEPCvAUzmsh9QZbwMZUnv +mTW9p4zc7vG4lvHUPjPop6TH+EljsmGbKmjDOoT7nU716QnPqA8Igar2rRKGLVtf +QykHew4luZCXAoIBAQC82yJlfbOvXtEcmViBgMTGXq/t7oaMnAcyqs5hwuyi4Fpx +AR8lvy0EBnt6wySa905HnZ69rI0JA+mU7lp+1sayhmjoP8c6JnT7/L+/FDPjwY7J +X0Q1sMJvhUdtObQpW571JDtlTNWEURM8q7TjfXBH7XvLu90lJOfbsrQsmp8tXIMK +zseX4pMKl9xbh+HnMnQVEMiwzgsS2nPZ4Dr5mNYwhyg5L6a4sALA3yX3T/pXLv1v +HE4cYHTbr4GlqyFNZVidcqhHwQXjqzk4UH5ncmPm1x6dr6qPw57SMcecs09B+aZI +upf/ghUK1zuuhxsHaul/JfyvfXXLcatVm/1wkyvNAoIBAAiwwcYiUM7NiiItgBxu +gcNNi1LzC/z7RRtJnnP+dOj7esTqyRDE7m0jfQKbX9WkKJ+yQ/fDaV9c6U4e1FtI +fwNZglJXuZAblciI1cQMOvwdVofXMYD2+zCW5scDoKP/ryizW+CaG6FG6VCMB3PR +yey/DkSn0l0y4bTbMnJ4m+9MNLGVhIiW2tkWocfZsFoLciUzGXGckIk5Oty9QIir +ygKXMZO7dPDIO7TxIYeFW2dSwuZN6MjREGa1n6X29M48svrQjEAleoqYY/lcfgjT +ma4tDCXKJQ+drrKFEbujUh8zp0Ul74f/ZtIEGH5AwiLfZoGD7hv7jW/AEcjZrZdA +4Q0CggEBANgItdS3rJj46vSPE8k/5twuYd/JSLRsOqyPgKNr/cpbU6I61mqmxIax +urw9CQV3PD75KYE5lR61SuZeJJVqoCSUUIbn7O3CgCca6mAMVJcOR6PP/LvoDgfR +ZZg3We1v6fcJSB4gYMJyyiZCRAJ8TS2dIk0LSVOQfC4Jz1OFjpJX5LWowtdoVwwc +fH8sqWI0RXMQ0ECzVpKQoxHR+88I1AF9nVk3cd4UcRjtGQ8xw/yxu69hjprqHlGG ++RBlztkahBe3ud6oNBzHHkCjsyTgms0Ai6HzjSuMXEzN7dc16neutDsqhF9cXli5 +qiwUUYWiHGbTWBlti8L1Svy4tPwfQa0= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter28.req b/test_key/long_chains/ShorterMAXUINT16_inter28.req new file mode 100644 index 0000000..7d9a06c --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter28.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzBSd +U0SkhtBeA7Ls9dbwF3cd4fCvUtrIgeT79+P4CdjJOmWCIK82Nt2wn71gxg3QMRYN +uHyWV28xTz+bPa4g2ZvZZlh+Nw7jwO3xn3KXPa65ftrypROdUASIXQl9MFkBWmLW +7kRsktYuJ8bSoODv6JqUsbz3kLuVN+zjEi0+OtP1IBKl5P2tT1ri1FSmXyrIftzd +8P2VtVd36oHz0NJK0ZAAh5jXdwU/NHdq2cbn14vcf5IpRRVSd7yld7+T5+xTeHJh +AENvjBX1fYgnXHbmtoFqO1lVFM61nJUxaKKasK793aacq+ndQbmBBi8+3MB//bLe +MEbCASZQ21GVIoAXFz+hSJL1xeFa7lRFc1odzd+mKj0KPYQ/sTNh9+zY6bbqMSFy +q0JAd+kVXk/gU17u12dKUpwXrBdwZw0rlxUQrY5EQ6O1GGTJwxeBZQwlpxxaSuuS +F6EEjBMtQ7vTj3tSjRZ3331Nxfyfm+Fy4zGm5xVaG+BMyWUWXLZElZXJlIyH1sh6 +porjt+X4VunRagYbbV/GLlLpi3vwew294SC5W4LMHtmTt9MC6b8TfCDQcK2cszs1 +zY2was7MVZ0o9yo9MhXPhzTUGPruSwNAeylAx+r+3Mczf1t1vyPxIbRD6bEFJsje +Za5nLtTcLze3hsZELr4IlRIQLRniXCFGpSCF8yMCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAQI+DkNrgTzQpg5iP/I48J1f6hnBuHe18pyG6yBrx2224csoG7FoTb +m7g9JuMlB9lwQ7MQK/fOgssNdXl2dSDJAPazgGYF/DPcRceASqDVUx6rmBP5vq54 +KBXuIXb/ly246cJ8u7Y3iowHEwOwKK93zYwozOmhUUFtoPbxrq/bY9si1qnp0Pax +Z3NXOOpDsczvA4AvmpYtB1mU5Ody0o6PvshG1TRiCnYVrfugiUSZwebdb82UTo/Y +TEEzQrD1uT75lhe/yOjcoR8lO7OAckZYk6h2kWj4kg1CFlKaZ+IbEWTJ+TfDp6mV +9EOLvhFxME1JVPY4vfmqegAG4svE6b7Wr9ogfBx1G8XCc+Uul8yJlAQDxaS4CikI +rnDMqDCvoVSlEo+EP6KjgBJnv2EmxwZSVBs/WJDT44z4e3/wrUsLQpa7Do0p7Dpw +fliTbOk4N4OdUlWYT5d2g8s529utZ2nCBn7i771NOoHjI1zbCWF1V5bA9mlUgR4t +YLOsMMuQAD16hm0wuEbprdT6C6A1prMEC+6C80oIoYi/juiwWsP799iUEgdCuqvw +Fyfp2Hb4P2NorVTzlUkwRLkTC0iEO7GuSDWwpYKnrlelHLMbvhreCcQAQppBqL6A +AOsy8KD7uAje1z3b5dzcSSclic0w2Ugy95NPysJttR4qniAp4sc4VA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter29.cert b/test_key/long_chains/ShorterMAXUINT16_inter29.cert new file mode 100644 index 0000000..f6c91f7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter29.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI4IGNlcnQwHhcNMjMwNDA1MDgxODA5 +WhcNMzMwNDAyMDgxODA5WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTI5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCk3CpfO2GfHGSCxZSeTcDtv/2AzyGeXFHlCdAmOlT6vzRFQIHuGfp0PGjQ8Lvi +wLfmxihbOSsCC+hLM//ScBFnOl1DROYISH1UCJ2XQAH6RQWphXpMBgJTHAS/vnQE +ORtfo6VY6EZVS24tlnuxNEgB5gYmIAy4eR5nWI2PtJSm/7MB6Nyk0P8KBalQeNf0 +p0tMXBSi1DLKAFIrNHMd/ieunZVDTDdO49dIg6acPMAV80B3GQTg4QWEgCyg1ac/ +z57yn8MiaqnHgVB1fAuKa0uLgtZjz6LM7nStP7lbn8IDBYhz03gonIButAuxDKyq +IXqykTnJctU5UIlHvAkcxxxwrGCgNcK8U+sOxN02IGYjbUW71pl9ZAEfBDVWtg8p +MH+aA7CSEzjY6Xsi9VovdbyeK4pP0qMXvOPhrrOwPNV5Sy7DfVSWi/f5DUEej4/8 +RFiL2Wvtxs5B8BdT3g34dGYHaI3qruK17KKuxue7VKWpc9ED0z7PjQLqNgEapCau +BAtp+sdGsYKBkglfnHD42Z0bJYFBaSc+RtQ7II0qBWQ+o6EuHBrXpQXSNh9wZbGo +8pFTcY7Kb5NpWLJr8pL3zAF3+FrNBm5RUz4nRCKzcklERA1ffZAyq+dQDTco3NCg +tR3jkPcEntBWnGhdjIbmwAmm4mDyO56bUNl5eJ5BUJWwqwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUmk/l1V1359CyZbvG9HAM +Eoxc2kUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCLQE/WzE0K9uv+fD/fhAs0KEhduH+YD95gnTpiWtcIbxe8bcrd +9E6k9eXBK1sEqE3MdqQlL8EhrOd2habkAdvYP0KTZ18tf67bGsALZyUO4W+y9iP/ +yYC3H4LlA8alQpviOeJlsuJuKaC11XoFqPFuc3HFDl7Vy+4OFdZjleM8sGFi9fBM +aV60gH0DlJ7eGW53uFP+EWi+ovXvRabWdqb6dRbOZt1IvNLPCrQg1ouPlNKqzqHF +x0JPcJRQR9iztZV8DCyvjBKuudM9oKFXJYeaqWlqWQbMElIGcmYD5cFQyVjWjMtt +s8DfDBTuVjRsUPpzTOLKc8kL60rOfgFZx6hPzwV4pN8DXZNDb3Z7kE8xoYprdX3o +cXgvQoKiedwxfHEyrHOm3hTTNe4OAA8gNc0euzaMTX+9sVBc0+8YVJX7LBbCgBbL +VrV52jAiq32hdME/mbAScQIOdZo3cVvRZpOLwqFYpZUNoAC15OSxM5YGquw5PQ8F +hic5cW4I0B2ZY8iq15ZIx25sWw8TPppAxdJrlct2NP1yMUBLJ9+tpNXv/R2gKwak +KtZNud5ydviZkGEAidOU9PYf+BFljUfpYZSkXMSo/rx77j1w95fexTum7O0g6zc2 +qaUAfFFAC8w/jO1oK9GJWTMiyfkBk35+4aFAg5gEnAQ4gL+4Dt9SBps4jw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter29.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter29.cert.der new file mode 100644 index 0000000..4261245 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter29.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter29.key b/test_key/long_chains/ShorterMAXUINT16_inter29.key new file mode 100644 index 0000000..b3c03aa --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter29.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCk3CpfO2GfHGSC +xZSeTcDtv/2AzyGeXFHlCdAmOlT6vzRFQIHuGfp0PGjQ8LviwLfmxihbOSsCC+hL +M//ScBFnOl1DROYISH1UCJ2XQAH6RQWphXpMBgJTHAS/vnQEORtfo6VY6EZVS24t +lnuxNEgB5gYmIAy4eR5nWI2PtJSm/7MB6Nyk0P8KBalQeNf0p0tMXBSi1DLKAFIr +NHMd/ieunZVDTDdO49dIg6acPMAV80B3GQTg4QWEgCyg1ac/z57yn8MiaqnHgVB1 +fAuKa0uLgtZjz6LM7nStP7lbn8IDBYhz03gonIButAuxDKyqIXqykTnJctU5UIlH +vAkcxxxwrGCgNcK8U+sOxN02IGYjbUW71pl9ZAEfBDVWtg8pMH+aA7CSEzjY6Xsi +9VovdbyeK4pP0qMXvOPhrrOwPNV5Sy7DfVSWi/f5DUEej4/8RFiL2Wvtxs5B8BdT +3g34dGYHaI3qruK17KKuxue7VKWpc9ED0z7PjQLqNgEapCauBAtp+sdGsYKBkglf +nHD42Z0bJYFBaSc+RtQ7II0qBWQ+o6EuHBrXpQXSNh9wZbGo8pFTcY7Kb5NpWLJr +8pL3zAF3+FrNBm5RUz4nRCKzcklERA1ffZAyq+dQDTco3NCgtR3jkPcEntBWnGhd +jIbmwAmm4mDyO56bUNl5eJ5BUJWwqwIDAQABAoICAHdaBTsIrHYaghHCpQOuWtxE +wGx+iGIzh/5/CjiCxn756gew2d/c4ts/2MpbXkqdJwZls1XHn4FNyZCYRr6873yC +Xn6S5M5eXI13509WwZfEXIML5SwgtZIhmLaQVUGxbkXhHZWuIy0g/NT4OvhhVzg4 +pX74eP0cgoxjKak+HNiCCcB6KzMPM3S4AIoH0qCGdRcFGtN/OH3Rmas5v5WZKHVc +FHGyPeBZRsRyuy4lNRMvFh6i+Est3Wa9vJF73CdwUixoyUajXeLXlb5YXaqKXxjT +Ug7UhZJDmCjNF45jrHuvh8gC8tzD4J9Eraox+Nb6ge/A/8r93awuyBQs55Pz+nvW +ALg5R5+dazQhPPdYGtzwdriTpvnvF1zy8rRzRYPqTRgiwV3Ea8W3uvRIJzQLwZD4 +5f+FFO3KGA5W+/oLnlorybjg3zDvxDsDyCBI7YXUfEiSxNVCjyjWGLvbWB1u1D95 +6xTnKJtajPP3/PqH6dQ219zpYH3SfviEAxztnKJxag+8IY6rE7C6gVk8sUy3F70u +VqBT/XbnhM7vWVZ3rHyUnr6icETMSzTwkTPYjAzc9/gSDJDXT8r1JCL+xo+/R00j +q6x/snM6/YBORWekziRPodq0xD81ocV3ZdPqOyOaKlHkZaG5Fv/oVX+fMPM8NVcW +N1DCHjllQwVwZQ/tCWrRAoIBAQDZYYa1DbfG0pUXhVdXFhkQzTmc3pT+o7Zes/cI +kcTQCKY1/1UET73W1rDU6qcHgQzolyMx6l2MzzdpIvl18IKQ650UqbJAQVTBe12P +rkxbYFDxde/zImnOe9f8W6MURNi89iJPYyhlZ1pgdHQje7ggO8zUg34Ky+7S3yq6 +uYF/JbjH5ykEcaku/v3qutc5NCbhfsCzVnYj+6Td50qmrF7SRUeDR/JSp8fQbuZX +DlnpYtQewhrrNbibGPWBp4Uh4kNJQjw8oEcJl1tKvHKWuwXCUgHRvghNSJUQXW0V +SnUACFE94mxKyL7ESwLnG2NoE8QNF9nZmIfz9EutplYOpwYvAoIBAQDCJf1sjMiG +WMAOF2O9ObJwIliUh6FTHCSuh1gzEw9SSlQNF+oCnG70o6An8vrKbJPDOEdtaC1N +kCsR8Dt1BPB1BsUD0sFsloXdXISCU6uwzP6p8m4lJIaTRgdNv8v3QybCac7FW/Mq +GhcGhacZfGiQ2BxjVKTw5V+UD9tXALjN/oQ90lIIFnfx2eBiAS/80tCDkjHrlBkT +Yj9/hQvxa3BRJvaNAKeXzEmtmfvBOOkYt2vmLrrTsFP8Lr9igUq6JCVa7k5ndZnm +dGqYc+TW/fsufNF1IwCsSjfu0KEitEWOWuIcZKTEQSBjmCXGurfhOL3Plemjb02r +qzns4ey8Q9pFAoIBAQDTMeVmUgWSrVUcnPfWLCn+IOUwey/WlcfBCqefM8A7Pav+ +GivHHJIcAEmdEr1klQStlOkkvcZV35y+ELS82QaBNehPAu+jbdWihPDJf1XAETuS +3Dpbxbt2WOvmykEOmDTaoWeEKZo9qsQrofiT4Mdqya6faYEzjB5j0V36O/CMT2HP +Fc7L+oGcnzCitRQVB44e1r7xfbcaDoqG7QeiFyWotJZd/bB4jXmcD6LKQa8pCFN9 +7qeojXDlfsJHTTITUXh93FQZsr5RmzOe0KejueBGgtYxqKb4LuRkGeC5JrW1al9D ++I+tuIteumH/lqRloY6ACgQlXAP6CAbelxRU+AERAoIBAFIAu866lAPyvoP1KyKE +mTK1vxZVRzWUYIX7EqzX8xO940x4elXJ/y+DYSUegwE25R6CyeCTLPdi2l5ESsi9 +Ylb7mgFoZlxYI4iBCFMHxi/yFepwREeZ6uGPpYwYY603hsp86GIB2W5CANG3aAHi +w0PSlAL8gIJjT4B5Rhq0alpPk0mNaSqTWuwjK5wZhkxSOtIn0MABGKpQSCOzbXz1 +9UXBoEekLCV4mvIhZO2S/Rl8d62MtUquYnrUv+96Trbah5ClsSYPzQZCy7dC1Dhe +pFZZUBsawrEC1Cchpb3DyNE8395AQDvIikamv+X1fa86SSnB1yI54+OLefbs4hIO +0sUCggEAAjiBDPzlKdpzzVv5JjqCTkxGWJe1pU6u0xaQ1dXRiV0JK4uv68aawRNk +jsHTO/3RvLVHRxJaHZOsFola4keeqebbIwxMhQvOiYQuCfgGEi9L1MdAaoBvH9Oa +Ibqv7AphzggRQ9OjxV/dGWfp3rWS2ldb/7uw52zuvNsLDkKAqoRodhBY0P4hpyfO +w4IpDffXgaSO+Pe4ioqQJXOV4WuV8e90zqVhLIYnVmHZLKvEzloUNqfy5DYov1aH +xXQtG9LTR0xxhX9o/1cJO0Rgzuc5Axlp3tkCW30WOb23B1pZAXK9qSnSkutZ7Y73 +Vjt766xO8aDA/tsXgMwuDM17TWQRYw== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter29.req b/test_key/long_chains/ShorterMAXUINT16_inter29.req new file mode 100644 index 0000000..2e2476a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter29.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUyOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApNwq +XzthnxxkgsWUnk3A7b/9gM8hnlxR5QnQJjpU+r80RUCB7hn6dDxo0PC74sC35sYo +WzkrAgvoSzP/0nARZzpdQ0TmCEh9VAidl0AB+kUFqYV6TAYCUxwEv750BDkbX6Ol +WOhGVUtuLZZ7sTRIAeYGJiAMuHkeZ1iNj7SUpv+zAejcpND/CgWpUHjX9KdLTFwU +otQyygBSKzRzHf4nrp2VQ0w3TuPXSIOmnDzAFfNAdxkE4OEFhIAsoNWnP8+e8p/D +Imqpx4FQdXwLimtLi4LWY8+izO50rT+5W5/CAwWIc9N4KJyAbrQLsQysqiF6spE5 +yXLVOVCJR7wJHMcccKxgoDXCvFPrDsTdNiBmI21Fu9aZfWQBHwQ1VrYPKTB/mgOw +khM42Ol7IvVaL3W8niuKT9KjF7zj4a6zsDzVeUsuw31Ulov3+Q1BHo+P/ERYi9lr +7cbOQfAXU94N+HRmB2iN6q7iteyirsbnu1SlqXPRA9M+z40C6jYBGqQmrgQLafrH +RrGCgZIJX5xw+NmdGyWBQWknPkbUOyCNKgVkPqOhLhwa16UF0jYfcGWxqPKRU3GO +ym+TaViya/KS98wBd/hazQZuUVM+J0Qis3JJREQNX32QMqvnUA03KNzQoLUd45D3 +BJ7QVpxoXYyG5sAJpuJg8juem1DZeXieQVCVsKsCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQATDEXOJoxbGBrHNxgvP3QRjCC1LzY3vMVSKOY44qfE1iJh3M2EvLZz +uxmdNHumFCGtclSbq8OccVeAUMDpS+0L7DPW84gsKWAAzX8qPfj51kpV4nS5wWst +Xo75Uay8J9H28/NKHqSxm6qY5FM+ywS3eE8FMe14Tl8cmpXGOsZw+6S1e00asrWu +pb1ei7Gz8/Gnebo1eAATttxbxohR5Zof3p1o+AAF7JlgfRXFO5Pjqj/OPo5RVErY +3bFvDXeFy0qAfoWiZLQE27A0CLkzLEWOoH55P5N2pWXQ/Q/MV1dK1w2pFTuiineV +IQWa8jtjptZialq75FTjJfUil4b9ahgWYGYkoEQuZQw69xKd+NVcGQcDbOxfxL5m +ruyto0ubr7kS9T99jopTFVT5KRsC/NHlwLGRN3OAtOXsDjPx90ir8dqbp00FAm+5 +013hs8Q0V+epO5eDD88Wwg6Dwm5cHzUdmLxxnRQOAcs0Jq2ugc5+08xoC20DyFmw +BHsAHahQzQz2a2wpfIwgpU9P0JNn924TtTxXHMfAsHZHpCj5qN3ESb2LchUcqVOA +SKX4bkGLDqA9POvG3U+/NevJTW1LAi9Zpek6KXXZxBlgu5QmN145+X8DQHx6oPB9 +MXFej1YkR9bW+uQvb+rWdQu82ilc1ZubfSmw+UQG1Zq7XTe2+rWKGw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter30.cert b/test_key/long_chains/ShorterMAXUINT16_inter30.cert new file mode 100644 index 0000000..e80470f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter30.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTI5IGNlcnQwHhcNMjMwNDA1MDgxODA5 +WhcNMzMwNDAyMDgxODA5WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTMwIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC8L0Rst5re/EmHE3X8l/4vgvAoZ2Nvsd4+2aPalFxdCf0vT3TiPLA7S9zoX0hK +Lgf36Z/7zPOLYaQqIX8PRrREj9UA0gqqrOhrTWdXtlmB1Ai6MZf8MByp3iRRy927 +bhQwl/PTzQd/KtEPgEHdhQAVvHTXbfLfk6Qw9QpsrpPtVaskljQ7RW1lYE9VBEVv +EE15G7T3uXxnpKo0xxtCQ88qpp6rKGt3a8FgSCAWIt8JlwmdkOiCcOk2lA33WTQ2 +ZDVkAkb+tLSO1nBryDolwI12wufw0FP6LkWqP5dOqbHIkEc8n95rVcTKOTmJLYmp +I3YmNisEk8LBBLQsAYNBl1s07aafGwsduVeG0b/ehqZWW1hiYvZefj2d79f4L9VV +TJxtd2il5LtP54aUvR9XFz8SGp1FM0CW4XLR+l8Dz/DU2CJXt+lVTqjNDmodJeku +DCPxYB7iaSFKWHG06trglTL841SW7gxqIQE/KJXotbPDEo/IYF1mVRQ69nssoeiI +f3/dHloQAVHBjwX/9B+4i82D305zZU8cG3FY8jmBnKaPpkch3C5XcFiAmyR9T+UJ +Xl/OiVghVxGmtkBkmf0OLmJYCaweRMxMjpvt8h38/rKb8/fjwvpw0/yElML8gcxo +0o54QmMJKqX9XmKWiDz4ScQwC82XPnzhRZQDWpEZ+6nvdQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUzt2SC7+I3C1x2OYZye2t ++SWwlH8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBJ7AEdZW33J9DFzRSloyNkjn8Zb0JWIoQ70Fs8oc5wABnYVlsn +scuo/KgA8HAo61H9VpUnQdgPVwE/P+X2Q7JjmFg/1GVyXzNFKwn1FifVXIGdcxvq +s60ucEejJccgTmaip8bxoLzwIDiMFKso1XyvCz4pMjeDZgH3iMtWPCKd2IId3L0V +mSo/86KkeLlAWqcuthsVCEloV4s0cPeoee5SMa2y8SpCKGge83puUzdyaQ/IXBd/ +Qb9gW8FegS2vLzHuEIHrQN6h6r7Dmwco4413L+a07lAq9OtEAW6T3cBffRhy3G99 +ZVUF9kSZ3uZsZbu40F+fzhniZigGCM6YJvBLixqj1ki797WH7xHPRsJE3r8YiS/s +7+xwncepXmJff2pMiz5G8buKJY6WWM2rgxtagQB5/GxNfDJo10Scx/D9zJFbDbsd +vdVYe/VSUzbTQNs4FkDYDdabQvsXRM30TqcwMcayghv7FxYWMjeiffnnEc6pq+9l +sJSPBw/9qow1FmeRkcVeqAm9w2f3xA3DrrfaE+N8ltdZHosUOInWStR5FYYgDbMW +6GHUMPeeThEAp5Odf1zaLUFWEfiEkEba8sGb+7XZqLQq9pYEBIf1jIOa6dV+IUoz +nt2Bpy9UESDKHgydQqT22qfEJ6p0ifgFqZV++0zuOMH5Tld6mnIcnttdPQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter30.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter30.cert.der new file mode 100644 index 0000000..350f74c Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter30.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter30.key b/test_key/long_chains/ShorterMAXUINT16_inter30.key new file mode 100644 index 0000000..824408e --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter30.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC8L0Rst5re/EmH +E3X8l/4vgvAoZ2Nvsd4+2aPalFxdCf0vT3TiPLA7S9zoX0hKLgf36Z/7zPOLYaQq +IX8PRrREj9UA0gqqrOhrTWdXtlmB1Ai6MZf8MByp3iRRy927bhQwl/PTzQd/KtEP +gEHdhQAVvHTXbfLfk6Qw9QpsrpPtVaskljQ7RW1lYE9VBEVvEE15G7T3uXxnpKo0 +xxtCQ88qpp6rKGt3a8FgSCAWIt8JlwmdkOiCcOk2lA33WTQ2ZDVkAkb+tLSO1nBr +yDolwI12wufw0FP6LkWqP5dOqbHIkEc8n95rVcTKOTmJLYmpI3YmNisEk8LBBLQs +AYNBl1s07aafGwsduVeG0b/ehqZWW1hiYvZefj2d79f4L9VVTJxtd2il5LtP54aU +vR9XFz8SGp1FM0CW4XLR+l8Dz/DU2CJXt+lVTqjNDmodJekuDCPxYB7iaSFKWHG0 +6trglTL841SW7gxqIQE/KJXotbPDEo/IYF1mVRQ69nssoeiIf3/dHloQAVHBjwX/ +9B+4i82D305zZU8cG3FY8jmBnKaPpkch3C5XcFiAmyR9T+UJXl/OiVghVxGmtkBk +mf0OLmJYCaweRMxMjpvt8h38/rKb8/fjwvpw0/yElML8gcxo0o54QmMJKqX9XmKW +iDz4ScQwC82XPnzhRZQDWpEZ+6nvdQIDAQABAoICAQCfIyWs/lNUcGrJdJaZJfuJ +OCRZNp0rLnIwGiJrTH0THMhjwsCoNQQfENdeFn1uZaDNcF6fNEFcRBTsn+jwBS2a +sTtCd10X2iKt4wYacZUdqi47LodFd3Y13CpAlbMLtloSgd1q5f6J9q5WenK4nqlk +uDrilxMFKLh3wjCvma50zLZuuSqwWNTbHufXkEYbVuD9IoYV22Ct0N0yxpFxpyBB +BCg3u3Wtxo0AG94uegy88mHqQkmtTUiao/dvjZsOyA0yZo6dBDmQdR0auHcbx8qZ +fNdhmPr7HThCcYZFulEit4fWZ6dSg3RoQp46OC0qwFdAlxwnwcC3M4AdmqXhyNoR +48S4J0g82znWpl4FM8hIj+xKgeEDMOgeUHXhqh2ZuZCcQLfoX3xoYxbXjkT4oiCO +g+h3DNHcaisi1dze5+HedHlTK0/3qKPvrKg8N/qAsq1pEzFnQPJ+IdnQXjDEyIQp +2M+WoSWNm7Ly/H1Xq9827vhi5yVvmJMwel98IGuskqcHCEzd2HL3qqukG6NbmVue +o2e6gbad+hZuQ5LART5s90V0JaeGQ1YzpaxhKgOAeiCgLS2dFvPHNafQOqvXkufd +x6syxwki9ZL6TS+sR8ESRbv6TkLnTnfN+QKQTiK0dhsp4KJazq5B1KcaK3MwwEun +jJ/gF4pn2TTOavOB/MsRQQKCAQEA5HqDJuXB2waGrKw9Jwji4neEtM7eDOaXuqt0 +avRVhQaC7mBgDZA2zr60dSaOiUbhnkBy5fm4tgs6zAJu5H5sJzVsydMlmaLmmsSB +4ueGMK17fOMFzIzjVQQpLtsYYqOpLTA0gKLKXNRSbYxcTeyI2v3NMeE16TaZw6HW +heO2kXlvMCOkuOC7l7uw/CqkcRdNevd4Gbqz6KE5GFwDV5LEhwI17rFPeqZs5B5a +nkP4axoth0lKPpgUrqZvyKvc9tuqa3SDYXQ6VKPnCEW+Fr9b+VhU1HV/M8QXiNDz +jqGGSS5geH90TP55+67QCFQgRSsooOJN34O2eNbmb5Oe161aEQKCAQEA0to61mtu +aY3SbYL94gRfzFDBKR+5Anpeh01Y6rfTDk72LvBeO4yGyn01ZM6VPVOrYIvB2zJ5 +GgGZT4BFSAx+h2/a1qTGtJ+AJwiRi+5Ng63fmE7zZ9yxO6AND/dTDIjzalgHkuV+ +TJPYp1Iyw7IrX/DCHRn+4pf9lZt83Wga2fTjH1aN2M5LHL3AklQUjJGxdMvWltEE +TigdG3LID7aXVB66bGEGfKNvK7pFTujQVF3pHU2LYUA0OKJLY2KA+3E5OKVfk5zV +G0/E4HVpU6K8wzvCtjJTufjMmsqV7Ju0r/v43AcIH6crRmQ9COFylA8CJCkQn1In +byV2Tz/+NDo7JQKCAQAj/C+/5pv7tTFs7MvM5Bdn988M8zAB9CednPd/CPCXPQlO +Jhu6xyX6tgqSEPqOIH3UgO4XzpcLBQXDr/ZrQoYiPsXdm8XmRsPvSFf0tuZpsEks +yEzXhLEhaMBbwuI6VvCET31VbU5WBJLe8iZvl3uOkj7JRmFJU/Iv38N73vuYOfoL +KPH+tFaXdVZQwR6ZOURYw7VEyCUh1JK7hXJ5ToJpiS2ZZI/SD3hDDYzUNHxh0gOt +tRtedHF9eHVOs9LfhoV22yj+JmIxhocSxHlF9+mygfkKZV8ddhsGz3Is2r/dstI6 +6EgXAFWSEFxvk2BpxHxnqnz9YS9SJPaySBvSeFkhAoIBAQCQlr/UO7VqQquzFymc +LN24kQP0fGF1No7N/5di1Y2weStOgtxLv5DLGFNd/l/Ovyp9OTlFY/YxhDkqkE5y +GsdFfsm1eScdw2aw3apZJ6AWFUyH+FPnvCn5Nkbe1P4pUVyCZz1CWYdjYdsm2jIf +inU+BC5IoIPtxMZLKmXUukf3gHujCMqaitRtMB32+hthTaM/8WwE3e4y3kUfhnV0 +eQSK1cuG+H3nSHe6p7BRbUs3H3L0+jEDDnEBCSHjVDAYvMq9coH5CooEgY4DUeBZ +TvZcdwWNxTMvC1LbLuLibt/X8lT0JQpIEm2VhrVn+pmEuEoCm/pfFooeKLVZoQtj +qy7VAoIBAQDHLVx/e+GFcSqcpmzIdR67qHu6UIm1MM4TaK+3Pza75fgwHQC5LTHm +mjhOEfok0lD19rgODf/59OV96Y4SR+uJFMoxHf7KMYZueYzAVS/J9Jf5XN76RifL +C4R+DXxDVG95g1q5Z9aKOB0pinzLoOc97J20lKrQUozu2xYFQWPCSWiHS8qcRe7H +XexJjCdRTX5h1dQ3y+DqERy1vKZa3MEMTOjJuN3OY9/ZpwmjpTyiAgKPuFHxmMbH +5xGI2Od3h7GqIXXEKOge/m5VhZ6UX+FlsPU8Yt67RC48e0LoeRGjMncD40KEnHjX +EH1w+VRfjfbMYLVuwDYH+98dzLQ1l6Pq +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter30.req b/test_key/long_chains/ShorterMAXUINT16_inter30.req new file mode 100644 index 0000000..ade3af2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter30.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzMCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvC9E +bLea3vxJhxN1/Jf+L4LwKGdjb7HePtmj2pRcXQn9L0904jywO0vc6F9ISi4H9+mf ++8zzi2GkKiF/D0a0RI/VANIKqqzoa01nV7ZZgdQIujGX/DAcqd4kUcvdu24UMJfz +080HfyrRD4BB3YUAFbx0123y35OkMPUKbK6T7VWrJJY0O0VtZWBPVQRFbxBNeRu0 +97l8Z6SqNMcbQkPPKqaeqyhrd2vBYEggFiLfCZcJnZDognDpNpQN91k0NmQ1ZAJG +/rS0jtZwa8g6JcCNdsLn8NBT+i5Fqj+XTqmxyJBHPJ/ea1XEyjk5iS2JqSN2JjYr +BJPCwQS0LAGDQZdbNO2mnxsLHblXhtG/3oamVltYYmL2Xn49ne/X+C/VVUycbXdo +peS7T+eGlL0fVxc/EhqdRTNAluFy0fpfA8/w1NgiV7fpVU6ozQ5qHSXpLgwj8WAe +4mkhSlhxtOra4JUy/ONUlu4MaiEBPyiV6LWzwxKPyGBdZlUUOvZ7LKHoiH9/3R5a +EAFRwY8F//QfuIvNg99Oc2VPHBtxWPI5gZymj6ZHIdwuV3BYgJskfU/lCV5fzolY +IVcRprZAZJn9Di5iWAmsHkTMTI6b7fId/P6ym/P348L6cNP8hJTC/IHMaNKOeEJj +CSql/V5ilog8+EnEMAvNlz584UWUA1qRGfup73UCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAnwcgZbaRbO9whpZKgxeTT1bI+yCJR+gz6ChTwu8AV0SmQxJdrs1Ge +bBPz7dkUqwtXIeVWCWVbRV7ZdxPiJN1ZMB0OhghuQ0tlXyv43AQqaIZ99Pv3rAi3 +o3H+4vRQiEmXwhDxdVJ7xh1m667z22Adyx3Zmkx//qgfbcXhdeeH9a1IDeP9IvHM +4Oq6G2FrU96FKTJuxtJAda/ArniFtnTx86PUrxPD8VSTFnzCdqd55VHLBGXw8819 +EL4PlZIMSaU785aoDMtoiYgHF3fbT9cbrEI5nSQAZrgX5nn/ey7TLcQpmdUFfLhQ +HNnMO2t9FHLStBDrOfR4JE5qU2BfXXr469CgfKNy1/AXSYfXwQHEcJs3fnaUvgx0 +TaxQuPxG90yQfvh2wgmVesZuO/MYQpcLokmONA91uI1HT/KFjrqsZXDjOCQcmf5R +gBP3OIv/P0Qe/5y3Hc+FLppZADg4Dw8VXVbtZO/dY2Zx3FpVwB0ByjtqpXQ1gUF6 +HQkbcl/1lCAT9++LaktXYZHLOgXvOzeILd8VpZLe+LFXEL0vw48T/qjS0LEyCtpP +ZScmi0yXJWGOUEA5FZmOSMrU1GH3xSHklqPuSN2hS44UOCJoiAD66Lu4zLRVBhCF +msqGAaUDSjmP74Nu1wMxk1eWv2ZOoGNxP4p+Wq6P99wj0w9UxFOM6g== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter31.cert b/test_key/long_chains/ShorterMAXUINT16_inter31.cert new file mode 100644 index 0000000..25936ea --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter31.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMwIGNlcnQwHhcNMjMwNDA1MDgxODEw +WhcNMzMwNDAyMDgxODEwWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTMxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC2rOO3jZs4GjlBRM66Swz/1k6EpUdwz6hP+NmumbasRxCENdUJW8KGTDYaN51k +ZllKkDOoo1PznfnIU/l4zgf52wPu0tOtletFBs47ZiOtcgF56AB9RU+mzCTxjBej +b7w8DuiUf90XzPti2VwYtsTWQK0XidbgtuhSQyqjc4wcldR4W7wEkq0wNtjGuSd8 +RSwUu7V9jpH+Da8znaNcX6pgyuwivFm6gOidKsr+XS92w8yRlByGi40LVUDyQ8ZE +A6sgR3/n8gvAR2lMqbKKRMz2/rgPvY8XoUGFnKiuEqioIU5i6920YE2xTmw3atPD +e7wyg2f9KW9tzfA1xPbm0mkxvANZxfEXuinN7GS8pFrgFGgGuAAp6nssjnt43nyK +t0r1s4ddGdNrUNQtCXsTuosIsX5L36GXbzA9ihbuvJ169C7338qnUfMs9wh0sLLS +CrSwpcIHeWWPqIyuod2FXPD+/ogRJRdfUbRg2bPDC9hHoimmZrJRstihunEjtl99 +r/rHSpRzlqf7csqRu6cMQb+Z+otG0QZOlNtrCIrK5Sw1DSSrg89T5t3D3FZ7hWsx +ttpPjRevQV2Q9eAX1Mo8nyegjuSHXdaPhw3TZonnBXn8lKtGfURoZcTEtNSFSuZA +AJrm5G2Veqb+6SCrW1kXw+1Dhp6imwJ23xBRVzTOb7LxlQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUI++C69Y/quL032LrEOsc +Zp+MH1EwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBxVZYZZKXberTSGtLfZdnNcssad0/RbQcndki8iotHXgm4tfyy +Haj6kLma5M+waaOCSqUkhYUQrdch1mi3YYG16D6lkJO5oRlqnRCYx8BqGDrzot7d +vYAKUexlguW8BUMat6kslx/j2DJ4+/Us4dZQxR2Yp0qWj7DdtI69FM93Rb4EF3LE +rBGiyzmOVR/w1y2a6fQV4Tw/OylrjBYoHpCC8keSYGm5GjqyzibNCh3LDm0FfHuA +YJ+p4CbuC3wH6c5ROHFDQaZp8yvmG642xyETOnt3reotPRv3oP8qzKWF4NGymdLs +WyTfKfHK6e70WF9yPGBLdPfwFg1djiGI7DIMCFkvtdJN7awIN4Led5y1jm4FC1bG +JpdlbMZh5qFkxYCcBMhmNWU6zU6u+dIDWSDTfxUeQMob0hiHc2ac5CRsWEkmYRi/ +CyylAqFymzIDo0m+VA46GJaTtl6lIAW1nAUYa3QTJJNoN2pRcJw29j3eopIT63vC +sZjdb1lKJDfCheAzemL2Lgxym9NnMvyySZvvAqYi6mpjUQXw7/ioKOjw//JMkdp0 +vcHjgB0W00sH5OSZH8AxGXkj11wnDK8KEPw9/0bavRYd24IObHgAh/nTnOW6Z6xp +vmkJCw0I2igNRvX4gUo1J4Na6BUcAKCBW5CDMWyYvKA6/44aicXGQOuimA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter31.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter31.cert.der new file mode 100644 index 0000000..ea094b2 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter31.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter31.key b/test_key/long_chains/ShorterMAXUINT16_inter31.key new file mode 100644 index 0000000..b1782ec --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter31.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC2rOO3jZs4GjlB +RM66Swz/1k6EpUdwz6hP+NmumbasRxCENdUJW8KGTDYaN51kZllKkDOoo1PznfnI +U/l4zgf52wPu0tOtletFBs47ZiOtcgF56AB9RU+mzCTxjBejb7w8DuiUf90XzPti +2VwYtsTWQK0XidbgtuhSQyqjc4wcldR4W7wEkq0wNtjGuSd8RSwUu7V9jpH+Da8z +naNcX6pgyuwivFm6gOidKsr+XS92w8yRlByGi40LVUDyQ8ZEA6sgR3/n8gvAR2lM +qbKKRMz2/rgPvY8XoUGFnKiuEqioIU5i6920YE2xTmw3atPDe7wyg2f9KW9tzfA1 +xPbm0mkxvANZxfEXuinN7GS8pFrgFGgGuAAp6nssjnt43nyKt0r1s4ddGdNrUNQt +CXsTuosIsX5L36GXbzA9ihbuvJ169C7338qnUfMs9wh0sLLSCrSwpcIHeWWPqIyu +od2FXPD+/ogRJRdfUbRg2bPDC9hHoimmZrJRstihunEjtl99r/rHSpRzlqf7csqR +u6cMQb+Z+otG0QZOlNtrCIrK5Sw1DSSrg89T5t3D3FZ7hWsxttpPjRevQV2Q9eAX +1Mo8nyegjuSHXdaPhw3TZonnBXn8lKtGfURoZcTEtNSFSuZAAJrm5G2Veqb+6SCr +W1kXw+1Dhp6imwJ23xBRVzTOb7LxlQIDAQABAoICAQCS8EbLotA0NIPRiHNxTmVK +dSv7bqckiySsD1OqKmLR+OfEMTkHqhOyyyLJu+qSk/FHFO84uwgQcgY1qbaGAdRQ +mmdzd4plmq4AfBTvmp0gKxAc6w1ZtqL3XEZrNXDeOkaDWMqkiKVjO7MKNCTsjDeQ +z71rrah2YSpG4Vgu2gbeB3c8yS1X0FQW8Ec2skCcqVdn5gV61W+Bl6hSMH7zEtCN +wyxmVHMongB+S6m1KWfAdIbcovK/FwmBEDaJqRKWKw0/jcPI4t2o8Mg2rlm69tSX +6RRNNQEg1MlLnFPikYewlfnjgC55pO1ZredGPFvSZnlfeGvxK59CB+Esnx6rVJzf +0tp1Uof+hIXRmqdEv7XZuyoSFJZCJwDcQBVd0RU0lAYwM6gtfReZi77+EGUkImqC +kSncmvtJAWDyGvePDV6uRasKMswfa8jxbGYuLmHJPUZaIUM8Zo04ybf8v7B2rZ6q +K54VXyO+QCuwZK+yllfC41lRn2aAAWPs/XKEtrDxCt7VCaJdu7NsnrZ3TjwV0451 +CYzYQ4i+LvXhpbFQN8Ri2GNHshyg7gsUH1iEuRjfq04gJTdJ48M9JWhiPCG2nS29 +8CuW+X9wQAmBvXtL2Szfr4XHJ/AJmfDsA4qG8J9STjeRRNWjNSfF84evRfXMTUfm +eGhTjLfeeXXAt+sS90ZbAQKCAQEA70Na94sHzCffRwnN4C44bftzVwfprqJSO9kS +n0molihlu5kqjQW8HiJgVj9NUN1w/mvW8AhXNgM9Ayhqu3+5Z9JJhJN4HH92pVt3 +icQcbe7qmrF/1m1b6Qk6aN1sYlsUtEwBwiFrQgtL7LfOkd8cr7jiMMjM+CPcIJsu +Snk/PFi7UUrmUVy4wtyJ0GTuWdGd1bT7ThrvPwEtcHYuavNgmunMfsogkncQ1aDm +4yuC1Qa9JFrhB40jv7XT4dUSchPwCqXo4B3ctr6Bzc3y84u/17UzkChgxe1OZL+R +0COYQNIb3ALhQMB8LrBYzTCwqrjBtzEFBBujje/X3I1UjfjJEQKCAQEAw3Qt6Bxb ++bgWitEO3HFfe1w2xIU5Hj+YLTbar9kh6iY2kP8SdDnKTIHtkeeB7EckJIfQJqE3 +Ei4/bNYH0RvplMk6TapJBl1KQIuB4Rmt090HLTTxfkmdZ6urvYyz188Bfdhd9EDP +WUB08N5k1tn8IzIi01ScSszJ8gbmFuNjyYLF8eik9X25hJ3pv7D5Xp0xsrn2+P+G +7LScmmCwZu4g7/7ZFpklDxLo0j1cI3R+3PEtk/XmR0UlZRGUBAhI7lU7tKnPPf8L ++e3CMBthlcN1pqeGupHpY8SNYyUK0BomZEPLL7L70AVDt6woJJQfNiqj9Sg1+Oce +6XSS0gc1B1jARQKCAQEAjV+7LHGWFeepYoxEfaZR6YqeSFqAlZOMC5jkDAK1/qO4 +GPUT02gEE7o0OkIFKTbvQSXvRr1m6p9XObpz9n4ty07R6ehJHG2kaWh2ZYzfT4XQ +Ub93zfeoSzYMsVHEbQlsXmxazZ55hfiu0Bx7jm3KwXn5DOJZWnW15/5Jh+/EkZ/M +buhW1tR2x40QUXaR77iQDmp141y+6PeFJeJu4vsTpfVnw7MjM+fupowAYVKgZ8cn +k4evV4rqCKkjnVkNISLuvxvxUhvTApfmkviSCZ4VqRuEcDWrmMfzfkxDmDywBf0g +QQvilSQnPF8u2W9ftECfFeN9F0RNi9ygK83GnGzYQQKCAQARUYcLzQ99RgmBTVri +v4z1UktsCF3yRzJFt1mTQUsXA0HMgT1yXPiG5PBXAEtr0zXporsX4SsPClgGXcSd +i7qbu2TWIuOLk9KTe4kLmAnl/uy23b0UMpOm7vgtuHzq/2Wjb/uLO/7jaqmx+hK3 +UuNbfwLE9PdQTWsLbf8PQiDCZzsA31tWgUhh7tgaayT9dDJGIuI2V/XtnWdO6ohW +5ny2pz83GGTHPCazEkrKvXTMQPaH6L75y6+vj+osnUtRCu5aaL17QdEe2Slet95i +tcoD9U4j0+/5Lh5VDaAypk6GjddAJ7zWRtEkQjXgX9uQIiEbBPAbWOdNSk4EHC1f +tEZ9AoIBAQDAYGXYvrlE5xyFS+kd9mry43N8DNL7DbybB0a50blciYRt64h4pDoy +2eYXGonpVN2Yu7TBDqd/cJQ+QJZRkxm8wxpRqZlnHxISKJniXXkEkXEZOidXU3/u ++wOcXkKPu64XPD33aHPKgsa/pV0v/7MtQUsCzYN3NgK1MHxsVnuL27FCaG169RwP +ErAT+5KlpdYKy1VcgFNtArC39D6EYdJAv4Bm1M6wrO7B15rEOVrR7w/U3SuZ31gy ++HYQmO9qxP8ZiU7KTm4ydp++s5mFORFU4hcY1x4D4H3z9opj54/yIdKzyHHrmhLz +LXAxK3TCK7jlNFaxoV8xM65RL3ZxNltf +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter31.req b/test_key/long_chains/ShorterMAXUINT16_inter31.req new file mode 100644 index 0000000..929d03e --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter31.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzMSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtqzj +t42bOBo5QUTOuksM/9ZOhKVHcM+oT/jZrpm2rEcQhDXVCVvChkw2GjedZGZZSpAz +qKNT8535yFP5eM4H+dsD7tLTrZXrRQbOO2YjrXIBeegAfUVPpswk8YwXo2+8PA7o +lH/dF8z7YtlcGLbE1kCtF4nW4LboUkMqo3OMHJXUeFu8BJKtMDbYxrknfEUsFLu1 +fY6R/g2vM52jXF+qYMrsIrxZuoDonSrK/l0vdsPMkZQchouNC1VA8kPGRAOrIEd/ +5/ILwEdpTKmyikTM9v64D72PF6FBhZyorhKoqCFOYuvdtGBNsU5sN2rTw3u8MoNn +/Slvbc3wNcT25tJpMbwDWcXxF7opzexkvKRa4BRoBrgAKep7LI57eN58irdK9bOH +XRnTa1DULQl7E7qLCLF+S9+hl28wPYoW7rydevQu99/Kp1HzLPcIdLCy0gq0sKXC +B3llj6iMrqHdhVzw/v6IESUXX1G0YNmzwwvYR6IppmayUbLYobpxI7Zffa/6x0qU +c5an+3LKkbunDEG/mfqLRtEGTpTbawiKyuUsNQ0kq4PPU+bdw9xWe4VrMbbaT40X +r0FdkPXgF9TKPJ8noI7kh13Wj4cN02aJ5wV5/JSrRn1EaGXExLTUhUrmQACa5uRt +lXqm/ukgq1tZF8PtQ4aeopsCdt8QUVc0zm+y8ZUCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBPOjiRmUUF8OaoebfQrjpD5AzWb020TQP5/hFcQ6WYfcfaR6l3TjmU +5dlQ31O4K95jQTiw1QsJSj3zDj50De1ndGms0N/nxtmVS16MiGOn/gYzLve5gb+t +cvRoMNLx2fuDnxSAno3BVIExV2oaae/LAdDO2XYfarIGjyrR7yAimGJSQKTvCRDq +SA/CDToW7bgaBUoyBYN+mmMfl88GUOKh3piMp2AtbeRGo2vWNahJSrZNhiuVu2V5 +VYGwes5Xbzw5HM868xkssr6GbLLE8f65HUrW31E2FmNz9VeKwcXQ7wmMP2P6k5Hq +N6+sBInEESxS5vyTQ0NcEzU9u5Q7bK66+s598DtbrPCKcI1s4Bte+eFTkoQ6US4y +x2H7/W55fWGElIQdUQpk9wn25i7q2oxqle1ffSIEIgOYk84+U/OGcdGKIaLOc10u +zsSg9rj54LoqOEoEOYs3rgR6jgHHse9UlqZl2kqoVcGyTs9ArgkEgqkTbAU42QoQ +C6kQG5dmaa2TBLZw5dxgYpqV6hNiI5A/bxrlxdclmy1A4P4qY0uub0xadiIKhb+l +NY+mMVPv2Yln2qc3dOR0PZq4i1pZg+op0VPbaIq3tS2NbAMC9YSs/QzaGi1sLktI +RtExH54iHALrnJ4D+29ML/nywCjp136jdR4CxM6jR6ULR5anb6tRvA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter32.cert b/test_key/long_chains/ShorterMAXUINT16_inter32.cert new file mode 100644 index 0000000..fdf20c2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter32.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMxIGNlcnQwHhcNMjMwNDA1MDgxODEx +WhcNMzMwNDAyMDgxODExWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTMyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCZHfAwMR4r7M7H5lBDgCEXnni46nfSkZM/el6v/14/I0E8VMWbJpReruZSKIE9 +KGDIeiBfj/3RwiM1qYEfZlyvoocZeexMPzPSaiNP2vQ+wy48hvlFTTwsByTgPdn7 +TZH8XXy7kezSNt3QXZ5Rh0sNiLyUWW492HbUwv6Ywl3VWKoMQK5APEFObxq/MEym +TsNbLrTd/Cgwwhnt6Owd8ddHE3UxAD5szUhmxytWzyNcyajxqYkPMqvS82+V6Nqn +xFDbt9LJg0UyWy8GhBInJzDO6JMc/2QvLr9o+w8jfJvZWLvR2hJbGGC2EsMURMrw +98HdnN4WvnqvY+bR4T/qLuJGzkkchagUSFlBpI8AW//XZu6FTPwOdEssktxxKkd6 +IgeTKTDWTcvgWypPgzkOQew/9eGS8rBeWqh8/Ok/wR1YBVXMKv2Bxd2Xyzftq4Wo +AHHy8lCtfwgLzELAmvS0+6fj8Rid0B0eje7wI8HqMq92XpddZ4hcInhCFd7GZZK/ +JhG8t2PgjHgya3xr9LACDSG9JvtXDAxu2XPBxUiTN7D0bMujeAAJBdzf9ocx+7ZC +jGP9MisFEz1I3fm0VUJrbKtxaxDKZft5fr/416OS9edqwa2NMxjPRii5s0huizlM +QZ8cA1bM3z/hbg0T+FvvZXn3u9k6Cqrhh1H5TPUCRODRiQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUrhoJTwtbKdCxinGWD7aK +D6/LnSswIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQB12lsBa5gXGWKA5RhGZSgGqkH6uPCYNgyY2QpjJe+YltiJ6O8W +/LG6dXG/liW7che0d2gRh5jtWr6gRyqIYzndIyVSrz0T05qwhKY8P2uuMGIax0WX +w7MF4G099+J7KQhchD3xHD+1+6QyIDxwBcs4MD/ljazrNIAnWMiuowPu1Ug9VuO3 +bIDuBdm8OY2ZvjSBjDTIzOupysLIrMjHSUCWU13/EYRJayL5lhdXC72AgraGxOs/ +ziTYVWbzNhbnqAMSW0Gc6KZy43Z//z9frDS+SWQkp3VpTAk4Up3E2jVfw+ohkqLX +07pTnZoZ3x3//hP6VQYPo9L7D33r+lWb0N2BTBBnJwIDXOdKg1l5SoKVbLlyvohL +al24FM58dlk1XLd8hsODQ4HDF+ZE1+bAPooTeONJjgvxEVwBc9ZJRj474uqZ1Yft +jXcF6Ey2ja00g3dUgoZcFyYVc6y9HJgqi9H1mytUpa1QqAwGp9VokbxgEuZ1siyH +ru2fllBTaopJ80GVf2EduKpZfeZkwWv4wCR5i0RegSFtJyG5EoLvN0LtEMVmjpfT +xuRH3LSfY8DHXbPFKnRJE0LO9r6sztH3wHWp+fYTAgtlOscfeD0AiAscZmTRwmdx +R1VdNsizkjs2UOMKVMbw9k+9eN8b73uUH2asiyORcaEqz1aIe7KvCVRUqw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter32.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter32.cert.der new file mode 100644 index 0000000..273daf1 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter32.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter32.key b/test_key/long_chains/ShorterMAXUINT16_inter32.key new file mode 100644 index 0000000..01a5155 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter32.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCZHfAwMR4r7M7H +5lBDgCEXnni46nfSkZM/el6v/14/I0E8VMWbJpReruZSKIE9KGDIeiBfj/3RwiM1 +qYEfZlyvoocZeexMPzPSaiNP2vQ+wy48hvlFTTwsByTgPdn7TZH8XXy7kezSNt3Q +XZ5Rh0sNiLyUWW492HbUwv6Ywl3VWKoMQK5APEFObxq/MEymTsNbLrTd/Cgwwhnt +6Owd8ddHE3UxAD5szUhmxytWzyNcyajxqYkPMqvS82+V6NqnxFDbt9LJg0UyWy8G +hBInJzDO6JMc/2QvLr9o+w8jfJvZWLvR2hJbGGC2EsMURMrw98HdnN4WvnqvY+bR +4T/qLuJGzkkchagUSFlBpI8AW//XZu6FTPwOdEssktxxKkd6IgeTKTDWTcvgWypP +gzkOQew/9eGS8rBeWqh8/Ok/wR1YBVXMKv2Bxd2Xyzftq4WoAHHy8lCtfwgLzELA +mvS0+6fj8Rid0B0eje7wI8HqMq92XpddZ4hcInhCFd7GZZK/JhG8t2PgjHgya3xr +9LACDSG9JvtXDAxu2XPBxUiTN7D0bMujeAAJBdzf9ocx+7ZCjGP9MisFEz1I3fm0 +VUJrbKtxaxDKZft5fr/416OS9edqwa2NMxjPRii5s0huizlMQZ8cA1bM3z/hbg0T ++FvvZXn3u9k6Cqrhh1H5TPUCRODRiQIDAQABAoICAA+YWAVgi1Un+murzpMBct1n ++53B69BbmWbGvOwqE1xU5+kQLUw/Iq9+GuFVVMx411qz7aYuEUkS/+kQSaF8GIaf +BCmZHHMroMiWnOAeSfA2ivgJO0xOsIk/dQcN5azN2seccf7cvwUuJ2t4jY56PC+1 +tJdbgHn2GSxUa//9E/eN30v+LoFGYdRuRoggkD4EGauo1y0g6KsGqgNsTNhD8IxB +tBb4kmMciXpGYOinkk96DqYGgXo1zABhYQUgwVyDB0VJtMNnhl25odGFFCA+wp7g +W1OBw592oHI91+3iXDFH82FNV79FfVwuDwZ6dz0RzwIWXxxr7Cz+/Nx1l7/vZIZv +WMwusj1KMwcqk53MMBH6irbbySucyeYYFkseW8ao0SWA9JxAX2HSOsAcuctrsLkD +GTqAsJKd7+4pybpc2HwoNlGzP2hiYYhUAYnNny+CJFTm6YfLUmuKhdvVNJAfuQ6m +E+RIa0389tGveoGWHlerJk2EsWpMCHgDkoOH1JzYTcsf29p7tp1BSnsdosOmJrTt +P2yEwpPPhqt6v/imC0uzUf7IdgdRsPAurZTOBBi8ck8BuVT+dBYruPk2kT4eyAkv +simj250wTkQi1UQW+cNVcQCuqyM2bO1eyPczLH7yHt8XC/TB8Nw7CHpBnzOXPF+o +hYJrxfFK9D98Dpr9568NAoIBAQDIochEux1ZgVCV+/7XRums3TBYvxHqoK5Vw47V +mzAHd5FDWs9VpGHDsZYpwwR4r+rMq0nMx27gCNQkq6Uo/fA/svg6/iieki4Nng3Z +6CzA8L0Cwz4mSV+lKH7XbwdbZJwMXdLNTk62jOXe1QbVnnF07zl/+8GQMbRS5HvT +EXOYXQ9zrGTpLPKqJNOyYO9kPvqzWQFZF25d1am1bKT7JkstTOFSaOQxVbp01y4e +ied9iCtdGJxgL3828+pHatw3yp09B27mwj2cSDQNtUEhrqEEVBqvcA7Uoj10ekxK +RaYJYHk/7SFFyzducuKQU30pDIQaj9tOIX8yRSXdlY4uxQLrAoIBAQDDX1JuoAfn +92BU1/LWTWIQQa2ueYdzU1LJTCclz5Ka0bsE72iJoz/JMTkBVOV8hqudBqry7+dd +/faiKxzHCHiBUBFHb55s6CF29jHsp18L9zfh4e+QMZSbVRNHUrIaLVRGqPvcDLwe +OgOVpioZYLkSY0XO0JBkEgJ3IqwMzeWKTmnuf9ItPhhysTU6whRtWYhtQRU44PXR +KZ5a0fGcYrVEVtR2LOD1MaokihrQXhHI5x2603vsCrvkMEkrn8TmBTnmV9nnkd0e +qcNKDLxcm36P0AbzCly+ry9IphhG3qC2MykTTGB4wY2pDYt91ncg2pE96PSHXePt +hGQMiUFdiFhbAoIBAQCcT0cLHUjBeflB0QF70Viu/+jxy3L2/Fa2pNQ8YVqrBqGa ++z37eEVexJW8VZ6/NDdXW7/0lhAw5U/6fewAIs+xoQq6U1dsK3FL1K7v7W4op6Zq +Z5idFZ85unIQAAWYU6ssC1D3+SFkIiPZVtirR3UXaGXA63CjmcXmqvI5wCfyNdab +BV3dONKacnSoTdNUo6iIYDino5St8I/2s/1ZWj1JvtLxdJ0MPsE01Iyu6Dv9VkCK +mGkEmxyewKvvFjcaFHYqnQbvK7f6cVp0r5ld14LFL41Wz5QOX5RHkhyr5NV2Cr6M +an/4s1mtaD5RuWoSuBiX5So0Fe7WSH82wpTypTUfAoIBAAKNRC5duLy25nM1Pt69 +tAIyWWpl+/btp68pZ3l+9JNBGgg+eEcT8slV80CpMzYlLCio5aK2r3by0j3cAkw3 +OBu4SAF+27rgbU94d753kS4+1GQG53Iis6YzvkS4N8tPvEIQAvok0HA0ocdanEIo +mUI8ObUx1DD6az3THhwstErSK2AKG1yr6vXUirVxw4KKINYMe5J6nbtVp9PX2igI +wgVafPvuKiIJvAcuJpuCHwlYu3KtQHkcysd4Ofxv4cp/VvpDO31i0liMLxjQgcVT +4ptOREj4Ya277Aou4TJLxh2bHXY7ESeCn68NljzWiEfNkwgT+t2pxEhd6lCfmlL2 +bPECggEBALrKMxBgoV6X/bHrN68mGFF6Z2s7z9iMGlsBJdpQCNi10u7olGWGUVzC +ZQ9QkhF5Csq3bhdpSK0aOkruRyUsCKIzYFlvKUZDh5Fbo1VaHAosQSFvJRKo3waN +astCi2I/toRBmGjXKyPsa9HrAHNPYEzQklnhXLPTZ4iwXKnX+x2edxCfcenZe+le +aH2S2ylLm6FVt/+58myS0iWgiGvegC2utsPp5aH0ClT2ipIO/ehMesPAfZC0AtMS +EhjJHvjv+Lqu1Nb/jRgKEZg5D9UNXUfGrmYH5p/8wwAKnmrz2dKQKI6V8Wf2ftIj +HqOp4E3gIMFiU/b8PnpI1fmnCB7rOdE= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter32.req b/test_key/long_chains/ShorterMAXUINT16_inter32.req new file mode 100644 index 0000000..15c2bdf --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter32.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzMiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmR3w +MDEeK+zOx+ZQQ4AhF554uOp30pGTP3per/9ePyNBPFTFmyaUXq7mUiiBPShgyHog +X4/90cIjNamBH2Zcr6KHGXnsTD8z0mojT9r0PsMuPIb5RU08LAck4D3Z+02R/F18 +u5Hs0jbd0F2eUYdLDYi8lFluPdh21ML+mMJd1ViqDECuQDxBTm8avzBMpk7DWy60 +3fwoMMIZ7ejsHfHXRxN1MQA+bM1IZscrVs8jXMmo8amJDzKr0vNvlejap8RQ27fS +yYNFMlsvBoQSJycwzuiTHP9kLy6/aPsPI3yb2Vi70doSWxhgthLDFETK8PfB3Zze +Fr56r2Pm0eE/6i7iRs5JHIWoFEhZQaSPAFv/12buhUz8DnRLLJLccSpHeiIHkykw +1k3L4FsqT4M5DkHsP/XhkvKwXlqofPzpP8EdWAVVzCr9gcXdl8s37auFqABx8vJQ +rX8IC8xCwJr0tPun4/EYndAdHo3u8CPB6jKvdl6XXWeIXCJ4QhXexmWSvyYRvLdj +4Ix4Mmt8a/SwAg0hvSb7VwwMbtlzwcVIkzew9GzLo3gACQXc3/aHMfu2Qoxj/TIr +BRM9SN35tFVCa2yrcWsQymX7eX6/+NejkvXnasGtjTMYz0YoubNIbos5TEGfHANW +zN8/4W4NE/hb72V597vZOgqq4YdR+Uz1AkTg0YkCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBnn6xTdefSRocfpvDHri94gLQJquDrh31bRRSMhkpaA2xWKHzk26F1 +G/kseu/eLyspg2m88pYie9pwUIqRchGA/B2Aum8tE93pBDl6Lx/MJOrgT12HsMw/ +reIzVMNo6QHOKKfsRZSIJxkWd1nqMoTs6KimypwRUqRMv6hkmxaDCxmY1G9Scg+r +MVh2zNxBkg3Pw3vEoJPUpiBz+6WHV3nDImYg7U/txOYn0ouQwzUaPGcI5m2Jhpmy +TXRe5twBgIOZMaH1rDdd/Nm0J4uf6hYXwHT8MEzRear/G2CqHytENvsAfxpnzrLE +fFh+YjXUaey7R4wphKan1TBk/nFvOwIfayaEFFy2VA/VeZ1OMZR6y5f6A7CrFJ2J +eh5xsjhUXQbKB7ntMnYr3gw4Xab5OmVCmkXJb5VG37xcCzQ7i5xyEbiU7vusj8jQ +YTzoKWvN3oWsO/V0jKR9aGBbdfuGEdxSTIKUr8fcgvc0i1EyfXMhVpO6M+jiB70F +lFCQIcEhsDklsABF3RD7dGK1bNAGFc073z+Z3floUI5rGrIZUL7pN1zAuM4TC/ey +mBVyZhe+Uy7VV928+y3pUHsTblH9as7S5D7NdeyjfkEVzKLs6S+vIRHNBxfmYBql +31fki+2+s7iQeLsrsrA9JskSTuWgVn4nmSObhrK8C64s6AkjW9QRkA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter33.cert b/test_key/long_chains/ShorterMAXUINT16_inter33.cert new file mode 100644 index 0000000..75d7477 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter33.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMyIGNlcnQwHhcNMjMwNDA1MDgxODEy +WhcNMzMwNDAyMDgxODEyWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTMzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDI+l4GafJuJGJkr+3LPn5pV14+hzG0OuXcKj7xlf5qKWa6F5crWVpfkkuSkbMa +58he3D9hIZw9e9hyYH/gr08t/V6m0/+P7ViNYDAfOBB6doPV0p4GeWYQu9lZuXi8 +9jtL4K/q8yM18Bbt/kELtMoOLNXSMOLiTH9YPACMMP4Zffz3vy3mqkJdEFWze70g +w/dG0pKfljx4WXisG+gC/Z0+HGZelMwIYTE6NSSNviq9hdKZODLG5LlzAaYTTyIa +NAxAtoU34of2pJkgFQNeyQ7NmtcIUnA/dsHYqRaEj3IZGAVtKVzVKhmbb1eWB9kN +nhskYxbUdl06eFvT41abR/BoNK+Vo6vmfsnNih1S6GABtKAzNtCVXZvcbwsdCRlg +voiy3p22aZuFsC2LmnbynJeTUUVXSoXkHO+jTAP3FXVKOimdPBzOOUag6zGnQZyY +8Dlqac9KbHNTnuY5UioduJzzcoQd6v7hPbEKQImdmbKpE98scjFF4Qgq9YpfUPoZ +fsN4UIxfgH4rDdIFeNoGzruu2jp5Ykd0hRvBbFE+F58mzGY3WkmisCkd6m/IwL1c +1S1BN9sMYZuUVJ9eRWrl8KHlPIPKCBrcC5/6Pa8nLtp6+SreCxcJRu/3JhOKISG2 +bzqVkH+6xPXz6aM4pmEPgl/wXO0CLcbSfyQM6WDXW7hygQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU6amavUq9htLJgwA1vy0i +AvKjsfcwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQB+B7tQfwOmUfyPEQf3zC67937ro65xwenyVf2j7G4UYu640/XS +lEhJHedBZAWX4babkoULwFTsVQGhdt8UVAlZLkEhH0aELiTtdcggIULO8ExtJ26Q +6plpcV/RGe+nZIMx3AHlI7L1P6mAm2pA/WHYG9VcK2CBjqiY/aGw2teRpGxrWMZR +sP/h8BXD1GTaadzuJvdKz4cr3AQH3wro/QjTDGFQ1BxB8CBKzI2dcH+Su3vb4TIa +0Rn6HtEn8lydei4Ijee3IZb9vgEsGEa3QbvBqYlJerIws4AOuanvQ3YatCfNjU/Y +Xa/D5xvyufdJo88w/m6L/6ybZZrJEHjr2hLcKl/JejLfKM8W7G3wwXOT52gEOMwi +gggDfRdOabB8cjWk4ReYb4+QPTsUoPlNRrIlkStadG1o0IdmS0taf7+Ya6nW0BPL +4ctqnLDtN4YIjjp4jGOIZn8DfBJOThfsiZoqD1b8f5tA7Z+YF/gW6MiEqVS+r51X +tFVcxjD/1aME8TKDVu8n8JQ2ubXALcj/QFTpl126HlE+cGH7qgQUigRBFN9PP/Ad +4YoTyS8T+32YJv49SJpn2XHWPa7q+CparJWBkSqMZwpKxZrE8hbYImmveE24CXr2 +zzb2lv1LVbcbX4bByHNzk/L+/z92dntW72bbBVuYmnyrbdZdAfD7rU1zjQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter33.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter33.cert.der new file mode 100644 index 0000000..aea2b46 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter33.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter33.key b/test_key/long_chains/ShorterMAXUINT16_inter33.key new file mode 100644 index 0000000..ef4b3ca --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter33.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDI+l4GafJuJGJk +r+3LPn5pV14+hzG0OuXcKj7xlf5qKWa6F5crWVpfkkuSkbMa58he3D9hIZw9e9hy +YH/gr08t/V6m0/+P7ViNYDAfOBB6doPV0p4GeWYQu9lZuXi89jtL4K/q8yM18Bbt +/kELtMoOLNXSMOLiTH9YPACMMP4Zffz3vy3mqkJdEFWze70gw/dG0pKfljx4WXis +G+gC/Z0+HGZelMwIYTE6NSSNviq9hdKZODLG5LlzAaYTTyIaNAxAtoU34of2pJkg +FQNeyQ7NmtcIUnA/dsHYqRaEj3IZGAVtKVzVKhmbb1eWB9kNnhskYxbUdl06eFvT +41abR/BoNK+Vo6vmfsnNih1S6GABtKAzNtCVXZvcbwsdCRlgvoiy3p22aZuFsC2L +mnbynJeTUUVXSoXkHO+jTAP3FXVKOimdPBzOOUag6zGnQZyY8Dlqac9KbHNTnuY5 +UioduJzzcoQd6v7hPbEKQImdmbKpE98scjFF4Qgq9YpfUPoZfsN4UIxfgH4rDdIF +eNoGzruu2jp5Ykd0hRvBbFE+F58mzGY3WkmisCkd6m/IwL1c1S1BN9sMYZuUVJ9e +RWrl8KHlPIPKCBrcC5/6Pa8nLtp6+SreCxcJRu/3JhOKISG2bzqVkH+6xPXz6aM4 +pmEPgl/wXO0CLcbSfyQM6WDXW7hygQIDAQABAoICAQCSdNC7/8zosp75HLM+3uWj +wkUtb7uqyRjkXezMhC+IEW+IwNQqhMy0xJlJz98jBjEf34RYNfPzYiKTBvtpMpeS +vgaRr/+WVLGpJKUsuuBXPbJIyVjbAvB71UhIeD4iBZWkb7IClvfbwIAVIqkn7LEp +r0aKC5HqszBBjkgf4TvqO8NyjuDWLNB7nQG2778c93FlLOIoZYTfduPXF+b09vf1 +YSDAX9JncNw8vKlMmX3v6mtTuH5YLiluQ49QluQVEES1i8x8sxm9hKkJlgaEtiOR +dPqqV9jwhowwZNfB9f6Bht29dNzvgeRzPqom7MUhhUvmMkdawH6jsz3HpO1h7wSi +v7SYV9BGn2XPvKnXxl9Cw3P62A9VmVvc/VRiuvODMYJ6fRmyPE5MkqthksSXk909 +LmEzRSq64goE5NofffH1/yzu0ROKR6mJmpd8G2iU/ueSS2Xt0HAj6hZVcDbNXzJd +AADHf8yE71bDxN7xyo35A1uwnz0Olx+u4DlYSTKApS0SfWCXBsrJIQqZT0X+Ea26 +6vULZpExp3cE1Vd01yknQwtcP6714mBuCW/mofkYYccHYGkuT5jNmCpmB4FNQPBg +Q7kpfFm9P0kQWdtXwkrTblXFXuOg1r8lISuDnVKsuSEeQHn3SKzcrh5MLbxx+SwN +WSF/YajinnlTmPl/WJ3ImQKCAQEA9owjbWv5A7i3pCixjOWCvhN1YTwf9mu2/vzI +ARN5NW/7h162/Rc5NkTJnM6iqo2cUSCgdJDEfFMAZyu+guo6pHt7GElH6gRQUBE6 +QtgVbSc7ji5Ari73EmgEe/iz65RNi5vDHno1mHPo3v1mKMd0MSiqTMwobM1Ml4bN +OrUHXxHblC5eXM9xNwKZHGKZ1C5v0IETxB1QOSnqhvKeTQEHdswY1hjHifgkJGkM +ATnd2wvvL0VCgtXDypq+FvcRppZ2/SJyQeTjy3isDjqKeiy6m3y8kKL3HOwJSV/t +ANx/bPrv+E6CcY5eaK+a65dfnCv86OpS5FDrc7q0S6/WeocOCwKCAQEA0K73HUye +X9K00dMHe1L+p1oS5ykzHPivpI8F+DgsUG24gvmS7iNbeCP6S5Xhq3MIcflUT3dT +je55J0wAvRNB1lpyjlWtd0fMDehUyzKBkEaiEXpfZljAHGKXpYfIFvGecDsA3BWq +DICZxBP4Lkpw51yofTXItK5y3EKKmdzFEKS3jn+JZG0KX8IVt5BuEDKsp1RlKK8O +WQqy/YhWZ6Tfyqh/3ZhbLfZPSF5/KIOJd80zEzpQxom1N7GXu+p4qy/ipxA5M445 +jkNU0Qowi+Ic5qRCMcW17olyFDtCQLWviDns4PPd3Gdk/LpP815SGFJ4V0DEAP9v +5eDp90HT8BP1IwKCAQEAlViQgVD9d76mJ1+rJdFFYISC/xKfvfLD2DQhp103eCJM +eFTsfeVad8A1bLJTIQNFJHOiHtou26yfut9puP3P5iESkMSbNmvEhqvY4fLpD8TL +M7Za4eh7LAAsbzhZLKQaUS5ahJS88IuODb3r61nezYR3nKuy9S1rbwJuQVi1jWZQ +37My3/+c8hi1zNcBneE/REtcQNkM5oO4mGRRdg3giprZlJ9QCAhzREcJyZhXBsB0 +8+p9fqmkv477BQhG/eV5UJ9UHQxc3L1NZBUcGyQLKfLmeqrtC+0DNxpPg80Nt2NO +h9hu9gCqubleG8YHWZ/fxOtkqP9HkUQQwSRTxMcYvwKCAQBcayBFeYkqJsatpifK +FhdxRhLZDQX17qza0/xw0W/OrsjoOF85167KpiRTFS28IFW9JA6SouX+FX7SSHaL +RdwCckwJfSg1izZzclEbLGL04lMkKm3VhbiO2ZsPU/LpNlhUm8zlqzKEFvACRlXD +KnSWAhMcYJVib1+u7Ek1mvArTsd79D+EmkXd4rZ7dRtJUSflcxrZya0xAewDHD4n +6Hyz46u9F5xJ3qt+AVuPNbHLvLTB7zGWu6Xl5GCueEi4h5x5IFY03ufeeTM24Kxf +RuRFwLkQEd9gpL5A931/6vax/fVKKrY2xhOTWW/O+BajbuKcwbIMPxPvWoxDVIPn +7u7BAoIBACxpYrg1HM1eF9N9PlxP9SENUsKi7vfQDBb7W2xhxqx7GAAU5KZjwiAd +q5Aq3KEBU62q/v/w8LTCqDJOMTAJJ0ikOAEWh+FARgb6lBPkLJbpAj/+doUvanRS +jiG2DU6C/P1l8TaaSB+kft+4n1mlZpOFPnMynNTqCCu7muvBztb5P7h4/F5AiOud +79C56C7qUkBiUcbWt5wxZ22L1HME2xN2R3Rf4rjpPL+F2KxewcEotIK6/0+8F2FD +3HPtXIpdaWI+/T76swO6k4xfnDax22TfCBlx7I0c80zCQwTFGuPgh3IJUmCtkH55 +JneCyiktL49iHk0eH3P3fkf2x9mAxMc= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter33.req b/test_key/long_chains/ShorterMAXUINT16_inter33.req new file mode 100644 index 0000000..3663520 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter33.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzMyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyPpe +BmnybiRiZK/tyz5+aVdePocxtDrl3Co+8ZX+ailmuheXK1laX5JLkpGzGufIXtw/ +YSGcPXvYcmB/4K9PLf1eptP/j+1YjWAwHzgQenaD1dKeBnlmELvZWbl4vPY7S+Cv +6vMjNfAW7f5BC7TKDizV0jDi4kx/WDwAjDD+GX38978t5qpCXRBVs3u9IMP3RtKS +n5Y8eFl4rBvoAv2dPhxmXpTMCGExOjUkjb4qvYXSmTgyxuS5cwGmE08iGjQMQLaF +N+KH9qSZIBUDXskOzZrXCFJwP3bB2KkWhI9yGRgFbSlc1SoZm29XlgfZDZ4bJGMW +1HZdOnhb0+NWm0fwaDSvlaOr5n7JzYodUuhgAbSgMzbQlV2b3G8LHQkZYL6Ist6d +tmmbhbAti5p28pyXk1FFV0qF5Bzvo0wD9xV1SjopnTwczjlGoOsxp0GcmPA5amnP +SmxzU57mOVIqHbic83KEHer+4T2xCkCJnZmyqRPfLHIxReEIKvWKX1D6GX7DeFCM +X4B+Kw3SBXjaBs67rto6eWJHdIUbwWxRPhefJsxmN1pJorApHepvyMC9XNUtQTfb +DGGblFSfXkVq5fCh5TyDygga3Auf+j2vJy7aevkq3gsXCUbv9yYTiiEhtm86lZB/ +usT18+mjOKZhD4Jf8FztAi3G0n8kDOlg11u4coECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBznM9hmKqm9hVB9e92fh+zcT+U7JFzGkFew6IReYXY3/usEqC4XBp3 +HVe+n3Cmt503b1g4uWfxl65Miy1P59DqEhKpqGJR3Naua6NBiN1uRKH+N6dIwg67 +NDrnqFLkVD5dVOILe9oWayChBfcBEuQ8qXt/uyry/e+pvkA/FGq42vA7lkTo/GR5 +LjAiRGBNuqr5e3WgZfsFLC9kekvJtZk3x+rtZnsvhNNzGpA7aVI7gI1HJapGWDpp +spKpHbNr+2kYoG5F6XZpOKIMSy311HXTedjDrGAJx+8uOLF2fKbNzPvIQ4kTLTnu +9DAE/DBkG78xq0EwRn6w6XZkFsvvGiRBcW8TKX6dJHtts0CpfJ4Syc6y1WQEuTrN +2YiyEZZaCK+EwatDNw3WLvSTYVCEWGJ4OzMiAyn9B5gm7OcGBFtXj/MUcYYwfIWT +4uzmysiqhD5KH+4k/+vFjmEZ24VIASNq6xyCAbJ/6f+IRXGcaTCV9ZbWds9pj56P +wx/16SrHPMWKqnZQTEk4Xv2Z1IQlbhs/20mUW7iOchZfJIpyH3plVVdSLJgCnvGP +C7No6KamJHv0kkc93k8wX+eW3keThOSkWxDYOBLIi5horNfX6UItQ6AAMTmZt474 +DINtgwywaAS6PHtpA1iTBK9yXwU5i2+pbN4KG+OS48NYu+20os3SFQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter34.cert b/test_key/long_chains/ShorterMAXUINT16_inter34.cert new file mode 100644 index 0000000..ce65218 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter34.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTMzIGNlcnQwHhcNMjMwNDA1MDgxODEz +WhcNMzMwNDAyMDgxODEzWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDEN57HmpP8JDgVl+PQcJBwD41jPVogD4YGvhwAuQybq6V3OGlXEy8p6hAtpRLu +ygG72qYDaQhCtVGLeYLCU9OGjWyg0B9VzsOdEpCbeZx2w9OwwKILt6qXvQqqD8Td +ZfIhCDIN/YcFzvFjMyRcDCpL9FTHvr9OduJX5L6nbPhKU+WNWLU+DdCsG+6hGl3F +sVLKZA5Tp4UQOzgxtXQQMV8I4jDlCYRqkV7J/W7pgawPpUwEiEnbIsq80Qnd7e/U +mpychXsFmSjjlHSrt18GsA7+Sda7tyZ6WCSV6w0Z8mrNPBuNrBkg3t5GEZSRAFGo +J3RBDFiotg5qm9YRUGyTBJCCh227DNLToyXnjB1ounH1bipxPSreWGdThDvegRQS +n9eia0Tmnhx8ZepBDz63CuoypTE8cQ/sRVUq9NedrHK2Zf+TYDvx7iFKFzXwY2E+ +9oqB01e3VCvI1AC4ykOZa8fVfnCwrgTl59vZ08GKcn7WyCTtXRTWq0qTP3AlmIY7 +R9kSbLYSX1A70E76DCjP0f6NJi23ch0EvTif+7YswbHoZeSizCOHLXjkDKSXjwjk +hnziUprMtqSzDHEZHns4e7KKgB5OEZzz9q35RgiB01TC0GL1+/wY6vMLE0b1RuVn +faeG/sRndaK15sH0cHOEly4FBpHFhC8GFoeSWn0ru76LXQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUwLmma7SFcfG3fQqBVPUr +yus/6D8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBcL6j4Te6zoFNHOwQqv8lmVThxaXEWK6xQ9Z5RA+ltU6lQX+7S +jJA9vWPrpP9ItUaDij55Ox6W9yCne1E4mruECtOdFnwMlkAtb8NtusPaYiqxKRZd +PiBav6t81cwiOb45NbqYK7RN3VF9xGDW+k55ejlosB06K77iP3Lp2XmHPueXLG4R +jIUP0SjOaXwxdog2t/pcmOfIcp73KWfp6GVRla5quc7ieSY8bhmzt0SvBW9iK97n +dxOGFp+fo51b5PxupWV3nQrOcNihZE29UI+sxqtZQz3J+gykUR1ck8J3X4h8Zpx2 +sLovGP9YHGFqtOiayAnFT0JZ8GrPOoD/RD7T69D5mIiq6w6UvqSkMt0w98kXYB9w +MiA/nw0HZSCgaR9pnnNJlUpJ3e9q3gQb9WUxEZrAarDK5utpDeuHXurPhzP/2kS/ +QRSl6eLanPBu+QpQQSa7iJBIc5SmG5VkE3xdA+VpE/Tl28fL8YKi4IfE3ISL8tHR +kzLKF0xmUNO5cQAroWcXDoCweRVTPpZCSPV9fUaAOJ33Lc1XBtT7ZIldaglT7jpU +z8QD9sSDrzfJz4Z4UYacHbZCAhIltWlrxyQKrTukfJ6/JsHyuV6ZwsLRS35hg8np +sUlENrRQ9PGgJQBtTk4u+ea6pikJMAYjNsaogENXPufbbYUEJrWtopHgTg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter34.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter34.cert.der new file mode 100644 index 0000000..6712fa4 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter34.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter34.key b/test_key/long_chains/ShorterMAXUINT16_inter34.key new file mode 100644 index 0000000..c10a82c --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter34.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDEN57HmpP8JDgV +l+PQcJBwD41jPVogD4YGvhwAuQybq6V3OGlXEy8p6hAtpRLuygG72qYDaQhCtVGL +eYLCU9OGjWyg0B9VzsOdEpCbeZx2w9OwwKILt6qXvQqqD8TdZfIhCDIN/YcFzvFj +MyRcDCpL9FTHvr9OduJX5L6nbPhKU+WNWLU+DdCsG+6hGl3FsVLKZA5Tp4UQOzgx +tXQQMV8I4jDlCYRqkV7J/W7pgawPpUwEiEnbIsq80Qnd7e/UmpychXsFmSjjlHSr +t18GsA7+Sda7tyZ6WCSV6w0Z8mrNPBuNrBkg3t5GEZSRAFGoJ3RBDFiotg5qm9YR +UGyTBJCCh227DNLToyXnjB1ounH1bipxPSreWGdThDvegRQSn9eia0Tmnhx8ZepB +Dz63CuoypTE8cQ/sRVUq9NedrHK2Zf+TYDvx7iFKFzXwY2E+9oqB01e3VCvI1AC4 +ykOZa8fVfnCwrgTl59vZ08GKcn7WyCTtXRTWq0qTP3AlmIY7R9kSbLYSX1A70E76 +DCjP0f6NJi23ch0EvTif+7YswbHoZeSizCOHLXjkDKSXjwjkhnziUprMtqSzDHEZ +Hns4e7KKgB5OEZzz9q35RgiB01TC0GL1+/wY6vMLE0b1RuVnfaeG/sRndaK15sH0 +cHOEly4FBpHFhC8GFoeSWn0ru76LXQIDAQABAoICAC+rm6W+xkkxu3ZzimNvlYfE +H4OGukijvNoSgdcjHg8L6o1GZUFEZeb2+Ks+OZVN+pHbEw4tDFa4mnEaOkxf9Tnx +Tfzb02ETdK7Kfdtn9j1cYifFBRl3q7hlsxuR7TAkvmiMBy0i9RTSLA7/s8uxIO2H +FLnae7viYiccab1fWgskytZGQPIshQ/rUVROhY2sAQMuv9RPFKLW4FYjUWlFtWMB +IQPkBgml+7NzIOkWGelLLWbEfb0BfOPWnWEPl369eWMFgtffV/HCdX3qdOm5CEt7 +QPImEvESTQEnM+2j2ZK3EbKfpxM3UiUPzFpWC4Cg5TuQdlG2uVXpOl7GfTpSl5DR +yc95hw4hDlLaw26vy09ygG0Y1h/XMRL9AqxsYQXyZ+xxHBMsAxFgu2ljWr14/wI0 +NlzBdzjc4lt68QrbjxPLxoy5wETCbh2zKJ+6o9pOh4/wNIKxFsbx2DC2UlZYtI8d +cVMm3VnKYyQ2Mle57gHqajNmIpr2QqgFGiMandGJkUP9CKVL0fBFmyEQmc66mwo4 +93W1C90EZ7WBreUQVzYduCQKf7W/l1ARJkYEl3O600ufboLahM174mfTmskELby5 +7nLjxAN6XqfeePRnbBZ8Y67F8SPn6mVf/lW3zF8+54skLZkJsC0Qj4SuKitvUFjL +TqY0A+jCnZuKn8APfwv5AoIBAQDmCdZkhIOgI2N4Udh4z4S93LloUjwUDc9SwaJy +GQYPMJUH8LGtG7hnQCOVT4VeteEk4+swwIopY91nhCTwJtHRF8Rk4yjPseg7CNrU +OdKVDBPWme9R3ut2Bdwy8sJe0VNr8Zm7wSFi5Bs+2nTv86YFisbP81Y+V+bAj0qA +xXZb60kTmF26DEBsQvVmU6ncgYCoCLvLORyk6pCGywk7Jog6DDLHCXBflFiUhhZi +oVyImjElVxKUfY7T4Pkpk0BXkGEO18T1RUYEQsqtNgM0M7UGbcwyJCNvr+ak8gEc +zU7X1msadSTBW7eXwOPsyNCZ1h1yIZNO8K2SYMW0VkdLCvAbAoIBAQDaXKM6pJAA +fovHCEjIyhoHe4xFV9XLCiaNKW8KzyZdK/FMbM1c8wti0fSXvdotqOZFWX0+kvB3 +JtaNF7IHeuJhnCK2lGVjuAW130hg85JJmn62aEMUUQtn1XRUo0+33I97ScvbdR4k +/zoz8OzcAhOWUgaleTUqMlb2ZwruECEwcSdvGd+p8Mp82XT5x6c49QMqzJr7BO47 +iXzMrxcTvYhqpLu9I5p/WU+/JeHCKr/wpxD1yr+uEo+lSWqwVoviz5nV8IDHVnAB +wVu6F1w9bdBD7PHPP1AtwnZcMznYk0WljADaO4+ieaDRKlV2qWxaR6noojUwGL32 +XdEt7d4Nm9nnAoIBAHgn+0xVy0sCMRrP5Xp1Kqjhehb7nVX8QKbBbdCbMYcNoUqc +drItII0N+4gqGUf3SLq0Mk0sxP4Jo8RGSeUG4eGNwI/R96dFDkCHx4XDDjO8M0CM +92yUO/lR5krWcqCERkbD08E2h/HXpEOYaCxN4BJVArPsLsgxsd4y+n94pPIuW+VY +WNytOZlTAEuKt9bt7f3XUgA8vLGHtCY0N4YmAlIPvRYp4ACMxBgQUfECyAqyP6l5 +acMWMlyJzpvgxmL2jzvpiH90x7XCDYucAuBpgczx3Q7zwW69OoQ9xEb/Foe3AAq5 +1ZEKD0O9BVDRM+Sm6oqK7x70qDUlRx+DUYnpFLECggEAP7+907gJZmuLaS7s+Nmv +4bFbET+EZgNvn9SR24kAfUD/8Dzvc4xtLYt4Kfi+QohFucdXfjYtx8tp5cUeL3rb +rn2D0OPf+c3WtPMb0Voqwhw9lAk6VCsY9lZl4PPQqS/WH7s6rbYyd8CfgFx8+foN +N9x4nkSVld0ecE9C7J9+4QKX7aKTHqzyoKJnuShllIZLR2p2cIRO/Mi1y5fuV9AE +jIXNXXmQeE9drcNkdmg+owZTOD7Z2PsIPswBPrv1mODc242cOxXsG0cU/W4merSd +kccSDVxBjypvnZlC8QyFz7/g29V5qIhzv7zpOHxb6rtzSjxY5NLEWrGnCQ6hvj1a +zwKCAQEAplxbhVduzkC693PljyvXDzt5JI0BkVI8B+aNQl0SFalilbBgLW0NQ2X3 +vMwmaVI75EUNsg/A3AZhNaDEWlr7l0azwTa86SMu1adBod0AJfbjXZPCYK/Rr6Lv +XPoSB8LEeu2+bnX5+b+4saCxPBHdYxMmz6vyt0KW6XmcgFcAQ91gJHAJByEAHiBo +Z2Ob1xvFTfr+L/AY46IB4h5ZjAb46+2JNGV07omZibq581PEIk+2xQmwb/Vm8Eur +NSky8lJUpnxZEgvoajluPg/Phxv/RSZso1x6iG+JCjatfnM5KFalIgrXEvirx95X +Fb9qt8JYpAfRulyMEmui0ODbdhPRxQ== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter34.req b/test_key/long_chains/ShorterMAXUINT16_inter34.req new file mode 100644 index 0000000..dd4cf9d --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter34.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzNCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxDee +x5qT/CQ4FZfj0HCQcA+NYz1aIA+GBr4cALkMm6uldzhpVxMvKeoQLaUS7soBu9qm +A2kIQrVRi3mCwlPTho1soNAfVc7DnRKQm3mcdsPTsMCiC7eql70Kqg/E3WXyIQgy +Df2HBc7xYzMkXAwqS/RUx76/TnbiV+S+p2z4SlPljVi1Pg3QrBvuoRpdxbFSymQO +U6eFEDs4MbV0EDFfCOIw5QmEapFeyf1u6YGsD6VMBIhJ2yLKvNEJ3e3v1JqcnIV7 +BZko45R0q7dfBrAO/knWu7cmelgklesNGfJqzTwbjawZIN7eRhGUkQBRqCd0QQxY +qLYOapvWEVBskwSQgodtuwzS06Ml54wdaLpx9W4qcT0q3lhnU4Q73oEUEp/XomtE +5p4cfGXqQQ8+twrqMqUxPHEP7EVVKvTXnaxytmX/k2A78e4hShc18GNhPvaKgdNX +t1QryNQAuMpDmWvH1X5wsK4E5efb2dPBinJ+1sgk7V0U1qtKkz9wJZiGO0fZEmy2 +El9QO9BO+gwoz9H+jSYtt3IdBL04n/u2LMGx6GXkoswjhy145Aykl48I5IZ84lKa +zLakswxxGR57OHuyioAeThGc8/at+UYIgdNUwtBi9fv8GOrzCxNG9UblZ32nhv7E +Z3WitebB9HBzhJcuBQaRxYQvBhaHklp9K7u+i10CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQC+TXDkfx04nQOgabtJKZ6NyG9y4j7xi5gMJ6QO9VrdZHJ1xeKEtaSY +0wyUitdLupUIRwTbbfoUH2FUAh6YT9SzHWGRfhgrL440UoosH+Do9rLcHzFT+3Hs +2jjOkvenSINQJbhsevKbDOjkEmG9asARAtxndl7OJWnq+BVyGf9dulYtgDKQrTZ4 +EnQbOABT4s3pbGizy/N1V2AH5z1Hk1u0BvorRny3UO1LXO7GPrvt0yJJk7z3VcHx +YednF29VxS63jpW8SHciTDkycCWLLbkEAvr56NFwQenNGuxLbjsw1+njcih4Oru8 +x8Zv9RZH0xuZhGXVgoCqihIqncNYvC5nxWFWWplrhgDaKHofVX8PGkv7hGEC+GyC +XVFMnu/7otbyZtUX+495qy5MhW9dNBuQTMVGNQow94JxjYzOqzUgMohv0rcnhFVz +DPowUtJ0uceSYK1LXTjgzndbgz2OqbY+k2eEygQE1Ft5dNbvf1jb47Xd/MzfxUhF +7GAlPVWKnXiY2SXY16bI7IMl1vuKqrX6SHIuFbRkBtbBC5d5Fy3oppnKBy2xEbsP +oyL5yn4TQL0ArV2+++qgctYmgJWejZ054MaSFbqjRl5aKZKBWUrWLiLcQNINVcR8 +YsLfw+J31WKCp9+Yig62NbsiaoHuIjdNM9VsVGqQkvtcXBa6GO5zJQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter35.cert b/test_key/long_chains/ShorterMAXUINT16_inter35.cert new file mode 100644 index 0000000..51fe6ad --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter35.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM0IGNlcnQwHhcNMjMwNDA1MDgxODEz +WhcNMzMwNDAyMDgxODEzWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC7zJrZ67szDcUv5NJ/A3dzw2OhPUrvlH6k0aT7MsCJI3jqN2od0GEC7cZKbNbZ +moJkwZa7Od7E7gr7LuHGSit2NiBEWYnOQ0Ti1FXOhcYie1alrIfxiXnMapS//D8z +2SFKd4TZbvgqZBvHeP4k9haVSms7zqn/ULVbn/+xfiDs1hhtU0swTVYyqUqjDhdu +3RY/lSrg7RNALWFrNjHuGWAkKRTTKquG0rRcBaHgnUFKe6An0Yar/F7opjjCK2sm +rmS4NAzVcSyEp7aqpr2L0i9aGAMXuNJSyK32b+T1gz7O1VWTmQntURhTd6qOfsRG +/2pejtBSnHcN+Y6z5UKoUnbjj8Es8862bglozJZpmE0+Glnh03tMpswAnOMtDGAx +47rHnG2ri5K6aX+UKEY+Hov1PVr1KGeDpy+y0KazCrImmB2ILU6QLtcIBBIO0mbj +ogeEB5Hn7/mxbcwzbQLcbE/Ymh3moxwpx1EdSdMBQ8OULyIwqQO++BDhyprDYNwu +Zp52ud8gpBV/jJJTI+S0pmb5Yi/nXIPWML/K7/a7Uti77vxT5rFSFyxRca1DK0RL +yDmMV16Oov2bDuNWfiExLIuOzXy0GWafJvz1nnwmDyCpKHrdp82Yr/+R4knkSB4f +TsYQgCYDJqeqi4eCBmYhyH5W1r1ScHR7eQd4HVRU9MXaNwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU20OfZa1YcnBOILq3+M4l +ryTKT5QwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCxgCYrDILNSwx1O8Oo4yQ5LU5OZ9EzDRBeOEPM1dJgF+3XHYIy +mAbOt1RZ4GK+TQ3YqUs3++92TEYSKuZwP8b3lH4ENXco7ZE3/o/NQujNcdpDZcYk +onBSFZBu83bbUPsKx2zsdRKNRmgXuj9KlCjUz9kCadBNzU16vFmZZ1YO19NXi7DB +24DxRGbK7+CSU5nLhAAjO8dR2kSj6y2JM/GMAu01cWP17lEtWryCZM+J1I9ohjlv +7rzGw0TS/0me8Y6ErNeUckhftwbu/jNusKeLb4+WT1oPrpBXQIJba70hoGOPqE2d +8ufdcJvkMvwBdVhg4K24vQ3mSIOc5Tt2AYHozfOkguEqNHGQkULNlG5l7L7EVkQa +g0sjeeXkmA7DOcdn8X/feRAakUZje1cGKG6isMIp3u5/6N2W1Eih5ciQqgQPoLDk +zXZ/ouV73NvL0LAVfWB9szUHkBbIZ5eiAHJguXl4zyEckxebXPqjx9mizOja+xyT +5Wt93nMHZoid9VN0UN8hANnbRyh90xMeYKtAX+2uf5BxbfWfd/xeryIu+8kclSXx +JUTPGrqFqjCuwz6xrZPRh9iFzut0na4nHwf+3Wx7II1ftKcb7kYjO+ou6O0/XQgW +HgG8pRojdAMxmDWmkQ0lTERpUaHcmPabKKXcPzKScliDjU4lST2u2Cr9CA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter35.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter35.cert.der new file mode 100644 index 0000000..0948a0e Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter35.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter35.key b/test_key/long_chains/ShorterMAXUINT16_inter35.key new file mode 100644 index 0000000..81b446b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter35.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC7zJrZ67szDcUv +5NJ/A3dzw2OhPUrvlH6k0aT7MsCJI3jqN2od0GEC7cZKbNbZmoJkwZa7Od7E7gr7 +LuHGSit2NiBEWYnOQ0Ti1FXOhcYie1alrIfxiXnMapS//D8z2SFKd4TZbvgqZBvH +eP4k9haVSms7zqn/ULVbn/+xfiDs1hhtU0swTVYyqUqjDhdu3RY/lSrg7RNALWFr +NjHuGWAkKRTTKquG0rRcBaHgnUFKe6An0Yar/F7opjjCK2smrmS4NAzVcSyEp7aq +pr2L0i9aGAMXuNJSyK32b+T1gz7O1VWTmQntURhTd6qOfsRG/2pejtBSnHcN+Y6z +5UKoUnbjj8Es8862bglozJZpmE0+Glnh03tMpswAnOMtDGAx47rHnG2ri5K6aX+U +KEY+Hov1PVr1KGeDpy+y0KazCrImmB2ILU6QLtcIBBIO0mbjogeEB5Hn7/mxbcwz +bQLcbE/Ymh3moxwpx1EdSdMBQ8OULyIwqQO++BDhyprDYNwuZp52ud8gpBV/jJJT +I+S0pmb5Yi/nXIPWML/K7/a7Uti77vxT5rFSFyxRca1DK0RLyDmMV16Oov2bDuNW +fiExLIuOzXy0GWafJvz1nnwmDyCpKHrdp82Yr/+R4knkSB4fTsYQgCYDJqeqi4eC +BmYhyH5W1r1ScHR7eQd4HVRU9MXaNwIDAQABAoICAQCwCrpV8Y4H666emMdhXOSK +1ev857HpJ7AX3JXlC8xEQcZE+DE3RXDLCA1LEv/L9/SncnlThIn43JPapjXqZPic +1Vwl9jEh8xkN8LGG6Qu0ox20LCk7F/3ey0IpPdIZTj7QyXz1PfrP8gvATwEdsLm2 +tI4VAEOHHCcFftR3k55VpNQ9F0lyO+zDjMJ0Wu9Ic2M5syEAu/vBu0iI8cKYSZ1A +CGqHEIa92aJMaNM39PGRWpXk/ZpaejaVq8uk6IKHPg8YRWKKao6qw3SOP8OK4DqX +H882W4B9LbU1P+rG4oLr7DtOIrWViuFczN5KuTZQv3j8rq9F4XoQ1ZEZvZ1gn/zk +9XXtnXRcSDyYghUxpsYg1XOTMjx3RUe9WRM+viETHtA2H7Vy6UxC56og4bQiLwfW +NWQpFykwnYY67ZG25bpmgGLb67BpiLsqvwACDhVws52q4bVzNOeJ/b6Uy0R02B4F +G5Vh4kTHHXrs0PTbiibUPvbIcJuxW1Ox4QvEwvufS4rwGv/axbPR0UNaUChX2Piw +l2NOuiUVEiOfgNCvhCdrIAHei4373yl20FvUJqWS8c9alkr6hQzkGL1qF7SF4bjz +kTubiKl2SyPsy5P4Pkqs9Ar2nyYZLX32ZIgeES6RWVpu7SWxb2Ze3WrKF5EGGIIW +hrK8Iiv387qTxcZIHs1+UQKCAQEA2/KFH8Wp9UYpiAZ6uHLtnlCeCJjdElHgKHUp +bH0tJ1KyIf1UJtg+ckSof5EeL9b+GvMaNpeiOfI7EYUP6u/qjCo8SH9+YEYRQ7vW +rbjkMGzT2nRna8LIoxnYlLP+WGsh3tpnIESadcg/WKwMkk83F3EGMPcExiIf9XQf +Ey/2h90n8fX9gkJ9Cg40BVJuVNMKgjt9UzUZOObVTmm/mo+x5aTMmyZxm7/P3Ehg +G48vGyXgxl4CcxBAfisyrEsDk174gEMMG6+avEqvPHh3prJ0YT9CUktAMRi9Wum/ +S5iWrsIaAVeaeDGSbPS2CpYLAQ14aGijwWfQQsD/YzyX7/pl+wKCAQEA2pUULLxb +5ulUwj4PPpAd+zjO9PcMWszwydXqrt0wDqz8mebqw1l3MMowyp1sQpLGBkSf8zG/ +2HBQAHwvjofi4FlJ2YGhxCVJ804n4gq8qGh27FllTdKe7eGOppCOiMJyb1AChn1Y +YxYQFsyC+DObDKlkgq78J9PIZ7mdhCsJrWygPTbHczRpuUZgKUDGaLYSU/VJ7306 +s0m0kIX0ymqg+ocqB7EmUUfk9e8l+WgMQIX4qsXr/PU9zkK7utcUdiaOYAfOddsX +f9082+gLxjgaoYvR9sFXlshYKAF7lMRlXRW4xj53qWc93Zw1RplNPIBmP9IsqtT8 +405/3Ad2Uu/z9QKCAQBhla9U0mk+xntku6M1NOCSTihfnhrvpt3ydVEErmEbQkiA +ZhoxBd5m6mlr9+HRzex93oAx2oMCfKOSeVv/m6SPvalzbQWQB2Zfi/aKqy6rAY3Z +La45FHnaS3xZNabSae3kJzh8C5QQT+EzIVqOi5Dg2Kerj91RXxCY4YVsCOqziv7P +DpoEciVyEa0o81K6Vcwizewjv7pKEbhwCuEU3U5LmhuhdqQPO0Io9P+XGqcGv36D +5G/nxz0l/VqFMN8MQqW0morDudzIT8aB6N0FW8Xg46U0R+jaH6TbsjvKeY/ZR4ss +L0b8rtnNd6FQ/xMwy14xzMNi6wFurJxi1h5/PbSDAoIBAA6fKlpTv1ITCbh0rlBh +E6BajH2WiR0J2JGn3asU4MIakEs7RzkKIw8Ad4MWRMevSc/hh1GdYlf4K2Hc7NF8 +BZE8Z9RE961HUUsVT1Wvoi8hzdLBqCUskbUYAZLi2KYNW9pWX9TfTapTL4BW7evs +h9KxAig7zGJdqGpH4GGW/266dX2izHTIbMoYCxa3Xo5in5c+MVPz7JlRtOJ2E4n2 +2A3qPMWG9Ck7xfUtqjyk2Sz3yUqjMsYZIalKjYRSHuxIZ/3Eh+saXNgQ1KFhRGhe +GGn2EHWROWq8vCjw8HNjL+SqL1ITm62ZWmoYqPewCZqifDSIurQyyzfpaGQvm5qw +soECggEASEOGYtJt2wiyMDFkobPL5CRnptklalXsIJbnH9tnEBHOzmbldzxDT/Xq +9Ndhv4dq8PvkSzOPWbyTRAcrod54gCR20VfnEhkj/3FrsgpWTSDRWM02YDl2h93B +2UVa132GwEr29IJnrfI9QSqgAty07hGsbq39r0aBf32/QCxexMBsyM0ZGMFL5btE +571vluauz+kdS/3cts2m1+9sjItNR6jvC4xdmquYyqKA3pYrwtszdADF0VGWs7aK +YEfS4CbynztgNJLBMDCpUgUUbL0eJXOSeRx17XJ5Mpq1Tcc7Pxe25XlhYZ80HMXJ +h2QCMtx7XB2UJWhJglAXuyI/k7bUBA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter35.req b/test_key/long_chains/ShorterMAXUINT16_inter35.req new file mode 100644 index 0000000..4b7f0db --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter35.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzNSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu8ya +2eu7Mw3FL+TSfwN3c8NjoT1K75R+pNGk+zLAiSN46jdqHdBhAu3GSmzW2ZqCZMGW +uznexO4K+y7hxkordjYgRFmJzkNE4tRVzoXGIntWpayH8Yl5zGqUv/w/M9khSneE +2W74KmQbx3j+JPYWlUprO86p/1C1W5//sX4g7NYYbVNLME1WMqlKow4Xbt0WP5Uq +4O0TQC1hazYx7hlgJCkU0yqrhtK0XAWh4J1BSnugJ9GGq/xe6KY4witrJq5kuDQM +1XEshKe2qqa9i9IvWhgDF7jSUsit9m/k9YM+ztVVk5kJ7VEYU3eqjn7ERv9qXo7Q +Upx3DfmOs+VCqFJ244/BLPPOtm4JaMyWaZhNPhpZ4dN7TKbMAJzjLQxgMeO6x5xt +q4uSuml/lChGPh6L9T1a9Shng6cvstCmswqyJpgdiC1OkC7XCAQSDtJm46IHhAeR +5+/5sW3MM20C3GxP2Jod5qMcKcdRHUnTAUPDlC8iMKkDvvgQ4cqaw2DcLmaedrnf +IKQVf4ySUyPktKZm+WIv51yD1jC/yu/2u1LYu+78U+axUhcsUXGtQytES8g5jFde +jqL9mw7jVn4hMSyLjs18tBlmnyb89Z58Jg8gqSh63afNmK//keJJ5EgeH07GEIAm +AyanqouHggZmIch+Vta9UnB0e3kHeB1UVPTF2jcCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAR5mf99e8BU/lNf0kVKbEuQ+zDAOxlfSxYH4Tmi7vAdSdVcociW/ma +LfOSC6eJ44zuxunQUvKNmp98UHPXp8LkjbIfgYpsbvJAHc5ZM7cQ6ftzs6S4uVT9 +q/hxcMnZZB6cYZY6OZZtnZnHghkQjiC6oW7Rn4iz/cHKUvCBWL0WWRry8eOxvinl +j5Q0GcoCRTv2heNw/7TIwFp7A8VsXsRQztFA8H45bGOgxgVyqyeq+JK6cB+Xs9er +IYqmA8LBShM+4NPQazfXG5B3tCExVqC5RqpOaadsYpEo/kzYOAJW+IWkC8OQ3tKp +5LPKmT54SqC17+qvwmhhW0OxhMhbW+h8HdllGOhdrbKeUlc7Qam7gsekDzPEy292 +kthv3kqiusq+OXxir4tUckTfnyZJRC0N91XSAvIfLeSKtzOGveJc/RrGDA8HnP+v +m8MDJGiR9SdYheAsEUFUpmPCPtqTWTdc5fr9VgCtBcbtm/oLWLxXN4Ki2zqg4JVL +iqzywGDiW1I8SnZJ+ziFekeJadK0RFf8rtdvrP3iUOU5Ro2/7gO9qPp96/gqSvHe +v4sCCZc0h0fp3ftcWtyw/iXhpQLuGqnUgcWe3nYwyUNhmgiKNeN3GfjQNgz0goFX +kRizLItu/zNoc+2uZ6PKxfOwz02bqxwC5vCCw55H7rk+Sa8Q6yXSjA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter36.cert b/test_key/long_chains/ShorterMAXUINT16_inter36.cert new file mode 100644 index 0000000..a373988 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter36.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM1IGNlcnQwHhcNMjMwNDA1MDgxODE0 +WhcNMzMwNDAyMDgxODE0WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDme8q6iG4ZHKNdvvQp8IorTcONl7jg7kp/Bef7kGhXQKVX684brGPCf5iJeKGP +XKHCFCbwFv2VHY+4Mn9LUzerj6rkqp93gIT1ZaHQz206Fu8QFFAJvsiY/VwxaAvM +aXtxB/jYqTVGj71N2oSstLKCzowz9Empwb5CjIKzkcjiIkTMQjA7NaD7NGC2i0H0 +T0HTpPj8A8bO8USb7anSHCy+6qb7vA9ORd3ml+sK9pDwBrqDWQPeD7zho3d17YKL +8ujxYyQDzilWVC+pKL+YjIuJCEzDCgnDQLVoyeB+GaYKujXVDSC5MX1JcPj2svku +EcSI4W1Th0D9LrAGPxcAKtSZ8w2oVwxvQngQgjwsSN9MMgaqwfEg2KQn6yamW4Kh +Xn2ngXfl4j9KlQ1LS9PUFpIzYO4JU4sjelyx0oR4p5w2L0RO8xW07rUA8Fchf+9R +DCBOyVE5shv88EePmG4O+M8M1tMas9wcF7235yb+0+XSq7yP6QQcChiT9WMUVi93 +A+mVQb1FonxEsZ4D4BL06h4MMqyhUJ3sGvqlWDoaXlbUGjUw62aVYr8YoDxEmm47 +0/4h4ujP6ERnmEN/bJzTOgZhcjk4kqtVHppyrcB2BAKpB6wcwTytjKE7VrXisjGm +srI40B/GSpOKqSoY4zw65+SSOZnoYWP+ZXHOfe9QmcZa7QIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU068v2ECxemzzJM25pQGx +ZYWdFsgwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCCxHWjhWxDVZRDUl/OZcIT1zPUqUvlSsoAM7qhlq7wy76Oe9l9 +0l4xVRBM7lVJReXdJZBti4wmu38kgqDxVDCzSL4HPDDcNoH+e5NCZJo5/YeJw+hc +4FrvD3pxyemI4077u+PLOLpTHN8U90M1cVqfkkVP9YLvn+nFq9YJ3FgJFSCkd0Cb +YDCIaA1CMPY/HO2NY1BUpN313KAPURodPyVbvic8c0gpAz+7iBIjF5lRp2IsrzIB +JrKjmHfLQ3dKBK3QJVd3dK4ynPYZfXJY14vFdz4XDL8c4kYHXy6c/q4BWyzCaDEr +BX4WvudHOGmsnxpF/k4nMYyRcGlGB1phbEZU8nY+gbNCrzzZ/7RJYCCaYEFk5inH +Bd1rj5T82IAFxouEnSm3xlm9aCdqC4hQgZoHhg0S3p0/sKZVVTGiZo4Y278cb/LV +7V1AUlxzmLywNVPanTaCBC/CeurEfiGNDUsXiNOdHzpqhf9UDibctyDHpaD8zMqE +FZ7lswE4Iw2/97HuLO6tPNSNgITZ1cg2UEGl0ENxns1OXMhJPQa9zKOJ1k9diOwx +VgW8Ch8tuM/a63ZhL2Rebc+HCZPQSe1nF/5KZ+GpLgmTiB1o0Kago6sFZ2D5c8p7 +gRIpaPtkoofbMHuOLtdWwPOBIpIVTUhj5F/oxT11waFtzXufTIw5APHEvQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter36.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter36.cert.der new file mode 100644 index 0000000..6d6f510 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter36.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter36.key b/test_key/long_chains/ShorterMAXUINT16_inter36.key new file mode 100644 index 0000000..eeabf7f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter36.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDme8q6iG4ZHKNd +vvQp8IorTcONl7jg7kp/Bef7kGhXQKVX684brGPCf5iJeKGPXKHCFCbwFv2VHY+4 +Mn9LUzerj6rkqp93gIT1ZaHQz206Fu8QFFAJvsiY/VwxaAvMaXtxB/jYqTVGj71N +2oSstLKCzowz9Empwb5CjIKzkcjiIkTMQjA7NaD7NGC2i0H0T0HTpPj8A8bO8USb +7anSHCy+6qb7vA9ORd3ml+sK9pDwBrqDWQPeD7zho3d17YKL8ujxYyQDzilWVC+p +KL+YjIuJCEzDCgnDQLVoyeB+GaYKujXVDSC5MX1JcPj2svkuEcSI4W1Th0D9LrAG +PxcAKtSZ8w2oVwxvQngQgjwsSN9MMgaqwfEg2KQn6yamW4KhXn2ngXfl4j9KlQ1L +S9PUFpIzYO4JU4sjelyx0oR4p5w2L0RO8xW07rUA8Fchf+9RDCBOyVE5shv88EeP +mG4O+M8M1tMas9wcF7235yb+0+XSq7yP6QQcChiT9WMUVi93A+mVQb1FonxEsZ4D +4BL06h4MMqyhUJ3sGvqlWDoaXlbUGjUw62aVYr8YoDxEmm470/4h4ujP6ERnmEN/ +bJzTOgZhcjk4kqtVHppyrcB2BAKpB6wcwTytjKE7VrXisjGmsrI40B/GSpOKqSoY +4zw65+SSOZnoYWP+ZXHOfe9QmcZa7QIDAQABAoICAFQrLuyRuAspnysz+bx7ICoS +OvCxUI2r176tbHs80C3U6MzDyz/l44R6zjydtfpBrLzQWSviaXaUFhEBN+VNHY5k +Z9cbzCJ655MqKz6zEUNebq0jjdsRNfZQx+MvCOf8OV0cuS5+FHuRMGOHAl6DmpEU +VrT+aAw7OXzaDT0AZyjVtOQW48ArpH84MH1ZO5u5eeONYnO9+VNHXnPHBfY53clW +reZOVhSShSeZoPce9e0BuAkRb80fWC3aYVzKgJsU+SZ1uwg8uHHTSphuzhEqeiZv +xoCPYONR9S2wU3AZc76FI/WK1sFqpkM0o2aME11Ulb4a/K69POl4rEWLsp2YBo0E +UEuEZpRy1QMJzXLo+VdxQvNhS8Y8OezuXxmY6cJiPJfkwntqi7QRpZc5XWx8xJjS +IQZU36LmRMpKwaJr1+2DbALQCbu3QuuugRMqqtSexpRa8HSOkhAbeh/gVn5F+tdw +onUZgbOohErKgHVGjZWPOOyjC9xpvKIwDf7ZsdZtVkJynUzbA29PJBVV1ZfcCtYt +81ZPctFxJxApGaJBoDcFMJqMdBfANT8BgB7MAqTXqWfW2EjZyYNOUSoOB95V7E21 +WvU3UQTmxq0xx940Y41H+GrvzgQLZXZHv9jG1+EqIaTCO2duudcDBzWYV9KxdmF7 +6o/2W807Yhp5TFIdUk5BAoIBAQD+Yp/3VprV98vBZrdvWMDWqBMBtcb8wW7KfpvB +Ln/14c9odjaTMDVHkL0rCxgOx5Bla+W35d0F6o92m4mmTNj0LkEt+AGnIsw3yhG7 +mIKs92cQi9nkG6GaCpvMhlb9w65cbTwuHBWm+1guSDNgkv3tiU+l79EIc+RL6Te5 +8nH7VC1OHnUfyX+Puul/sBe36h9/TFAT9Ox/ATqpdiFjX1DQM+3iUT59PmXfloM5 +qZrSN8p3dA1ttwuBYQ4LxoA4vBDoFR5bAs9kZ3wUaJIMb+4bGHaTKne2L3OvSyg4 +jlR1M5QuVM4kF4RYdk05Fgghy+cDUP2i5RaOzeBAR362GZB9AoIBAQDn8lOuQPuG +o3Cs2PUQgMZEVe6zSZJbpKvA9Eles87J55W40cMxgM1X6JopgWwdWBpF54QPRoGj +yAK5OilA1/n2mfM9+GH8a9PRBvvwN12wIV+XmmPpcSpyrXyZo2H5uj36Gti8bBO5 +JKk4Xsfz3X/mcjDeutVArW0RmtGbXVUjUU2241/MQVcyr+pA8ynZ8DaVeVKxqEsu +OPYhrjZHhFClu08yYvDIwt1cCNsEJGLFcZZorzK0t0zAnK0YS07pFoErcAJyYTTP +b6qYZAKDfIGeA5QfMVl5XlkHOW7llI9Zb6MVFAp42wM8bhcfa+WCflcBfHx5dn3o +o5cBoPr6ge8xAoIBAQD8NC2im/NwtXcGbN7qftTZPNNzO5RoHSLJkhK7yW1GCrWG +PMVI0l/QbxiNZzdX19U6KGodE8E4z1+i2Pv0q3XhSUaH271PxjkwCp/gHIlaEQLW +rcC93gMu5NuoP3xZpTrmGcqzcFarMcAwSpbdZX5plVwpCQV2Wuf5tuPv8AW/hqpQ +K/Q1KqHUjxxW4u/xACZwH+m4j3g1RrOxNRRPID3P3dw4KBJLO6TmsqOxdIyxZGzQ +V3fE0diPUfkKBag0F4ivf9iTpMqXId4roa1CtWoc5PkSWOVM8+i+30WmJL5pYFTG +RoAF2mb1CXzwXv56+1wytoZwjK37sPNm5zsiMWBFAoIBAQDKy2DGtiI0caoONhLu +PukazldJgkXowm04411S47slZMnPMfeLzKW8+q3vJC026tTt0aHxCSBH5pQbBvMS +ssLmDWxS/lwNqukjlQup136ehE9j6aT5cew/H9gVLHh5M5EEn3xoIcaM1bTuiFAi +s8Mj5Ss9UfUp+3elMMubH1tU6b0c7mfP2kE3G/+gkfpBhnjy74SRuCcjXsI0aHEk +zlcE0GRKFZ+YqGeKFGQJlxaUst9i3+thffIpZdMhrpZrzTVamTBKeRsHUwbA/pAE +DlP1qANV0nv8VbVZT6naKK288JKR11fgmvyVVVv6KQgdtAC2V/Us7aDgSke5MNq/ +M+PBAoIBAB8zFlY5mmCyDSGFyyrh5xEbTSKyAIgjaSo7YCO/nM1STnbfHE+BMpJf +06Th+LBTS3meDlo230uo73t/q/RPwIlZNdqqT/FS6bpAHJugHm8MBSyrJxXKrW4z +d6yLDdVgzS7fVuXTjZDgkNPbFs73uNohI7r1kGVnbWxY0N36eX+0bWngRXw2ltcc +sScIORUQ370wi1UbnlN078mvbyQiCASy4IJMFqOuDN5mvVEkEcaO4bsl54ZzVWwt +p25qVyIWQgpmRmr3uVOFtdi8GXwP9GXxIRCPfOERtBK4GXotkSaR3Aas6ZThwjj3 +KSgV+GGP7xURIVRply88djNTm8UoOic= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter36.req b/test_key/long_chains/ShorterMAXUINT16_inter36.req new file mode 100644 index 0000000..a52c81b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter36.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzNiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5nvK +uohuGRyjXb70KfCKK03DjZe44O5KfwXn+5BoV0ClV+vOG6xjwn+YiXihj1yhwhQm +8Bb9lR2PuDJ/S1M3q4+q5Kqfd4CE9WWh0M9tOhbvEBRQCb7ImP1cMWgLzGl7cQf4 +2Kk1Ro+9TdqErLSygs6MM/RJqcG+QoyCs5HI4iJEzEIwOzWg+zRgtotB9E9B06T4 +/APGzvFEm+2p0hwsvuqm+7wPTkXd5pfrCvaQ8Aa6g1kD3g+84aN3de2Ci/Lo8WMk +A84pVlQvqSi/mIyLiQhMwwoJw0C1aMngfhmmCro11Q0guTF9SXD49rL5LhHEiOFt +U4dA/S6wBj8XACrUmfMNqFcMb0J4EII8LEjfTDIGqsHxINikJ+smpluCoV59p4F3 +5eI/SpUNS0vT1BaSM2DuCVOLI3pcsdKEeKecNi9ETvMVtO61APBXIX/vUQwgTslR +ObIb/PBHj5huDvjPDNbTGrPcHBe9t+cm/tPl0qu8j+kEHAoYk/VjFFYvdwPplUG9 +RaJ8RLGeA+AS9OoeDDKsoVCd7Br6pVg6Gl5W1Bo1MOtmlWK/GKA8RJpuO9P+IeLo +z+hEZ5hDf2yc0zoGYXI5OJKrVR6acq3AdgQCqQesHME8rYyhO1a14rIxprKyONAf +xkqTiqkqGOM8OufkkjmZ6GFj/mVxzn3vUJnGWu0CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCBy8+TnGMzQ18BLGi26tx8GPybv4b4twZXfNjPZfV2PSNFfjk/EMWv +r/uPL+t2y80iENcn6vE3IrEejrGjumHvQmdcoO5HRsQbazxKDE4Y99A271gKSohD +tmYfybtGOPv1YO3myQRhJvhjT9cjIrkhLmLLJ1YQBGPEPI2R4LYLBTLUl5Ww5OmT +0LVNzNchUGmekcsoHqmkxKtQCauOjMiUBw91f9KPQemDyYi6mwOp3l6sM0v2QRIu +kWrEv8dxuz47N/dM9+SToVGg8F7A9/6CYl9PZIVYhk7PJgl24pMRGul+sJUI7bgX +ck03hOKBWFIQ0cqs1QkPaC5LjWo2k0YgYmXmiRdQtiPulGtrZ8bmHIffzIYlDGod +VlMq84R8+lPiq9ofrRl8azkyA3HB4DI4FuFPMKWbR4iPt3tZQTBb1Pk+IEnBT0Jx +Ty/HXBBpfchv5IKJ0t0LCufvTdb94oZX+n56YCC7icvpjSc4Yyv4b12VmXLoXM76 +PxgwfUUehM8EfpktZKrBmaSqw5vRL/xP/q2jB61UDRhnWWmiBuCgJlx6N0Y02hoJ +nwwQ4rIBcbKcY8hq10EdqV9G2KepKNgwh6PsMdj00OoSajs6dLxPIZrxroZvgr7J +DINQ2aAD0yWqb24/Ls/aS+FxpwijCS0zTAFN4pcXXGvVPma+qv+3Qg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter37.cert b/test_key/long_chains/ShorterMAXUINT16_inter37.cert new file mode 100644 index 0000000..71195df --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter37.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM2IGNlcnQwHhcNMjMwNDA1MDgxODE1 +WhcNMzMwNDAyMDgxODE1WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCRyxkD5gbL3qEI0qNyc81lr/0tUUhw6OqQJDS9l/LHPEHzSzPJzs+wBsrdkW6V +Du3BuBNXn7SdIYmDFYZydfm1ck4JL8RPu9gTCVcFvrIMf/032iIJc0UXpjwOfdh0 +KyuIy0yH9Fwxq0zrJP0F5QcDl9crOBR1L6ZuayVJxD30F9m7ys9oNgVGfOF6dgNJ +ykKfkppM2XH/51I/x+RA+3oLsGXTQFWFOWRSnAEleQVnT4IFzsyM6K6+32Ysyw7Y ++r92qqA7vNX7TU6N3QI+gSN8T7v8HYwXX9eRi2CizSXwgpe3UnmwBu1UAbd0mXAi +g4nQ1t5sfPV8r7C2qDa75YVP8eY7lk/pozXIBWhoCFi7+8gA6NYG9KLj8a9R7CuL +1g54IiIPdndjydbxH+TrOppTVpy/f/88BHecW3G+muD63cRDBuHiv3EmzrMxBXTO +v9nawBAU/GqoXIIrKscuWobAH8d+9BfRUc/PaXyaGDL2rbJftFflb7uLkEx62SuJ +p6o63U1WTWD79vFxbxUp/R2Tsu3CyOjRWYgv4X3EphhYuDmSEJ4GQ7dszRM1S37K +18Rh9Nmp3Bt/y12gF8kxp9QuUYynv7x2iKfOhm9wA9FFuR9UUaVEoQprGdFx/0F+ +4NNV5fELWbbbxN5FrIAEnQaprgflS0yrogZYZIh+F2TEoQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUbcpKmc5WbfCrcRx3RU9O +7p8nLy8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQDN75NuTd+8GdJWdmUCbuDDz/3XvOM0u/Ru9LF6yBKuIIAmriuI +5twHAV5j+pO4AHHhIiZSE1OhST8basKQ/qal8NtmWtgdUitwG0Ye73e2Z9mosjgb +cJbBVHyjtiDRedJtJwCa4GzMIrsm2iTsJ84xBUAV5YnEgoKhYrRHi0nBtpjquw7X +uj/2yUjjOecvRs3ofzefgdGen7sySNWzDEYbfW1ORjJtwit/y3R01MwI4Vr2IUTS +SVlWkQreM2rcT7wPKZlODuDDduAo9LTCOwN8DsdZ7g1xcF2ksX6fF9bYmO1bZHP7 +kOHFW/1fs2Y0EHXgrw3oSsGA2pO6gedwj5CZkCrKiBC5ldJB7TuL4uUyeTQRLieE +KA2uPr6oOvwuQ0UWmfp06pIntHmR5skEtud8Efkim8qZ7wph26DMr18dO6I42BBw +EhjHe+fyIv1iVG82aFE6Z6GdbzGQCcox6mBr1rQI8+eoFCfBKNw9vVNF1bHpmRKv +h/IR/rJliiwxgqX92oYvZRXcLMAZvfhtMPoSrD8ToyBWwFR7rZbZG7SwFe9fK7XT +VntkeWaoZOUCLASsnHppl+hQykWsEXGMy3oJ29/FNHNl/bgFB4U3v3Z9c+erhepz +6vslZ9rtAQM5SSGs2AnlCF8zjv3UNGESaYHzuNxQ4MNcZITKtMsMFquYAQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter37.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter37.cert.der new file mode 100644 index 0000000..23ebf43 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter37.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter37.key b/test_key/long_chains/ShorterMAXUINT16_inter37.key new file mode 100644 index 0000000..57f3505 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter37.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCRyxkD5gbL3qEI +0qNyc81lr/0tUUhw6OqQJDS9l/LHPEHzSzPJzs+wBsrdkW6VDu3BuBNXn7SdIYmD +FYZydfm1ck4JL8RPu9gTCVcFvrIMf/032iIJc0UXpjwOfdh0KyuIy0yH9Fwxq0zr +JP0F5QcDl9crOBR1L6ZuayVJxD30F9m7ys9oNgVGfOF6dgNJykKfkppM2XH/51I/ +x+RA+3oLsGXTQFWFOWRSnAEleQVnT4IFzsyM6K6+32Ysyw7Y+r92qqA7vNX7TU6N +3QI+gSN8T7v8HYwXX9eRi2CizSXwgpe3UnmwBu1UAbd0mXAig4nQ1t5sfPV8r7C2 +qDa75YVP8eY7lk/pozXIBWhoCFi7+8gA6NYG9KLj8a9R7CuL1g54IiIPdndjydbx +H+TrOppTVpy/f/88BHecW3G+muD63cRDBuHiv3EmzrMxBXTOv9nawBAU/GqoXIIr +KscuWobAH8d+9BfRUc/PaXyaGDL2rbJftFflb7uLkEx62SuJp6o63U1WTWD79vFx +bxUp/R2Tsu3CyOjRWYgv4X3EphhYuDmSEJ4GQ7dszRM1S37K18Rh9Nmp3Bt/y12g +F8kxp9QuUYynv7x2iKfOhm9wA9FFuR9UUaVEoQprGdFx/0F+4NNV5fELWbbbxN5F +rIAEnQaprgflS0yrogZYZIh+F2TEoQIDAQABAoICAB8mqSKnHJ6k4/2RnDDRQ3rN +vqfXLUZKzgucYNR9yfb+Dg1g7SDamo++88uhzmH0/aIdpaxcSGgmiU5D5CVCxeca +FEhsN2Ld/Q4cOcbVdw+qrT0o04r3YTTrZPunsf8oVjX1UlXeRXCrbFT140ZGKFiB +Mg1e/ygG1WXUaPQ5BQ/JpNE2RVi76iakej0DSDKVD+Uumt9+upf2IiHUoRWtZedn +empH3b4IhEIOaURLdncbiumYxSX6dZP9AcTiYjrEYPKHBJOfBo2aeAVhyp/2UdG2 +67Cz04IPDW1gvXYrpUadcLNP4QZWhJEliMBWJJqLRoAj2QSPMpjApV5x1LgTE4et +1fuYn+o8jJoUnakwnpdeAmPZK8iOXWhf6lI3AjuAmFzLf7PJ3PCQ4euUlOZ23V1o +T3wDUed2AqvxfM2TrqYX21qZucJwCNeueZjRtC2qFv9V218HWqkh66fNyA/BYYaw +/D984tyWuaorztiTNTjbHYDZbkD0DvgwkPi7DGksTenb35RIQ3lLmKiHTx8GrHdi +JGqUUcKyWSX6BXy/VrrYv2s3ytMPpnchjafj6KSX8WTeW/53spffvvkwhMHKBZJU +SZt1pTh5IHsoW6atTScMUshc/Da0stuAT81/1uAlOn1lF2VHVTtD8uUlN37MKgbO +977vMh8xoMbXTkZwWr6RAoIBAQDB7uIk3tvC5URlXJbnUcB0GAptzXK1g3Ch0Fy8 +t23O755SeWqoyZ00Hc+GcA7qjrnylMEpQ6UoGSzgL5yqZe/we2D2NMJ5qObO5ZzC +IGYlg1/KT/r6OtGTQ8Mee0BKZPbUL/me6cdWVklDhhM/miFy4IxZCI9sKs1mjssX +5EnyVfhTKkOorLU4B4td31Eqt4nQp0iD/MrjG06fWYjS+povtewPbhKxayfGh+YL +scFwIJ2DWo1F/LtRZn+37e2fJBay1H3LJ7H9oK7i4C6koH23PGH7RrfrYStaLBes +S9/aT4/TUJ9WLwDzXug6GsA9JHaJNW2xyQU74QJOQPLLkeTdAoIBAQDAdBQEG2zA +EYDqXcvJHTakcvWFClbRKJPrupMY9XOgV7yUw5X8HppmqCzxeXwsSgt5n76quIpN +gzN1nSgODnPyUoJbxXTGWl0BswKkm3HnRheQgtwTKHZpgYFzpWQnw+PCCm56YHzy +IMk73UEZnFwytteixYVSTnd+fg96Za8awUVzRtjy6w6CeZKz7Ltfpyz0nZhwY86q +IQqEbD/6UmkmBn3tVR77aJxEFah46/qH8aIKoJtpsb4gXnmB6p3pSpqFLk40HcBG +7dD+WbnCIn8uqWa5OgvqfDeg30E2H0kiuu/RWJ9fUHMxnsoqqhRav+dUTuBpB6fd +ukT99moHs9CVAoIBAHFqOfjkGFNvb0N0FZBsYAfE83xplTcQCnOnfkSjZWWK/uUu +urDBT91lvbLan+6Oz7JNSnXOaKz9pB/r2ExS1zKlhPwXuNAbdffzkmx5NCOmJAQW +KCnk8iGUlGykGeIoD63h7LMB9yDHz4rcwy8D/aHILmv3NKFGmt7qjV2IlbJSkqpY +Yj8n2cdNqjSY4EgCFGfhHOiLkz+j/aP1Ya44/qj+VHJlpir6BsX1PhUCvKTNfjCO +aWZPumCNeA3h6ICUQ24MFREVQuOX8A8gmkaO0Vayyn6AShkut4LBnIqXyO9Mbklf +sf9d98lcbKVmdZyMUYJGq8M4U4ZEPevz0co5pUUCggEAB4F/dlmLeEI2gO1/kSxu +gSNqp/GrSSUH/92a9xI7nDlPxY2LP/YBl5dfiVtvmFqa7/dm/EmOO0+uphunAEVY +CE9nfiTJVSMZFYPhyoG1g4ucR6qS4rxlQeAnKFd+/H4LV/oILQWuWdMlhgwvCcyr +W979sf96H6enyWspN2DX33dCOii9NVwtiLEtI49MD4L5oeCznU6HNONtAZUnOaAV +McJ3DtaPCscdsRoXJAAwGTU3WKrC5PBlteV5X7PCzOJ3/FG+AxJV+W41BHaDZCrs +QumgdADrjg2iLcgHRxEZTR11VPjb3l/I3lqPD/LqME/jucoJvo7p4R/uqOj/YaWF +sQKCAQATgJUmS7frgWnG41xXt48S+szSmWoNVGwrmmAxDWXf67KLqk7f1+l6Hley +vuksxqUQoChV1Mtn1jr45BvaDkPe5Yel7qb+fiIG3wetzPu2wreffWs4AWYzm41T +hOrems4kn3D1hlcVlV6RX4a1kvYy0BzItODpSsWJsVi9AIspY7zz8vFHw1KD55/F +T0AlrVuFMutO1jAa0i7N16sINnnBbOluOxr3syTn48qI80AE6ky3yqBfJqCv050u +YjwNI5/nXLSmhtpAR1QU6+VQkZovIzSQWGgO1bCB6jZQ2owN7fitbWWRhCUApbbN +HMnyuUq5JU5GUFnxEXmggPx4tqlo +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter37.req b/test_key/long_chains/ShorterMAXUINT16_inter37.req new file mode 100644 index 0000000..3a2bc67 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter37.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzNyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkcsZ +A+YGy96hCNKjcnPNZa/9LVFIcOjqkCQ0vZfyxzxB80szyc7PsAbK3ZFulQ7twbgT +V5+0nSGJgxWGcnX5tXJOCS/ET7vYEwlXBb6yDH/9N9oiCXNFF6Y8Dn3YdCsriMtM +h/RcMatM6yT9BeUHA5fXKzgUdS+mbmslScQ99BfZu8rPaDYFRnzhenYDScpCn5Ka +TNlx/+dSP8fkQPt6C7Bl00BVhTlkUpwBJXkFZ0+CBc7MjOiuvt9mLMsO2Pq/dqqg +O7zV+01Ojd0CPoEjfE+7/B2MF1/XkYtgos0l8IKXt1J5sAbtVAG3dJlwIoOJ0Nbe +bHz1fK+wtqg2u+WFT/HmO5ZP6aM1yAVoaAhYu/vIAOjWBvSi4/GvUewri9YOeCIi +D3Z3Y8nW8R/k6zqaU1acv3//PAR3nFtxvprg+t3EQwbh4r9xJs6zMQV0zr/Z2sAQ +FPxqqFyCKyrHLlqGwB/HfvQX0VHPz2l8mhgy9q2yX7RX5W+7i5BMetkriaeqOt1N +Vk1g+/bxcW8VKf0dk7Ltwsjo0VmIL+F9xKYYWLg5khCeBkO3bM0TNUt+ytfEYfTZ +qdwbf8tdoBfJMafULlGMp7+8doinzoZvcAPRRbkfVFGlRKEKaxnRcf9BfuDTVeXx +C1m228TeRayABJ0Gqa4H5UtMq6IGWGSIfhdkxKECAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAgaJadw16c3awzZHqCJPsMXmy/Xz1uATiLkqnbBYMtExLRRPh1zLvj +yHOF6zvw29IX5b7TrLmZfMwgdvHnrg9FmKo6ulfbrBNERfIcZNBKqahmfSTyAvcP +RcU4XQ4SoUx4bHrIm6IlFHiWtPvR8CKaTMsGzPsOUObZkltclUHGRfTB9KmK+iIO +lIB4kEmQMu14cVXFtsDtV58Bcgv258rqrtqodt/5AuyGtVxbXhULIG6ropzcOV4B +fWcsFGaShNc962u6iod30V8vZ5cbwcKqzp23ABTy7/bYl/whIk9emMV+bkoVGNcF +eMFz0X1CKKFYfWv2w3/K47GwjE22Q0m8xlfbfT7pkb0MN+/AAIKkMMPdKXP3c/hM +PmsmxVAR50jW4NIqgN+wOEplnkFZ51y8Fjrg6goTdrSO4xinuUx9vt/Wm4QCMS+J +OBCDXRfEavM+wookzHdaX67RoDS6Uv/rJIYuTh9n/eQn8o83+r4N3O49BVYk3Lxd +qGrxR6AyGxTz/B2EzMw9N32GU5Ml8i7YP7fi4PfbIIcbEKffWENe4m8JAt66KGGh +8jHHZcw9sAQam2OpbrWXg2A7ECIfa8SSnaEevdqrAvHC4EHHoOAjlSQlYb8IQnHG +w8E0b9F5KFmOA4FxnRDSzp8akEvI8F9AQA3erxifTGLlgtbexzdwPA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter38.cert b/test_key/long_chains/ShorterMAXUINT16_inter38.cert new file mode 100644 index 0000000..b8c3ab1 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter38.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM3IGNlcnQwHhcNMjMwNDA1MDgxODE2 +WhcNMzMwNDAyMDgxODE2WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM4IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCo5eHlB/xV1W/SXUxM9eEPI45FzjbiikGLu3BT7r/09MwXyE+Zga/2ovPXU0fL +DHVqDDo+qOdpqd3GaR9jTgaUzUaBL3jMu/98sGDs6aq0SaFdt4wZl/abmXvrwQu/ +eNRe3q/LpB3M3NQvsKaRBkDJbsGPQE6Ru1PCLsnbnK78zQbLA5TNPOCBHj2Gboci +tF8oTNNWWObKoBm8T9ohYEXnWw4PFi+0cn6++Lybygxhz4M6eKHf8+lZb3akJrjV +Fr60ePmzCMbvuZ4OYf8/TOBEgXzB0xGI/UhdXdRFsO9d7nNv3fRS1vIycQv8kB93 +XVczytHX/5RQHhfPHTSeZ4BRK+cAhTSQ19OjCNFpF3FEFc96/3jt0o0mJzVfC30+ +NkqSUI0bMvZ5cUv7eg56osRMNLUzZMKcsnAkUznvbRJjUSqylK+JK7XhVLjJCwU0 +WwCWlLS8uYWJv/+sgfzaEDot5Ag8WM0cyEh8m7Nwc8xaL/vmo3sHoIvhZBcBRQ/y +ofvAvCJmtXvVjK6HatU21dM7VPOcxvSucStDeiTe8lALkezcUDBX1hj1pvV/9TbP +7CCqvh7XlUTBLON2qgmqNlS+8Z/glD4cMH9vo4dHSNe5jl47Fjc3FqNlamOgKC/J +0TOfIoebZrA3ucNjh04a/okuxoF2wQ0Ujs6QyOi7pf+dqQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU/J0Ww4HmA7GGs3JQj1l0 +doea+9kwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBbHSeGFdLwRrlTuKUV2nLkgPkO9Tr7heCsU2wnLec7rtDs81DD +5jyeLgAvkX4ntXBRQ9xg7Rr/O30wA2EEF5pY8J9rJJRiTi6rc0OsJo10O/4c9d84 +Mv0zxG51UO67HSxm7dUYF4gFnGAvEgQUmTayJN+pxuFmJxIuDmhO1NyRjsdyJzWl +u2UknqDYZGpFv8iNi9IA8whz1187v3aScdtWL4y4mE3pzQBHEsgR0P49z33r6bda +pOT+jqwE79o3ExrBUWbaUqkNTNa4YPTgwHfHPgIx6BAnPtmawiYhjQYLfhzh1uh6 +QeA2yRUKgp0v/Np6ZW3wPd3r5uA9UUZFCfx4iCfFC66y0ytoT/4q8b2KuIicZgYp +o/1n38+WKsdNmupRceaiC3CdcyY2Ustt6jmygi7qMBSm7v62xUr0GLn5EeikTiLc +xB34R6qHc46lvgW/dNPv46xdLadCN06f84zCYPd9FPAoq9NKP6Zay7z5AgNxSAFp +XJsBSRUDAz9AIUYMhIZb19dq9VaqT+6T4XNKqRcJggiLBpLhECXZdFz3ducxXn5i +IVRCd0QxaGcV8SrQwdBQ2o/r8iQpbYXxyc/wPTRALmBs2TAkNKMANU1kmzzXNeH6 +jweVHhJ4iNisHJrZbxyIEaw12sI4pvfpEPah/pL+/CdUT4yU7g//JRsozA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter38.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter38.cert.der new file mode 100644 index 0000000..b981377 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter38.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter38.key b/test_key/long_chains/ShorterMAXUINT16_inter38.key new file mode 100644 index 0000000..d5b885d --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter38.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCo5eHlB/xV1W/S +XUxM9eEPI45FzjbiikGLu3BT7r/09MwXyE+Zga/2ovPXU0fLDHVqDDo+qOdpqd3G +aR9jTgaUzUaBL3jMu/98sGDs6aq0SaFdt4wZl/abmXvrwQu/eNRe3q/LpB3M3NQv +sKaRBkDJbsGPQE6Ru1PCLsnbnK78zQbLA5TNPOCBHj2GbocitF8oTNNWWObKoBm8 +T9ohYEXnWw4PFi+0cn6++Lybygxhz4M6eKHf8+lZb3akJrjVFr60ePmzCMbvuZ4O +Yf8/TOBEgXzB0xGI/UhdXdRFsO9d7nNv3fRS1vIycQv8kB93XVczytHX/5RQHhfP +HTSeZ4BRK+cAhTSQ19OjCNFpF3FEFc96/3jt0o0mJzVfC30+NkqSUI0bMvZ5cUv7 +eg56osRMNLUzZMKcsnAkUznvbRJjUSqylK+JK7XhVLjJCwU0WwCWlLS8uYWJv/+s +gfzaEDot5Ag8WM0cyEh8m7Nwc8xaL/vmo3sHoIvhZBcBRQ/yofvAvCJmtXvVjK6H +atU21dM7VPOcxvSucStDeiTe8lALkezcUDBX1hj1pvV/9TbP7CCqvh7XlUTBLON2 +qgmqNlS+8Z/glD4cMH9vo4dHSNe5jl47Fjc3FqNlamOgKC/J0TOfIoebZrA3ucNj +h04a/okuxoF2wQ0Ujs6QyOi7pf+dqQIDAQABAoICAGZP+2tWTxFf3gE86z+jotYc +386BgNXykoom3YC6nCWzNP8jJLUEzqdFRxklJdRmk6nOBmp2vthPQj0y6QSq+2mg +gBk5vJ+pMrdB0TUyx2m3QL0YtxG58HWJoHvL0WYHt/5QP4XIwRScoRzSkdRASXa8 +VRyGBBJbu/1hgn46h/Yz7O2GGdnKCuWsf/Cze8EWKp6rC0q/R+9u1KgyZxzYyP/B +NN8GvZc91HGzE+37k0yc/A2rjcOwaab30pLVshnDUXrZ3ckKhBgsBQcJbinWU/Sr +y/tN9M1bQT7t2+zrpdTs4Zjeh2a3Nrg/qtcwJx+Tt4N0VXHXLOzrjdi1BG8Am8WT +k558foP82gQmnQ4XDiyNlQAWx76MoGOSBuc1v70KZwdMAn58P28ZerG0F1ARGw4T +EA5grFui+rzuWi76xHuV4i/APnm/mFCIyPxvshFJF2gEFbCr+fH/G30iaLIIQZ0e +LawlXm5yCk7MWGtHwS5T8F4x+z+pJkbuuYCmuWA9j5fuaMkQ2BWMQ7T2/caquedI +1woFqnnL/lMybhzwQZ/i6zhZxF89R9V1uk9S7JnhyVhG2Kp87D/dBCkx13Gl0ERu +lXdi9bQ+EFRiTbJWZhPK7mzYb6PQOXDsFaSqymMZdzQI595ynKgiS5u6y0MdejNM +wxEmidLtY5+2F1wgzVRRAoIBAQDfZ59uCE9PxQb33RDMz6PoG4T6D0dsbLl9ZXZf +c9YFSoBirMEJxrGSfLhFqRXtpxHVPN2gvwwbXHGv5R/X5fAyqgzEg1PshWXWfzwW +Pkc/CK76SpQer5uU/buCm4r32pZwqsB12akeQDQOskNpRTvEaijFxXgtsaypLaMA +0bo5hONHS82isUUWHTKHmoIme/mE5BLCLkqunXYa/K66BHdlXhCp5ag4HYr4g5tX +sR8yGKJW4/FDZtXGTmibmM9MSrd3BiEDn+wi5sSYnpJlRs2maaHWpzAwLuOHp8we +iZAzejyNMnXVyYKAqWckJ4lXjaRvh0lGFHrIvhWOmfNsKq0rAoIBAQDBimE4AGDS +sL2lLoEsZlQ+gqIXNhSPdGGBRlGR3PkCARClTs84PNYg1Ewpr2tpPEnjDfQbYm5d +03JnwQ6xclxNb2g6gTXaPw4LW1UIFIhJv06Ft6MjhioNuPHCV0xa3wc3CsZvj20O +2qY9xaxA2IkLCGdQWg91fyD3Q/V3YN4crymcjjmTVqIT7OqMs04nGJ4cHFBxcIbZ +VCi6LHLHC6LLobuMUCXRXl5XkvQVW+zwYhcaseBTUcdVU4Z5HlHDJ/X/lFGoAWuV +/QpbtNuNfZ0m9F4wSi0666psU0G8BGJ/6vnprYTvJ//Mdg4x8XlFz2cc0tSPWsLX +iTAHXyWLqj57AoIBABf5bdGIEMLVuQa2cYwZKFTLRzzykM6g6FL9pXNe4fPVZ+uu +8FRVP08iFUBcgd7sE+zXSE1s0ybIh+bBZuZrZZh6ST55fXMfaatYIiGc81ZfXy+6 ++yRD4iVeCVZdzM8GZSiYGmlLP2vgpfWBydwtMtnELrXymBAHRiktnZWD7EEp8p3/ +E4VHEsvpvDdzLE5m9YL+Wsj94MPWYAtLXJDX09xL+OvSmnfTK8u5i90gQ+HDZQCA +G68JBR3v4if4gR6F0iRywu45pkSkkSpzsfAuZfla0qRPcsto7L/tEOmiB5iOoJri +dGTJ6DhYdZoaqBF+QMw7L3DW18pdI8EW4lmURtsCggEAKDdK8EoT1HPpVFOPf9xb +kQmwCMayCwUR5bzo4jhafbIe9Vqk8HijvfqfQOI0nY9rgwS5Pp97c3+mfCy/ktvC +lkyaCd4jhJApqO53gtBRaZGZDWwVOCJ+xo8xnUJqmU9Svns8tJ3G+ZkxhhB3NJpK +D8LVRPsRz0Z1YSv766xzOt6i9OcQy67qyt0l98qiaLlS0WCIzqmlO6+jLtxhlT6z +u0CGKifVU+YaEHR2x6FsYJ7hUii4Blgt5WsPvEcykizRjyQQu6pf4rDL4DZ6kLIT +X67Ti5E+SMoDhbLfK+R1W0NGXuoxf0h+fMvjMzmMC5eHQ5QDmy4u4n6dPkrlEFp1 +1QKCAQEAqNoY7w4DRByCroBY7Ir8lOwQGmXqG3lmYp1OOWNmiIPDiBmv4arP3bea +s+SHrxugTP6uo6ShiWES2gna5SPsaGN18MXunTyntk/FRfTcT94ofOA0k6EPW8tv +z0eX2cy0EypUqomZ6PSlz022JbbWW7H2/f0v/VuRyyWODa5THIDarPH0sSoZgPeJ +ukeBxnw5W9X4O6RONyP+9h5juglVeWXOEw12pSE1FBBVyPyGsaETpo64rfWq195s +YjwU4zQzXEykHqfX0kd87rb8+yvn2mWZJg72uas2rGUR7ubnH6KULAYm34mCcym+ +PD69KQ/4xNI4thMt52RltCOb52rtVg== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter38.req b/test_key/long_chains/ShorterMAXUINT16_inter38.req new file mode 100644 index 0000000..08f50f5 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter38.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzOCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqOXh +5Qf8VdVv0l1MTPXhDyOORc424opBi7twU+6/9PTMF8hPmYGv9qLz11NHywx1agw6 +PqjnaandxmkfY04GlM1GgS94zLv/fLBg7OmqtEmhXbeMGZf2m5l768ELv3jUXt6v +y6QdzNzUL7CmkQZAyW7Bj0BOkbtTwi7J25yu/M0GywOUzTzggR49hm6HIrRfKEzT +VljmyqAZvE/aIWBF51sODxYvtHJ+vvi8m8oMYc+DOnih3/PpWW92pCa41Ra+tHj5 +swjG77meDmH/P0zgRIF8wdMRiP1IXV3URbDvXe5zb930UtbyMnEL/JAfd11XM8rR +1/+UUB4Xzx00nmeAUSvnAIU0kNfTowjRaRdxRBXPev947dKNJic1Xwt9PjZKklCN +GzL2eXFL+3oOeqLETDS1M2TCnLJwJFM5720SY1EqspSviSu14VS4yQsFNFsAlpS0 +vLmFib//rIH82hA6LeQIPFjNHMhIfJuzcHPMWi/75qN7B6CL4WQXAUUP8qH7wLwi +ZrV71Yyuh2rVNtXTO1TznMb0rnErQ3ok3vJQC5Hs3FAwV9YY9ab1f/U2z+wgqr4e +15VEwSzjdqoJqjZUvvGf4JQ+HDB/b6OHR0jXuY5eOxY3NxajZWpjoCgvydEznyKH +m2awN7nDY4dOGv6JLsaBdsENFI7OkMjou6X/nakCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAKqnPF7U2gNTktoLpDn0eQFmMq9L0aWR1sp1tvvhly+8rZSDnZr32k +UFYNFpgY5gncC/ShWvfRLmcuvzouqRysDexkQEZQ/ZdWjne8skuZmMsfoPGbWli7 +Si7yJkc7bF7Va68TquFYlaYNnaVnGmK8dh/4Wo9CyHmkqEEBIFMNg6Cxc/3gthCt +L1GGBB+dikT3+V1L0omf8qR0zEfcUIResqCVIkDbKLsWF0JPlmU4eS69ZMyVgjme +RK/SlWNOPD5ORdikSoUf3y214Z541fIBvxX73QJxreRLCkMMI8BEm9zXT7JcX3gg +KNkHQi5Nx9aP01fucqc9xmDJDiFwIGTAdGRUkaXE2m8h71rHpwmiTd2+KhW7ymAx +3Xpm7wXkOi4TxsP7VG5BUHe0Ea85Za5cvFycN/6y249kok1JczdZS8xjW5kz8rir +eFp2jMHPhigAsDI2NWSrI334JrsUEXrcQAvCj+ECyAybthSMNMsCREfFq4LEZIoI +boqrWIrtDr/4rbZMgjqLPDBnJSIzNGLOPm4A96C1uPZMfo3AuVnf7IlPujvvekcd +mybTlxfRjkLhoRpjqFiM1FXafzNLwQ5LFg0Z/y55OkZvs8ZlsiW6o2j1dVUJQSfE +Ox/GbLLNGk63fApPIjpEsXW3jrP5zmo0xdlXcT3sRPiPLKFIh9w3Rw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter39.cert b/test_key/long_chains/ShorterMAXUINT16_inter39.cert new file mode 100644 index 0000000..6b5a06c --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter39.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM4IGNlcnQwHhcNMjMwNDA1MDgxODE2 +WhcNMzMwNDAyMDgxODE2WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTM5IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCiJhwjG4f/Z+CPx/HyJp5ZUu2PoYFd1eYGu4uCgqWbWKboP0ItQ38GSUh202gY +0sSxXWF6Y9Uw1M8SOOJsFPqWfG6kTSaaJbobaTZKxcsr1lLT7LUee1B3a63kbLA6 +5tj3eMHyWVOqYyod78bp1WEwrwH0Lg2gokmmAYoE1tPsNIWzCGwitkldlC6hyDMf +gv8bZMYdeQtXPx01lYSFF9NPz6WQ7nLAtNS4KlVqg7KRnBHXKLdrx5JXK/K2AsG/ +iEK852s9L6p2wf2JQoNKAj26zxiX7GRKkyiaWEsjGeCdGEsD0biU71jinqXlY3Wp +TiQb9qm0qx7CZSZ3JcuS6dx6mjGpyRbPPm6ylIprpKDxzX/QpFaO/CXy2jZTur3R +LQPFByosP3KNtSioGEciatsuAYPwuvlNctPEiZUCjWu/gYXoEmN+DGCN7+FuDikR +7DPEo4hFOnOl0q93k3Af04Yuvw6T+mxQ5s1nN01UKRB64e02RnQVX1M1t+ngL2PK +aNGjI522kFoOYMq/p3APboA1t9x6H8z6M/JvwVoeLowvlZG5P5yrGTTcxYGZtfNu +7Se+CVEfNblD7LtAQxpbTSCrGfel2dzbmnzwLddjruPjwk454afGCgJy6pkzs0AO +EB8JFJ3ErWZdJWqwO4T1GOKrxPBk1wEHBQqlGa7XQOVK3wIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUkVd1ElV5H0l9ycPtk5Bi +r+Gg2CMwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCOIX/MTniAk+uMixVtKsM4iyN2UIq/iwx6SQCSdLce62fFh2Sw +sWpAWXGo76uTPis+YGCiHt9IsPfbkFc4intEMl47inFhFIkB9i1x+vzKAPgCWEwx +RiU0B6DrjLrm+cgkFVtS/sVBaDeOcL3/pkw7quDUnyreVuQ2YZKFqg8OjDHGJh2C +AZ3VR+69RwWMr7scKA7jCY727heFCrbffLEub7dd52xlC6uPp6QWMNdncSSFuAmz +PKaIQw5Avdg64DeXhB4liHuAoAKGoLyGUckqz8W3LgLocGJSa7i9HnqmBIuOtTzl +SPj/x3RokJ5u93iS5IhP94QNvHsRutsbCQss36aDU6wD1e/0lZbimukjfIEG8MfT +bLnfVMBpntcTQwscsBMxHTJGUxokvuhsQ5k7046OI7eKtd/1a89BkJJy0jZr2eUu +DqdPw4XQ4jYDYM1rFh0uJHV9UpOR267EhqN3qi7w5RFirGB+9TQlo90OZPbhho2C +YohieDyRWsfwc7SKhcWsJvxULmmZKRRrpb+8GXGU2Y9Xee/M6kDhzAXkA5y9fNUy +E0Mgyr6DSLT5sZ+l7K0mX0vvKaaDkzyX6IK9f4IvFvT/ewelOe4Uj4UIJbPnlZhT +48VbjFs1gFnfcHqbU/1lIesBdmDx+A+WQpj8UBngDK/0wxFGvF5iUohoKQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter39.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter39.cert.der new file mode 100644 index 0000000..8b5c01d Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter39.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter39.key b/test_key/long_chains/ShorterMAXUINT16_inter39.key new file mode 100644 index 0000000..f92cb1e --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter39.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCiJhwjG4f/Z+CP +x/HyJp5ZUu2PoYFd1eYGu4uCgqWbWKboP0ItQ38GSUh202gY0sSxXWF6Y9Uw1M8S +OOJsFPqWfG6kTSaaJbobaTZKxcsr1lLT7LUee1B3a63kbLA65tj3eMHyWVOqYyod +78bp1WEwrwH0Lg2gokmmAYoE1tPsNIWzCGwitkldlC6hyDMfgv8bZMYdeQtXPx01 +lYSFF9NPz6WQ7nLAtNS4KlVqg7KRnBHXKLdrx5JXK/K2AsG/iEK852s9L6p2wf2J +QoNKAj26zxiX7GRKkyiaWEsjGeCdGEsD0biU71jinqXlY3WpTiQb9qm0qx7CZSZ3 +JcuS6dx6mjGpyRbPPm6ylIprpKDxzX/QpFaO/CXy2jZTur3RLQPFByosP3KNtSio +GEciatsuAYPwuvlNctPEiZUCjWu/gYXoEmN+DGCN7+FuDikR7DPEo4hFOnOl0q93 +k3Af04Yuvw6T+mxQ5s1nN01UKRB64e02RnQVX1M1t+ngL2PKaNGjI522kFoOYMq/ +p3APboA1t9x6H8z6M/JvwVoeLowvlZG5P5yrGTTcxYGZtfNu7Se+CVEfNblD7LtA +QxpbTSCrGfel2dzbmnzwLddjruPjwk454afGCgJy6pkzs0AOEB8JFJ3ErWZdJWqw +O4T1GOKrxPBk1wEHBQqlGa7XQOVK3wIDAQABAoICAD58wUsmSPq8ZWYDf9H53/w8 +YSCA9QHcdJETpWfeQUPkni3ScwZOhJ0/kJV6Uxt93h8cBXzNDFONL1+uXFOaohds +TJc0xDOTZm051ppqLyntpm3VQtdEXnYnIRRublvEqshz2Qo0MnHvVUPEK7vhZ1sD +lpUrSkUlRYyb+zxyLalRdFTSYhneddeCS5Y9OLZkHTvJUi/5fc1ZnUARJsjDrcOM +GhoISmDJT1DJv7EUn7RNmPJ51nXKqzK81QQfe9r7//wcks85l0+84qAK6d2Tj4Z2 +WNvzVZMHsxYIAKy+RDlGK2KFZ8S9mFt9GCGWermMS44bOLtPVsNDh9dS0WkEhtp7 +l2/4fXu+mTJRM8g8a6rSZeEQEBq/T3cTwQ0W9NT4NRUUsEG8Su8Ix/xHi1krtUXh +yzqRaodyut+Z3Orx8nbpGvn47YC1PEeequ+kOeUpDvpyCeTC9yJuI9N/17cSuem1 +uLJw4rZYZsIP24ti4tBIff9R+cknFEGkgGWO97LNMswcC/i30to5Ikw5JaaEb2J4 +A6cwS3tufr5aKKpZBe/9JxEewqUm5anFMA25ID4IX3z0TMhNM0r2+GT8jnPQlj61 +FoBnNcUjxLROvaA17it2VpzZCYfPfMcFd5+bPAK17cz873QTPNO8JN21/IBn8A88 +puyXB2z4zVFB0bs2YVrBAoIBAQDNqbuf42tyLmYTsGdL6Sm7PO7Y5HvqXqAbfpo+ +KLiYHfNouey4VGbcG1Th+r6qcfxZJI6QJCx5JrDUQYr6dNjx3EPxZ8tRBYMR/vIb +atp7diD2TUn06oj4/iEOO1kaDqoFAOVi/qGTO7xruW7GinkHfIu2eToz8UAcUl9l +dXHl1L90lpf++Zshg0YbY8CDrxwk13GqOVW0SYA+BaCF7DW/mrYUuz+aCcdrtTjP +GpfkTnuxAn4LGKyay81Tp0vSq4TPCGHU7aQdkcfjzNjC1EepAP31k9LhFYzXeP+v +XzwTmqznl2HsWvJH2luzdcz4zE97G+QT0q35++HirH+pj5+7AoIBAQDJ1ecGmezh +Cobx1Cn4WAW4FRzEioj6zszAlNjzCO7ueyHhM8VxGFxUUXhbHesEyQabyt023PxZ +vmgTGdg+k46fswQuNMTJfup7an0XisqrU56jiWhJtnfcTiYSmAp9nNsXSDoheM1M +TODQoSlvWpeXo8Evy9+e4WzNR3JcfOIm+bawz5sVRf6EzuvZOfcTdsbzNgTuspS/ +SxDU6orHMVwBCHbSx257P1lbKIxF0tkOOchtxz6KmdvmIhcCtsQ8pXx1DGb9+q/4 +uUlWwK49vBLEtERHKHT5XD/6+Y2XGa9XadBuQdBw6zw6pgsdzzF8mxzUG0gZ/MLx +p0V0HtWvNbUtAoIBAQDNVJOtWynP8sEZETrgUCbI+Fnik6Of599j8+9c9dzuiqCV +Q2My2ZlkUalagLRRicIO4e+vu13nixhqohF2YqiiOG5hG2ajOqSUl/vyIamGL/dS +0PFwo6QjK92mztvzpwZaPn3Ga0C3taE10AnoESIqtk7q3HeemlOOszLpIeuYMeMA +LMYN2/jk6aJaACqZjn/DzJGACQQnHmb6BTYx3xX+eSEm65fhW7gNMf5Iz10spKrb +nAhpXbYeSjFyPon2CCZtaQn7w1Lh7sUqCz+yrKvq8MGcqHyXGqPmELj9x1A8pmXQ +RpSOnHJeCIUbVBZTo/AKklsQ63ulJLRuUhiXGny3AoIBABPGXlU6PYgq9N+6rsYD +McRAZUooXJVeL5dqvfrJ1EcPT1l2LhEPlvQ36zfaLY2ReJFJBfV7H0pXqnC8poAz +CtVAv9cbGnC3e5fN7iWhVowErFVPgCVAuGugSICn3tdByAF29SMUZ+Di41/telbL +pHCZ/bKGIgm6AmP2bRD8t1ekPa8DGCm0auRuNZNZ54hDqehoUYFlg8dePm7t79zm +TCJZxvKN0ZhHs6SHy36H0vZe2PFQhSMlQfNBQcnlSEK83/3D0k9uAVG4LaRPSoMH +6zrUgqAKKbPIwwf+7U1xmclRt7clwZteoM8KN6qbAzk3JVLuvVi2eA8fGWHwJ3V8 +KJ0CggEAGG6zWSCDxMi/2m5uehCTnFPmhtLrg79kFm6/4h/XqfZ7AVnIHN7VaJxp +CeexbYuUPNLI4BsOg0aGIZiq/AkY6bBQ5FFrc8TMyMJs4tLJk34uS8BBd+orjW20 +J1xEmPBtgybHr/7P6d0liOYd2mq+HniYRC+q2V+Ut05KfQxnrsddc0ClvfV2UJt2 +hkyfd5Uxa8MVl9HLr8PsfbaXCfws9CBnDk4NDLoUnc1RCXlE1UNoam3XR3p4LyhK +QFa7TzlLI60zp0dxvcuCARBKWhFsa+dQ4XA4YrqtOCn87nBzcxHw1UqRgXG5q+eu +fnEobbuNS39JCUX/YFJt2wgGUyq3oA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter39.req b/test_key/long_chains/ShorterMAXUINT16_inter39.req new file mode 100644 index 0000000..0f54318 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter39.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUzOSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoiYc +IxuH/2fgj8fx8iaeWVLtj6GBXdXmBruLgoKlm1im6D9CLUN/BklIdtNoGNLEsV1h +emPVMNTPEjjibBT6lnxupE0mmiW6G2k2SsXLK9ZS0+y1HntQd2ut5GywOubY93jB +8llTqmMqHe/G6dVhMK8B9C4NoKJJpgGKBNbT7DSFswhsIrZJXZQuocgzH4L/G2TG +HXkLVz8dNZWEhRfTT8+lkO5ywLTUuCpVaoOykZwR1yi3a8eSVyvytgLBv4hCvOdr +PS+qdsH9iUKDSgI9us8Yl+xkSpMomlhLIxngnRhLA9G4lO9Y4p6l5WN1qU4kG/ap +tKsewmUmdyXLkuncepoxqckWzz5uspSKa6Sg8c1/0KRWjvwl8to2U7q90S0DxQcq +LD9yjbUoqBhHImrbLgGD8Lr5TXLTxImVAo1rv4GF6BJjfgxgje/hbg4pEewzxKOI +RTpzpdKvd5NwH9OGLr8Ok/psUObNZzdNVCkQeuHtNkZ0FV9TNbfp4C9jymjRoyOd +tpBaDmDKv6dwD26ANbfceh/M+jPyb8FaHi6ML5WRuT+cqxk03MWBmbXzbu0nvglR +HzW5Q+y7QEMaW00gqxn3pdnc25p88C3XY67j48JOOeGnxgoCcuqZM7NADhAfCRSd +xK1mXSVqsDuE9Rjiq8TwZNcBBwUKpRmu10DlSt8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQA2IIGXKzTsvEuEh/RN+OV8YcPzqA/WrvckURVvijzRJm6UHsRTZmIi +jXnfzPZafAi7Q9w2ndTKH1TmcJB3Yq7CiPGfCxcp2KGtBDphdtPJpJWC6gsH8qFq +NmOjtQezGpOQjKkniEL21xNOk29mt1p63GyyLK+ua0ZHibCpb7IoAVRE5GO1w87m +QWtc0oQ7x3QkrFl1Fo4nS1ghwVC1XiO7K2z5MKDsW5zLuahZD9MYtXPj+InKvRO4 +9WdGTELkfEZrbYAWTBIC8tt8bdTPu6zx/APB5Nly3NGDlOtHZIJKqEm+IeRypJcj +R60a5Wyb5zhwud3HQEsNaOQnJRBVBNOhhowQvzvgWb91cmjfV6Qcn2ZBBkfu/jed +LVbxy3RGso1Y/urzALgZSvjQXXtHKFtSHg0fkixBmQyX/1Bo55gd+MyyD/pklgju +FhWaNz6V8dUsfkhgMU7h2ci9xNKIsF+Sr0qmSiSH/eSagljNBTEHhEzLlEHaHZrJ +pYg6Jq0sotVPYFAQsccmQ4hK71NUyWPz2FWk79bqL9wcSSFeEMGoSYVOomz+p+y5 +ZCNrxEE1pOpDa8tvrSw4qXyxENMhe9J/d2TB8290Keqn59LQIPuYGxEZtzpbr2qx +UeF1O8cmLgGxG5Xh+komsVxeFr2VDVzUq3mvhcr1kbbVFkZ76zq9dg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter40.cert b/test_key/long_chains/ShorterMAXUINT16_inter40.cert new file mode 100644 index 0000000..e6cfcff --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter40.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTM5IGNlcnQwHhcNMjMwNDA1MDgxODE3 +WhcNMzMwNDAyMDgxODE3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQwIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCmiZTpsXaigWKvQKroN2IDGfJYkI4aPTzb49BF6hLY1L64EpOprcZWECeLnOlB +5NuSzFzo9VWcW6xgNSbh0eBwAxM1t3HExl1NxAe0Hn5W0bWs24+n1wRINxK4oasi +mRPjo5bMPKIlGEKmKQSeCqk0DiUOEJu+wrSWW5Zg1A87sFNeVZkflBE1rlq5pfIW +fMrBhhR2ZukwvmwjkLGYMq7IwV5KAZFNLK68RwXNzhhrdGX8j/dJNzDIwEuEzJTN +nEGHbfGFBMiP3LmthNjrSzWMUkDdLIRyBjm0cbjqeGV7VuNBINqbXnmTipHF3aAY +szrROZAinA264UMBcqNjQbDz66HHWBOsowj4GUTZqkDOl18JKdFdiZo6DUbcUmdZ +UDZuvjgBjCv1jrgKpBpbY1QhB8HsMECOqXWBu3Qvj996+4MLGF7LiRP865EgeI+M +aCFEzXLg0vNqzmNBSVJZn9s2/snsYZ0Hi6gF9xdiNVnxUXQ2Rs3f0B9IGIGbm4Oq +ZyiUAn5eoKHnEhsLM4DHTM1JyOcQbfWYjkqYMkjiL6eoO9Zjx7CGnGVkb8Dgs+dJ +XGVg8KZ6pGOYxYNS1sr/qffoOHgtOK0C3i/OXhDfvJO5tdF+Hi/VPII3ru23j2uK +4uNKkUc5Hx5qr2EzEI1CI2D6NfPAJ3vAH1ENr81UDCs9HQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU3/7jxpOlDWQSNEgAN2HW +U1wJh18wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAYK0Ear5LF+z6KB5wJC5GLZJ4Q2+usWiDn+PnhqqlSyrAxJQZx +D2vkrItOSE0fzxKUgoVIt3K2kcwcb3TV3B6JbVTTdqZNij70C79yQgFLSLgkXyik +/KNAf5AKnP6c7Jxl0Yn/Cc8r+DZFfg4BMckoJj23A7UkRJbeCZgnPKxY434n5X5O +CKEumJF1OFISq7/e+IydejIRmvdJ/CFgR8h3MXGIgor1PChl3/miTSSV2gcoE6nD +aTNjnFVntCo6PF/SE9fDm8I1crDjjAR1hO0WipBpU2SD8r61CDeEtj5Pa9cXxHJ+ +gIEYao30cG7Qlj/wvnnq2GX8EK+6JYt9GKEK5laV3cFehnKy9sqkJGwbeWWypMJ6 +CqjDs8HZZYfgfCMKjk2UlJZoMdCJUfrD+WldlLIl7n/VuNYwic0xo7ACwl/bwjtH +XsvT1yiP+9PgYWYU0DBS3SmTclFJzV7ZpPo7PvNZk2uDmM/ETVVPnPLPgfuj6Ybn +Xv+H5VHwehWMJqt+ta4L9uAKEj12OcMnIYJzfNnhtdnI8xxf1EmaBjbWJEHYU3e+ +J905ej9dit28buWg1OhG5PgARv9dIBwyAavqNVJ+PJli1ATasF1sPt/fk8X5Qm3l +Vjgia5Tm6KcDowwJIgFf5+3bjtPEe71LBA3TBjCpDooLWaEmmpCjoaWbXQ== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter40.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter40.cert.der new file mode 100644 index 0000000..25d42f1 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter40.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter40.key b/test_key/long_chains/ShorterMAXUINT16_inter40.key new file mode 100644 index 0000000..fb75283 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter40.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCmiZTpsXaigWKv +QKroN2IDGfJYkI4aPTzb49BF6hLY1L64EpOprcZWECeLnOlB5NuSzFzo9VWcW6xg +NSbh0eBwAxM1t3HExl1NxAe0Hn5W0bWs24+n1wRINxK4oasimRPjo5bMPKIlGEKm +KQSeCqk0DiUOEJu+wrSWW5Zg1A87sFNeVZkflBE1rlq5pfIWfMrBhhR2Zukwvmwj +kLGYMq7IwV5KAZFNLK68RwXNzhhrdGX8j/dJNzDIwEuEzJTNnEGHbfGFBMiP3Lmt +hNjrSzWMUkDdLIRyBjm0cbjqeGV7VuNBINqbXnmTipHF3aAYszrROZAinA264UMB +cqNjQbDz66HHWBOsowj4GUTZqkDOl18JKdFdiZo6DUbcUmdZUDZuvjgBjCv1jrgK +pBpbY1QhB8HsMECOqXWBu3Qvj996+4MLGF7LiRP865EgeI+MaCFEzXLg0vNqzmNB +SVJZn9s2/snsYZ0Hi6gF9xdiNVnxUXQ2Rs3f0B9IGIGbm4OqZyiUAn5eoKHnEhsL +M4DHTM1JyOcQbfWYjkqYMkjiL6eoO9Zjx7CGnGVkb8Dgs+dJXGVg8KZ6pGOYxYNS +1sr/qffoOHgtOK0C3i/OXhDfvJO5tdF+Hi/VPII3ru23j2uK4uNKkUc5Hx5qr2Ez +EI1CI2D6NfPAJ3vAH1ENr81UDCs9HQIDAQABAoICAE+qBLf9kliOOBzJfHf09kex +g8Jl8/QNUy2Evr6TCEz9B/aZvFUwsW298IzSlKpWxcplRBSUN03CdKTZCC6B7TDn +56qMhDmzAjMPEPhSlfEGBDgaF5AcRQoefjAf9fNo8qC0QpCUeKPyBP/jIzhOtT4X +fhZKT5ZjIWvDiB3tkxPkdxzrKYJ3m/vn2bJw9WtYas1ETEmPVQFiNeyVbL73j7Cs +/2O7eDxIoZWjC921Nu1AEwFMBOjbI9UEV5vBGXV5x8b3Cs+syBw5ZADjSbjUk1r6 +hdjHUNwSqkvtEp3m1fS4TaF8C9bCzLmNUcorCEiIhBxNwusrZ038L8djhVEXvYNL +LV5223rZ54CiY/dTVA5TIGqdNcLpvFM5sjhtvkCGW0/reE42m1eoe+yXpK3J+rsM +oLYLVhn1TDxbtDPRFCRmZcONQ0A8SqJF8Xtef0cH5UW/1Z6BGQbpAbuE2UG3gTF1 +zinPEYLx8Q9LrYPz32Yv2lJ9eTDG0kLfMR3153hwtxsEOQY6RS6h0m5/4tcyXmY0 +GJAjru1nMkyQOhJzgnsGZANXyIebXTfg4oaqwdKT40KpcEFlsHR0z283uBRIDi7p +KgGCmjwz1Fue2sFBBc0RP9jvbVHeRzZSYDR4rFztY4JKRp3dCSICgFUmSQpJaVf6 +U7OVJ9NNmF5UPFjqYU/pAoIBAQDdkSFWOh4sjWfZAJWPMBkJUkEEJD6iooqlpoGd +lVZcbHf0csr0pOWf74DCLHRIKSS2l4huZyi7pG96Kt6LJLzMIO11zd0I5Wwf+WKM +7+rDshQCdZ9CJSnbVXRrIJI3oxB7WFVeCPiwy/CCz/UJYSlzxMJs7RAobdpyxyjw +DMpX8W8MCCCFP2ZbSRWJDcDIlEIU1Tbxcl4ZUWhhblXeHHvsVr0MhniIT6vJG9kP +qWg8ydtCQgGD4STpt1WsUmHMeZ/KJ40R+jmP3AuF2SASOpIhNA7NORx8rk4v0tnL +gG85OvUlLk+66hAFcL/GqXlwTml58tD7nb/wVpYlQsdXXwd3AoIBAQDAayVDJQLy +IJuNsMbD8MRkCeSqWiu6C42U4tssDYWu0kIevhhe6LlPhQfefUBFpHw/sUz5XA7N +1moi+Fj+hhPKqgIsSP6TKyn7douJg3aIhVsM6MookGOWubABSPcjeLwOFj/oIVgC +Xbs7TqoYGfMzPkEkiHywka6SDHTdwSIBZwf+57INPw44b7zpEhJIJEBe2C4l6bva +LwB3QKo5sRMesOCYm3vgqnG82j4IOHqgukEIgOZe1Svwif39SXeIlK6j6IFYM7PY +dNqMYu3N7S9L/yE5TAcxprNxGrZdsPQ5Ph1bbnj3cX3cmPbNll3rPYoGVP6U3me/ +b298FQRc6i0LAoIBABrmpQqIEePM41/of0AcUd3c28H5+JTccUL9fV05pXuhO8s1 +KMkdQDfz50ksBo5AWJHGwizNX5ewtkw56j0wn6+VC9+yt/R9jmwvZjTAaFuMQnut +9kEcrAFSVckv8jDJHpYrOmopYrBsgm4Pe6vA3TyOFiENg1m1RMGMxr6mfubAjIAE +eJZVBUNuEyxJvC9eOMu4u2wDO8ONK8QwlkJaaP1f5qIfrYC3U58eP3N0WRCQXYuk +4fQ2ILozpTY/5lniJnFv7ePR4q1BxTBiFU/BRr67SFTIa1oD+8A4tHLNzDNBokP6 +ZHnIM1vFvbMMHo9xJcNFpPP3yjcO/DnX6sYD5q8CggEAQIfugD06Zq+O248Mqgvm +IVK8EHGbNpLHUcZfEMAcNEwphpvkGnhcJZIM2I4S7whB7y5sDTjVcizVfZLibcHT +g2VOw0Fbt0mDk+Tm2SBwsUpgBc1QdxgtfhAaOeQZlhjYoLTPi+8az/hVYYd5Pgn9 +6RKY0ELB5omFDVAGJZSu7d966/8SVKTwBPdcWKIJ5Y3a1LQVjft8V6jptBTIwf5j +1igluqhyfB9Nc7ORmDowzhSI2Ow51lYRnWL5/mcUIocSpr/EGSuFxjMyVGCdNjG0 +af1PTCL2Sq2Igocd4AAHd+cf+1jqUroKJuBZ7QrfxpPl5Ue99Xk9PBOIRQnbY7nZ +jwKCAQEAtghU+iN8H3KV/YdPPTvyCy78HXg83zLL744y0rWGkSJ9m6aQUAlqtgdu +HlAN0gAmvsWbLYjUU3CvjawWx0VOrbbC3B0lJCj83+7iX8Pr7HrHoAw6O0mSw66M +33o90KHDyElDCmtGCNeNqPlvJaxxa2+tpuQyV11s9V6FiPqsqLurLgFcHQx/yCTe +c3pbxclaVV5f1BOTiylcgBNXHAc1tjWigedrCV9nc2ZbsIuxlORbjRWO2AY5uinC +AQsJUITdclvz2u6NpZBrYtJ+vuYVs0R7cqdCdf6WiPO2ZGdOZsjak4HRoopxkhKv +VlqgbFGu+ScUrvHWbLQSbpMffkTG8A== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter40.req b/test_key/long_chains/ShorterMAXUINT16_inter40.req new file mode 100644 index 0000000..56a23a3 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter40.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0MCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApomU +6bF2ooFir0Cq6DdiAxnyWJCOGj082+PQReoS2NS+uBKTqa3GVhAni5zpQeTbksxc +6PVVnFusYDUm4dHgcAMTNbdxxMZdTcQHtB5+VtG1rNuPp9cESDcSuKGrIpkT46OW +zDyiJRhCpikEngqpNA4lDhCbvsK0lluWYNQPO7BTXlWZH5QRNa5auaXyFnzKwYYU +dmbpML5sI5CxmDKuyMFeSgGRTSyuvEcFzc4Ya3Rl/I/3STcwyMBLhMyUzZxBh23x +hQTIj9y5rYTY60s1jFJA3SyEcgY5tHG46nhle1bjQSDam155k4qRxd2gGLM60TmQ +IpwNuuFDAXKjY0Gw8+uhx1gTrKMI+BlE2apAzpdfCSnRXYmaOg1G3FJnWVA2br44 +AYwr9Y64CqQaW2NUIQfB7DBAjql1gbt0L4/fevuDCxhey4kT/OuRIHiPjGghRM1y +4NLzas5jQUlSWZ/bNv7J7GGdB4uoBfcXYjVZ8VF0NkbN39AfSBiBm5uDqmcolAJ+ +XqCh5xIbCzOAx0zNScjnEG31mI5KmDJI4i+nqDvWY8ewhpxlZG/A4LPnSVxlYPCm +eqRjmMWDUtbK/6n36Dh4LTitAt4vzl4Q37yTubXRfh4v1TyCN67tt49riuLjSpFH +OR8eaq9hMxCNQiNg+jXzwCd7wB9RDa/NVAwrPR0CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAxSW0cMsVbRVqKiYA7itFENyW/cIoTKB6+qZW0eit6Y6o44lQgcgv4 +8IaFb7c4HhjPr+rS8r3lJBsMkSs9nwHKTsL1H7ncvswFoWoDpEw9tsZnM1OF5kxX +R3bU8Bv2Zm2xGhLfmKN/DVZafET4tv+6T9oV1cZvJrrxTAxx+RiUtcytoj8+AsGL +eKLpZt/v6dNbP2V00vyCOf9OVmptLCFPbnkmeNsZ88ZGYzdtuu6Pp1X79wa6CdKD +ivNJn71dHQg37y9BXJJMGQmimlwYXqXgczzDlMND30D5O+FZ6UeUwrukBwbOp/3+ +xwy9L5n7Ev+CpoQCVV1X4GUkItB4RccYiFUBeLpB2y5LFSD4f/keoSZM4fnoIHji +zP2H9j/Ix7CB10v+LGYdyHX6EsbmaWVvFl5uopbERucg28SxjX5eiBO5hsVdLwlj +L5s8LViQsqBTuysU9W73E8//XjnjyIfySQWBKu1zd4qFODAtHkX+cgaa7mkst6Q5 +AQT2oyz4ALVt12zmx5WzkydTKMBg3piO+5DMjISeA1lDcZ2rVvFz6NB8l4YVooe0 +ViHgCmLGaPRkgdrSYwEzRX+r6MmB5cZRt5yjq7BZwV8IUDBe+eI03w2sWlhKzxVB +7i2uZGaPY+molDSNVpxCrfds03rn2o6ey4g5f5JBfatNOvXV2XDX5Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter41.cert b/test_key/long_chains/ShorterMAXUINT16_inter41.cert new file mode 100644 index 0000000..92d75bb --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter41.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQwIGNlcnQwHhcNMjMwNDA1MDgxODE3 +WhcNMzMwNDAyMDgxODE3WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQxIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDIo63cF2u6nDt6SaEwn6qBqdXlL2og47rWFSmFciKQntDBaui0I6Je8rE3qx+j +UuaXU5Ss2ne9QTHYgmL2n2Y5UJkDK+djm3iq4LQGizxbJNGS155kpu7F7TZMQYkn +lxSZ925H8NjrHasN+weKieLKXHzJQdgoaF/6O8a1hX4cqUtsg3uM5mDpa4uLCvzI +6Uj6eAJIuPsViSr7NDSR38GQtRtZNEY1kDA84C0z2Mm5lZmvRSelnnp2Q2129bYr +llOUcWwJS0kiY2+D00b08zIEestXSEh9r0ppckWzd44go2WbdTm+sEv0zpTX98sj +zeMFYDnkvhZyxGqO2fg51kbJD0tzUGf9kFb2IfzCwQe/gqxST9OUNbhQ7tQA+j19 +y1s/8VCnWj7YKimPwL5G1rRPQNaQzdmFO3aCXsDOfNg/Xrt+448ono5Hjg3Dezok +6IisriP37+S2Sclx1O35GuVMAXur+/DeS2uX7oCvmGfZoGzSUHVWyI43Dj2j4DlM +T5kNYKWHqZGN4lG9qcNYPCyS3ndI8K+5+CvouV9lphih8vYWYDuIysRgiYBE1tQQ +LonPEu/Qw2nb9tW92jA1hNPXwFX2+2QMEBP/GLJE0iKoj7f6Mc/U6ZZdcG5op5kO +m+DvG+WppH+GsdqltZWuV6An0L0uIMHVRmT0SyJzVCohAwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUDnw0PutoEg4lbkQerpyd +t+itd+4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBPDuspfSAPAuMWhC06eBr5O41M32BpsXVAYZRTmUjcVZrMPQHN +7UMCA5v8AMJiDFwIVG+HLb7hEqyNgGki+Qob0ge4NF9IGyt0wZydHZd2B4+MVlPw +0280vxsOLpkcSzEwifYkrUhP2y3zMkhQQ1EkKbG0AKUhcvHppSUkYLwrvGoAtK2T +MhW5Bmg8Meakmm1DCAbEPhYkStS4dmAZGLh0J/cH7DeKc1g+jFXeo8oKo/DBX8uW +i7KcQLm8lVKM9454rpUhTg8Vb8aN5I91vKvDPRM/2sNhT5dlb+Ql9qq1mewKfEUa +4QfXIw9lM7OsOVKqbg4s0uY9f4Wwx1jordhm5wGorl5XfyDbHEt09QHXe43q1ZO5 +VIRUb8UUbKIsbuYbp88a1L0+TVAY+8eOTqrD8B6loxd8BPaZuRsPhAt6f+kWytQ6 +IXj6JMf38riH8JWPk0XsVmNZcyCQXgv3NIJULXnhh2xfqxPBETx2b5ERgHG3vnXU +RaXtKiS4as5P2xAlTvZrns8QjBA9smVPCkCooiyHlJfNAuogkOqDBy9der8xFMbz +8G+Y2/M8oxob34hggMx45+RTzaiJyySV+1EiK8bQnN9nBPJ0uGQdu5xq1jc8SjDZ +YCy2hecsKrmbkGRj/Lx3ch/+2ZRo6B4SmR8i2q4flliBhfZIQhHXXcw0hg== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter41.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter41.cert.der new file mode 100644 index 0000000..798351b Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter41.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter41.key b/test_key/long_chains/ShorterMAXUINT16_inter41.key new file mode 100644 index 0000000..8873011 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter41.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDIo63cF2u6nDt6 +SaEwn6qBqdXlL2og47rWFSmFciKQntDBaui0I6Je8rE3qx+jUuaXU5Ss2ne9QTHY +gmL2n2Y5UJkDK+djm3iq4LQGizxbJNGS155kpu7F7TZMQYknlxSZ925H8NjrHasN ++weKieLKXHzJQdgoaF/6O8a1hX4cqUtsg3uM5mDpa4uLCvzI6Uj6eAJIuPsViSr7 +NDSR38GQtRtZNEY1kDA84C0z2Mm5lZmvRSelnnp2Q2129bYrllOUcWwJS0kiY2+D +00b08zIEestXSEh9r0ppckWzd44go2WbdTm+sEv0zpTX98sjzeMFYDnkvhZyxGqO +2fg51kbJD0tzUGf9kFb2IfzCwQe/gqxST9OUNbhQ7tQA+j19y1s/8VCnWj7YKimP +wL5G1rRPQNaQzdmFO3aCXsDOfNg/Xrt+448ono5Hjg3Dezok6IisriP37+S2Sclx +1O35GuVMAXur+/DeS2uX7oCvmGfZoGzSUHVWyI43Dj2j4DlMT5kNYKWHqZGN4lG9 +qcNYPCyS3ndI8K+5+CvouV9lphih8vYWYDuIysRgiYBE1tQQLonPEu/Qw2nb9tW9 +2jA1hNPXwFX2+2QMEBP/GLJE0iKoj7f6Mc/U6ZZdcG5op5kOm+DvG+WppH+Gsdql +tZWuV6An0L0uIMHVRmT0SyJzVCohAwIDAQABAoICAFVQXA45G0LHSfcutc6yJdNq +vxvr9Gm1y+1aJEStCouKLGQCLJ7khBdxhO+R4SsWhhyUmqSBZObhgOt6TdBmaRY3 +8khJ8+MD6eRnFcWukOSEnGSfMKfF38PjoPH97+8Yq9boQklu3R3kiKayNjuvc/Lu +LtV5HQvZje4eWtk2wTA4wGyM4A1CrLS0WSqvaluX7sMqInZ/yawXnmIgibX5ehop +GE7vDmeaPxizjiT8qpIyTZ4cfsZKw/Hjq/koc+TG0BVPwUuWaqunsnRQc1yWyI7l +E++yObjPv4lk4MR2MsYoFH1s9DfkSPf4m4vVvtgjpMPVbeiY93ynjlPd1VHqjkAR +FVwWvhuqNg/QqCoFSoN1SJxlLusMTSE5EGFzT6O6fS+V2Nx8yCAvx1NBdsPFGCUv +VVXzyVa0UIchmxbJjt+4SQYSYs3Wgo1dqX7G19Bd5uMM/TZJCnorXiAcGw7d4G2o +PM/sW8vfDsLJZ/QFwLIHhgzBYXIjBBN4VHSXWWH3tOrak3GpHeEAfFy9FXOgB4mK +oPj4u5b5ZLmMHLmxrmAV0fgGrGlxhEFOp4O0kVUSnlh+Mw8yd2N/Qfj6hG2Dmfwh +mqO9pH7jecC7wCH/tv8D7rL+0AFlpBytommSZIUBzRMHurAGHBStIhwD1pZBpY6O +CbvGeCsGPJv/RZYu1bIpAoIBAQDxVXtkZILUF7S45sTqhqSMoudlw359CXc8Js+0 +wp72qS+rH9MT46EiqvPSoA4w5TMovDzWRjK77OBUY9KSscOpK0sOULOGv4yGzTbh +aqLlSUEB5USVjHFQEaTKa8BtibMovPaFD7ZMkoLO68Ayo4LeVZeHsmCwj20tU+l+ +RZjaEdGMIt8hFacnpzSMkaDY6lpTwtqbkvs5nn/QB3yusLRLQJJ5DNqUf52OSboP +wD7rL9X4z7d6gE2K+BLcRdAW8tbBrKGuY5FVi1AWRRmUha216n6vfIfHdu4lnqKP +mIre5T/vR1XCTNx64AliAttbsc1mEVQzO6A+qlfdHmxs85H1AoIBAQDU1Rj7sXC4 +GOktQ37GfMMtQ+3qZAKxtXW4Nd+iRZtWJKoVVTa9KzTmHYajRoeK5w5t78hgkLMY +7CBfNSgwBqGQt/evbKBsPKz4lSTDReIRu4V4OoSqMivOTyAq4V28cHa/3RZMMUT/ +pDKCaZbeuApJrGgR1pjm1h2Srnd6rEz5SDDbXrWcC9fmGLdh3uTDu9XqAowi22Uj +ssykPXbBl0JhXhkV9xLXa7t8Z4MRxb6m1ltt5FZE5HekYHs+wmOEpcylDKB4pQzw +7jFE8nLn6Zap3sNOVspNcQ3FUAr8LN9cgX8MTY/yXXwwP0maQhCYhDz38EPKhjPe +dRg/E5pjcXQXAoIBAB09AgoTs1YG2TpdmxXe4ii3w9ksajKz5uI+wYNg4Ol5bfEJ +lgUe2vLcS1YFVjLOUfhpdeVv882Y0UToIybqqo3gVOOTG20D3/6k9jUxOjMVQO79 +2+VScpgEyzZK/7FFsZMJ8cQFN0znozl2jn6UGNLfA9DI57X8annHZM6LmA0zg3O6 +9dWITgwb0d4F9rrRCciEHwAiOpWsgket4Ik5l15WoGhSCllbbLdEb2phHD5aOU4/ +vDb3PG3NyFsvihp9qU8lnyEFpyH6EuXf0U2RNI6JrneMWtbrrcaZBZDoJksC81AG +EHnN3hh09C4PsovVatEm4FCktLFi6eo8OV6p09ECggEBAIoPxkoXe8hgmHo9S3LU +ogOuChq/T6QZ00hw4iYwwyhpVk/KXFzwNzuDMcCe0vQ/GHQmVLSXiSaEnidEo1Is +Kwhm3mxUqegsoAQNM7Dcl17rZxRr2X1SWGpXl8VZNmY0CkRB1eINH/Y5fG5usmi9 +uCa8iTHxJHSxtrNdK7JPLQuUUeUsFeEpKZ9gryz02y9BnO1VQ7Sk34H9zZRJLs08 +ItpooRtHkFhf0VpNB5Ay148AhITP10qPbjEaSTiX/tigeRUkEMDSSIfN6/YO1I0u +UQbWs5kQ4eDEkqtJVibpsOcgNds0QUl2bUYa99LyQjO9rJMlr8QjtGf9S4I3ZDJX ++XcCggEBANp91Q5wrUggEGeBPEaiQfueJc3+P6WGb5yru7dv8WOA+JQRRuxHOKIM +zG/xs6DQ7j3ob3ELONwa4Jg6el/yEclN8LJlJPZIajLl7nAjkYqgVJd4dT3FyByr +Hq2nhje+LyL6xnmkq+WDasLa3PeLe/U7ioWzr7aQd2GA0Kp19W7gUoPy/DLPDrkE +7bWWS8NVbifjcVcIJr301kmWyjGZEKyedmlXmx2KgXKTOeaRhb+RRjpF6xyNxIgw +AtFPBThmolm1TttMCyX6T9xHsqfIr5z+MEbWNvyBfvKreuTkavLDalo1AcyteH3e +C9fP7i1XyX8OFjJF4eCjDD33eCFesJY= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter41.req b/test_key/long_chains/ShorterMAXUINT16_inter41.req new file mode 100644 index 0000000..8f6714b --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter41.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0MSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyKOt +3Bdrupw7ekmhMJ+qganV5S9qIOO61hUphXIikJ7QwWrotCOiXvKxN6sfo1Lml1OU +rNp3vUEx2IJi9p9mOVCZAyvnY5t4quC0Bos8WyTRkteeZKbuxe02TEGJJ5cUmfdu +R/DY6x2rDfsHioniylx8yUHYKGhf+jvGtYV+HKlLbIN7jOZg6WuLiwr8yOlI+ngC +SLj7FYkq+zQ0kd/BkLUbWTRGNZAwPOAtM9jJuZWZr0UnpZ56dkNtdvW2K5ZTlHFs +CUtJImNvg9NG9PMyBHrLV0hIfa9KaXJFs3eOIKNlm3U5vrBL9M6U1/fLI83jBWA5 +5L4WcsRqjtn4OdZGyQ9Lc1Bn/ZBW9iH8wsEHv4KsUk/TlDW4UO7UAPo9fctbP/FQ +p1o+2Copj8C+Rta0T0DWkM3ZhTt2gl7AznzYP167fuOPKJ6OR44Nw3s6JOiIrK4j +9+/ktknJcdTt+RrlTAF7q/vw3ktrl+6Ar5hn2aBs0lB1VsiONw49o+A5TE+ZDWCl +h6mRjeJRvanDWDwskt53SPCvufgr6LlfZaYYofL2FmA7iMrEYImARNbUEC6JzxLv +0MNp2/bVvdowNYTT18BV9vtkDBAT/xiyRNIiqI+3+jHP1OmWXXBuaKeZDpvg7xvl +qaR/hrHapbWVrlegJ9C9LiDB1UZk9Esic1QqIQMCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAPa0N9+8uRn0I7dW3tHS/ZFGf9LVzvGWGZ3+vuukfUeopqW8C+ZT/f +GuyFmnlZinfmYmOTRp/Fe2YUSkXMPbt1rwOeWTRhlFCH2Tbxzkt+RYpwGfmUZIlg +SmJiX1YijFtZ31cMXCbQLLUgWQUrIPvRSg53O9gpUTbf2SYiy3gjW57f3T65Kw6H +O+dXoJfvBT9wha+m6RQAfhVFyd0ZgPN27/0H2qVlimHtITBP7K+NR4IDHFU8J8GK +AJyI4PoplsG3ZLHDvrztAZOQxfH0eD/zeuHiowap/nGwGQGUNrsoFvWkN1+8uuxn +pQHRHr96OwLKKgbwZrvG+nBhGW6sFbJREeS+uehk9VX8HizoHE8b3pvUZxFQdOd+ +oMF6j0XcgtQQ6idbH+9KiDDZsBNxQgUO1ior9hQtY3570sqMUFPfi/LdH1rswNa8 +mZWBdMGuNYAHbQIR/CIvPco4shYtSjA4Q88wh1AgXrvfHanf2rEpCGIDxOUkFVRk +7kI84rOTF/EArHaUrMC7WF8JjLyUWxRXHZ/J5ez0GSOggxUSRy1WDbeYwQI+Rhyp +TlZN3X48KVEm9xD9eF0+qHLrS16w3nRt04hsgqnKjSEW7FaUZHz+pawIu6uZ7Z/H +PrJh4We1p8RURrc8FQfhkyRdfuxzFaUu1EQwaB2mqCGfS5xMdQKupQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter42.cert b/test_key/long_chains/ShorterMAXUINT16_inter42.cert new file mode 100644 index 0000000..ca2c463 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter42.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQxIGNlcnQwHhcNMjMwNDA1MDgxODE4 +WhcNMzMwNDAyMDgxODE4WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQyIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDuqM6TVFVqZM24eY29/2+KYiQhrAkZRZf09hQ8vNhcodn+ATs+vsS2RIte2dqq +2ldLtUmLrMfx47blno2d6HmalaySk98RCme9f1K5G7bAm/t4kfKs+FC9Agu0w972 +QSB7ei8lyMY43Vp1f5bFhJHb1qRwjx05O7u1ker3KcBQ5pRvfqXIjpHa9TJIB7bq +wAZSu1+x2cf306BfJVZ7BjGwvE+ExD8c0qimqDg+u29otIDpQAI3+mbGJX5B9MOB +8qqppRRKAPG2Upezxi7zNU/W9qKvn/nrR+sXjB8eY23za+UNHmmKgDiZB7njYZ1o +00lVYsD1pSv36gIX71FtNM+DtcN3zfrEQSCtMYqhzNQj8b7D+JMooZdcwpBEfUzG +2IKp6H+Gp3K/hQMKs6kgvyOAdfSOB1sIqCpBuDa4WLKiKeeZQfQ2zYYtYy157wVZ +X4YPm/1DC7QNh35GMyh1aQOk+cBdRtmNBWNZ6kEsqOF/6pcrTw/zfEYi0570I2Cn +LVP4anjhDw0Fj0XouEUC8xElhYi0COTMgpg6qSjbK9HrZmpcw8hauuO/RXq2Jf/J +f2DJEhlbn2t+FmE/XPHiu/yDmN28kcBcVEA1UwiOLu2mBLTdTa/Ec1SqliAkK9dQ +1YGrzaTf8ZvgcDABnWoCje7Poi2SmL7QlmLTj5EtghFjMwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU77ZsioJNnaVppUmx6Uwh +1fvpasIwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBd1p0QXTOiLrqMMG6RXYINZMY9azfnBLT9+SZqtGfrUo/18hXP +xfhf4nt7mfuzyKTgw+7LFZXSacB7SbnYDC8wDFjUtVlYuJ/Ph8CkB4rDgeolnNSg +alLdRDhpXobQlVb2KCfDwLR9JZfZHwe1xJQtslYq2/crxSONOi2DJ6aryDxI2MJQ +O2F3W2C/u793+9TVcu1yY11fngUFm9X2obbxO7LoYC4F0sZgT7rh6LcWddGomjpM +q8PeRw2HNoVyWhF3qCxXkAuzEeg1UXV2PMo0vpagGUzNsOQyYzgKGFIj+/bFm1ed +KI0hMEc8jrzVLObCqnbIDB5JcYr4EN/dHJJKAIy2GLHVP8ONIFwjBxVbfZoFS1Th +PrdY/9aeanUyrEqrTIINNY4WVIETuvsNbHLVvmtzapoS4Xrqz+8NhhkhC7XgULE8 ++s1sm8YADfpNIbvAnCRERULtfE1a90uQrmQSUko3wRN0cEpbh9IATfWcuAu2jQxR +qG6fdKwwjd6Y7FJZTd5iF/eushvQ7/OGdD4NMIrQY6+o3G0OySHB0487/lqULv8t +mzaX8hk0nIv8JOiAE6SEwSebJkVAeFDE+K/BQB1oOYQh6tFVaVMC+mTZoYAbG/Ua +vpM2pAfDL13xymy7p2V4+riI2kbJwOrRcgMnPyGHYCM3qjOjXfj8Ojpc8w== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter42.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter42.cert.der new file mode 100644 index 0000000..0a2331b Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter42.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter42.key b/test_key/long_chains/ShorterMAXUINT16_inter42.key new file mode 100644 index 0000000..989ecb4 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter42.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDuqM6TVFVqZM24 +eY29/2+KYiQhrAkZRZf09hQ8vNhcodn+ATs+vsS2RIte2dqq2ldLtUmLrMfx47bl +no2d6HmalaySk98RCme9f1K5G7bAm/t4kfKs+FC9Agu0w972QSB7ei8lyMY43Vp1 +f5bFhJHb1qRwjx05O7u1ker3KcBQ5pRvfqXIjpHa9TJIB7bqwAZSu1+x2cf306Bf +JVZ7BjGwvE+ExD8c0qimqDg+u29otIDpQAI3+mbGJX5B9MOB8qqppRRKAPG2Upez +xi7zNU/W9qKvn/nrR+sXjB8eY23za+UNHmmKgDiZB7njYZ1o00lVYsD1pSv36gIX +71FtNM+DtcN3zfrEQSCtMYqhzNQj8b7D+JMooZdcwpBEfUzG2IKp6H+Gp3K/hQMK +s6kgvyOAdfSOB1sIqCpBuDa4WLKiKeeZQfQ2zYYtYy157wVZX4YPm/1DC7QNh35G +Myh1aQOk+cBdRtmNBWNZ6kEsqOF/6pcrTw/zfEYi0570I2CnLVP4anjhDw0Fj0Xo +uEUC8xElhYi0COTMgpg6qSjbK9HrZmpcw8hauuO/RXq2Jf/Jf2DJEhlbn2t+FmE/ +XPHiu/yDmN28kcBcVEA1UwiOLu2mBLTdTa/Ec1SqliAkK9dQ1YGrzaTf8ZvgcDAB +nWoCje7Poi2SmL7QlmLTj5EtghFjMwIDAQABAoICADqBg3K2n+HfKFdq5QaI0g04 +lebzR5+8Yc4ZbUieeuPqgYg1QRLWrV6JWyk7etGbiP70SD1HdBSmYDXWMp1dWkI9 +Ivsj6PFCfcAEsIDUfG6nTnR2QumITjKnh7sesU/pE09x2pEGsSFLkltvlcSCBUfB +TLqTOvTG4fNW/CTvRUgP3p+eioGqAbONnG/wBDV0MZiieokc/FqStKPegV7TW+cZ +otzHRzmHovSIFJG8XUlrxpZnrKOQbRVyJ4t/t1Xp6VCBOYISzS6G/M2DbgsNLK9j +8une6+Nz0/wHy7ElatTbxGD87Z6YZEePj1Bgo7gI49dcyDTv8uFpqm23q1x8L8p+ +1VRcxpy2c3X0cbtbY3NWrffRhJO8nf+i2ls5aABf03VrmU3c1go5f8u7zbV9XHhz +69DyhIttuVZsRR/+VsGJenzTpmmVTe9uwccNMVRpkYwoKpQ/XZXVPHUSJm/jLWfP +NF/RopTdVkl7NwPpD8PnoC7bM6iCDVP081CVx1M7lywk7nMuauajzH4pjTQXTpX6 +v4hpfNPzzb5Ybn7xSyJi3RbLPeKMk0KG3oaO0hB+zFO06lrwatu/yg6NTggX/sHM +eJw3bMtegb5ES720nk2uOZ2ya3v/vmh1W/xFoHgkVVcRnAoCzjfp+f+NfCGTkLRd +bW/oMXgQcWT8Sg6d3yURAoIBAQD7eB0hPLtTeKYKqj67tOHW14Bt+iq4SZUbCjPN +u1C/VhJbLtsjZwjmiFBUvY1FdT4ozY9BBW18GEgeWozbQq+nHaH7V1AXfw9EfWRB +oHvrwzua7u4426s3T3JktvAf0nDKkPFhgBrBeYhCndQ9ViaLlLaReIDbWoSz5cIn +5hggZADieGKxA2iRkkMs4DJ6of5/ZKz1z9ZoxIHLwIPJQaNfYu19kaufGK3N9qWm +t4JiEkx9yaJC279dd0qp+xg1uGad7VvTiJOZA1RjI/yukgmXhCfrJVh59rrcnLKv +1rdbKQGvNcSa9j99V6U0QZilmh8rbKnn0NITwD2hjpd9AXIdAoIBAQDy9ZvYIbpS +1hJOr3CoKocxqybeLrjdc/RSDWjerqgKAeZxEWtk4T9f01W0Vjgvz1+VE0lfqXwo +5yxXjH6MRq31On0nRDEASgekOseVfIy3ARqIpRhGNkgSgz4DvEidRc6cC5W9OHRW +icEPK8ne8gvH62Ahpo7eZbzfZHbVNMAlNvlo666BwsjUu4z5IJboYKnjB4THmPAZ +eziHB8oloTVqkBepkaPiLY5r3fmHyASPKOfUPR1673m3c3aS1MwFmWWOpKW0vKGj +y/TCOaAfkqzUlUFJiXWD3HOJYodqhs04OjUtlfXpTWe1qLFxvEx3QbqIQKYPVZAW +UpKm/YlOLCmPAoIBACdx59/WzuuA+Uqi+cQn02UH2LVnkFvn7uOW7hlPUJMyxR5Y +czdSair/JtqkAQzsHxv3YokoeMwGYwmf2ohqJXNpSodKYt3MqHBt2tQQgF+y+B6N +bACvNGQwqhjyOShEsjyUD8jjd07x6VXJvAkDAnjSkvCunkfKIxa064emqBIsnZbo +m1J43mY3MyJO6Jwj3O/OsvK77z3v1QxI3mMrUJ0dv3L67pi+HkU4czN7hZAsnqL8 +hd9G6PWYSLXxFRMYIcCUAttjiQNvakVC19fqQGbr6/cOnJpFAXqpeb3rSEecXw9E +t9o21i6rGNbhkzgmvMzq9pvOPaWref9lho2tNGECggEAYrziKwH6APQy2HuAIze1 +XcAauazvQECBiF8ewXDlpbuD9WuI46SO5tiyOenYR8XVKHaAGTp91PmuEZ5tR4Dp +7YFpn22dJGrxlBK3Tc8iOLVgHSxLIy2oOK3RpB7+u7vE7bHflti8nva42PuIvOxN +UWAc31AbO9LI4Vio2pjnhbhDwBoX/3AzwhC+h/hwm9u87yD9G0jSOujS3j2SL5zG +YppQo38mxSKSgM/jOwVUpQGQxbZYpr9wDdgE1kNY7uWaWlAbb8pBPpoCzHQy2OH5 +DyPhNouAkKgk5C6ArhA+kp1FQ1NwbvIgNblq87f8s3Ko5fqwAgdZ2ViRdQAQrw5P +jQKCAQEAvaIZsrjB1gcyQM0gdJQ+mzRYrhNSviL8AYi3B2Y2XMpsL0Jo8EceanK0 +9LPFit4ujbyJy37LPMzGdd7ie3wZelEiRrW+o7H4BR/TuFh/bN3KC1oxe417JwWA +qShs1lYs9SR/f5KLpn5BaqI96g/Hlw2lH5r7UevbDonAoxe2KlxQNSK8mpNVymFx +EeaLex9B2Oe4Qq8t1OAss2NAmH9FuEZVQJSsjYbtUCIJSh805u+WwBrvVc+ePCxF +llc/aTo+0n4/cGmh+MenGYALzyQaWSe93iTUExv+UhrFIItTiDs2VDjYmwkqIcGa +F3q9hAyTlPnh0VY5ftI8hLk96RmKbA== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter42.req b/test_key/long_chains/ShorterMAXUINT16_inter42.req new file mode 100644 index 0000000..c31f06f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter42.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0MiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7qjO +k1RVamTNuHmNvf9vimIkIawJGUWX9PYUPLzYXKHZ/gE7Pr7EtkSLXtnaqtpXS7VJ +i6zH8eO25Z6Nneh5mpWskpPfEQpnvX9SuRu2wJv7eJHyrPhQvQILtMPe9kEge3ov +JcjGON1adX+WxYSR29akcI8dOTu7tZHq9ynAUOaUb36lyI6R2vUySAe26sAGUrtf +sdnH99OgXyVWewYxsLxPhMQ/HNKopqg4PrtvaLSA6UACN/pmxiV+QfTDgfKqqaUU +SgDxtlKXs8Yu8zVP1vair5/560frF4wfHmNt82vlDR5pioA4mQe542GdaNNJVWLA +9aUr9+oCF+9RbTTPg7XDd836xEEgrTGKoczUI/G+w/iTKKGXXMKQRH1MxtiCqeh/ +hqdyv4UDCrOpIL8jgHX0jgdbCKgqQbg2uFiyoinnmUH0Ns2GLWMtee8FWV+GD5v9 +Qwu0DYd+RjModWkDpPnAXUbZjQVjWepBLKjhf+qXK08P83xGItOe9CNgpy1T+Gp4 +4Q8NBY9F6LhFAvMRJYWItAjkzIKYOqko2yvR62ZqXMPIWrrjv0V6tiX/yX9gyRIZ +W59rfhZhP1zx4rv8g5jdvJHAXFRANVMIji7tpgS03U2vxHNUqpYgJCvXUNWBq82k +3/Gb4HAwAZ1qAo3uz6Itkpi+0JZi04+RLYIRYzMCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAsqBvWX/0BAIZGaq11gDoVI20V7gqFTSuFHrwt5mI3pWt/lbGmf1d3 +4DUZ5kv4U4VDlvGp7zWEbrzEwYMUk4KY9PJRkW5qQaB0Uweffkp4jgkxeBjpk4FY +C+kl76lK+R+DFaNacJlRS3y3KPSjufWwDODLTPOu8cmbgrpuwHwysCBPrBpqcHZ4 +mxDzGZGcnRwTdFM6bP7h90IW8ho/hy+vyu0i2rXeCXlZYeGlNQga7XMBi69+3RyG +BBXJQccyLyhrSRIK1CkP5Xcbx++Fk/+4Up6YxshPZ2Muc9wePAvVTNmDzGuyxBP8 +04MSII4GkjRSlRLrMpZeX36LqoArSqthSCvwNKhUfZaGXJwVV8279izyUIkZ3D43 +0u3esMkj23IvMXfMn/7inSFLcKfBGdJzzwdzwd+Lv3OEl5at5iaq2rJmRv/sF0EG ++PwUNIZ+1joXE6hKoaPHjWVBj3s0KGL4wWCqalRIZbPGvS8EfP2FVJlABuvAcUfX +i3JvQDzBUPbp6jZMJUEeWREwcWXWA5qTDAhbOu0aisxUKG+/5a79tFCnDAXHOYs/ +XH/sqf3cBK8U0ovw1+BslISvK9S53nfOJU+XSblJwgNvsYE6CvrdQyyP0HDPO63C +P1YBb5y0wQzSxf6Imj6ECURj1hBeduZj5caVrabrgtr/oUADuFqu7Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter43.cert b/test_key/long_chains/ShorterMAXUINT16_inter43.cert new file mode 100644 index 0000000..0b75cdb --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter43.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQyIGNlcnQwHhcNMjMwNDA1MDgxODE4 +WhcNMzMwNDAyMDgxODE4WjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQzIGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDWFEAhbpRSeAGCOIaw9pR1c8ybVkWvbfFCURtfaOSgVDGfwxJVitZNcSSftMz3 +wlLbE4LrnQtrj2dj7IG1yBThLXSZGdjuXZl+OQpi1yQies5fiTnnsAPFBj9bce48 +JlaI9Cs0zCLbIL23OFGOSewyXKTh2QYdWGhmfaLJEiIu9DG8T5Nib0Bt/xZTYb9L +Wh/+bSFicamVbehmfBEOzxrW1T51wsPMeovtcTVeK8fPqNHpbNX9KZUcXSjnD9/7 +EhbnfONy0mrh1AuDuYgeBgk+15KCN5NJYeHzuR6Ok86axMNMy8Oq6hWV1UAYtzu7 +gc9ZecSq4vSfpxZ07dOhplOncEsdYQ1CtrfOsOseGhzsPnt8MUmItYNXNxQazfyE +91Ebsxl5Ynevhkl6D7wZIePcpEbvQw5b0WZd4S07MWZWbQxR+oYaN+Th0yMjE2UU +kukb3xMdJR6QwAvVfZyYxXHhhr9JFOdr0HP4s7P80/yzj9ZoUj5ioNFD6Ud0MbEO +dokHwCDVPh7CY/gMTlm0lxfdBRqZyf6WPmsogRVpJzIvc99dQjkwzzdWvxJG+yEo +i1RVC3zh12AjVZq3/k76L3xEEDDUDpMyIDr0404NoA0UVaQFM893LlAkPTwV+edq +hqU32HK4NgVqn1HHLqDq8Og4vyTShiSR9jt6Zcg/tSo6jwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUE9On0sNeuniu3NZz1ksF +K4ZIYXUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAKfRgDwJM4FD1yloH8hrNKV18nxz9NhT2zFdlWJEMuFAor0LVX +PefZNZgmpPWIXVvXXqU25sfblH+hIqubt84ozYmdYMgJ9IF+GFWVc+p+4ny/4WNO +AtDy2DNVfIa8oYK7F6/KmzMFlmybseqTUBdoEwH/VL/tn4NYuuFt2BwjjqbetJAW +aLbd7TFLOOYD+SRzgcB3kRjeUm2iX7nE7WiFCdyJXYqUm/7p5QzFdz7/96J6GYeW +qxMxRBiQn5BJvFhs1/QgQYokw66na5tctsJjEzdBtatT3EMMh1pnhI3cYvrbT3X7 +nKOe0hJ9dj8Zyf6MxhIZUT491lf0nqsKF3sejfE+yqkI89b/NS2RYhkR9ztxFlaw +dJscao8UN73kM1KVmVtHDcFEhlqBsvHPBLG9yV1ZvIbGgpbQ4ankVoCHXcm8vrPp +CM3kJ3c6Ko/r4AFmOWFoyrOCAtF2CsX8khkyyV//ASclyUb/kSe3kOQw9VPJrx+E +4+H2+7h2jobBSHl238laKOQ2BAzzmQB8YXfM3Pa5CUDESug8dp2ZicQqHy95zBwg +JzFgJYrykn3ajqLdiFMuLRI3RDnGHr7w3CDES1vMmnzf29/LygRd34G4QIItSg8V +luyojO4Tx75PwszR2juPCfwLnu8L9v3cglk0x39bajUe6Wu5umbPzau1CA== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter43.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter43.cert.der new file mode 100644 index 0000000..29cc42d Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter43.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter43.key b/test_key/long_chains/ShorterMAXUINT16_inter43.key new file mode 100644 index 0000000..f3b396e --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter43.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDWFEAhbpRSeAGC +OIaw9pR1c8ybVkWvbfFCURtfaOSgVDGfwxJVitZNcSSftMz3wlLbE4LrnQtrj2dj +7IG1yBThLXSZGdjuXZl+OQpi1yQies5fiTnnsAPFBj9bce48JlaI9Cs0zCLbIL23 +OFGOSewyXKTh2QYdWGhmfaLJEiIu9DG8T5Nib0Bt/xZTYb9LWh/+bSFicamVbehm +fBEOzxrW1T51wsPMeovtcTVeK8fPqNHpbNX9KZUcXSjnD9/7EhbnfONy0mrh1AuD +uYgeBgk+15KCN5NJYeHzuR6Ok86axMNMy8Oq6hWV1UAYtzu7gc9ZecSq4vSfpxZ0 +7dOhplOncEsdYQ1CtrfOsOseGhzsPnt8MUmItYNXNxQazfyE91Ebsxl5Ynevhkl6 +D7wZIePcpEbvQw5b0WZd4S07MWZWbQxR+oYaN+Th0yMjE2UUkukb3xMdJR6QwAvV +fZyYxXHhhr9JFOdr0HP4s7P80/yzj9ZoUj5ioNFD6Ud0MbEOdokHwCDVPh7CY/gM +Tlm0lxfdBRqZyf6WPmsogRVpJzIvc99dQjkwzzdWvxJG+yEoi1RVC3zh12AjVZq3 +/k76L3xEEDDUDpMyIDr0404NoA0UVaQFM893LlAkPTwV+edqhqU32HK4NgVqn1HH +LqDq8Og4vyTShiSR9jt6Zcg/tSo6jwIDAQABAoICAQDFm/XCpn81TN8fpCv4h/Rs +IpM4xD8Y+2RbMeERhhKcSHtyHK/81GaTH6CN52fYP8EZxn3wHYvgIoRugW8OLH3R +iZL6jBhpl27LS73hlPQe+7sqBtKzog8ovGaZc6ZUUZNJYhHL768xFJzq1oq5zFTB +/DCa5Si2x9e+27P65Mk3DGQojk/e6hDQOEoUd8MLvEqSIYxSgdbnP4fpqhZY1CXT +Lw4zx6/TPT+S0xBPOBx9/Difvr4crVid0QSjnUzERmNsFSUi5UaR5JkoY4dZJ3s7 +TeRIXSKQ91CKGFQzig6JYJ1icyjPyLpaD3nWFrWFlQKgdj1q/IqQIL0i/DGBIrZN +xJe+/O3Wtzab+HxzSLIoNncljnzXSBNIBhrblkV9HUA8THZrVSYtqXEYpQVd2UVg +bk7hzlFxA7kJHs8pXTJhOjr1Ng1CQZneBe1l2h9pjDn4DnixxlFaEz9PIhhesvaP +jlL8lhllhdD8C0T00qORVK9n8U+d+Lb4uXpR9qHxKhwlTy/2ocXVBUXRU+m+6Q44 +rtE8AuDfeEPc/+z+7EMvQuisO5uyRMJkzmS1xkX5lAePQAwyEqzI0tTv2+iwbTD1 +lpjhpmucWLzF1tlIyLFg+bAn0ko+Mr9RnNZAm65mQrj3mwYY5D7KfKh8aWe4Ux0p +cO+MgzOdwqzmFjfoPL/pqQKCAQEA+26+Dkt7tFIMcNMPsDnlaukxau40ekv7fn+v +kaippy1psDPUUNMWiiY4r/LjjgRqVaxzudbaSyPJLvnJpubWOpW634WBuogf9efB +pTT9Lv3WiLeUAHKAw7InljhCq6UESwU17bzrbCQwgaII2DVkfBzwiVfioUntaEPo ++BzOLmQHgSqVJIK7FroujFV86xvwwn9Xi/vVryMS91CDirBBssnn7V/euToZzJS6 +1lAmsDpfubYS6IIKanw6pfMhtbVBiCyxsatpiYry8xJrYhE+3dm3k+V4qHaLT27H +nSGsUDESarmLaRhrWBYJ9BMeIUlfj2cS4958XN5fOoxOPONDnQKCAQEA2ffM1YCB +CpN7bE9Om9UVWwyv4ad0fYaEXp8ijxeG9ED9TdE15OLBIQKQj/+RFRe+KImY7c35 +Gbch6zsqbdiOZonWsRiwoehBIpSF/8E/BbA4QU9TeMttMjGLMpI3x2K/G6GEsMui +ujbQtF69+a+4ogOdMuufmo4U2tdTCkS7qaJnK1V5XpbgB9VGoEoBC4Cv1J+fVyGF +EbCt5i6lFrUcDa/0cZZJM5ZohK2tv401/+EF58TtzeTzXyeiwSfmPw9mMxDf/89X +iBZkdraeWm3L4fokG/jNpWiBpj1FsAT8oW1g1GzQN3p8rh/VriXgtIfuW4gMyLf9 +nLzjf+ld+TWtGwKCAQEAx9+3EiILSsNWxHHkLNE5gQ2zjS+jY/z3Bg53ATG0/ALr +23i4NTA44MWVlrldD86OwWB/9qHHkqf2DHPhS96BOr1AeuPkxuXjklYT6EMBadO8 +MZ7N9rUPi4IaWh6LUWuyx/hycHUYKTVzofmvUkDPiqJuzJ+it1jPc21Yy7QKa3J1 +TMcPHKEYHO8QhdqHnVbuw477h3pA2iLltti4WQ3YjEpZJqhpo5F+ZNVu2WOJ/dnJ +sxX8XfzSTuhGrxliGNLoL1poP7bmBMMCcxyXZLQU58NlXhqzGihygkisQks8cdsw +qsqo+njBDJsoenCgKRHs91CXAbIh5qmXxjE3GMwJOQKCAQBDQlr7utaW6+GXD3Xj +UkJvwR9401J39Y1dIV/ppcnoDzHa1Gb8BRixVfhD5wne51+vZJ5DK17ll4Qo8S3r +jXqLm5cbONIwc9m9kPU0cW5AFBuX06GfUa6VYYJhjYsWxJrSLOokIAJL0eRe9ClN +JfMkU1crwleSuqsmyHEAZys9cjbBwXNdQ9NHt4E+rvdZlFEtnD/wBBDq34kZ0WTx +99r7QkN81XIrMAt6fZly1WFHXymSVktHUJHk1/c6AVTkOp0/vsJQTqvk+3vuwfVl +VCIoziZcV08l7nSrVpbtdOx756OMiTNLG0nj9UDbpyaKrrNXnUjMmzHwLr1I2Ds+ +TljnAoIBACrYWFRxv80BtVMaoRCgDXKTkwuP/14ueGntRJc0sa2O50xGPxgIMs54 +DHHiR6EhaX6unkmc6kN2Jwj4f6Pi2YTiAskbrIMO+hq8w1sW+Om+nOtglCweZZpY +EKGnn4T5tc8Isoee3zyB0xq9DD0ngc7mgwC1G2dyw1wN0CxJ0UjJQIb4+KFV/Aa2 +hbTd7wH+3mnO4Fwun7fcCX5ch87NKcNbrOWaH8qh+nZ81y3d6NsTZwp7BHMjUrfU +40qSc99qHSXIEKiNDp7qrTe/+x30E2WjqrQHfVzQm6VsG+s7YVP1vz2egi63JQIN +Ztia/y2O23QN+gfF5lUA0aoyohWvHtQ= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter43.req b/test_key/long_chains/ShorterMAXUINT16_inter43.req new file mode 100644 index 0000000..528de8a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter43.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0MyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1hRA +IW6UUngBgjiGsPaUdXPMm1ZFr23xQlEbX2jkoFQxn8MSVYrWTXEkn7TM98JS2xOC +650La49nY+yBtcgU4S10mRnY7l2ZfjkKYtckInrOX4k557ADxQY/W3HuPCZWiPQr +NMwi2yC9tzhRjknsMlyk4dkGHVhoZn2iyRIiLvQxvE+TYm9Abf8WU2G/S1of/m0h +YnGplW3oZnwRDs8a1tU+dcLDzHqL7XE1XivHz6jR6WzV/SmVHF0o5w/f+xIW53zj +ctJq4dQLg7mIHgYJPteSgjeTSWHh87kejpPOmsTDTMvDquoVldVAGLc7u4HPWXnE +quL0n6cWdO3ToaZTp3BLHWENQra3zrDrHhoc7D57fDFJiLWDVzcUGs38hPdRG7MZ +eWJ3r4ZJeg+8GSHj3KRG70MOW9FmXeEtOzFmVm0MUfqGGjfk4dMjIxNlFJLpG98T +HSUekMAL1X2cmMVx4Ya/SRTna9Bz+LOz/NP8s4/WaFI+YqDRQ+lHdDGxDnaJB8Ag +1T4ewmP4DE5ZtJcX3QUamcn+lj5rKIEVaScyL3PfXUI5MM83Vr8SRvshKItUVQt8 +4ddgI1Wat/5O+i98RBAw1A6TMiA69ONODaANFFWkBTPPdy5QJD08FfnnaoalN9hy +uDYFap9Rxy6g6vDoOL8k0oYkkfY7emXIP7UqOo8CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAjsI/C+pLSKaOo6UMGznbPvXA3abtzNAtbRIhdquRM/Ur6NeyvSJBY +jbdW3Vmm7KuPQ1Md/CHB8scaI8ZZ9uyr4CfopGXXSTayFS6ImfOCmEHXcdiPV2C1 +qY6dxyeXs3zBgIMIolzDDj1rn5tTyFw9RF9RLV1zHpi8Z7E7OD0Z/vQjxhSv/7dB +bTQBZHPIqwT7Gqx38Gn9ZEjJTH7PljJBloOlTHR11qq5ogUOdVeAAxfI9H83Nsee +2Cln3TWH5Ww7o/XkUw/eVS5p2xb93uAH0CVm+P1S/I55nX+SmWf4yCGl6+y0gX68 +0elH9PvtOQ07ax1yhs2RUeSuRyjMemIW9zm0WIAZ59wC05t53CRQre968/llwoT3 +Z/FpES59S4ZCDyXjJxGhuL/iP35Hd1UuuhqFOJPff2Ci3BNT1TF4MGm0IXCSpDTG +QH7V78ZDEHozzyaz6daZT7Uscpmd39ZAneaasr5gK17YlIiMT7KVi8QNSLwJ1USj +CQ1VnJpTzhkhzma878K9ekpgjY8BFZgLVEAzWF8EqFfdzXELf2gB8oS1hWRu4S3i +VoK6XPtOM1rGj1vFOLKL1PtQeAI65hY5+8f5nQJ5MpoHts3n5t7pcEClOH9+v9YF +roHAUWa4Dh52sC49mk4FphvbspGUzj006hklWJ53pR/qYRgV3pBmLA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter44.cert b/test_key/long_chains/ShorterMAXUINT16_inter44.cert new file mode 100644 index 0000000..5e37a74 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter44.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQzIGNlcnQwHhcNMjMwNDA1MDgxODIw +WhcNMzMwNDAyMDgxODIwWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQ0IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC+687xd1i1zZ+Gaq2wp48xGwDnfzNcVOH08p3gW5C5b5dptqmW+XccCYVhV5jr +XVDg4I4XnQNBHW5vXgXQDfDjnWV+arc9Si9wYKYOVv7mIr3kuPoa4mvjCYX4W4+i +8CyBKcE83EkhwBX1+gUIAzfRuwiQcCU1Rq6ndgFOdow1jye9pmmMkRh9eSABEYo4 +Aj/11F15RDEQXVEA6kijxhl5is0asfs4FPz8koIvHkZrLJiKilRRtQbIXDQmraPL +aNSoCaflj+VLfBcZ7IAffLVaV3WISgBOeIgXqVIefcqLAFds+GptnFIRMcdKSfv8 +KRv+WRs055bJ5sU7txOeM+muznsMHTSMuMyF+pGlYlQtnfdxLdp/1C9s8syveAcN +t2sHX0pPaHeYFLEtGdsFFB7X2V1uYwtY9XbdztYdSlwt1VZCp8P5gFNEpAnj5At7 +X/9KNBNiczRkMVSZpEWCr+8zymqhrgQ7mT3//4lmv2vFCoI7mhZ0tgnVFAM+hbw6 +q56ySLf0dZfyn7gTDfckh32VdJsWEoYqtyOZkmCs8n4k/6feEcVGzO8u7NPg/G0h +u7T1OHgOX2LmAecRfHDLHyEXURI+VD4hlGG0tv2aLHIyiIWoh7u5x3jzLX/bC+mL +NA+5L+F0JS21atYS5xXR9/wO/po2EtDclUjn9OKk7AMPqwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQU/UCt7k5+b6+LirzYuQ6U +E1Ric7QwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQC4eJkrpMuIZ1Rm1bXq2fcd3QcATrYoJIkEAo8xOkageLN5yT3w +fJfo6OmAeU6zugW6SgGcZe9B+v/X9hjhIZkYW0dnagdcYjnChLEEQqBvs6xT3DII +8F5DaLXLbMyQ2dGFZnXAoGCxUo+5VoJ9o/TQp9sXdGoO1yLaM7w+TRiEbKoYGqpF +4D2o57Z737uHJSAgtFkVUX33L6QKHal1zVWB/rRNE8hHiMQnWoclxU2omXoagL3d +JYd72JX+Vy2aX1vvhCuNuKfJBG9n7c1IUrrBMR65i7xyPN5NGw72rBn4dsw+/w4X +MMgoFldqhD4SUG3zSilbb1IoCMOF+LWE+sKcfuha1aNfddN8oObXKKRpObLxhMsv +pr982H6i9NC3t6VBHNmQyaaZZ77wiw9dgSN96Ydn8OqIGKUyINfBUDzPxbTp8rkR +fW1UKvakd4pMWChLl9/M5ZFPRm70Pp8a4E//uIwLolOlfAruzClid7cs7dnww3xg +Ky8OfDfMph6U5FxzgTn6wTiPWzmjNdpCMpeXA/alNtGMI8TZuZJGXbYL1DMzYO1n +EJcQXrXieZiFjGcs9LmNEvG/Vd7CYkuyVUbKCUV/e4+8Jqe5KPTgJd1ObsUwLH7u +zDMyZllYtGX26nD7c3V32fzIZ0SOQD21PhP8ReuL0uGBCeI8aDsV0g8l8Q== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter44.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter44.cert.der new file mode 100644 index 0000000..bf0cfa9 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter44.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter44.key b/test_key/long_chains/ShorterMAXUINT16_inter44.key new file mode 100644 index 0000000..aa7b813 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter44.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC+687xd1i1zZ+G +aq2wp48xGwDnfzNcVOH08p3gW5C5b5dptqmW+XccCYVhV5jrXVDg4I4XnQNBHW5v +XgXQDfDjnWV+arc9Si9wYKYOVv7mIr3kuPoa4mvjCYX4W4+i8CyBKcE83EkhwBX1 ++gUIAzfRuwiQcCU1Rq6ndgFOdow1jye9pmmMkRh9eSABEYo4Aj/11F15RDEQXVEA +6kijxhl5is0asfs4FPz8koIvHkZrLJiKilRRtQbIXDQmraPLaNSoCaflj+VLfBcZ +7IAffLVaV3WISgBOeIgXqVIefcqLAFds+GptnFIRMcdKSfv8KRv+WRs055bJ5sU7 +txOeM+muznsMHTSMuMyF+pGlYlQtnfdxLdp/1C9s8syveAcNt2sHX0pPaHeYFLEt +GdsFFB7X2V1uYwtY9XbdztYdSlwt1VZCp8P5gFNEpAnj5At7X/9KNBNiczRkMVSZ +pEWCr+8zymqhrgQ7mT3//4lmv2vFCoI7mhZ0tgnVFAM+hbw6q56ySLf0dZfyn7gT +Dfckh32VdJsWEoYqtyOZkmCs8n4k/6feEcVGzO8u7NPg/G0hu7T1OHgOX2LmAecR +fHDLHyEXURI+VD4hlGG0tv2aLHIyiIWoh7u5x3jzLX/bC+mLNA+5L+F0JS21atYS +5xXR9/wO/po2EtDclUjn9OKk7AMPqwIDAQABAoICACQkE1qWUw6nTAlv7E1CitKq +3/Lym1BhKRzrSIOOEclonGsAjv3rX2bJTpxsrp/vXD4VhBBoQpNy9NLUI5mM6grM +YsgZf3J0tqI5SXXxdfMupG/FrGKmdfHWfavT+U7I1EPnGZNhx95BtGaJ26X2pfxn +wWlGMWTyamF87yZhPo1s+gLmm5hmZxJpeWt6XIXZty3b843fIMKOR6U6tGF8QJpH +cigZhQrKvlE5krdErePf30hqgyescwo+mgiwWg9JWugsW8ITCT7O0Lixkldjjhj5 +8V/JUmGIY4rHHKp0+YByohoYtFzneImUuLsRYkgLqCbvyzyqklrJ+pAhSe9quFNx +JPmApyJP0f7mmnaMxYWtKIw0Rvu0ALG8U6N7VF4CP/fuZiY2BYC+MSqDsxhppKLS +k7UBvYx0JQmiKKdYR8o0rZ/h+6s0sqMY5mCb9h85l1fteLVU9u/baMZw29K5w0X6 +JhMBFn0jwLFs3C/GeqQoJWYRBn4pLOp/lGafVynQ8JK2i+Z0ebQ/gj0bAV7L0Uxy +QN8AaVuBk/S6Uuvd7NyNmU4dN3lowljhn0c+zenY36WDHWAUi2BF4qPEpjtMf+dW +08bgOavRUUu38ve3eMtO8iys/QTHnEbXck1moJyJnR5lEcKRlQZqzwlF9kM1gGbO +/B0KlAEgqX0nT0Xdx90hAoIBAQDpL55tizlcp7wur/fo+7cbIrXC4oXBvEFPHwCK +RPCoTH3ELhCpuyWAbMvQsdPWniA1iGw7cV3AI4pbpf1uSygldIPWhOfQmqoILcgh +nHFHRkfMuS+N1B6eH9PvBYgHL9AM1Q6jvlZCs2Xc2g3/m6Kanhdmeo9oTO87Yh15 +Lp4wS3ImKwKHr6Wtj1/djh4klDJzlfzawfdVQ3OewjMu9hFpfoye1XgMUdFXfItE +gyHlqz6mWTRhVZ64fH8g/+Np7mmEAWNg1XR9WqA1CHcc8fZi6z1VL8XxAeDadjhY +XEngBXBdy7+UHOYzN+aLVBSwH+/AslwKMKJagiSlllGpiF0jAoIBAQDRmZ9Xk83K +FOJhlQ5Z7/UIK74/nDu2fchH0tShPwLhhBmhwNGU2kUwJakJfSJI/t8HMzy6jcLh +bvC/cx3Rb8TXdq2ywb9tUgKUEg8VH9vBgbeQUhfe5B0U5+ODRB1gRuKzOW9mW47f +JlUEUWb5S0Wqa/UvmB2ab+9ztHB/8xI5U2w62J08HIiuLToeE47iWkF13tCjWc60 +Ythbi4dTA3cJ4uq3XxnRf9LKs079WSCBhtZALjiAzrysxsbeJO1t5jVRWwYzvPMF +1hIhKhf9s+4728x9K3eZ28MMuwoQfgstS14cvVpc/aj2i7lGrV5yQKZ0xrYIG+u4 +Ob71u5Daxb/ZAoIBAQDUpv59u7emDbmJgiQ9LkB/2JmVjmqYkQumEgm2DsTBVnBj +FfdQMkEy6wS730/mqvGIoE7DrtDmRgMJLUj+6j9EWQtZ+H5HOKTTLJ0UOcz8SNV1 +l3QMjWMWpMPreEni8/FxomLlZNDZpyy/yYN2lQImqwGADUj2vyJ0LzfdqWvNcyA4 +OoTmJIKc0uGD9PT8OsH/ssqS3MynzwmDwGpY60JZyHSI7Pe7lGmqtQN0iXnCLvbF +URh5o1FJwQ9WksVbd3Z2UaXFSyQepSTw+DVYCji9YPXf199VuHbMA3/C5Pbh+1PL +1eFyOyCbmOEAMr9jFtzYCE/zYwLMM18kOv9h8d+tAoIBAEE8nVm2yUByi5tvt03K +3+sxIj/OMs+0CphASKn/YLgsU4YC67h2zz4TGq+3YOpzWZt2GRq/cL6Vtxz/iXJc +ZVniuGGA6EHwWpkXndYnWlC6PRYQVxmqylptamS62KHUrk62O7QSHz/ZQHDdnT1O +blqCy4eKwvwEhvTuXm2UjEGHc5JFRXsmLmx36zTdRYWyLdmwBiQxmaKPeWPU48O0 +umI7XG7CjNil/kfU02sLSJDIFPtY54E/1323SMJvn+6qzkGKIT4NO16/qFjmLx1p +2WaMHPOAifM7cVQPCyzi7jukz6AGV4/F68cA6iPTZigNc0G5b4LKne1zG7qELKvL +DNECggEAEdhIfpuToNSabF9rTfiHmnq9rsENqTbL3frEb9ZNbQVTNIj2Xy9qaRPI +bkqe/C9nZsQFyWlqpxZ0uTYXpU81MPphvkRM2BImK/rz2s1NWBQXWGhDnkIO/Ccl +he/q0YyFp9gcUsKX//FP7FWMmcuXoVgF4bYMBNGQwwccbr0pPykLErlvNEzcHiVG +Y6yMl1o2/69WxRKokzEwMYVHDAzgrNfGviXxqX+/IcBjpPtfqAOAoVpLFccHk/JG +VrUShnLjotVqgbReqbs5YryP8ImUzE65tEOltqQ1/DJzGgfUTGHY5U3lacwRBBJ0 +RzHiGCfo01DmYaAPGuQbwxHkOhGrKQ== +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter44.req b/test_key/long_chains/ShorterMAXUINT16_inter44.req new file mode 100644 index 0000000..d3f95f7 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter44.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0NCBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvuvO +8XdYtc2fhmqtsKePMRsA538zXFTh9PKd4FuQuW+Xabaplvl3HAmFYVeY611Q4OCO +F50DQR1ub14F0A3w451lfmq3PUovcGCmDlb+5iK95Lj6GuJr4wmF+FuPovAsgSnB +PNxJIcAV9foFCAM30bsIkHAlNUaup3YBTnaMNY8nvaZpjJEYfXkgARGKOAI/9dRd +eUQxEF1RAOpIo8YZeYrNGrH7OBT8/JKCLx5GayyYiopUUbUGyFw0Jq2jy2jUqAmn +5Y/lS3wXGeyAH3y1Wld1iEoATniIF6lSHn3KiwBXbPhqbZxSETHHSkn7/Ckb/lkb +NOeWyebFO7cTnjPprs57DB00jLjMhfqRpWJULZ33cS3af9QvbPLMr3gHDbdrB19K +T2h3mBSxLRnbBRQe19ldbmMLWPV23c7WHUpcLdVWQqfD+YBTRKQJ4+QLe1//SjQT +YnM0ZDFUmaRFgq/vM8pqoa4EO5k9//+JZr9rxQqCO5oWdLYJ1RQDPoW8Oqueski3 +9HWX8p+4Ew33JId9lXSbFhKGKrcjmZJgrPJ+JP+n3hHFRszvLuzT4PxtIbu09Th4 +Dl9i5gHnEXxwyx8hF1ESPlQ+IZRhtLb9mixyMoiFqIe7ucd48y1/2wvpizQPuS/h +dCUttWrWEucV0ff8Dv6aNhLQ3JVI5/TipOwDD6sCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQCbQjJB4phAL81dOkosU/zMU0TLW2wvROkG8yHSWkOKwqutXGDIvJAD +DnIWnuEXcQJtLLE0iyMnSCfAREP62KL632Y0wcM6oi6hmgnsDkD4EX4l7jpzJyag +mcI6nB6RQwd9Q2pY1r2Om7ToqIYpu1Qh5Xo7lk9jZ5wN/He3P3mw0lZv33eTUyJ7 +15mA41viO9SwJ64AsfBb4Z1+Ct+TAhb55vT0YjikSulwMk4SzrX0y+2aleuqMQk1 +kEU7rNvzSET/HSL6oTdWmdP5sfD3KSYraaj+LYL5YkHP42O3qj6QXWOi7XOYQYIR +7inMVl/JpBDQQPDINXUJgrJqvseXL7sIWom2fuHpjredab3z7ejUBs7jMAoZ/3S0 +kAx72vfKDgyTuTxANpvLglqbpMPu++gIun8cEtUKCiOKCFfNyB5pKT589fiy0HN1 +TAJ1jkja6R6qvHiHjasIvEG83Uh9bEfQLLON2iTi1U/MzGXgcIQKjd5BwbmkIPeE +19TgJ808GZHQacs+vmSflm0VvANS5IkZSgkFSaRmXMf2yeADdF/W8+QgPnwNxKm4 +ytxKDQZdRkur4X3I3cgzpRlQN9vEW3sx+HD5khqWaR6jaw55zwv3efrkne1nL7hp +dXOh3BPiXS7q6IKOiOQ7gzzUwWGGDqrFfUXh8qGxBu+t/QEkYTKN9w== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter45.cert b/test_key/long_chains/ShorterMAXUINT16_inter45.cert new file mode 100644 index 0000000..18c058d --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter45.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQ0IGNlcnQwHhcNMjMwNDA1MDgxODIw +WhcNMzMwNDAyMDgxODIwWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQ1IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDRX0Idc2Bb5YImXwmn7++TtX93UlTzW65/CO9ytqtsK+NfDtzI4cFa/chHTfyW +Jf9TqfMjaaDRxh8GRRCMn8xQjHDjjRLMYz0oPAi0T9hBp8i48QaH80a2Jb6PM30N +vRCuDVlTibkCCcCpJai8laEcGGnCyYXw4ZjaQSyZVvOulZ0Uow4zAL02mb5J3MFk +HfnEKbuyDOhHzILC4isUa/1CxMVhYTE0GpJMD/6WaLAvLW5UxW4bpmwKQBWVTwM1 +XwZo160mC49TnNri4Nacu3Hy99w/jdCf+TySr8BlsUPVlRp6H+C8TI7pqi4IZbkH +/Geb8ZBFT0sbLKOUr2MYTIObu8s4ibcuZNY2sSqL/CIm1E4zEsG3IXIG2ITFEuTW +hcdzmnluH11Dl5JQJWsEa0oyhe0vc9o3rq2dGnukj04vPloheDWd9UQL/oEqjuNZ +j67HDHS/5pb1zYTG+BZXqLYO1YS842nzIu46yI55BlowmGIAGlQIQM0AZdmLja8t +AQD6scPSbYbm39Dwj1IdwB2rri1yhbfbhS9oIZD9sX+tdlI1OJCBGn+rbaTffQKC +dR+cJuNPk/hLvua5uQPawCYsMHittB5+4aQBESyNuUia10BvpAVw1nbqePVmTsYC +ljvWgKpp81dbOIpN3HapzcRuYUyY2E715T0876CtdLDmbQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUVv35CcSVaT5onanIKaac +o8H6T5EwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQCxkKBs9pBgj0YOWIcft15na1Ifw1zAITXml/lCQXQtagQz2L/R ++rGTxcgfNVQbMGtwPztqTgeBarb8wJRmr5yaTi2+RLTLlVFHevI6MF5gAbSDRyve +51SZlYuTwI/+vtdJPubaGwTIN4ib6AKS6MgH7fDhRkkjbhf4Ne85MydSKdsjbWHw +whn6ljXvOIbbW9eU1mfR7QrS2GHj24hjPL1RK3rZ06trpbqMBR5EahqNgJVN5kWC +K7pOjHMkO4CdLGC/ZHBllf2C/MDncn0bC2TovYfVgwz6R/5zQOPWAz0yXrigmLbX +0Om/zmuT9doLV0P2I7HxseaoR/Z9K9C9wglFZ4yHx+7bRbzHyXvz0d+IDb4nsgHe +m+vAFWAmJ4B4t+0+yZkzVU2x3FkNDMu/Pdr11u+miTqvPSSYTBMiZ+04hAmGkmz+ +OYANstLNjiFQtnW5bm1KjPQnGF29NXxSmYLNZ8LXb9L6X5kPwq/PVrupHi7n/CKp +Dv0rmI7cvJTbAQG9Hd+gTeSCs4bGxXMIbRGNNc/bOehQadlIuCyn9nPdTrpplG7Q +X0EhOF0xhKzuiv1wJahV+uCfkaGu66LOfMaxt5gC4y+N2GAA8/SJOKv/drMEfXDu +DlViSLd/ojtpJvshnXWAIqZJ+m2cofaF3dl0xcmDy+cnkN8thOg3CRZr7Q== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter45.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter45.cert.der new file mode 100644 index 0000000..9062edb Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter45.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter45.key b/test_key/long_chains/ShorterMAXUINT16_inter45.key new file mode 100644 index 0000000..2f7aff2 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter45.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDRX0Idc2Bb5YIm +Xwmn7++TtX93UlTzW65/CO9ytqtsK+NfDtzI4cFa/chHTfyWJf9TqfMjaaDRxh8G +RRCMn8xQjHDjjRLMYz0oPAi0T9hBp8i48QaH80a2Jb6PM30NvRCuDVlTibkCCcCp +Jai8laEcGGnCyYXw4ZjaQSyZVvOulZ0Uow4zAL02mb5J3MFkHfnEKbuyDOhHzILC +4isUa/1CxMVhYTE0GpJMD/6WaLAvLW5UxW4bpmwKQBWVTwM1XwZo160mC49TnNri +4Nacu3Hy99w/jdCf+TySr8BlsUPVlRp6H+C8TI7pqi4IZbkH/Geb8ZBFT0sbLKOU +r2MYTIObu8s4ibcuZNY2sSqL/CIm1E4zEsG3IXIG2ITFEuTWhcdzmnluH11Dl5JQ +JWsEa0oyhe0vc9o3rq2dGnukj04vPloheDWd9UQL/oEqjuNZj67HDHS/5pb1zYTG ++BZXqLYO1YS842nzIu46yI55BlowmGIAGlQIQM0AZdmLja8tAQD6scPSbYbm39Dw +j1IdwB2rri1yhbfbhS9oIZD9sX+tdlI1OJCBGn+rbaTffQKCdR+cJuNPk/hLvua5 +uQPawCYsMHittB5+4aQBESyNuUia10BvpAVw1nbqePVmTsYCljvWgKpp81dbOIpN +3HapzcRuYUyY2E715T0876CtdLDmbQIDAQABAoICAQCZ1c0FSJW/T8WuHdxBaVj1 +hcDPUk4atP1kV5NgDPmtNB4O5SOx8bYY/ijew11YkTimJ1P/bAf+ufxnpe0/9dWw +RVBY0XnDdRMlcd7PZW825mnkASxUTZpiER+Ppjw3EPileids6t9lsPa/EW2GisZi +l0l2Fo30bD3b91Empa3MVB+jXx76uItOB+655JqvzhqLWEKR00wEHS7itD0E90eR +fHSuVTRK3U8q1gGwT+FL+Kx9WsbJSCFP8sApAXIRD+3ssLOHJa08uR5W3u6xIETc +SeOpSrDEKeOov7u0vGdkEfbvTmbY08OZyjGid+NZC8qw2O+xDU7Y+5aBk9BStT1o +pfR8VvSAkv+GM7xy2YjU7W6/o6ptHdEhZRH05Ifp3xjzNIXQOhV5cyAH9nKvUol5 +bc14+G/WkBOXqTZSu6RfA4ESMOWdySU0288CShs9Su0sxbKqmKC4ukapJe+8DAKl +740VW29LMs+h9mdF2RuBS7+aLsOWsZZm9Rw7k2F6tZmELsPEvNZPZsp6V8U3yM3z +jfOZNxWUNeGqxWFmYEa7m9B2STuTZJjhrnaCHrpxZiQkeTgt++ix8+q8mGxOldr2 +55WfJu0e7LE9kX4qHEH0Y/Zt1ge1tI6rPpreRoUTHereitsoJg3qwyUtYvRaXCGJ +2qr1zV9e4acTgMRafBeAvQKCAQEA9PJafXsmUEkSNvkkFdbaV8owIESGhcbTdZgF +Wv/ISxj9cluC4nwHJGWd4saqOnKuGrRBpaYAtu3JRDT0FILJKcfaRpskD7+Y8OiC +/ZpG2F5yy948My/lExfVI/LpIyKR9bF7KF4zGiq1LLuwuwv2bGADhl8KVbUHpLpw +rWRD1vWUemZIDy84IFi8GUSVqKqnl0oLJE7qC7sEI4UC5abt7ItoRhGDgDxIhIMl +CAZf38eKbRqmrA3L/TAT2cVwGj9z1BHIj2Xr6mRpmOPX7SWzq/KwTu1nNjr8mxt4 +K/lBV3YWJrPoS0uYh0g71o2747Dk47G6jqCAJWV1lxlzxC0SLwKCAQEA2tHxoYpv +UQkM60TjJkSWSCE0wRa7zkYtd907BicrBHSNyRjTvsgyzCcEmRVAmLWObZltiZjV +KaMx39MO6NZ+8h2NmU5PWcwlba92Gm3yCQz+TDD4SvywF56pRy+GzvL/OctaDkEp +Fz8aP9aGF60fYvgX3BXsqRBIA4A7UvjczZ+NXVnq2NvAQ8+fH1xhneWVC+oaAesH +Q4wQ+grq7beAB/HXbW7Ur88gSghUMI9ccvs4eDlW6+OZX4Qg/6yetIuDdGRZldou +BO01IlHIMfdQ2Ucy3EE8VmdHsNpQSlNHAA94pTviowhAr2XN6KkWqBWkdwN8q/8b +s0Zxm/kBXYa2IwKCAQEAoljjKxntafcUcIUuqp7ttpQW07w3YQFH9D/fBNJVQZj9 +mscWd+B2p2QGgmDkQLrztFVW0WC2RohSBrgGMnYAuIVyoat/+kQmLT4eW9HeNNhc +w8y3H8IV1VLNfPcqGJR4I10P4NCWlDhMPqrj1wV1vZzhmTTy152VxFOiDPpQkG/S +ilGyXwYP8Dh/60tu2gzJ6Vc1DUqUi1PXyWcGZYn/VfGMGizPeLX75oA5khkPgHVz +xR6N66l1U4mDDqpyw6LctWlYAdsuwvrsll4lJlP/wu6mdpmY9/Oeq3tIafTZnwtw +YRSK2STwonF435qvNplvC48ntBKi/KZDivNerF6nFwKCAQB7F1J3bqpDyXWM+wlU +Q4zOMm+8lo8679sv7DEBuxLFxNLlZqPmVDPPB7vcaUoXHTpriL1Hg8OVUooBwHZI +oDB0/g7jSFv2xZHga61iHKrkUHzUW0+wzwg3oTbUJnYNAEB2QF/+WMVGoGahtolj +1C0tvSWe1m50hAYeggndGMUMnk4lTyl+p8811htKxuraqYT4WM4cehtx8d6y6WVS +J8FLts1ab9gQtdESFDFXx61XuN4BMzAkLbnfMzJk4LO+GCTwWmrSkxMEDnOvRJX7 +FYZTU2vW3pOUfzCi2YwE42ezLwDM4i0RTNkmUXxM/qESGGqV0E5XaoAojt3lwWL1 +O4xFAoIBAQDgRi7xa+FKF2OMcbUFc1yVdeqCDaCG+WTzGXCoAz/oz6exT40b17QU +5Ekto84MuejRKuQSKuDbKJ0EdO7CHMJ5LCQECppF99c6nVRQp8J62liKWXBH/wOA +qBeJ2qF/H7epync2I/NXRQo0X0gGsU6kEpXYsDJcdUj3OtvytnlRhCjvCVRwkZSA +470GoyxqZpCXo5h4omKnOivNvqAsg5mTNSrTUKPjiZp8ctrxI+P+sALnGsE0QVk6 +Z1xz+77d0T+qfd3NvPLgFxa2pHDMWoXjrsJjXwn4ee0XUlGdNtO87ugUOYVfDx+K +2qMWoUbAGyejJDN80TPSq2qZdvKefPbd +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter45.req b/test_key/long_chains/ShorterMAXUINT16_inter45.req new file mode 100644 index 0000000..bbdec2c --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter45.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0NSBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0V9C +HXNgW+WCJl8Jp+/vk7V/d1JU81uufwjvcrarbCvjXw7cyOHBWv3IR038liX/U6nz +I2mg0cYfBkUQjJ/MUIxw440SzGM9KDwItE/YQafIuPEGh/NGtiW+jzN9Db0Qrg1Z +U4m5AgnAqSWovJWhHBhpwsmF8OGY2kEsmVbzrpWdFKMOMwC9Npm+SdzBZB35xCm7 +sgzoR8yCwuIrFGv9QsTFYWExNBqSTA/+lmiwLy1uVMVuG6ZsCkAVlU8DNV8GaNet +JguPU5za4uDWnLtx8vfcP43Qn/k8kq/AZbFD1ZUaeh/gvEyO6aouCGW5B/xnm/GQ +RU9LGyyjlK9jGEyDm7vLOIm3LmTWNrEqi/wiJtROMxLBtyFyBtiExRLk1oXHc5p5 +bh9dQ5eSUCVrBGtKMoXtL3PaN66tnRp7pI9OLz5aIXg1nfVEC/6BKo7jWY+uxwx0 +v+aW9c2ExvgWV6i2DtWEvONp8yLuOsiOeQZaMJhiABpUCEDNAGXZi42vLQEA+rHD +0m2G5t/Q8I9SHcAdq64tcoW324UvaCGQ/bF/rXZSNTiQgRp/q22k330CgnUfnCbj +T5P4S77mubkD2sAmLDB4rbQefuGkAREsjblImtdAb6QFcNZ26nj1Zk7GApY71oCq +afNXWziKTdx2qc3EbmFMmNhO9eU9PO+grXSw5m0CAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQAN8H8lTApSOWpecBAgpCz24RNUwlfoJxTLXwoBOCYASoRgPhORtKAK +HyLAmSRChF7zwAc1J/UerMabZXy2s1zK9KAv+iaE2qIwsdCKbW/VBVmmpOsiKvZ5 +RqWOW71FpqJeasdYiOZJ3jIYiR7eUX9bn5/ahjAc6WRi2PJ/EqZQQqGz7a5JO13B +uTeckcyAs9CwZp+ouQ2gVfXf5WhFGvf+U7F6PqS+2fJOyVr6U2TMiGu1I3F0rtBW +QWeapP8UbAcZI/h+VJ/eQBTjZFbemOuzwxUtytdzebthvCpGdXjdtyF5gwyRsLFg +PhMJzayb5xI2FtJnPhqil30Gwefoy1A3vTP4hDTgfure4tsBBY2q7wG3D4kRms2N +3ysb0ZvfABYinTwl7x9ZWXzxKEMAr9dRRbne1GaK2W8vq0bLLY33K+DEw8+mTC0O +EavdBjvaZH4t9n9xK5OlCCZIEEWqBIVNV4p5vIEO4aMRdJpzZ373AbllIYUJoZ4D +344mRMheFbQ/lodbehBlZpPMy4I1fzPnWyJVG4aDiT2TlaJx/vcnCDCMKJVb/ZYB +Q07n73kQWNpi7jVd9q6trPpJEZVA1Jwd3NhhHrqYAGwas5wds2+BFI4Rx+2Q6WOB +KcinsrKDh4zekLmcP+IU7LVpTOAL08xRiAHwfkYexOjpCwRifCcubA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter46.cert b/test_key/long_chains/ShorterMAXUINT16_inter46.cert new file mode 100644 index 0000000..c9cde87 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter46.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQ1IGNlcnQwHhcNMjMwNDA1MDgxODIx +WhcNMzMwNDAyMDgxODIxWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQ2IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC/lFqCDhG56KvrgJkfMGf3vbQKj5gn05MV5LqNBY7CCkAKW2sxjRob4UELakSP +rEzR7hd6V+PxPSaa8DWESTaO9zCBOACV7L+URhkfiZniRHDSuMUgvXZp80HRxa8/ +GzAYQhmKLipgR2zpyel3Zt2lAVpCgm9gQx5AqglvRu2NpkY1COOkjV0LVY8lerJv +ALzRVuuNALVYqu9vEUwym6pf60uJwN/z4i/cJCN72htfYUeYFq4n9qchGvdlgP6B +CzIiu0OB992O50pbu0gpbYNoYL3J+s1vUKafV8E27IyzlFtt4Gv1HdJ0LxUIHGVo +X/JDzrGMswpTYPl2kbcP0riu0XhQshysPf3HNy0XZieyE5gxJIFSRsghOMcztBpv +1fba5I7jGI08QOGEZ4pBp6rJrDk4glfnJJiILbTrVdIIv1GnV8x4syHsRYfpRfW5 +kFelAHoknP80FDW8SEAkDtLG0Fsp41w4jaHv+kaB7KP0xRqtlWQrCLLCc5G9Kr9v +QdPmdWiN24D7XFjj/f1qAF3Jy/PQhVvXJPpUxTTJRXBF50rj/IC8PLKd0/9KE0JU +N4XYzL+V5o6t0rAw2N5EvZPNm0BLsSxq01sBCY/45JE+aHHGn/ssqDQ4eh12bZ+d +orebTnkj5bQB+Dy/Bcu7h2Ri0KQBfPlqIJwgjBjZv1VeVwIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUn9pYdyEBxZrl/+awnlJF +Haix5FQwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQBt3F55/UPEizFd9rYRaR7t4KL6INmIPMridkFzgdsMTcUyIdRt +XjJtfJlEjgUNTL9L2il1DFxxXL1fO9q6m1rpC8mHJLuZRwPEtDBInrCWG2qZEXrj +wEpV5618M6sbmajQMUIXUVEuPUt1VQkaDLObn8nTq1yxadgChk0I7OmxnYuWOZT9 +a/atHkkCzRoiU1q2tW0DtodDlzFADQdftYK+wnVtiKFb55tFtfjYdrHBGkhYXnk/ +XISj7pW3e96c87bH2ttfTIFMsCkYWckjLswJqoHo+loK5WlSfkuEElMZW3k6/fD9 +QsWE42KhLd7RHX31pbmyAAErGkXLDmrukhzHTRJLTL2t9uKmr6LX2gCXwdXIwPJ9 +HZm525yYwvL0aGrVkmGcGGJ7yK5mJMgDo3wUjuu+9PzV5Jj950MDWqK/d6TUKBLh +VAkKFsOy326GOJbSXMcLImfFqBQT7Zo/73OKRBpsKDqaU+8XOoH9H39eWvCjWBx+ +Oq5ExeMdeVtxXcjiPBR6vUEjA6XSO/49P/RuXCpIeH+xCdO6+WeDJTglskip1dPD +16YWsTOnItlaDG8GekmeKeORjyf7bWy9aiEkFa3FlLGx4lJH0hHqrXRB7qKfXO0R +X5xbP3nh1BIDaTEOph8JuYSkteF6SDly2fOLI5HtX4g6c6RsgcqF2p3R+g== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter46.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter46.cert.der new file mode 100644 index 0000000..02302a8 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter46.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter46.key b/test_key/long_chains/ShorterMAXUINT16_inter46.key new file mode 100644 index 0000000..a2d3b8a --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter46.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC/lFqCDhG56Kvr +gJkfMGf3vbQKj5gn05MV5LqNBY7CCkAKW2sxjRob4UELakSPrEzR7hd6V+PxPSaa +8DWESTaO9zCBOACV7L+URhkfiZniRHDSuMUgvXZp80HRxa8/GzAYQhmKLipgR2zp +yel3Zt2lAVpCgm9gQx5AqglvRu2NpkY1COOkjV0LVY8lerJvALzRVuuNALVYqu9v +EUwym6pf60uJwN/z4i/cJCN72htfYUeYFq4n9qchGvdlgP6BCzIiu0OB992O50pb +u0gpbYNoYL3J+s1vUKafV8E27IyzlFtt4Gv1HdJ0LxUIHGVoX/JDzrGMswpTYPl2 +kbcP0riu0XhQshysPf3HNy0XZieyE5gxJIFSRsghOMcztBpv1fba5I7jGI08QOGE +Z4pBp6rJrDk4glfnJJiILbTrVdIIv1GnV8x4syHsRYfpRfW5kFelAHoknP80FDW8 +SEAkDtLG0Fsp41w4jaHv+kaB7KP0xRqtlWQrCLLCc5G9Kr9vQdPmdWiN24D7XFjj +/f1qAF3Jy/PQhVvXJPpUxTTJRXBF50rj/IC8PLKd0/9KE0JUN4XYzL+V5o6t0rAw +2N5EvZPNm0BLsSxq01sBCY/45JE+aHHGn/ssqDQ4eh12bZ+dorebTnkj5bQB+Dy/ +Bcu7h2Ri0KQBfPlqIJwgjBjZv1VeVwIDAQABAoICAGJtjx64qcTRVNrXJFSQ4ym2 +jnTKl8sGedBKxsnDbDgnWgW4OFep/hsK3QdHXthOFt3YrLlPxK3h1B7QgT5o+x3y +xDnvkuV0UG2WojvAz44fybOJ+MW8ccU3lL55CXOrvUcJVuPWmjEDIWLwOQH+mKu5 +CS2YpC5Z7YYdlmFUmKIpJnMDESou8vnqyHPiGSDMyTXoqXa1QXa/w+pVgceSkLNd +SV8J+EXuFNbOvmhYg626ZjUumeWwZOeuWiMNZjTYkrajbaitt2g/TsXYb9fRCy2q +XngSYk/pqOG/DWbxm8x70YmfPvgdjU3iDrUvGa7JdMf/vtrh9dEmxqRzcxEvG3DZ +X6JQEA4kXavNWokP0IyOpqX6glfxGJxIgAV37gfJWMNhXmMvvJoCX22m1lSDhGDC +sQ5PrhXHKlUnVwdJHXu0Of4Fdg/2idnJ36ZlpDKIbPsysc6a4Py2vHpuxlwOcFxq +eW3eO+pjaLr5C1i0GfNpNJFlhgW1xsmCJc7uBq8pKLQOwpuygLJxIPeScNb9z9L+ +cSDxo6/wqGfP2liF+wWZmbuf9+EJurLrtXroMyrbQudzf5io6oMazG0iiXZDB6fY +KBJ3fHyDLkt0zm0VB9xoevuiPiIXSFes6k8lbOVz1G1ULasb4MGLDwI9ql42TwZo +hRJ3SnLpaiqgbOryJmLxAoIBAQDzPfioqsIwObIvtAmbeDmXvLl4Rly5AqTxCkfq +gEh22uhcC7OyHiyVwKwhkP11SgGROfJVyG8LLhXV5FCXoQgXJek2H/Kk4WShd7aG +u7+CIf9bXa1W+ewEoDlRz9hy8T6IbhWGJGWo1s7F2VcOl8Ze6jEP9FZPI/dpzV5r +P9i9G5IgGKpGfxlpcQkpfb2MdOarffkGjMfLOPcioyULi43JBQd9KjIfKB1hT42v +LJUOltEwDGXMIHW4SEu2AoegZIwehgrGviiLokLSXz/Ux96QgCPobaQcUIqSGG97 +oYZxVxe9DL0s2AT6h0CYDdxYPpQvjJ+gkUrOMhrVSlOAS7DPAoIBAQDJoLSJfdly +FrXHYoARyp45NzFSOUh55pArNZKwQ+ZufF7YJdjDYcP5L041cehoOxV+5OY76loJ +Afqwlf0CqHRSwuNaL63xpqxlUfRREehhpfvlSbV/q2byQBFnEC4DFKfpHjrvxlg1 +pIbGVTRrwSyHFH7JRmpt1/ByAGUixA8aWQY/QiOqsCS0UJiDhho8IMc4yfdBOEnW +dPHSoj5Z75RXbAbNfDo56td/wMEZgblNZkEYXqQ8Ihz3OvwY8ncvhgt4Ln2m1y4Y +xlMgd0WVh/Zs86ZH9UQUFArOIbCdjbJXZoLwpKlAa+jUUGrkONAeFbTIV4Vo5TCa +w3am4cepaov5AoIBAES8xoAjgSzPoSMJ5Y0htGTE2ES83YcK0EGtfhUum0u7IN6i +D+3NyRuojvwNVRLIDxlTHsBPG9I0+8at9nhi8T5ZYEYDUTZ221El21bHx56mrNrM +5icmCSRlgs0zxx70PY+gTETUFEZaLaSLfqaJDW3VEHhJu/oxV8F2X7A/IqiOGgUn +8zZoxG2fm8810VLX1jewKadIMU2kk3IeWGGi1jZwTWV5fyB+3Y6aRJe0KYst43+I +gVvl8F5bT8nnfRw+TbpydqkjI6ISAIAimo8uzB5Zl8we77lwqTgP37E4PB3bVsH9 +z5fUk9OYVRCjGhl11bp6KsHdTR5n2l1b26ztttECggEAVLpno29zNPI+KS9HSjKv +ErQS0c6omjE9XCsDHXcrGjrBUGt3D4PB6rDqWKMpWsOZYN2nsn3kn+xpAFPHIprP +ZwfmqjtnCSlVQK6T0I2J7Z7mn4+96YyJkjtCFOFDtJ+1f8zoT2I2JzSgPjAH+1AN ++iWusb4Zc1dO/1kTJuzku9m1Olf8zPmAMxW7QWnVFHdhwId+k7WnsasrA6ySLxDy +cVo/8ZHGlhgNvu2tN56/07qomCkNMwfSzEHJNmKNmzblEvfWbYn3IQoWXIpCf3fH +IjmxIoP6u8VAVSbrJQoqa3f0hlNrnFq8WJwCjy0gp8PPWHEO6umE50REVBSE5riT +YQKCAQBOLSmrtgxcLW8tylnW6OEEE4tOnywsGccQ8VDYZSzlpkGhlBokTCNSzngj +oLHMR+pSShdsZn8PafPoOVtixIinJRtEmlWfbQSteOoK1o7TzrQNs1a3ZE/qOecX +GqKFjzuTljNbJQcDtkz0gfo/+zwtLeWUdvGJyvjmgbsKKfiy6Cc37+z0V3ZomiI9 +LfXadz4tdNuDJj06C9WuQ/efZqOMvsohLh72GHsKknHCAUIxVzuWg1RIOhhBAHLW +zl0mp0R26OedH0hhzTaPGrJ54Y8Sko+XlJ7KVHFMF4joRUZPaBgWdrc25HyI8vIV +PGbXxoOeUhLt+tI+B2B5oY4fOyMP +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter46.req b/test_key/long_chains/ShorterMAXUINT16_inter46.req new file mode 100644 index 0000000..784ffcf --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter46.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0NiBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv5Ra +gg4Rueir64CZHzBn9720Co+YJ9OTFeS6jQWOwgpACltrMY0aG+FBC2pEj6xM0e4X +elfj8T0mmvA1hEk2jvcwgTgAley/lEYZH4mZ4kRw0rjFIL12afNB0cWvPxswGEIZ +ii4qYEds6cnpd2bdpQFaQoJvYEMeQKoJb0btjaZGNQjjpI1dC1WPJXqybwC80Vbr +jQC1WKrvbxFMMpuqX+tLicDf8+Iv3CQje9obX2FHmBauJ/anIRr3ZYD+gQsyIrtD +gffdjudKW7tIKW2DaGC9yfrNb1Cmn1fBNuyMs5RbbeBr9R3SdC8VCBxlaF/yQ86x +jLMKU2D5dpG3D9K4rtF4ULIcrD39xzctF2YnshOYMSSBUkbIITjHM7Qab9X22uSO +4xiNPEDhhGeKQaeqyaw5OIJX5ySYiC2061XSCL9Rp1fMeLMh7EWH6UX1uZBXpQB6 +JJz/NBQ1vEhAJA7SxtBbKeNcOI2h7/pGgeyj9MUarZVkKwiywnORvSq/b0HT5nVo +jduA+1xY4/39agBdycvz0IVb1yT6VMU0yUVwRedK4/yAvDyyndP/ShNCVDeF2My/ +leaOrdKwMNjeRL2TzZtAS7EsatNbAQmP+OSRPmhxxp/7LKg0OHoddm2fnaK3m055 +I+W0Afg8vwXLu4dkYtCkAXz5aiCcIIwY2b9VXlcCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQBbJja7qMI5j4etIb+aFD/Xo6h6Wz+CSgDZZqVtXrjxGdLFZDFqpY78 +PORPG/F6HEAi+RRlgos53obFgHCGP9NOzrLn/DsJ2Ra/NhNbQ4IisGh0nxVsQw12 +OjX20Z9l+5j9TBteO7KfSso4sclg/+3OB811fHFVETjquwZVaTx7CogMhobkJRFB +gswVL8J5f1AAmGiZcmz99i5hl5uq9fI0F0htwiwR1Dydi02N8gTclvZEegsQXosb +NI3cPGStyWF8djiD/EQMO1AylXekOsWBbq1srG0s0+ujAxjRBEHhhvKp5ce4uROz +jBI139QoC4/UdEURuWEKRpNdWbLdsKPAovDXRF9WwdaLEdo/6it33s4PpuSWHDr+ +Ag87BU2W249kv/5WyCSNwuCofEIp54H5uHngZzuWTw170Sfg/R5WFcycHRk7F+In +xA5kZ086mGptB0pTsx3WxSwhdE9hTJDGexPPULrpcbLNCrJGRzmSNTMP15sI9aDu +kEfaZDwek2+nS8sHXZ+MpqhvQRVg5QjE5piLemLMC5msmtmcbRqPhMiw8hQKg2fA +Ck1/epPp7i5D58QfdhbObO+7VOYYmOCDU81wA3O2LiPyOQgClgmUTqhRqQ3VCCyw +HkmJ1MXOB5Hve7VHim89Ru4W8kTHoNBpyzCFI0UnGO3I18DvGWSZ9A== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter47.cert b/test_key/long_chains/ShorterMAXUINT16_inter47.cert new file mode 100644 index 0000000..49edf6f --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter47.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNzCCAx+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZTQ2IGNlcnQwHhcNMjMwNDA1MDgxODIx +WhcNMzMwNDAyMDgxODIxWjAvMS0wKwYDVQQDDCRETVRGIGxpYnNwZG0gUlNBIGlu +dGVybWVkaWF0ZTQ3IGNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzFbsCQ8s+rXC22kCzGZQpgD3QYu9awkPMtzzEGgozrbCCgQ1cy+yyxhpPrBBg +tPAtH9fwC4cGLA9gqsSZ78OOfAgHB2e2ZzBlOu58knMg7DRoRM1Bw5L8s2tvmUCD +YESxhxkCZd/3c/m/JW538+O+olyt+JpNLxDrSNnh3MRpBE6TXSBKHzkfD0xp8H7S +u8Mj0quXla7PPVnFxVRVi2pzqHN7QVsu4RuCt/nyvZIHuUhLbWaC9ZU6XcfMdphU +MEEiO6Qdvu/po2p/MiNYRY9z2xNZ6zEj/Pc8MQ+z73zwL7accooY6VcqIVrJKdpa +a6sa4AOZ4Wdy6xnt9pNQ62co3IiBxEZsai9RED0x+lCZaad614RCbJqvQ+d5kDpP +TdGDCWLiWBOOKU+XbTRirB4S7wsakrVae22LBgXB7JWepGoKQm9YB6NoKiUUfkzF +7rNdgesnq7vcpJaHWQVdonxwsn1/+/2z63c0BPGbjBrLiaxeMOKfMIgMxHmjga+i +vKq8jfUYp1LQffOuBsdGav9tWapYCdq9KqiShH9CxnsPirs/4Qb1GLw2/Vka7fKA +V7JBAmEmU6jBGsYo5UKpH0OLfForDdqAnGluVqOZEsmFDQiTIeHxDDhQgT3LzBC2 +ijZXgJx0Mu72ZrmAFpjkarvkzog0DTLculC1uRzvZh1SJQIDAQABo14wXDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUIt9dK7IaxzAOvcrsaL24 +vvMMonMwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4ICAQAtjtiZ9kfcAbMfkq1/1MUytABoDH75+EcmGl3GG6IMthzB/GvV +c0fFooIyuZpUr/a9alMcOD6fRYEX1CU7NTfWdgzIRlQK69Vw4OBt4OePkATFvxBl +K5MBpshVokt2B23hwEkWbiZxHG4zRVJrSAedolQB1yM98CA/Df1QQgsUFTVWbQSO +KC/JsnLGePjVAkbVe9MpdeSuO+pLaNnGI7rVgO/cOgQOONknPKFjRBdGcPQtXfBz +2yOZ5nkDjZUzahBmG9s4f/LA50Lss8LditrRi6Knr+7CVoG+TLzu0Gef2yWLW1y2 +tdhRmke9aDZQCqaO6kaYgfFr4JoqWbhl7yn1hAwsFjDJnAfoq0MhcXyQ5IWr8AvB +9Od1NCnIEuWMTZZaH1FDKwr+cWOI5kh8HL+WEdWhPeKlLhkpXJsOKl8AX+6TyaiZ +ttE3uoUgbru++Ry4SILZWkMdMB/2Hxe+bS5+0u9kI1fcFC4/wAwuxer+f0JHKaOU +AaN1mCgllbrmwlRHEZfiyLzkwaM9DlOWM/KSDLsfKkTcQ8/UbnwSBesUjeHJSBoR +Z/JRmI9WLB/6GFOfwFp2hfiw0TzQtHL6u++N323svqFQgl6sW0M44+0CbxRaM54i +ttwYu3cJv/W66PT85mBWZ5YGrFWytHoSvR5qZ1sP8kdtCeV3J4ys9eHksw== +-----END CERTIFICATE----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter47.cert.der b/test_key/long_chains/ShorterMAXUINT16_inter47.cert.der new file mode 100644 index 0000000..e879177 Binary files /dev/null and b/test_key/long_chains/ShorterMAXUINT16_inter47.cert.der differ diff --git a/test_key/long_chains/ShorterMAXUINT16_inter47.key b/test_key/long_chains/ShorterMAXUINT16_inter47.key new file mode 100644 index 0000000..4e13ec9 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter47.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQAIBADANBgkqhkiG9w0BAQEFAASCCSowggkmAgEAAoICAQCzFbsCQ8s+rXC2 +2kCzGZQpgD3QYu9awkPMtzzEGgozrbCCgQ1cy+yyxhpPrBBgtPAtH9fwC4cGLA9g +qsSZ78OOfAgHB2e2ZzBlOu58knMg7DRoRM1Bw5L8s2tvmUCDYESxhxkCZd/3c/m/ +JW538+O+olyt+JpNLxDrSNnh3MRpBE6TXSBKHzkfD0xp8H7Su8Mj0quXla7PPVnF +xVRVi2pzqHN7QVsu4RuCt/nyvZIHuUhLbWaC9ZU6XcfMdphUMEEiO6Qdvu/po2p/ +MiNYRY9z2xNZ6zEj/Pc8MQ+z73zwL7accooY6VcqIVrJKdpaa6sa4AOZ4Wdy6xnt +9pNQ62co3IiBxEZsai9RED0x+lCZaad614RCbJqvQ+d5kDpPTdGDCWLiWBOOKU+X +bTRirB4S7wsakrVae22LBgXB7JWepGoKQm9YB6NoKiUUfkzF7rNdgesnq7vcpJaH +WQVdonxwsn1/+/2z63c0BPGbjBrLiaxeMOKfMIgMxHmjga+ivKq8jfUYp1LQffOu +BsdGav9tWapYCdq9KqiShH9CxnsPirs/4Qb1GLw2/Vka7fKAV7JBAmEmU6jBGsYo +5UKpH0OLfForDdqAnGluVqOZEsmFDQiTIeHxDDhQgT3LzBC2ijZXgJx0Mu72ZrmA +Fpjkarvkzog0DTLculC1uRzvZh1SJQIDAQABAoICAQCv+aeFBzcdxPKgS4EOPRFR +YpnbPoyzI3faHyjQDkJ+G6v54XRO/nf+CBpstch2LvZfcQ4Q7FLnJr6Jn+SG24rP +ZWPB/G3WWDm/D5SvxnzpGhI5b3o+qD60oF3vEKnLLvrxc66Io7DcCROd19tgdcES +X5swvLxrIde/TBwGDJjYFQpdVkJXc6z+r1rIMzF8RFLxzZ8d2lEnhcLESy6ezNtz +AVFRCZzfSQZugfhTpiJsAo5eyAbWoxnbe7HMYbE38R7f07lmHWzEqfcJPCxtHhVj +pB+02R61nWsYs6EZkDi2EDyiKQ84gXpMhPAgAkd1WJ2PUBdZy5uK2ijlo8mI13jK +kj6Zx+qgLq+f0n8KfkyTTO+lqnxPiz1uaa8efvByJLUHwjBAOrq1yrVkKjSuzfIT +YoGqNvsztg1Lu1Kyt1T4xIpNsdiasL+E7BYQLZFwURRcR6QLtQq8oFU6bz6nzI8a +pLb6Msq9bFa+XqSwo8vAQ/ucdZ/tPpZL1E1nUwirRKnDhYYLlI2mA20W5tu58/d1 +U5cZmkVi78iaUYwBkpPVCfA+8Bg15rjUoCUE1AL2mObnHTx2IlNBcNTCo8YEg6Yw +4wwjN4Bg5HZH1RWIIn4YPd1F6Vr7j4oXpOIFNKaEPINVYlgFwpLYqB8RdtJY6tgu +EdWf8caPg9wCIlYIQeid1QKCAQEA3QaSbuWHCeMNHW2fiR2+IuxuLfniO9/uEhjb +1QnA2RpuH7bfWuCPpfFDjXzCP7/ADhvUErmuZMpqOvjrNCkDAkf+jJGgNoHwaS/Q +2XkRNJdqVo6MsUCf5ezdFAZybB3FYLrkN1/DP5kOhMg4qwreqYt9qG0W1txT/1hR +3nbNXTBtrr8f3wlfLrzf/t2B2o0IXNndlB6FkthjCphlG9YebrYWi2c5bV2M7yqf +r9K6533E28zvUp+fNQkPy2WbrdoESOCDzi/FG7yXfd/5MgG+LoERDMa26wW60aL0 +3w9xWLQnxJW+OEEZBwuCeaWFj+JNKzYbtBuUoLlwOeK6Q4ImlwKCAQEAz2wyxFxo +V6kYvco4sDm3I7icOgkpRD1u8FxpUlwFautm0j3wsvxxtpmvoqulMvNtyNpEeVa+ +4+O67wg4Ki8srthvix2LxCGFUZmxrehr2OcJzuioqi4kq6t0c35YHdfVQTFn87Yr +ECFI+1yBpDQ9GLA0q+qgi54DeE3e4h0rM1c+9kLHkBWYeBAg7SM36hIJvHtTEGQe +GWpCrw+kp9oiv7ftbjnaLfHegSd6KUpzYun0HDqr75dDZGqF4XbneRr92jcwy+8e +2RFAhsQSpoG7B/4mPZIM9QvWaRkGRqKh+5gpcGNdY55WLT9GStv1IRZzA6U3wCmO ++/9Pla/KyE9AowKB/1jtS/1SXAKeV6h/crC4RsfGWI4m+98bOa4OUmRkiDLRb31T +Fop5z1H0wDks+PqtK5iBmdHu4zuqNROFExzpY0yHquLjtJI5tYCcvGrDSyjdwusQ +b4rhdXQM2OY1sdPOJpvElg2xed0ct7q01Bf9R5jvhp89RPMtsp4J6uaW5gmYcojc +XPZfzuv/EiB4/sXv+G1jOsNdhGCQr0iUCBorDBN/L5Lm9TQLb6jKfXVAU/LPp2TI +D4Iutt+fxbsQJpLMJO0tZ9qNXcDLICiE9L4p9VrAkxuQ2Ae3RnMSHXOhwvjtgxKV +LPN1PZyYBObssdAyPNol6v+MGUCRW5XuowKGWwKCAQBcq5qC4EY94+6J3K83DJIm +A3TI+Q7Wzhuih6cGhNZmzoVBqSrAzMiBLGir5MQJ33hNJDczfu4KItSBtsphDnKI +K2qqXKj1F4TY0DHx4MVOQuq+5nN0lOkNSazdbLUxoBxG5CvtVpYmvrg8lTfWhQBG +53Kg3FKeDhq+xQuvOhjy9yfKHkvKs9tKyOntCK8ShLyU2QRjbleEQ1VHoVWPKIYd +4a7ScEZqAIXIbjrF991Vc/D8K7plcM9LLcxizxzbnpOLytyiQFMn5+1MSI2MlqlZ +CNNM7tObJ47DpcqIBGEaZwEclUhEGZmm3X4qM9twzPbVyhr+X5LiQ07rMX8Hv2DB +AoIBADVEuBp0F4djleVoZmC78kJHjRj6YPDpwyd1lkBQBit0VDjK7o2lSAjuBsmK +mKlqZkf1lk+dG2CrHDPYASUy8wQt+VXyITkut0z4kiXF+axSBb5YcSysC2owm403 +def+SowSWohj4eIlO25sXH2Ce3xFg/tV4ZsUV+qadOMiSujhF4tgvG2xLp0TJ7rW +92HOc9JwBmWD2vd3mnV+a3pr0P8QhCVltmZMBgifvbGYxGMxZC56KKCRYaW/mMtH +PkoDrbaP6dSEYOjjn/c1K3Lc/CPkRF9xSYfFow713fr4oqtM1oeZbg1kZDPv+5zW +EVt/tkjAImgrB4MXImfyBGhpVFg= +-----END PRIVATE KEY----- diff --git a/test_key/long_chains/ShorterMAXUINT16_inter47.req b/test_key/long_chains/ShorterMAXUINT16_inter47.req new file mode 100644 index 0000000..e0c5fe8 --- /dev/null +++ b/test_key/long_chains/ShorterMAXUINT16_inter47.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEdDCCAlwCAQAwLzEtMCsGA1UEAwwkRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGU0NyBjZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsxW7 +AkPLPq1wttpAsxmUKYA90GLvWsJDzLc8xBoKM62wgoENXMvsssYaT6wQYLTwLR/X +8AuHBiwPYKrEme/DjnwIBwdntmcwZTrufJJzIOw0aETNQcOS/LNrb5lAg2BEsYcZ +AmXf93P5vyVud/PjvqJcrfiaTS8Q60jZ4dzEaQROk10gSh85Hw9MafB+0rvDI9Kr +l5Wuzz1ZxcVUVYtqc6hze0FbLuEbgrf58r2SB7lIS21mgvWVOl3HzHaYVDBBIjuk +Hb7v6aNqfzIjWEWPc9sTWesxI/z3PDEPs+988C+2nHKKGOlXKiFaySnaWmurGuAD +meFncusZ7faTUOtnKNyIgcRGbGovURA9MfpQmWmneteEQmyar0PneZA6T03Rgwli +4lgTjilPl200YqweEu8LGpK1WnttiwYFweyVnqRqCkJvWAejaColFH5Mxe6zXYHr +J6u73KSWh1kFXaJ8cLJ9f/v9s+t3NATxm4way4msXjDinzCIDMR5o4GvoryqvI31 +GKdS0H3zrgbHRmr/bVmqWAnavSqokoR/QsZ7D4q7P+EG9Ri8Nv1ZGu3ygFeyQQJh +JlOowRrGKOVCqR9Di3xaKw3agJxpblajmRLJhQ0IkyHh8Qw4UIE9y8wQtoo2V4Cc +dDLu9ma5gBaY5Gq75M6INA0y3LpQtbkc72YdUiUCAwEAAaAAMA0GCSqGSIb3DQEB +CwUAA4ICAQA7S1PVvry7GYrPLkZt2eXNHzmgq9iPp7w0qkHGHe3y6uNgf7bO0E4X +dX8feP/gckDzg5R8qvw3vw2raFpuoqVfOSbgNmI2Crp+ytFjZWrZEZ/Gs1Sgj91v +E3JKMIGFwdRMQ2d3WW5oZsXc1kwGunPmSagCVRar2kxkR+VF9hnrjkXBXTRFTIzy ++hdQyAFNj84NqnHd6Q1edCZAk1QZWAk8LbXnY/QnHatSRhmEGnkfQeI86X12lflo +oHD5vB/XvZKx2HHfwsTMUDf0byJVhFrcA85sQAWdlyKnkfPzPZE3QK7PY07vKPWf +6HiciHCkd0NgZLm1npRrKC9luZADyRd9zOOk2Yk/n7TcRW1HuPOCfwO5ZkimhsNg +WpsD7VP4WiHEYuHeE1eEU0S/q6nZDyu3crmSLxxtQ+bzvxnMMZJ4f+pQgE//NdEx +Y5ZNe2wErL4441j2H2PedfaSkwcqd9NEsk42sgVDnTbrttFA4kv/E9Y/jCVUaNq5 +oidKGGJtFI2zMImUXa40DIStYtXaeySYzy+M4nl4oSv/SjQPU6dybbq/ytuKW46g +6CqJ4QI9UYWtKvvz1FZH8vJvU4HlfKMK0tOucLI7VBbAgPzjXD4Nq1Bux1o/zAup +CiuaXo4x3aJGty/NfhasbA4eFah9lqAqDOTocnq9lX8junKQJ7gpDg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/openssl.cnf b/test_key/openssl.cnf new file mode 100644 index 0000000..3901a28 --- /dev/null +++ b/test_key/openssl.cnf @@ -0,0 +1,40 @@ +### REF: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html + +[ v3_inter ] +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth + +[ v3_end ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +subjectAltName = otherName:1.3.6.1.4.1.412.274.1;UTF8:ACME:WIDGET:1234567890 +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning +1.3.6.1.4.1.412.274.6 = ASN1:OID:1.3.6.1.4.1.412.274.2 + +[v3_end_with_spdm_req_rsp_eku] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning, OID:1.3.6.1.4.1.412.274.3, OID:1.3.6.1.4.1.412.274.4 + +[v3_end_with_spdm_rsp_eku] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning, OID:1.3.6.1.4.1.412.274.3 + +[v3_end_with_spdm_req_eku] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning, OID:1.3.6.1.4.1.412.274.4 + +[ v3_end_alias ] +basicConstraints = critical,CA:true +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +subjectAltName = otherName:1.3.6.1.4.1.412.274.1;UTF8:ACME:WIDGET:1234567890 +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning diff --git a/test_key/readme.txt b/test_key/readme.txt new file mode 100644 index 0000000..2e80246 --- /dev/null +++ b/test_key/readme.txt @@ -0,0 +1,673 @@ +==== NOTE ==== +After regenerate new key in sample_key, the raw_data_key_gen.py need run to generate sync raw data key. + +==== RSA ==== +Generate a root key: + + openssl genrsa -out TestRoot.key 2048 + +Generate a self-signed root certificate: + + openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt + openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER + openssl x509 -inform DER -in TestRoot.cer -outform PEM -out TestRoot.pub.pem + +==== ECC ==== +Generate a root key: prime256v1(secp256r1/NIST P-256) / secp384r1 / secp521r1 + + openssl ecparam -out EccTestRoot.key -name prime256v1 -genkey + +Generate a self-signed root certificate: + + openssl req -extensions v3_ca -new -x509 -days 3650 -key EccTestRoot.key -out EccTestRoot.crt + openssl x509 -in EccTestRoot.crt -out EccTestRoot.cer -outform DER + openssl x509 -inform DER -in EccTestRoot.cer -outform PEM -out EccTestRoot.pub.pem + +==== EdDSA ==== +Generate a root key: ED25519 / ED448 + + openssl genpkey -algorithm ED25519 > ed25519.key + +Generate a self-signed root certificate: + + openssl req -new -out ed25519.csr -key ed25519.key -config openssl-25519.cnf + openssl x509 -req -days 700 -in ed25519.csr -signkey ed25519.key -out ed25519.crt + +=== RSA Certificate Chains === + +NOTE: Use "//CN" for windows and use "/CN" for Linux system. +RECOMMEND: Use openssl 1.1.1k + +```openssl.cnf +[ v3_end ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +subjectAltName = otherName:1.3.6.1.4.1.412.274.1;UTF8:ACME:WIDGET:1234567890 +extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning + +[ v3_inter ] +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth + +``` +pushd rsa2048 +openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -out ca.cert -sha256 -subj "//CN=DMTF libspdm RSA CA" +openssl rsa -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req -sha256 -batch -subj "//CN=DMTF libspdm RSA intermediate cert" +openssl req -nodes -newkey rsa:2048 -keyout end_requester.key -out end_requester.req -sha256 -batch -subj "//CN=DMTF libspdm RSA requseter cert" +openssl req -nodes -newkey rsa:2048 -keyout end_responder.key -out end_responder.req -sha256 -batch -subj "//CN=DMTF libspdm RSA responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl rsa -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl rsa -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +pushd rsa3072 +openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -out ca.cert -sha384 -subj "//CN=DMTF libspdm RSA CA" +openssl rsa -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req -sha384 -batch -subj "//CN=DMTF libspdm RSA intermediate cert" +openssl req -nodes -newkey rsa:3072 -keyout end_requester.key -out end_requester.req -sha384 -batch -subj "//CN=DMTF libspdm RSA requseter cert" +openssl req -nodes -newkey rsa:3072 -keyout end_responder.key -out end_responder.req -sha384 -batch -subj "//CN=DMTF libspdm RSA responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha384 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl rsa -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl rsa -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +pushd rsa4096 +openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -out ca.cert -sha512 -subj "//CN=DMTF libspdm RSA CA" +openssl rsa -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req -sha512 -batch -subj "//CN=DMTF libspdm RSA intermediate cert" +openssl req -nodes -newkey rsa:4096 -keyout end_requester.key -out end_requester.req -sha512 -batch -subj "//CN=DMTF libspdm RSA requseter cert" +openssl req -nodes -newkey rsa:4096 -keyout end_responder.key -out end_responder.req -sha512 -batch -subj "//CN=DMTF libspdm RSA responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha512 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl rsa -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl rsa -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +=== EC Certificate Chains === + +pushd ecp256 +openssl genpkey -genparam -out param.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-256 +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca.key -out ca.cert -sha256 -subj "//CN=DMTF libspdm ECP256 CA" +openssl pkey -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey ec:param.pem -keyout inter.key -out inter.req -sha256 -batch -subj "//CN=DMTF libspdm ECP256 intermediate cert" +openssl req -nodes -newkey ec:param.pem -keyout end_requester.key -out end_requester.req -sha256 -batch -subj "//CN=DMTF libspdm ECP256 requseter cert" +openssl req -nodes -newkey ec:param.pem -keyout end_responder.key -out end_responder.req -sha256 -batch -subj "//CN=DMTF libspdm ECP256 responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl ec -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl ec -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_requester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +pushd ecp384 +openssl genpkey -genparam -out param.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-384 +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca.key -out ca.cert -sha384 -subj "//CN=DMTF libspdm ECP384 CA" +openssl pkey -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey ec:param.pem -keyout inter.key -out inter.req -sha384 -batch -subj "//CN=DMTF libspdm ECP384 intermediate cert" +openssl req -nodes -newkey ec:param.pem -keyout end_requester.key -out end_requester.req -sha384 -batch -subj "//CN=DMTF libspdm ECP384 requseter cert" +openssl req -nodes -newkey ec:param.pem -keyout end_responder.key -out end_responder.req -sha384 -batch -subj "//CN=DMTF libspdm ECP384 responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha384 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl ec -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl ec -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_requester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +pushd ecp521 +openssl genpkey -genparam -out param.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-521 +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca.key -out ca.cert -sha512 -subj "//CN=DMTF libspdm ECP521 CA" +openssl pkey -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey ec:param.pem -keyout inter.key -out inter.req -sha512 -batch -subj "//CN=DMTF libspdm ECP521 intermediate cert" +openssl req -nodes -newkey ec:param.pem -keyout end_requester.key -out end_requester.req -sha512 -batch -subj "//CN=DMTF libspdm ECP521 requseter cert" +openssl req -nodes -newkey ec:param.pem -keyout end_responder.key -out end_responder.req -sha512 -batch -subj "//CN=DMTF libspdm ECP521 responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha512 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl ec -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl ec -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_requester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +=== Ed Certificate Chains === + +pushd ed25519 +openssl genpkey -algorithm ed25519 -out ca.key +openssl req -nodes -x509 -days 3650 -key ca.key -out ca.cert -subj "//CN=DMTF libspdm ED25519 CA" +openssl genpkey -algorithm ed25519 -out inter.key +openssl genpkey -algorithm ed25519 -out end_requester.key +openssl genpkey -algorithm ed25519 -out end_responder.key +openssl req -new -key inter.key -out inter.req -batch -subj "//CN=DMTF libspdm ED25519 intermediate cert" +openssl req -new -key end_requester.key -out end_requester.req -batch -subj "//CN=DMTF libspdm ED25519 requseter cert" +openssl req -new -key end_responder.key -out end_responder.req -batch -subj "//CN=DMTF libspdm ED25519 responder cert" +openssl x509 -req -days 3650 -in inter.req -CA ca.cert -CAkey ca.key -out inter.cert -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester.cert -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder.cert -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl pkey -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl pkey -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_requester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_rsp_eku.cert -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_eku.cert -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_rsp_eku.cert -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_rsp_eku.cert -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_eku.cert -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_rsp_eku.cert -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +pushd ed448 +openssl genpkey -algorithm ed448 -out ca.key +openssl req -nodes -x509 -days 3650 -key ca.key -out ca.cert -subj "//CN=DMTF libspdm ED448 CA" +openssl genpkey -algorithm ed448 -out inter.key +openssl genpkey -algorithm ed448 -out end_requester.key +openssl genpkey -algorithm ed448 -out end_responder.key +openssl req -new -key inter.key -out inter.req -batch -subj "//CN=DMTF libspdm ED448 intermediate cert" +openssl req -new -key end_requester.key -out end_requester.req -batch -subj "//CN=DMTF libspdm ED448 requseter cert" +openssl req -new -key end_responder.key -out end_responder.req -batch -subj "//CN=DMTF libspdm ED448 responder cert" +openssl x509 -req -days 3650 -in inter.req -CA ca.cert -CAkey ca.key -out inter.cert -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester.cert -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder.cert -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl pkey -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl pkey -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_carequester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_rsp_eku.cert -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_eku.cert -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_rsp_eku.cert -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_rsp_eku.cert -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_eku.cert -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_rsp_eku.cert -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +=== sm2 Certificate Chains === + +pushd sm2 +openssl ecparam -genkey -name SM2 -out ca.key +openssl req -nodes -x509 -days 3650 -key ca.key -out ca.cert -sha256 -subj "//CN=DMTF libspdm SM2 CA" +openssl ecparam -genkey -name SM2 -out inter.key +openssl ecparam -genkey -name SM2 -out end_requester.key +openssl ecparam -genkey -name SM2 -out end_responder.key +openssl req -new -key inter.key -out inter.req -sha256 -batch -subj '//CN=DMTF libspdm SM2 intermediate cert' +openssl req -new -key end_requester.key -out end_requester.req -sha256 -batch -subj '//CN=DMTF libspdm SM2 requseter cert' +openssl req -new -key end_responder.key -out end_responder.req -sha256 -batch -subj '//CN=DMTF libspdm SM2 responder cert' +openssl x509 -req -days 3650 -in inter.req -CA ca.cert -CAkey ca.key -out inter.cert -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester.cert -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder.cert -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl pkey -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl pkcs8 -in end_responder.key.der -inform DER -topk8 -nocrypt -outform DER > end_responder.key.p8 +openssl pkey -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkcs8 -in end_requester.key.der -inform DER -topk8 -nocrypt -outform DER > end_requester.key.p8 +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_rsp_eku.cert -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_req_eku.cert -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_requester.req -CA inter.cert -CAkey inter.key -out end_requester_with_spdm_rsp_eku.cert -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_rsp_eku.cert -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_req_eku.cert -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_with_spdm_rsp_eku.cert -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +=== long_chains Certificate Chains === + +For CA cert: +openssl genpkey -algorithm ed448 -out ShorterMAXUINT16_ca.key +openssl req -nodes -x509 -days 3650 -key ShorterMAXUINT16_ca.key -out ShorterMAXUINT16_ca.cert -subj "//CN=DMTF libspdm ED448 CA" + +For inter cert: +openssl genpkey -algorithm ed448 -out ShorterMAXUINT16_inter1.key +openssl req -new -key ShorterMAXUINT16_inter1.key -out ShorterMAXUINT16_inter1.req -batch -subj '//CN=DMTF libspdm ED448 intermediate cert' +openssl x509 -req -days 3650 -in ShorterMAXUINT16_inter1.req -CA ShorterMAXUINT16_ca.cert -CAkey ShorterMAXUINT16_ca.key -out ShorterMAXUINT16_inter1.cert -set_serial 3 -extensions v3_inter -extfile ../openssl.cnf +openssl asn1parse -in ShorterMAXUINT16_inter1.cert -out ShorterMAXUINT16_inter1.cert.der + +// Generate the remain cert in order + +openssl genpkey -algorithm ed448 -out ShorterMAXUINT16_inter47.key +openssl req -new -key ShorterMAXUINT16_inter47.key -out ShorterMAXUINT16_inter47.req -batch -subj '//CN=DMTF libspdm ED448 intermediate cert' +openssl x509 -req -days 3650 -in ShorterMAXUINT16_inter47.req -CA ShorterMAXUINT16_inter46.cert -CAkey ShorterMAXUINT16_inter46.key -out ShorterMAXUINT16_inter47.cert -set_serial 3 -extensions v3_inter -extfile ../openssl.cnf +openssl asn1parse -in ShorterMAXUINT16_inter47.cert -out ShorterMAXUINT16_inter47.cert.der + +For end cert: +openssl genpkey -algorithm ed448 -out ShorterMAXUINT16_end_responder.key +openssl req -new -key horterMAXUINT16_end_responder.key -out ShorterMAXUINT16_end_responder.req -batch -subj '//CN=DMTF libspdm ED448 responder cert' +openssl x509 -req -days 3650 -in ShorterMAXUINT16_end_responder.req -CA ShorterMAXUINT16_inter47.cert -CAkey ShorterMAXUINT16_inter47.key -out ShorterMAXUINT16_end_responder.cert -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ShorterMAXUINT16_end_responder.cert -out ShorterMAXUINT16_end_responder.cert.der + +Generate cert chain: +cat ShorterMAXUINT16_ca.cert.der ShorterMAXUINT16_inter*.cert.der ShorterMAXUINT16_end_responder.cert.der >ShorterMAXUINT16_bundle_responder.certchain.der + +pushd long_chains +openssl genpkey -genparam -out Shorter1024B_param.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-256 +openssl req -nodes -x509 -days 3650 -newkey ec:Shorter1024B_param.pem -keyout Shorter1024B_ca.key -out Shorter1024B_ca.cert -sha256 -subj "//CN=DMTF libspdm ECP256 CA" +openssl pkey -in Shorter1024B_ca.key -outform der -out Shorter1024B_ca.key.der +openssl req -nodes -newkey ec:Shorter1024B_param.pem -keyout Shorter1024B_end_requester.key -out Shorter1024B_end_requester.req -sha256 -batch -subj "//CN=DMTF libspdm ECP256 requseter cert" +openssl req -nodes -newkey ec:Shorter1024B_param.pem -keyout Shorter1024B_end_responder.key -out Shorter1024B_end_responder.req -sha256 -batch -subj "//CN=DMTF libspdm ECP256 responder cert" +openssl x509 -req -in Shorter1024B_end_requester.req -out Shorter1024B_end_requester.cert -CA Shorter1024B_ca.cert -CAkey Shorter1024B_ca.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in Shorter1024B_end_responder.req -out Shorter1024B_end_responder.cert -CA Shorter1024B_ca.cert -CAkey Shorter1024B_ca.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in Shorter1024B_ca.cert -out Shorter1024B_ca.cert.der +openssl asn1parse -in Shorter1024B_end_requester.cert -out Shorter1024B_end_requester.cert.der +openssl asn1parse -in Shorter1024B_end_responder.cert -out Shorter1024B_end_responder.cert.der +cat Shorter1024B_ca.cert.der Shorter1024B_end_requester.cert.der > Shorter1024B_bundle_requester.certchain.der +cat Shorter1024B_ca.cert.der Shorter1024B_end_responder.cert.der > Shorter1024B_bundle_responder.certchain.der +popd + + +==== More cert_chain to gen ==== + +NOTE: The bundle_requester.certchain1.der and bundle_requester.certchain.der have same leaf cert key. +As same as bundle_responder.certchain1.der. +Gen new ca1.key; use old inter.key and end.key. + +=== ecc256 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca1.key -out ca1.cert -sha256 -subj "//CN=DMTF libspdm ECP256 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== ecc384 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca1.key -out ca1.cert -sha384 -subj "//CN=DMTF libspdm ECP384 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha384 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha384 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== ecc521 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey ec:param.pem -keyout ca1.key -out ca1.cert -sha512 -subj "//CN=DMTF libspdm ECP521 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha512 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha512 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== rsa2048 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey rsa:2048 -keyout ca1.key -out ca1.cert -sha256 -subj "//CN=DMTF libspdm RSA CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== rsa3072 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey rsa:3072 -keyout ca1.key -out ca1.cert -sha384 -subj "//CN=DMTF libspdm RSA CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha384 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha384 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== rsa4096 Certificate Chains === +openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca1.key -out ca1.cert -sha512 -subj "//CN=DMTF libspdm RSA CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha512 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha512 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== ed25519 Certificate Chains === +openssl genpkey -algorithm ed25519 -out ca1.key +openssl req -nodes -x509 -days 3650 -key ca1.key -out ca1.cert -subj "//CN=DMTF libspdm ED25519 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== ed448 Certificate Chains === +openssl genpkey -algorithm ed448 -out ca1.key +openssl req -nodes -x509 -days 3650 -key ca1.key -out ca1.cert -subj "//CN=DMTF libspdm ED448 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + +=== sm2 Certificate Chains === +openssl ecparam -genkey -name SM2 -out ca1.key +openssl req -nodes -x509 -days 3650 -key ca1.key -out ca1.cert -sha256 -subj "//CN=DMTF libspdm SM2 CA" +openssl pkey -in ca1.key -outform der -out ca1.key.der +openssl x509 -req -in inter.req -out inter1.cert -CA ca1.cert -CAkey ca1.key -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder1.cert -CA inter1.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca1.cert -out ca1.cert.der +openssl asn1parse -in inter1.cert -out inter1.cert.der +openssl asn1parse -in end_requester1.cert -out end_requester1.cert.der +openssl asn1parse -in end_responder1.cert -out end_responder1.cert.der +cat ca1.cert.der inter1.cert.der end_requester1.cert.der > bundle_requester.certchain1.der +cat ca1.cert.der inter1.cert.der end_responder1.cert.der > bundle_responder.certchain1.der + + +=== Add test cert in ecp256=== +Gen ecp256/end_requester_ca_false.cert.der is same with ecp256/end_requester.cert.der, expect the openssl.cnf is follow: +[ v3_end ] +basicConstraints = critical,CA:true +The command: +openssl x509 -req -in end_requester.req -out end_requester_ca_false.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in end_requester_ca_false.cert -out end_requester_ca_false.cert.der + + +Gen ecp256/end_requester_without_basic_constraint.cert.der is same with ecp256/end_requester.cert.der, expect the +basicConstraints is excluded in openssl.cnf [ v3_end ]. +The command: +openssl x509 -req -in end_requester.req -out end_requester_without_basic_constraint.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in end_requester_without_basic_constraint.cert -out end_requester_without_basic_constraint.cert.der + + +Gen rsa3072_Expiration is same with rsa3072, expect the cert validaty time is 1 day. +The command: +pushd rsa3072 +openssl req -nodes -x509 -days 1 -newkey rsa:4096 -keyout ca.key -out ca.cert -sha384 -subj "//CN=DMTF libspdm RSA CA" +openssl rsa -in ca.key -outform der -out ca.key.der +openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req -sha384 -batch -subj "//CN=DMTF libspdm RSA intermediate cert" +openssl req -nodes -newkey rsa:3072 -keyout end_requester.key -out end_requester.req -sha384 -batch -subj "//CN=DMTF libspdm RSA requseter cert" +openssl req -nodes -newkey rsa:3072 -keyout end_responder.key -out end_responder.req -sha384 -batch -subj "//CN=DMTF libspdm RSA responder cert" +openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.key -sha384 -days 1 -set_serial 1 -extensions v3_inter -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 2 -extensions v3_end -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 3 -extensions v3_end -extfile ../openssl.cnf +openssl asn1parse -in ca.cert -out ca.cert.der +openssl asn1parse -in inter.cert -out inter.cert.der +openssl asn1parse -in end_requester.cert -out end_requester.cert.der +openssl asn1parse -in end_responder.cert -out end_responder.cert.der +cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requester.certchain.der +cat ca.cert.der inter.cert.der end_responder.cert.der > bundle_responder.certchain.der +openssl rsa -inform PEM -outform DER -in end_responder.key -out end_responder.key.der +openssl rsa -inform PEM -outform DER -in end_requester.key -out end_requester.key.der +openssl pkey -in end_requester.key -inform PEM -pubout -outform PEM -out end_requester.key.pub +openssl pkey -in end_requester.key -inform PEM -pubout -outform DER -out end_requester.key.pub.der +openssl pkey -in end_responder.key -inform PEM -pubout -outform PEM -out end_responder.key.pub +openssl pkey -in end_responder.key -inform PEM -pubout -outform DER -out end_responder.key.pub.der +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 4 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 5 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_requester.req -out end_requester_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 6 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_requester_with_spdm_req_rsp_eku.cert -out end_requester_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_req_eku.cert -out end_requester_with_spdm_req_eku.cert.der +openssl asn1parse -in end_requester_with_spdm_rsp_eku.cert -out end_requester_with_spdm_rsp_eku.cert.der +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 7 -extensions v3_end_with_spdm_req_rsp_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_req_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 8 -extensions v3_end_with_spdm_req_eku -extfile ../openssl.cnf +openssl x509 -req -in end_responder.req -out end_responder_with_spdm_rsp_eku.cert -CA inter.cert -CAkey inter.key -sha384 -days 1 -set_serial 9 -extensions v3_end_with_spdm_rsp_eku -extfile ../openssl.cnf +openssl asn1parse -in end_responder_with_spdm_req_rsp_eku.cert -out end_responder_with_spdm_req_rsp_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_req_eku.cert -out end_responder_with_spdm_req_eku.cert.der +openssl asn1parse -in end_responder_with_spdm_rsp_eku.cert -out end_responder_with_spdm_rsp_eku.cert.der +popd + +==== More alias_cert model cert_chain to gen ==== +NOTE: The bundle_responder.certchain_alias.der and bundle_requester.certchain.der have same ca_cert and inter cert. +The only different is: the basic constraints is: CA: ture in leaf cert of bundle_responder.certchain_alias.der. +This alias cert chain is partial, from root CA to device certificate CA. + +=== ecc256 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== ecc384 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== ecc521 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== rsa2048 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== rsa3072 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha384 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== rsa4096 Certificate alias Chains === +openssl x509 -req -in end_responder.req -out end_responder_alias.cert -CA inter.cert -CAkey inter.key -sha512 -days 3650 -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== ed25519 Certificate alias Chains === +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_alias.cert -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== ed448 Certificate Chains === +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_alias.cert -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der + +=== sm2 Certificate Chains === +openssl x509 -req -days 3650 -in end_responder.req -CA inter.cert -CAkey inter.key -out end_responder_alias.cert -set_serial 3 -extensions v3_end_alias -extfile ../openssl.cnf +openssl asn1parse -in end_responder_alias.cert -out end_responder_alias.cert.der +cat ca.cert.der inter.cert.der end_responder_alias.cert.der > bundle_responder.certchain_alias.der diff --git a/test_key/rsa2048/bundle_requester.certchain.der b/test_key/rsa2048/bundle_requester.certchain.der new file mode 100644 index 0000000..02de77e Binary files /dev/null and b/test_key/rsa2048/bundle_requester.certchain.der differ diff --git a/test_key/rsa2048/bundle_requester.certchain1.der b/test_key/rsa2048/bundle_requester.certchain1.der new file mode 100644 index 0000000..7a828ac Binary files /dev/null and b/test_key/rsa2048/bundle_requester.certchain1.der differ diff --git a/test_key/rsa2048/bundle_responder.certchain.der b/test_key/rsa2048/bundle_responder.certchain.der new file mode 100644 index 0000000..b29d2ef Binary files /dev/null and b/test_key/rsa2048/bundle_responder.certchain.der differ diff --git a/test_key/rsa2048/bundle_responder.certchain1.der b/test_key/rsa2048/bundle_responder.certchain1.der new file mode 100644 index 0000000..4b6bc68 Binary files /dev/null and b/test_key/rsa2048/bundle_responder.certchain1.der differ diff --git a/test_key/rsa2048/bundle_responder.certchain_alias.der b/test_key/rsa2048/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..c7a38a1 Binary files /dev/null and b/test_key/rsa2048/bundle_responder.certchain_alias.der differ diff --git a/test_key/rsa2048/ca.cert b/test_key/rsa2048/ca.cert new file mode 100644 index 0000000..c692636 --- /dev/null +++ b/test_key/rsa2048/ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUWzWjhf5QWq7HpEo63IgyvjezAv8wDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwMTQy +MzVaFw0zMzAzMzEwMTQyMzVaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiGIZMa9CNzlw31j8e +TJA3mmnJ0aFQpgUpdE0bHHYPVqm8u8eD0HH/JX2ByUqAYywzm+LpKzmlsH6Mke7o +JE7jRvOFYh/Guy0EDmLv2IfTz5U4gQIRJvZFx7MdAy4fa+OUoD0gIp6BHCVZ7FCI +XrM2ER+wtkRFznPRaq2jSMATKohwhOqiiEYdhA0mdaYOBTyKU0R2SGChQwDLzRVT ++cxfh81TX54jWIk97gyBFqi3q8WCl/gYFU3wrfnRQr1fVCdfP0BYtFZjtyvSPQ+l +8THYdeKPNDxr7IeYPigLfoFkUZ60HX0s8vJGdAtZ7stMv1N3DIAZFjjShvnw5Xos +rCNlLXz8HqOdZywCyvxir/ZmqBI6FwhKIT+jL51R8az+MOGuVD8Q3vYX2bYxvseF +1CG1GK0tPIxLwpr3jEpfuLHJ3vZUkTbAEUKfkq88vOopKkm7zztGhhOV+GDG8poZ +Gq9xQ31Qtt5Hu5Cb3DXxxn2sPxEZUC3TqnuNOMgnQmetm5gBSMLyUpq8pMpKYJ91 +8cn6psfNSOOlFisXu9fmfrt62ijN9rI/uao6b+P+qWOb6Q1pnvccIC7hEbGdRZks +qdQMVN4I4mY0XO97wLwr8/VzOQHtJakE6HLXki53Wsf6lKARxXq9/di1NPhSSgxE +20rRUqMWiCeLdLWS2Lu519Bs3wIDAQABo1MwUTAdBgNVHQ4EFgQUwroVwsnMtRq5 +bAIiZBAB2csk6v0wHwYDVR0jBBgwFoAUwroVwsnMtRq5bAIiZBAB2csk6v0wDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAO5kTzg764bjyIXPlu5iO +azZfrMZQy+A+MQyypL+c/HAW7kE9cPUymb7qCFokso5iPDNDjSHgyAYX0tufXDli +luh+SGs7zCwSLoh5N+Id+ezvClAwtuSHACueDqyuE+P7T4Um6DpBy+ffAU9T72lJ +beTlfahbsW0VGuPcqzwgbwuECLeh1F4rKjp7oHqENHfYCVIzkWZcIrRuEkBNDch5 +toH0Y8DZDnaXobNT9yojTiMgiyCH6NJiwZwETfn5ByP67MWmhlc65d7rEeB8FYXM +c+dPxuqwa3lccq161X3supMoAf/tjTczLpKrnHiehCq9cQ1T4u0iADLAfFhqyWnA +cZdPFH4rUhxapJ5EkccFPggHt6rcYPYeqxomId3Hzr2TY2V07PctgjdeUEswcaDK +EwWQh1x3pUxz6bcUzdNG01NWyuIyU8uLLFeixpxL3quMx5oNeZNPOOqWjdqP9gqk +3jtfNrxLQzGxdE7HU6eXC5AZLTtTyxVwiFKmbMnnvTcaMF912csCeeKi8vudZvD6 +DYv6Rs+WxGtGgPITuNy3IzVDuy/jfQ9o9vb5Av2f7/UKwkQT6GZQj+uxZwR4Lh+Q +x6xNECekftnauGGv1nSpfFWJQU7ido2XULQ/8xd1TeM1aMSVYjnFdWeQ7S8uapU8 +18AKW2S2zguAU+MYC2mUsv4= +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/ca.cert.der b/test_key/rsa2048/ca.cert.der new file mode 100644 index 0000000..3acf5aa Binary files /dev/null and b/test_key/rsa2048/ca.cert.der differ diff --git a/test_key/rsa2048/ca.key b/test_key/rsa2048/ca.key new file mode 100644 index 0000000..8f164f1 --- /dev/null +++ b/test_key/rsa2048/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCiGIZMa9CNzlw3 +1j8eTJA3mmnJ0aFQpgUpdE0bHHYPVqm8u8eD0HH/JX2ByUqAYywzm+LpKzmlsH6M +ke7oJE7jRvOFYh/Guy0EDmLv2IfTz5U4gQIRJvZFx7MdAy4fa+OUoD0gIp6BHCVZ +7FCIXrM2ER+wtkRFznPRaq2jSMATKohwhOqiiEYdhA0mdaYOBTyKU0R2SGChQwDL +zRVT+cxfh81TX54jWIk97gyBFqi3q8WCl/gYFU3wrfnRQr1fVCdfP0BYtFZjtyvS +PQ+l8THYdeKPNDxr7IeYPigLfoFkUZ60HX0s8vJGdAtZ7stMv1N3DIAZFjjShvnw +5XosrCNlLXz8HqOdZywCyvxir/ZmqBI6FwhKIT+jL51R8az+MOGuVD8Q3vYX2bYx +vseF1CG1GK0tPIxLwpr3jEpfuLHJ3vZUkTbAEUKfkq88vOopKkm7zztGhhOV+GDG +8poZGq9xQ31Qtt5Hu5Cb3DXxxn2sPxEZUC3TqnuNOMgnQmetm5gBSMLyUpq8pMpK +YJ918cn6psfNSOOlFisXu9fmfrt62ijN9rI/uao6b+P+qWOb6Q1pnvccIC7hEbGd +RZksqdQMVN4I4mY0XO97wLwr8/VzOQHtJakE6HLXki53Wsf6lKARxXq9/di1NPhS +SgxE20rRUqMWiCeLdLWS2Lu519Bs3wIDAQABAoICAHtPrNr2KfG2yvCvS9UA6bVj +ApdFojJ4GfUvRHkbbbS9eOLa9yyPpikznAbf2o1Q5I9eR4CaIYCqg5rsaZKwDFNZ +5mfR/dpxCg3L4/gSAUJg6GPTwH7L5Q2wndG0WaINsVOfkuCfdXVCtCd0Xs9fO3Ym +ELWd8tIn/HOTdASDk5sBAEqY0uZSRQSvMFHRrkF8OlIAhlR1Ow1yq2he25rGrXL/ +HHQQiXzaHY2/SkPpuPAA/IAcm9+2VVSDBUjsPKQIoOsUcx8IEbBJ6ExHp1/V3NWO +2IuYcV6o0X4/yrbzxftLHDBpPpCzQRvXq8r+nioEYrpuCAUNoqyFgh6AdDEHwuQ/ +g5scstHSLL22vJY2cFyl+RHv2wq/G5SatlF0Hwpd2BX0ZMdoyZTETQBKstb1v6uz +CRjfoUpyjB4Niy0Al+AY5jNBik7XCH8gL13dRwD8KiZcDcMvzSYODmtzw9/Cj5nb +nKy1fOcM/AWifB4ERyIDgepHlzOXyMlHeZf1exZ7/AQTFC6g4tHZcY177jBJaBdY +uXJSBKBuZWHKxRKAnaQivbiaLI/xaCGdCCodSrwM21K0ZJ62ZrGq4GQYUkg/u2aa +ZaUZJFCqkMK7zclUhTqaUAiJgD1HwINNQL0Co7ERxh8bQYct/W1P4z8b7noDlwda +ZQ0x1IhSz0FbVRntlGgBAoIBAQDNhUvX6ZzHpMuP7mHf0O4K4dNhTPd08ewWaiFC +Rg0vevgJzXyZ1Mum+sUdNQ3b3fPzo//LDH+Qq7Y/v1SwZD6llLIaSPDR9V0WBHXI +1JoPH8Ajh9icKTtg0Tr1oLq+AfXGuphvM9g80IR5GLK+F9Fh2XkCm+8fhr07xqbn +LFHBeQ5cwb+o09s9t4BQZpL1Xpp7nRE2A0irYsvKkmq9cDX8UeV1JrAFLK5q1Nmh +TuHX4Wa9gaU2R++AMyM75qrumvjny9p4H2kbgAMtFlQmRir4thEt1qJq83ZPwJdf +u2IjOdAA1UUXahQPB+MNPgy1ZzOs1WU3hw1crWX0Mg412TrvAoIBAQDJ6MN/1gaD +RhDthzMo130ZoIEeVSXYeKoA01VF/h4LFUZ+ZMjH1g4EOO+ho2JmkSN45KOKLRip +xHLKMgNp4UIExNFBC/WGfnCdSn/nvFiJsIrrg/Jc2c9xf85cCGKZ4zsu7L3F+SjK +J4NZPxeYeWA7WT1Wb2llLs8/X6fg4pF2x9zTj9Ahosy35eVvN6x6KH8OKV0KtQ1I +527btg1Or0+1kr39kztsO7lX/LRy8RrkB7NFvAVmGFxIHhy+0eM9qz20+jG1J7A7 +WThuGX49q+sWgZM14xwfhZErE3MwHmeIHrGoi6mfGLfBS2MVIuRreG1qGBZqFiu8 +OV2jrtxBcK0RAoIBAQCPZcUgdmikx/AckgiKYL3mq+CQEGLMnwvKK+zez//dNCCi +vlSFBPu/m1MzaNQtp7TSN4h/hU3whE7aNcaCeL9ZSuHmAyS8akWz2hLQuL5xdQbc +A6n4c7BxgitwPOBvOPDi40j+th7Xd+omkDwO9JFsg4+yaVi0F5AriBTmUX8Nzkhe +IfV3d7KOYl3OO3OoboS9YT8j/7CRnJJy2ixN12BjmETQs9i3E5DzC2Z57Y8Y0LWd +3jqHIDQUsBmSbwSvDUREf3EExW3R+US+DclTFzxeYrKj2BFlLFBNnyQ/cIAt8eWW +3zeg+avbPPaIQ9YcMFDW8+H2l22UT4xGkTJnEhXTAoIBAHYOCdkCHBa/bgBkD86u +iG/mf/hrUtCKZORMrMxa89gJHYmjhh4KE3H2lG5PKKbN8A6sqM6O5Z/FxFRi/8n1 +snM1XSCKTInR/iiJudWWM7J2LhPct2YA2KEFWHRJVtWhniYmuCM8NtRUXCFfmX1G +YrTwzcNvKxHFV9o3JOKBtwnbfEubB9fS554S5p6rz8YxTXDLUKKFD/pzj0cZ4BgE +uzdwUHQmlRUIqqs+j4exX8a6leCNOh7i2Xo1WRtdf1+8cz0RGOVSCmH5HdyKPVzz +22XyZ0+XtgbcQvAL1ErrTB+zyq7A0nG6sx5q5Mkj+Ki55kelQ93Njs7kP9MH17LP +nfECggEAYkiHRsNL7vo45XIQIFo7Ta5zTNMJevS/wuowh3/L3k3RgMTJN3jWeszA +qYByKurmlOcv899SbRrb0SrrnOXaAeeY0WKT4tI778LXbo9JHrKNOx4Luh3YSlr8 +ckeADWO82E8vUuSaQhovzu3qqDvmt3smTYaoLUT2PjvAFYQZL21rkDeaSoJQhw/L +4qQkvGcpDA64PLekugzNONsySZmsp+Ud8TBz4YcvNvPtByafiDQY9YbISIoCs0aD +RY3gr8IHOxm8J67XBpKZd9IOfq4mSpjig7Oj2L44E6RRTWFzIZdJamG6h971ydF4 +3UGQdx/WHSGzXOFcFA0ZcKXO28G4kg== +-----END PRIVATE KEY----- diff --git a/test_key/rsa2048/ca.key.der b/test_key/rsa2048/ca.key.der new file mode 100644 index 0000000..dafe38a Binary files /dev/null and b/test_key/rsa2048/ca.key.der differ diff --git a/test_key/rsa2048/ca1.cert b/test_key/rsa2048/ca1.cert new file mode 100644 index 0000000..4b0a012 --- /dev/null +++ b/test_key/rsa2048/ca1.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIUH1PIuDjkJd629KCQ9yLEjlIbI/YwDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwMTQz +MTBaFw0zMzAzMzEwMTQzMTBaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOSAjJUeo9HpGVjlMj +nx1q8aOsiEau+B4+UVZ3xT06ecI+SVXRm5/ueXRnXBjlpQIfTg6+eZxo0EDPDeo3 +I21uyLU9BIO4sl09bbRnAqf+xvI8lYwcQocY076kf5kPat2043/IcjUaKAdycru3 +Xp5+mGEfvJ5EEN91kUQeXTBkDuYAMricM3/2hZrmYKGSsfoLFxenmjnNpNECoyFP +w95HzgwqWwzL8smLizSaUd/ZcWdllpqK4au12goFerjBo/29IEASTa/WzA2qmCon +jLq8SrckexSm3BowzbFVL/tn+W+n8Pmv2IzDvhMeRy0VtG7IV7x/UShRsqCrlVNz +keLDAgMBAAGjUzBRMB0GA1UdDgQWBBR9vJWVsGDRoy+uD2pi0bzklLzGJjAfBgNV +HSMEGDAWgBR9vJWVsGDRoy+uD2pi0bzklLzGJjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQAIhpIz2u+bQopl1VMh7vmDzJ7BYCHXp4SciQsBvCBN +xoqSzvuR0KygYglalrX6Gj/3LZx9FqZRUhXnwUBvlGMMrM/4I7RuR5xZRRp4nOrY +sKAtMctQ7JB05sl0jEOoN3np2Z9cV3CZsRMcebjf4cQ19fwHsoo+KyU1CZpN3L93 +YxIBpwj3FkrKhO8FKfq7zrrW7KrIwtoCLVbi3ECHSlqqj4DubTe4rh1rAU54ixMP +eXa/cOGg5wc6j6wsmB70yGPMzdiW/0o9aYJJf1FIcznTOtxHRxVIUIXVWUc3JvAw +jLemwnbO/BmJuqB1gE/BNkCwUlgyNKObW5h0BFGCvxW5 +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/ca1.cert.der b/test_key/rsa2048/ca1.cert.der new file mode 100644 index 0000000..fe6f3cc Binary files /dev/null and b/test_key/rsa2048/ca1.cert.der differ diff --git a/test_key/rsa2048/ca1.key b/test_key/rsa2048/ca1.key new file mode 100644 index 0000000..d1f55c2 --- /dev/null +++ b/test_key/rsa2048/ca1.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOSAjJUeo9HpGV +jlMjnx1q8aOsiEau+B4+UVZ3xT06ecI+SVXRm5/ueXRnXBjlpQIfTg6+eZxo0EDP +Deo3I21uyLU9BIO4sl09bbRnAqf+xvI8lYwcQocY076kf5kPat2043/IcjUaKAdy +cru3Xp5+mGEfvJ5EEN91kUQeXTBkDuYAMricM3/2hZrmYKGSsfoLFxenmjnNpNEC +oyFPw95HzgwqWwzL8smLizSaUd/ZcWdllpqK4au12goFerjBo/29IEASTa/WzA2q +mConjLq8SrckexSm3BowzbFVL/tn+W+n8Pmv2IzDvhMeRy0VtG7IV7x/UShRsqCr +lVNzkeLDAgMBAAECggEBALid4686Lufwmd89986js1JpXVEmzgv+aCLh7P9YeYoC +OwQ/4hysqaBm9vUiie3Nlm6qD6wNbxyndblZ/MrIXEKQQxSPG8yLZcN6kcC3sd7l +8xqhxTntmLdxmufigvw3aqFgEpc1D62PMcsOQE7G0hb/Db23s/W7HCM+lbaPNKX2 +yxmKj7/KA4mQej09h5HS3eIMoyoRgMEujIJi15FMHrbRK98WKHpOLvMSD2jqW9DZ +mfk11iMZhZnEmXpG00lD3QIz+kqPxVrfvoJEFu294kq0/kDzcVUyhbJbxdsXtvFy +KE57LuGZCFVGH0TRK0VegVCbRVQoPu/af2jL8gkufVECgYEA9yIhxzdm2AaAQ/an +R2X68HGa/y9Xx6iEcebVLyQbh6xxjZ+5HWdpKAylthTjvSbZIQku0V6b/hDaxPDT +y5Msn2nw+A94dvZJLcSN9m9Dc/3UZ4AbtgmM39kMWsRoihwxe8Anb1oO4aY8WbkS +aKthFwyXozIidZ1Ss+hLZiYEgaUCgYEA1a6vkEWIWnEkejQVREjmR+4y7mRjmrcU +vKVsJ0czDaT9dPtjD5eyQnS0g0h3f6zjdJq/+HsbUAlAKmsCHzU58uvNDMgIdDcJ +36vtX4YFK9sJKo+UvQj1RSDQ9CP41PyV2TV4Y1+bwxfJgqsL073Lc/MtkBBt6OvD +gGb0Xm2K1kcCgYBmVanrFpPtrHN8sSx/skkBO+nU9cPBl5SQned1R9xmiA/Vd2hu +Np4iyWntRiUv9GBA/851QFoUEOKmXps1V1JJCNORxMY7bKzM2PF4NIaYB2nnGfNf +pADDyNsG0wH+/sG23tD1mTNEWVPwS2TGFwFzS/GW0HHYhjby7KQcPm3rSQKBgQCT +1WhXOxPr5o0jEreH55uSNkT8U23p0zJAlX3u6r5yeSx1a5qMZhoJCi79CPzL0zQG +Ly4TXjB2PgArmJ7+MlfmLadOaXIX3SAypAL07IbVYZPE41M3OWRfMCYAUobL6/hM +L0ccEUB1SBa9FVN4ab3BeYOTQRqZY8t9IT19uvGr7wKBgHx/BOsEM+4zrMoiaio6 +pS2HsdQOYEotVHmzV2XxOYmNKagtS3VrVIxTAVGm1DJJLqDlAK7DQ9wxPQoR/nt7 +iuh3bmu8mK3gCfihLcZHTbEEHG2u+/JzCFXhW81wqD+2a95EE5voA2SzmIJz88Ng +oHEz0Qevwi9DGi2UQGFLO3Qs +-----END PRIVATE KEY----- diff --git a/test_key/rsa2048/ca1.key.der b/test_key/rsa2048/ca1.key.der new file mode 100644 index 0000000..99f70a7 Binary files /dev/null and b/test_key/rsa2048/ca1.key.der differ diff --git a/test_key/rsa2048/end_requester.cert b/test_key/rsa2048/end_requester.cert new file mode 100644 index 0000000..a80a57f --- /dev/null +++ b/test_key/rsa2048/end_requester.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECzCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzAxNDIzNloX +DTMzMDMzMTAxNDIzNlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisN +OnaTz2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPL +YqNRictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J7 +6AQ8Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9j +JLeRfabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1 +V//WNzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi +2ytx2NINn0ZFrCcCAwEAAaOBuDCBtTAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF +4DAdBgNVHQ4EFgQU54zIOJ7GatfBNsquj5JBHnzVZ6gwMQYDVR0RBCowKKAmBgor +BgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTAwKgYDVR0lAQH/BCAw +HgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTAaBgorBgEEAYMcghIGBAwG +CisGAQQBgxyCEgIwDQYJKoZIhvcNAQELBQADggGBAJip+fZmc8gGgbhLzCMrvjei +fW+9yUg3xYIP+S24zVENhVPFIXN2qGf2+ydd4cWEC70pVyxHTMKmCMD6EZ3uD3k2 +hsUIXh0oceMhtOAQrodCl2EbOkcSJYNYAjCeicGpYJE5jwwoAOtRq9oOcHU7B5X7 +4xtcooI1t5hUxmnsME5g5+dEsl0NAXoBqmkWCdGnclxaoodE3LyS6CDzgXLo5yWs +oWRAhUJXP+RVHhk+rAmA9vNMb8OXpBp0OtWoDvg4dPAk4YqkULL/a9qyez42HrU1 +Hnl2//QS0V1qDHCB8UA9VXWjKOpbky2SkOX4bpR+WjNSx6h1thf4dlS/6/GSREHA +zwxRVoAQ/+p3p12kdFpR4d5UIFcm09DfvkDeMZWkIUtu0V0rVnkMmKx8mi2GFIFz +BTH/VOsqKFSnoP9ye7BmAeDWOb5u2pmhOQ1l5/v6YUzxUxuoJULn5KsLj1xUo6sG +XHijHwDjNmsQ8FJzo8VFC+gWMX7ApjzKVjVM5LC3yg== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_requester.cert.der b/test_key/rsa2048/end_requester.cert.der new file mode 100644 index 0000000..a9dfdad Binary files /dev/null and b/test_key/rsa2048/end_requester.cert.der differ diff --git a/test_key/rsa2048/end_requester.key b/test_key/rsa2048/end_requester.key new file mode 100644 index 0000000..86f02b9 --- /dev/null +++ b/test_key/rsa2048/end_requester.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyiZIrDTp2k89r +qyiOgP3jxKDw26Xvq3ypKhrcUYHHGgIQyPAZBzQkPPplo3LQGCEP5Z8jy2KjUYnL +QFTG7c8MEyEZBS77F4YJjt01kBxbe0b75rA1upQid2qZN1C6p+tnspdCe+gEPEWt +Fn5nYeJ70trvsdVSABTZGTF39twOthgHlzXtwNIx2fEcuNm8BNpkgqrfYyS3kX2m +3m36v+6FXSE1NLgQe5F9vVnnHwjGIsGUfIFwoHDRnKsD4gW+MS9mZZSF9Vf/1jc7 +FN9u2gl6gcDtvIyZd+8pX/yHQ7pNLpzyWlDgyLQY1owG7NXsm2TyBNeUItsrcdjS +DZ9GRawnAgMBAAECggEAIrFm7OS6KpaYZMSysdZQ/7SSzZrxCLybEcgzxgI0pLri +Ed7qAQMMV8pdoeh8BAHcUtl87hi0hyXuD8flcW5+oEsLUHBYa8RrcGoJhEIHsKMo +7QQr05T4+iWYWkOMdWjx7omeqPWo5UHNDFBlqbM0rnkPwCofWLrZUkJ6AWS/6D+Z +H3w4Rj2eH6lFt1Td5ZW10Vb36g0VNwni+ViZIqJ+G9oKpLvh3zuI2NZE9laJ/+XU +OhJTPP847QMIjxO5Clqw3t/BE6AGqFo/1+zgFDjxZoT90NJ/gGPKHraIouk/y9tN +EILS8xe58DCkn0Li2lnQ2G2x9eQ/3Uofg1aoCmwVgQKBgQDV2+WuHtnjr/K4dnd7 +vyOkS1pgWrTrj6Lm0EujM6O1XS7ybcTSQE4spuF7fGRqz6C5SQ6VRdb21faaDeip +K714nXzL5KvHR5RVpwbAOd87OMAULVidIcNEnua3dXUC1+qenBE078Xw2lnpT8mY +RZgD5bIsSr1psHd3X+WBBrKL5wKBgQDVt+DlVXzYfXPjWBtZedJyw+3J9w+7rSV8 +3JKKjASCCkkcDGWSup6lvc8wPYJiff/ZTEhdmMGZGKglOLUSjf6nsmcLvkXCpU2O +eQsqtBCLKrtV/qPky6+1+Al5oKe5d1WLURTVoERqWrf163knosc/9IgDHvoFzYR3 +P1XSmkXVwQKBgQCcFZpUsv+kRk6Igy5Biwegab7UhF93baYff/c0bgQV4qTZG3SD +X5uuyz3WursvmcpccQ3LtOVn0lHhrjUZA2uOFKN4zLTzBTMmMHmk4pgiyRCnqVD7 +niC+fJs3WurD4ILEsHN+h2GYoETvG+Su1lxUu9iGqyYDdWA8KCmBOjomEQKBgAXb +WCpwwU8dgQOF8pntILtMa0PRpXi7Mf/N+6YYWDdIGODP5iizPI3GOdtUlDImydAm +qwUFnqiXaGQ8vZmYkpX96Z0ExdyjsxBoeMnezWVC8odUxyEKA/K0rW3L3UzT3GBJ +BI0mKznO6qOupE9VwqgaB3AudSObkjnCXpO67pcBAoGBAMIGRNNoNELmZ34heUd4 +zZD7Os4DejcFqIpCNsO4dn3VTSpNr9DFo1Wmkc+9E74ZioAcbtIVD6PqOO8PdPbl +bSWWTQXZ95UlEoqljsLx7k4CoSHdRLgbpK0citYyj8SmpBDlKi6r1OuoPnvnPhWn +27MuY98UrZoorJTSBAZxA/pr +-----END PRIVATE KEY----- diff --git a/test_key/rsa2048/end_requester.key.der b/test_key/rsa2048/end_requester.key.der new file mode 100644 index 0000000..b773113 Binary files /dev/null and b/test_key/rsa2048/end_requester.key.der differ diff --git a/test_key/rsa2048/end_requester.key.pub b/test_key/rsa2048/end_requester.key.pub new file mode 100644 index 0000000..d535d23 --- /dev/null +++ b/test_key/rsa2048/end_requester.key.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsomSKw06dpPPa6sojoD9 +48Sg8Nul76t8qSoa3FGBxxoCEMjwGQc0JDz6ZaNy0BghD+WfI8tio1GJy0BUxu3P +DBMhGQUu+xeGCY7dNZAcW3tG++awNbqUIndqmTdQuqfrZ7KXQnvoBDxFrRZ+Z2Hi +e9La77HVUgAU2Rkxd/bcDrYYB5c17cDSMdnxHLjZvATaZIKq32Mkt5F9pt5t+r/u +hV0hNTS4EHuRfb1Z5x8IxiLBlHyBcKBw0ZyrA+IFvjEvZmWUhfVX/9Y3OxTfbtoJ +eoHA7byMmXfvKV/8h0O6TS6c8lpQ4Mi0GNaMBuzV7Jtk8gTXlCLbK3HY0g2fRkWs +JwIDAQAB +-----END PUBLIC KEY----- diff --git a/test_key/rsa2048/end_requester.key.pub.der b/test_key/rsa2048/end_requester.key.pub.der new file mode 100644 index 0000000..5f7caa3 Binary files /dev/null and b/test_key/rsa2048/end_requester.key.pub.der differ diff --git a/test_key/rsa2048/end_requester.req b/test_key/rsa2048/end_requester.req new file mode 100644 index 0000000..51a36fb --- /dev/null +++ b/test_key/rsa2048/end_requester.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1c2V0 +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisNOnaT +z2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPLYqNR +ictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J76AQ8 +Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9jJLeR +fabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1V//W +NzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi2ytx +2NINn0ZFrCcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAP5UdSQBf8TT2hd316 +1UP/EGkZcCizw5bXEr5JMbx0jlV8J9e0FDdwY56UL22AytkLE8kavCutVsAQe+/L +74qi2WCoRzzXDb/K9p9xe1tfEAdm6MO8zrc8gTwW3dvHnPIsSkLjfDHn7Ya8b8JR +LRKl7fwAEuj/l0snTsDryVoWgZxHN3+y+EJGB/Bn2WyB7fFPzzQUZYgAwp5d8tHF +MJemdKqE4E2HXduzfnpRhypjrZ7NSxpP6pbFJPZf1G/2R2dXHsha+pkQDRkWUia4 +0Oxi9BNbgyEjaT0DOfFeQwcyjIr53X+qIGEMXqw9I4WrvCBoiFtuGVvQoQAKaF9B +B8Nr +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa2048/end_requester1.cert b/test_key/rsa2048/end_requester1.cert new file mode 100644 index 0000000..636d866 --- /dev/null +++ b/test_key/rsa2048/end_requester1.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECzCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzAxNDMxMFoX +DTMzMDMzMTAxNDMxMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisN +OnaTz2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPL +YqNRictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J7 +6AQ8Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9j +JLeRfabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1 +V//WNzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi +2ytx2NINn0ZFrCcCAwEAAaOBuDCBtTAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF +4DAdBgNVHQ4EFgQU54zIOJ7GatfBNsquj5JBHnzVZ6gwMQYDVR0RBCowKKAmBgor +BgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTAwKgYDVR0lAQH/BCAw +HgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTAaBgorBgEEAYMcghIGBAwG +CisGAQQBgxyCEgIwDQYJKoZIhvcNAQELBQADggGBAEUx/Ay0De+IniAc0deqFmKx +6pvDKyvlQo8YZ+mC6fBkHAPUSvaBpSkHOuYxI86586+C9iC0F2GtaolQ8YUWxdNf +afKn9E7hWE5qsxbt6pWIT1by5+a2cu2oeTHVv976sjP9yua4ei9A+lW59rdidlTe +Cbx6QQdijFu4ks16jfteWUgcYGtI++Kyl755pjV7lNZ1gMDfewVkg7Nu2cvRe7oD +CRt5n9Slb9HTftJvPXL2t6gg3l82NUswoTUCR7ShClPA0xthWknhL+c0DuWC1A/Z +wSKSMoTSw8QIPe4Kk79/G9UOoOp29PuRrbIRQD/Khh4coqWdg06qfTcqOfhFRfv8 +Idf+Ey6UevkVMUQyieGTj23642LwHDm2preAQ7VQ9lk6y5Jl4z6nXvozsbBG/ovR +wkXDhl1eaTl/HDSm7Y9ZnRS9lnRGYxJ0ZXw3VuAzXv0n4MTiV9KCK1XKoylziEzC +JISRyEVrHz7zX5Mbsh4RZtsm3eDQihvZuU6qUVHAkw== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_requester1.cert.der b/test_key/rsa2048/end_requester1.cert.der new file mode 100644 index 0000000..5bd9bbd Binary files /dev/null and b/test_key/rsa2048/end_requester1.cert.der differ diff --git a/test_key/rsa2048/end_requester_with_spdm_req_eku.cert b/test_key/rsa2048/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..e984876 --- /dev/null +++ b/test_key/rsa2048/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAi6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUxNFoX +DTMzMDQxNzAxMDUxNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisN +OnaTz2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPL +YqNRictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J7 +6AQ8Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9j +JLeRfabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1 +V//WNzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi +2ytx2NINn0ZFrCcCAwEAAaN0MHIwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAw +HQYDVR0OBBYEFOeMyDiexmrXwTbKro+SQR581WeoMDYGA1UdJQEB/wQsMCoGCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgQwDQYJKoZIhvcN +AQELBQADggGBAEMG4HuR/FSXj+ZFjjx47xai/TRFucn1LWKCA0JknYf++hSLW6+D +NndHDHdwUj2PDltY2TfuBaYoA4t16M0MM7c5mi+sRvya8LlAbiuuF41GQRRJQPSU +hInbnHCxDcR7ute+3shg0OP7qv3f3YHBrW5R8PpwOvhJn2nnE52CSx5IXhQHrReC +68paKfC4rflMadzjDBjPdz7dNrUABr0OGQ2ruzVyIlbzAa0/LBPBfDxNpHXJAtiz +aF2zQdTgqPYcsYlNxsH7ruV0pzzWGQDTxT1M7aMDEmb2jDzia9rCbp6Nv0djZjYH +btuZZ9EHZX782SbjYJTXrCuX0sG9d0LZaXAlAqMU5oDigSGx8rez1scZ5dKq7EgE +edEEI4S6TtUn8TfvfTwQ4RCcL93OSXv8wpEax3zxnXkcixo+idCP7cEw26WMPOUt +VNmIojm9yYkoxWcP5MoViv39YfF6noC62+ebf3peZn0PpcWTItuU2Y0e3oa4J6Zf +nin6/uPKlFmiiA== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_requester_with_spdm_req_eku.cert.der b/test_key/rsa2048/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..82753c6 Binary files /dev/null and b/test_key/rsa2048/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert b/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..8c871dd --- /dev/null +++ b/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0zCCAjugAwIBAgIBBDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUxMloX +DTMzMDQxNzAxMDUxMlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisN +OnaTz2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPL +YqNRictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J7 +6AQ8Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9j +JLeRfabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1 +V//WNzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi +2ytx2NINn0ZFrCcCAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBTnjMg4nsZq18E2yq6PkkEefNVnqDBCBgNVHSUBAf8EODA2Bggr +BgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIDBgorBgEEAYMc +ghIEMA0GCSqGSIb3DQEBCwUAA4IBgQB4YnbYGjC59P6zAGSJr72TKErZvCGmFFyr ++BMfEanhqLx3V00NMOW/FqKetvWBK/Ezv7XqgXczq6+RSg8U3VXcQ9jdE7jFC2FD +6OuhYWMBWC/u5Z3fuIv/lL0Zjq5ipPw6i/JBhBT3lArOLiUCanZHPXlHlsLhzcHc +HyL3wArpQGAL9gaXtRmGUKw2UXXNL9FLCPr+yAbRpStHKXmo/Cragb1IHGzSoATk +ob3O7hkwdtzdTkvre27UApotpm623ZRvzZepYzYiJBpSIzN4SeJhZja5krvzy7kk +A+cCrgZlUbFbUDzixqHOzFHoRXEyioEP9STl4bTcblOzEXaK9gptcOJAZjS1LJac +hT3bqRoVgzDFdOTla0bZYnL9cADbMD6T9g+QuBdIP4XuoL1hZDoVP6SI/bV1Viho +rG+UamPEkC4C1Xh4lL1P3uOiX1+Ug0kNuqQ/LFi9DaHH6Vz2ndzxTJaV7/9iK7X3 +rRTdC0kZkfpP8IkC+o630xM8Iag9AeI= +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..71be171 Binary files /dev/null and b/test_key/rsa2048/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert b/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..e6b4c1b --- /dev/null +++ b/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAi6gAwIBAgIBBjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUxN1oX +DTMzMDQxNzAxMDUxN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKJkisN +OnaTz2urKI6A/ePEoPDbpe+rfKkqGtxRgccaAhDI8BkHNCQ8+mWjctAYIQ/lnyPL +YqNRictAVMbtzwwTIRkFLvsXhgmO3TWQHFt7RvvmsDW6lCJ3apk3ULqn62eyl0J7 +6AQ8Ra0Wfmdh4nvS2u+x1VIAFNkZMXf23A62GAeXNe3A0jHZ8Ry42bwE2mSCqt9j +JLeRfabebfq/7oVdITU0uBB7kX29WecfCMYiwZR8gXCgcNGcqwPiBb4xL2ZllIX1 +V//WNzsU327aCXqBwO28jJl37ylf/IdDuk0unPJaUODItBjWjAbs1eybZPIE15Qi +2ytx2NINn0ZFrCcCAwEAAaN0MHIwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAw +HQYDVR0OBBYEFOeMyDiexmrXwTbKro+SQR581WeoMDYGA1UdJQEB/wQsMCoGCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgMwDQYJKoZIhvcN +AQELBQADggGBAKEmG7Xb4pafnqxYMcy1ZrLSQT34y2oM/0ZvU0yCy1blMOO2+4RQ +Mae/TJZYUelWYAMuJ7qT7KXxQsVYl0ZTBSsHgmbrgle4ygzZwnAmS5yJdR3c8+bw +MteeWwjbAxlc9MZFYo21qsi1GO5B3Z6VmxWuCrP53vm2TqR/nxt1u3D25XZ2NTlb +pwSQp2mpCenVnKjYKtPXeEjd7p86DycesGn98+TqyADjSRv4iOEdKEaOqfdCMSiI +i0XtjkNca0LhbvpeDaOgfNbc9F2gXGQm2ZkMZfCbwvTvy6+i9L6Sxz3HwKDJ82p4 +4OtBDAdIa8V8Lr9MncNz7bX34GqcaTcWFjQ9Id6RNueVlrh37oDJMBsDZRT+UsNq +Q4cw+UDHtThhD8ovZ+92byrH0LcaYGTOUFRaPDUu387ExiczrPP3FvVK0s0XRkzt +Su6nCwWYAQpysPQQU4MN8FiEC2As4v+TACk9emVg7OTQ1DsaRLM4tXIet3idHXLv +lPNcFlNlWlKHDQ== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert.der b/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..06a9bb9 Binary files /dev/null and b/test_key/rsa2048/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa2048/end_responder.cert b/test_key/rsa2048/end_responder.cert new file mode 100644 index 0000000..695daf5 --- /dev/null +++ b/test_key/rsa2048/end_responder.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECzCCAnOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzAxNDIzNloX +DTMzMDMzMTAxNDIzNlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaOBuDCBtTAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF +4DAdBgNVHQ4EFgQUgEnkn9ir9SClyyN5ovImWWt7ShQwMQYDVR0RBCowKKAmBgor +BgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTAwKgYDVR0lAQH/BCAw +HgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTAaBgorBgEEAYMcghIGBAwG +CisGAQQBgxyCEgIwDQYJKoZIhvcNAQELBQADggGBABnl72SuRTIPdDFhMxE+j/Az +/lxYKstTzTpx9Yk606TYGsmWkcb2gi4gdcbFugkK8qITXUi2irQzB4MnErJAoIgs +jGKV8AOxObbaNHLMitPTM8I9ntBjBS/+rCptcUMffAJjC/m1/5AsR+Tf56TJhWbR +fViWwbDMDoHHqDHXu1n5NZhIB/kbHC38cQO5KtbI+XxQOQE2lAj9vsDRHP8eACB2 +I7S3oKnarldOTw7ZA+w5WCxneGeSxZUNsWp4wmsCZ7Z9escCzWbI3hNJ28JI2s04 +Tqisoy+FcwKUiA2xH6VN2HjPgChZ5e0pC+7NUXFjjxRHwiy5SdtXChyIKc/UWRdU +i9+AwHtdi+S6eB5AI2RHJcshOMx68ENjwZRqCWcbqou/RPMGZUKHV+1X6WwyhMF0 +qOjvV56WUEZ7L/J+Ygyd50BXm1js/PVgWFtsXHj9qkjT3BuDJqpsq/HlV7AjHFc0 +X6SW1Jv/4cZ+mB9uM03A2I/MbAz0iVJGM8PZmYsYPA== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder.cert.der b/test_key/rsa2048/end_responder.cert.der new file mode 100644 index 0000000..ef00239 Binary files /dev/null and b/test_key/rsa2048/end_responder.cert.der differ diff --git a/test_key/rsa2048/end_responder.key b/test_key/rsa2048/end_responder.key new file mode 100644 index 0000000..720d4e4 --- /dev/null +++ b/test_key/rsa2048/end_responder.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC709kQODkKH7MJ +Bt9wDo9aU2mTYLllqeHBjFjXKPnnUXXaY5k6cDa5gIiB5ajMSgw8jrrtgVl8aJxa +YJA65AqOuzKS07wZPmTuGRGXb1U68FQqN7O4FbDHzyAPRMl04a2JVsO+xvZPbn0J +16Gzvf23AkdKJXOvKjmkzpYJbM61STHln5F4o2rj18MStiflVdrHPl/Q5hxzXrE8 +ZFQ2+1Pe21stqgUUYBBq3OSFbCxLlQXs0OFOr2xA5njnwohVMLtoTYyi1g28pr/6 +3MBqvkort/7/5raI/zg+E4+Jwxwle8UBXsjzvOWlV2ixiylRQpDmQd8cNM84+E/D +uolCPG4xAgMBAAECggEAUCNxR6RVYeZogv91sd/kdguEzibEs4WqFuSEuzh2d6Wf +/Q/lvrNGBhu7IoEUZiVp1ySmyNMZlSUlIMJ2h0no30ErsM26QaMHeTck9FHCMaV8 +o46klXRbusS6zwjwU3g+jIyCdBF74iQoIVzpV0FG0SCdvhsAosoHUjP6fAb6ownd +cXLiLoCawtc4T2jbp7HIgI7E3jOhjdT4oKcWtB6QYANbJchWnzLlOPXshnLy4s+h +WmTpo/ewLZpshhIHqTQkH0gro6G6y/y5Lb6De7QWAZCYoi6sioSNWgQOG27ju2EE +COXLsCJURRCY37uM9UCM1JLZimd/HF+jMJmfApcUKQKBgQD14RlVmN5B67qUCtIh +mjXxNSxebUEtRhwdJgQ5ARSAHZg97GsBBzMqfwdCKpeiRswKKKuQSUlPzLKaN9iu +LsITFjI9GDCBO6GhTGTtNphZxdiKYBkHFQsPrfrDh6oISFipboDjD3PFmDMvnHgu +Waj7lvlUlWrHmB4DhMwKOlmxhwKBgQDDjwpwhcjrokY1B+qpXL6btgCY6yf8OAWZ +nuIeAEIn3k4gaYQK/tMGqW4OWNuFhDjN+KPE2H08bj8FFHOkQDcgsx0GAheepwAg +8p9wFi2BBJoFJHOXPEeVI6rJMWvwxz/JlGy7vdCjU0gFTAnfqKY3fpBtZrfHUqQ2 +YX6amsWwhwKBgQDVNnL/lOX2h/Fs+s0osk7gcVmeMGN6XPd4F0VGITejuQYRfHd1 +lsa5rRmgOMrwvy+kB4xuO/7Eoh6mOJM+x/EnF/JMpDM7fXg1JMfII7WM81FI/Pf2 ++jpzSEzRTU0WjZXEprxBKV8dE1QfjzFwD/PG5y4iOMc1eSVdq8Q7gknQ9QKBgQCL +719ZBWKwun3ilLemWWdLpQDoa91A7hWTx82mCilMvhbJurdx5sa6jaLjQVJUSDkd +qj4GLaPwCjOuPuRBNHI+Q+0Qz453SKke6n6MhlIpcFGGPH86STgv0EX1khfbQ7ix +VjQ4Y6tYM8/lenPWR6gpLbfLkSUQzGIVR86Acx/jIQKBgQCMLCi3PhhbKfVQYlOG +rhP6z2abF16xJ8KHf1Mv1J/9OMcRfSp6ghGOsYHqiFgO+54Ga2X4G+/9fA/FCWMd +dQ8FI1kCZzJ6C21Hd2KohzUc2IePN+Mgs+EJr8I2HDIjVjlTLze2Sk6a1QiXHO2q +n/+HTPA8O/WtB43gF6QeQYvotA== +-----END PRIVATE KEY----- diff --git a/test_key/rsa2048/end_responder.key.der b/test_key/rsa2048/end_responder.key.der new file mode 100644 index 0000000..553f8f7 Binary files /dev/null and b/test_key/rsa2048/end_responder.key.der differ diff --git a/test_key/rsa2048/end_responder.key.pub b/test_key/rsa2048/end_responder.key.pub new file mode 100644 index 0000000..1db9436 --- /dev/null +++ b/test_key/rsa2048/end_responder.key.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9PZEDg5Ch+zCQbfcA6P +WlNpk2C5ZanhwYxY1yj551F12mOZOnA2uYCIgeWozEoMPI667YFZfGicWmCQOuQK +jrsyktO8GT5k7hkRl29VOvBUKjezuBWwx88gD0TJdOGtiVbDvsb2T259Cdehs739 +twJHSiVzryo5pM6WCWzOtUkx5Z+ReKNq49fDErYn5VXaxz5f0OYcc16xPGRUNvtT +3ttbLaoFFGAQatzkhWwsS5UF7NDhTq9sQOZ458KIVTC7aE2MotYNvKa/+tzAar5K +K7f+/+a2iP84PhOPicMcJXvFAV7I87zlpVdosYspUUKQ5kHfHDTPOPhPw7qJQjxu +MQIDAQAB +-----END PUBLIC KEY----- diff --git a/test_key/rsa2048/end_responder.key.pub.der b/test_key/rsa2048/end_responder.key.pub.der new file mode 100644 index 0000000..0515d33 Binary files /dev/null and b/test_key/rsa2048/end_responder.key.pub.der differ diff --git a/test_key/rsa2048/end_responder.req b/test_key/rsa2048/end_responder.req new file mode 100644 index 0000000..efbedb3 --- /dev/null +++ b/test_key/rsa2048/end_responder.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4OQof +swkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2BWXxo +nFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G9k9u +fQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9DmHHNe +sTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLWDbym +v/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0zzj4 +T8O6iUI8bjECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCYbn02afvGQKdmPM34 +TdNCf/tNXa/GXQFOAHKiZnzrOTy7PZngR8l1d0h1gdu16Yp65Ifp5Sy+lQqp7Ama +3p0G4+NzeTVN5P6EHa+x0AdUjh/KX3Dh0Sc7G3/gJ6E0OtR1nC97Zc1qppenYU4z +o5rDJQqlT6IvrkQSPxWaH5olos0F85pc5rIOiQrMKeaVsKzYpDbLmpV5I6/8DOMV +Iy2nGEQHjaLGV+USlvGwVOoQZ2kkPk5l/RPWn/hRyHCNdNUAdq1tsFHGaauWxbG4 +HAnBJogmtUPnqkyhjcNUMeEZGJwhFJbNQrY5MbiOHFHAzYxL6vnFfTnPqoO6DLkX +YBfo +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa2048/end_responder1.cert b/test_key/rsa2048/end_responder1.cert new file mode 100644 index 0000000..9b5aace --- /dev/null +++ b/test_key/rsa2048/end_responder1.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECzCCAnOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzAxNDMxMFoX +DTMzMDMzMTAxNDMxMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaOBuDCBtTAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF +4DAdBgNVHQ4EFgQUgEnkn9ir9SClyyN5ovImWWt7ShQwMQYDVR0RBCowKKAmBgor +BgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTAwKgYDVR0lAQH/BCAw +HgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTAaBgorBgEEAYMcghIGBAwG +CisGAQQBgxyCEgIwDQYJKoZIhvcNAQELBQADggGBAKMHMxp4i1ezTFa04hOD/BDO +B2vhvhoFl9PgDyzTSTrzWPSIL0By2QuvbDqltbqEpgDYwd9UqRlacWKOnRc7heFO +xP2i59ruDTbudYZ7OYzf3DhOnrCC5aKQzhH1n58IjqzungWLS3X0oiB2b7IgJrKQ +Sa1UpZ/98q246mZ8Itgj88vkJrAXIaT9WG1z3UCCbOhFttIvUuN9NBChADqYdY8f +Gr/EjbZZmDeYeIsFGJ/U1emonaT0Arc7lDa468SLFAGquYxcSJqHLcbiScsaZwQF +kguh5csHh42tEvR9d8f4WLhykH2XqFXtjkpxRuKL2i62iyKPnYUUTTVrwjlZweaZ +V7sXsOf60WFO/IHx8kU3RvG/Kb0Ojj5CEXK9rSJQI9qNkU1Qtt3ZGbOJgJ+gIcQ7 +I945VBcQT9IZZRgppxc7PSU8ECyKiYccwT53AWq/BarA3/QvYiIjWoGSL834Py9Z +qJbZxItU5cD+GMr9cKfEZAHasdjX6qO3moW/yQg30A== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder1.cert.der b/test_key/rsa2048/end_responder1.cert.der new file mode 100644 index 0000000..8889684 Binary files /dev/null and b/test_key/rsa2048/end_responder1.cert.der differ diff --git a/test_key/rsa2048/end_responder_alias.cert b/test_key/rsa2048/end_responder_alias.cert new file mode 100644 index 0000000..1b78804 --- /dev/null +++ b/test_key/rsa2048/end_responder_alias.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID8jCCAlqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjIzMVoX +DTMzMDYwMzA4MjIzMVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaOBnzCBnDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE +AwIF4DAdBgNVHQ4EFgQUgEnkn9ir9SClyyN5ovImWWt7ShQwMQYDVR0RBCowKKAm +BgorBgEEAYMcghIBoBgMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTAwKgYDVR0lAQH/ +BCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTANBgkqhkiG9w0BAQsF +AAOCAYEAFQGnYcTY23QlGC67nW0AIbIIAvoJJp1WGqTjkAfCM4QrsXD/1s9uaDsu +XQWc0PDot1uJtnullY7POfPn+IUrlYYBjidM5oMXQiktpGdvozT/NOEfLsVyU4OO +8acfxdu/joh76caG+9pV3QMw0ilgyIye8pAmfLIDXe3/67o/Sx9Y3/AEvpOCtt8/ +cbDoHpzGRZ+UhXmiyZ1Zfp7gYm0yk+IC5SJd2KnIZt0wBpk/v0HTkU1kofrDlj+w +Z1ag3gt9cLb8106CW6epVSZWkLmThba4IdUBql4X7VoA4JzRgAwBKuFDXiQPcG7k +R1U143JLJnviDd1aFfQ31sYDoHP+4AjTs05kC1lOeuEJn/XDKMmq4Kab56a4Ludo +grtpt1aUUN/bVazWUhDGnIwgmEdfswKiEBAUnYJMQwSeciqx1XJy2VKeRjPyWz0k +o6zuRhuQ9jjSP/Aw8ckZ69lShHSmPIYFfvDSyt411bUlKbEb9XrLZ/St9qsSJgj8 +MfV/KOvo +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder_alias.cert.der b/test_key/rsa2048/end_responder_alias.cert.der new file mode 100644 index 0000000..b9443e0 Binary files /dev/null and b/test_key/rsa2048/end_responder_alias.cert.der differ diff --git a/test_key/rsa2048/end_responder_with_spdm_req_eku.cert b/test_key/rsa2048/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..515c275 --- /dev/null +++ b/test_key/rsa2048/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAi6gAwIBAgIBCDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUyOVoX +DTMzMDQxNzAxMDUyOVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaN0MHIwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAw +HQYDVR0OBBYEFIBJ5J/Yq/UgpcsjeaLyJllre0oUMDYGA1UdJQEB/wQsMCoGCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgQwDQYJKoZIhvcN +AQELBQADggGBADA4X/WOytIVcHe5M4DX3FPxnFJWxPu14pT+rGJNlkLju9zCG8rM +vUZh/hvvyYZCq9AKR/En63/0xCCFXzjepH/goDUgNsFBZ1j0WrNuVFguvnv2FTnP +y8En82nWarFKnMQqggbf+Nt/RreDYAFdvB0DgPb3NskRwVKwoVrjTzwUK/aUwopV +6FDgBI5HTZYfnnkDgc2TwDe6XBpu42ppZsfdr02a3lIas7syXNLD6pCUI1QA/H7E +5DPG31GHBUfer7XIvpOs2sdA+Gud2B/By5XCICA52yCUckcuHuar1zSiYJuJEqkJ +I2YOCZB+TEpRwdeHg5uyWeLica4MNk1ryGV90ESfsuu5Xn1GBWbPOTD+1t8HvOSx +hhcZjqcS1mH4CRx/IgT+ciykFfwe7L4mCeGqZMOj0kASc99zkQT3TTNSmIyULbZ9 +fgqNEYyIB4LgcnZNNnfLCBnlxWVKG6ynitV0lc+KR6RwVJr+qdv53Rvn4RxEZ1cH +nnDzrRl05+R9pg== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder_with_spdm_req_eku.cert.der b/test_key/rsa2048/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..0292a56 Binary files /dev/null and b/test_key/rsa2048/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert b/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..5129c15 --- /dev/null +++ b/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0zCCAjugAwIBAgIBBzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUyNloX +DTMzMDQxNzAxMDUyNlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaOBgDB+MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBSASeSf2Kv1IKXLI3mi8iZZa3tKFDBCBgNVHSUBAf8EODA2Bggr +BgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEEAYMcghIDBgorBgEEAYMc +ghIEMA0GCSqGSIb3DQEBCwUAA4IBgQCb6fAdEXj2852D9Huq6SY9X8q2E5D5yNjE +zWIr4H0uX/FZ4qRSquH5a24duaTficha+wjj1yf7tC6gK4TNfoEDux69g1wURaKS +SEEv0hKcqg+M6OCTSCQfO1Iy3wYdj0xu4P8Aej2VG6RGL9TDi8stqEbDRAENp/Qs +2PfjO1a7ifHIoTCuGuWZQwFY7WiTHqP5RE73gII7UcFD3Tc8hwcHhgWpI7Xp11Mj +O21QDQ1o1v3NpzFf3nqSNTVPnXTouJ9IK5ziat6+vBQZpILttLTMihVZn7DNKN2S +jRxIrY9WJAR++NOmoj/xmQBH0ywRHrDnvMDet67mtIuQXhDa1pZ7YR8uo9n09rzf +BZgkpX2pBZhfyTpoXYjl11qOCm0WSGr355udrTsg0vfHj9ADGDKMIITHz97tUcGU +mszINdTWQoYcrIX2Dlky1lvAQOTD2/Pke+m/JwQN06dcGGg67cJK34Ab19sLDd+v +l3Zxn2WGJqj6VnfRVF3IoEx/ppXR7bs= +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..a6d720b Binary files /dev/null and b/test_key/rsa2048/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert b/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..d9fd633 --- /dev/null +++ b/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAi6gAwIBAgIBCTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDUzMVoX +DTMzMDQxNzAxMDUzMVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvT2RA4 +OQofswkG33AOj1pTaZNguWWp4cGMWNco+edRddpjmTpwNrmAiIHlqMxKDDyOuu2B +WXxonFpgkDrkCo67MpLTvBk+ZO4ZEZdvVTrwVCo3s7gVsMfPIA9EyXThrYlWw77G +9k9ufQnXobO9/bcCR0olc68qOaTOlglszrVJMeWfkXijauPXwxK2J+VV2sc+X9Dm +HHNesTxkVDb7U97bWy2qBRRgEGrc5IVsLEuVBezQ4U6vbEDmeOfCiFUwu2hNjKLW +Dbymv/rcwGq+Siu3/v/mtoj/OD4Tj4nDHCV7xQFeyPO85aVXaLGLKVFCkOZB3xw0 +zzj4T8O6iUI8bjECAwEAAaN0MHIwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAw +HQYDVR0OBBYEFIBJ5J/Yq/UgpcsjeaLyJllre0oUMDYGA1UdJQEB/wQsMCoGCCsG +AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkGCisGAQQBgxyCEgMwDQYJKoZIhvcN +AQELBQADggGBAC6LkjlbQiVDVNCPPi5dkMhqnwGXLwCnczIO6GHDo18xap67um1W ++ZQsNwPS+sW18jEsd+vCzRlPZUMFhKi6yUCMCwEyQAtlJZzx2Mqs2geFC5jhtFf1 +JPNb+/8EblPl6b9elS/pCEA7GbYDorBv1frqEV+608MxDYNqNW36AkJiAo3Mhdh3 +p2eJx2c3Ne/IRdRNp4T2WtF1Oa80hyU/T4PoQAv572UKZov1BfPpDb8RKOWS+u3I +Fx82tu9AjBb4Yk45/b1M3PR+ZsF/DjtoxkDkVFv6GS+It1kwDO26AzE4vbhddBWa +0rDXYbLv4R0U44rpZ/w5iL4pv2NIsjQr0YI3aJx9045a8COmb9q+ArDNxML2W9E6 +Cl9rOe22I8S9ItKu1eaYPKssCESyjjA7Ovq0dOTqNe6e1hz9ZCpiGF6rFVMxbQ87 +eNVpq3PE87jfF1Ab5Vfx9eshIM6UD2y1SPFhxYi0PbuKTby47mqdV/EJYgJQPHxK +ZaqFw4kZLJlERA== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert.der b/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..e36adc5 Binary files /dev/null and b/test_key/rsa2048/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa2048/inter.cert b/test_key/rsa2048/inter.cert new file mode 100644 index 0000000..4184821 --- /dev/null +++ b/test_key/rsa2048/inter.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzAxNDIzNVoXDTMzMDMzMTAxNDIzNVow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlhq0UE++5j7X+5FOQhahJk +U2aNkwmoDSiPH8UAPiNjqT9mkomTMu6OFCFrU5oMG5bO08sfmDRYFUZP+TvV2AVG +rfq0VMDfaHOI8HQrfSRujNyRAqV+5fBhB4azDSo1mU4iVYznYkKU4OZ9A+XidKd6 +FXtvIkrI0Oc5s328q9lh2LkVhMS8bUvXQZEOkBD3WqR2RKBVO2UVSG6z1VHxJnxH +LrdYkOBYyXa+wbOh9cEsy4oJ4tfn8IPun1m8ubqC6D11tdHo/79B7COsc8k9gqk2 +H2MEczkX7vWjSQm6YPHZ88uofMUWt4iO8pAYtDiYY29MB6mewtGqumynviQ2I3Hv +sEV0XQSmELj4g8OflIPU3LZ4C50hkppN5Wmf2LH6mYNQaMuji0HzMuaaxH79xRHz +hz7oBnmj/L7WyHfSVkR15wza9hQ5JDYxdwRSeWaPpREAzUIeQcTBtZ6Jg99dsDGW +nGFM9MAWmM+i5bQKPBKpHwFtmZ4eN77W6SPh9JJBkQIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUuuHp2lxkOnk1FdznRqEbnHQX +Be8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4ICAQCKru+zCzwl3lxhfCd0CFWW/Bc3tlK7XEfp1GTWGeVY0WmoNIrgxSk2 +1e/HoIejpP7NQdCohYjNYmeh0rTMcPEDi0zDVF07r3F52xcslLksTEmnosnp9oBu +3DWJxC8lgkwwL32nBs5UlW5oH2pQGRdM7Kus64Mx02BMXWtzYuSi49FA7wmJN7rP +oxGJnlOYhwntaolnLXgH7+Bk+IkwF71+J7104HHY1jB+hCM96d0y4EMxH8pVeYe8 +FC8V2yjyqiYi5DFShvMCs07KFc1AKQUkmkttzzDWzfoswEbSrMuyvJ0mvJU+In2N +wE6T4QHXX70YKj65RHd86iyalvpVKJzRh9RlWgBd+YQgYBskbOe20eZqPXHQoqYi +Z0mcqL3K3l2byMtPTpuTo4D3AvOyDJcBRsaAdHB7oPH9HEfOw5ovCNORGgh7QBrp +JkmXNWSeJR2uluLMHhO79ujQ0rEGA6rxVULk6gFM5AnautRPvmUyS4wqiEgM1O5i +a2SpKPLnqdg5pPhFtTnZdSAOKSpFEX8etb8BGVgPr1445K8mjYx0Z2XfUdQwXTaA +AFQEI+7eFDGNhnJwumsX3hfvoeas3BAjtHSx67W1Mwg4ZoMM+IU5icqdbFnbyenm +YNL1O9ZVLgu7w6OnUTQQEAZexRbLK6pL7wD7qJKjhWLFKqozYzUYuQ== +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/inter.cert.der b/test_key/rsa2048/inter.cert.der new file mode 100644 index 0000000..0e2163d Binary files /dev/null and b/test_key/rsa2048/inter.cert.der differ diff --git a/test_key/rsa2048/inter.key b/test_key/rsa2048/inter.key new file mode 100644 index 0000000..85f8798 --- /dev/null +++ b/test_key/rsa2048/inter.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCpYatFBPvuY+1/ +uRTkIWoSZFNmjZMJqA0ojx/FAD4jY6k/ZpKJkzLujhQha1OaDBuWztPLH5g0WBVG +T/k71dgFRq36tFTA32hziPB0K30kbozckQKlfuXwYQeGsw0qNZlOIlWM52JClODm +fQPl4nSnehV7byJKyNDnObN9vKvZYdi5FYTEvG1L10GRDpAQ91qkdkSgVTtlFUhu +s9VR8SZ8Ry63WJDgWMl2vsGzofXBLMuKCeLX5/CD7p9ZvLm6gug9dbXR6P+/Qewj +rHPJPYKpNh9jBHM5F+71o0kJumDx2fPLqHzFFreIjvKQGLQ4mGNvTAepnsLRqrps +p74kNiNx77BFdF0EphC4+IPDn5SD1Ny2eAudIZKaTeVpn9ix+pmDUGjLo4tB8zLm +msR+/cUR84c+6AZ5o/y+1sh30lZEdecM2vYUOSQ2MXcEUnlmj6URAM1CHkHEwbWe +iYPfXbAxlpxhTPTAFpjPouW0CjwSqR8BbZmeHje+1ukj4fSSQZECAwEAAQKCAYA5 +mJGRlaFJLcebr8bP0CDughjt/WQrW26mBQ0LgwqeJAxwF6Pqjhg6kCt+Na2m60kS +XeAc6PBrlCwfzZ/1XcDoAmG0p09OimlNKBqDliomkkTp15FrzxvHQmc5wXbPjIxF +yl0G3cNG2rMjDQ2fRQLf1B6r611gyqpmhfNn5RkWgTQds5iDAYO0z0xnU+lfK40x +8Vlin7jjpXoM0q/N/k9U4Sucgsw4zVgsPa9GMuOLPX00winVuvPJGQIslIUfS9W4 +6XrP8nfPaNnSORDSXQvbAnHfVVQAUZG7c/5F+xGycyQhLaoitjZa9S+FAkrd8sqs +aE1fym8K7DVwK8me+baIMR/CWNou1eg4QJLyi9iLWBuJjPdFWaBMbYT28SZI85zX +mPp6mz9Jq2ZOZ4pdTgfNevlxzH3Li+zFesQHDgzRDF1Sdhc0AFTNmqQMh1yQ+MUv +5HwnkkFpF8e33dikTnbnms/5AaBaQVrPOViN58ZFK7KwdPj6jQnD+xsQY25gstUC +gcEA3p9Rzk/jwl0wq/iGRGQjU2d540VdaXNSSbunYRI/XUd1RJquNL1SIiBLFfM1 +I2sjT+DqTSPSu905qIFpefiAAU+F/oltAmHk8rw1nVHb4cqtJRAnc5eSlMqcAJDz +zvk560Gh8sikI21pKMHNmORwwIEW9V0cgLV7paBBabrZGW3JP3s/mkq8c6Qbf6aH ++epKi/n1M9Sz2HvsDp6J1MbGIw7wMNl5uRgr+iMj94jyGd5wZbd16y4A63MTVpuM ++O0fAoHBAMLG3Ni/DjRHYnv0XGc/SZO+n2nEuMQaW9jV9I2iVWruhpxyNFbWqsKO +YJjDUFNc3ua9N/0CaZLIzOmtTOERJx9vhBTNUQlIvg4Rz39+y4QtGQt6bDeW6ocY +LxBrQFl0Y5y5RigoIoLEPBFjAGC5VpNI45ckSfNOVGs0dyiJAqb68orJjSqADuSe +gDsCP3eLMdK4hXWumVxMBvqJ74FqXPdFXB+F5wjbspF3z1ig5pIa2vLKfYl9ttHd +FfFRN5dLTwKBwQC4wPXOR6TYaCh9f+pGFejvTd/tCmMEoa03/eFiARfPHP+oaMqM +gFYKdkx6MfX2p/KNVzZ7wHAicu1n98aGcAIjlFC6tmheYsnz3NiN8CKQV3isWqSz +HKaMjz06hxGfwlwb7sMtTvBRanqsVXKAIY2lZTydcqG1+2dbRA0lZujHXsJ2yZ02 +OjH9ssMThCwy7wrg8hdZ5Xs//VAhrdbrW++RptMVZ1bKktHkbIdr5h4t89nJwKC/ +BdXDkSQKa1tqNrcCgcAWWj4D/cECjOKneP6VtrSZ6PlgaPwPPTsnIj6jdmq5D9CQ +6aZKBO6pzy8UuO1h87l832Aqf/lfp/2kH4hAF/jWabTNslZHa3qsIK0gY4u1inti +TtVWd9JIWKUmDDjhSzMXTEfZ2elD+oMuN59Wek6OLoI32SlHa8jSWL4H/9k3Ent9 +I+44X2PWJr5uhy6DaIz6MsTWIYhmCC+Q1v2Oa4dptSMCVxqRcK0Idqhr8mMjh0Nz +M3u+qJevc+DNxdVMXo8CgcBwnfuL9Kfyta+YVDAZZkzpt0eJDuMDnje6CWNE1N6l +pcSmp9Yt6QnqbuXWyRgK9Tv1Wh52h8m8VOWrQedLthpca+edqbrR1gTJRmnbU+fw +7PzgMAov/taItOP/9dF8ShXTTPC679FqrcUE8tCwcAyXygQA64Vqa8sajE5Kt+pR +nTVnbRJ7XkY2q9lRd/VcY5cOXrUXhDhwkxAg06f/Q3MJpbpcs8l2Yn9ktFIhEmgF +IROBg1JY68bYRNb59AVKcH4= +-----END PRIVATE KEY----- diff --git a/test_key/rsa2048/inter.req b/test_key/rsa2048/inter.req new file mode 100644 index 0000000..fb72175 --- /dev/null +++ b/test_key/rsa2048/inter.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDcjCCAdoCAQAwLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlhq0UE +++5j7X+5FOQhahJkU2aNkwmoDSiPH8UAPiNjqT9mkomTMu6OFCFrU5oMG5bO08sf +mDRYFUZP+TvV2AVGrfq0VMDfaHOI8HQrfSRujNyRAqV+5fBhB4azDSo1mU4iVYzn +YkKU4OZ9A+XidKd6FXtvIkrI0Oc5s328q9lh2LkVhMS8bUvXQZEOkBD3WqR2RKBV +O2UVSG6z1VHxJnxHLrdYkOBYyXa+wbOh9cEsy4oJ4tfn8IPun1m8ubqC6D11tdHo +/79B7COsc8k9gqk2H2MEczkX7vWjSQm6YPHZ88uofMUWt4iO8pAYtDiYY29MB6me +wtGqumynviQ2I3HvsEV0XQSmELj4g8OflIPU3LZ4C50hkppN5Wmf2LH6mYNQaMuj +i0HzMuaaxH79xRHzhz7oBnmj/L7WyHfSVkR15wza9hQ5JDYxdwRSeWaPpREAzUIe +QcTBtZ6Jg99dsDGWnGFM9MAWmM+i5bQKPBKpHwFtmZ4eN77W6SPh9JJBkQIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggGBAB+v5ANSc+DwDT/2dsVoDLywxbTiMRPMmbJt +uH98iX9cmO/tuHnD4Kg1TR6WH5qyUH/Kwv44fmUVw2+G1uYjORxOdrHYz8yJXl0c +QQNVia2LO5h7yXB93vuVzb4UOZOJuIHPRRHqAafQ6ILM/JDCIggU14c6/FcZa9+x +9Gma3rolu5fDgY4g8qPlXqCEEczIozPsEqBFDt7WN4CD7x6Ofy9dBbdMP5xe3KT2 +qP9GEHvjBagvV3N9D/in/eqhUZ7iqkDXXOkN44t57reucn2HR4v4uFMkJBNOG+mj +6tEfcy9ZiJTcjFARe66Y32l4WF8q1EAxvhgZrq8cBjQ9OR7NO8xeev7TvHLirTYN +G9hd3t1dBYJOGh8RccvUvvCCesQ31Giqha/gJt8wZlnqwoJIw242UEjzi8RomId5 +7WL+zNZivni8spNbhF1HiNHW9B3wtyIvboiwoPylEqc9mCNqqK80zQ003h/smd12 +++QI45KAaimdScRymsUblg+sK/cmRQ== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa2048/inter1.cert b/test_key/rsa2048/inter1.cert new file mode 100644 index 0000000..60fd07a --- /dev/null +++ b/test_key/rsa2048/inter1.cert @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzAxNDMxMFoXDTMzMDMzMTAxNDMxMFow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlhq0UE++5j7X+5FOQhahJk +U2aNkwmoDSiPH8UAPiNjqT9mkomTMu6OFCFrU5oMG5bO08sfmDRYFUZP+TvV2AVG +rfq0VMDfaHOI8HQrfSRujNyRAqV+5fBhB4azDSo1mU4iVYznYkKU4OZ9A+XidKd6 +FXtvIkrI0Oc5s328q9lh2LkVhMS8bUvXQZEOkBD3WqR2RKBVO2UVSG6z1VHxJnxH +LrdYkOBYyXa+wbOh9cEsy4oJ4tfn8IPun1m8ubqC6D11tdHo/79B7COsc8k9gqk2 +H2MEczkX7vWjSQm6YPHZ88uofMUWt4iO8pAYtDiYY29MB6mewtGqumynviQ2I3Hv +sEV0XQSmELj4g8OflIPU3LZ4C50hkppN5Wmf2LH6mYNQaMuji0HzMuaaxH79xRHz +hz7oBnmj/L7WyHfSVkR15wza9hQ5JDYxdwRSeWaPpREAzUIeQcTBtZ6Jg99dsDGW +nGFM9MAWmM+i5bQKPBKpHwFtmZ4eN77W6SPh9JJBkQIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUuuHp2lxkOnk1FdznRqEbnHQX +Be8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +CwUAA4IBAQBogvuWhtu4tW81t3iD3A8WIrkRBdMPkVs9zLzXDo05VvSFEBnHDrYo +rNyf19h7b093VtkMfvA3F0WvdFHyyTdX8B/0ZweHfa5sZtRSPkgpCvjrIr4GFWnV +xa35sJ8ZlfVjhp0p3RJfFmE4apK6dixidx4tWqbJ7osl9oEKmwSGsGfZIzwunh8P +Es5E17Uzm1DMdtREmgU90XuG1C8WBKiQ+1G+6ZzVxWnoySMWdAR5e1CuSsohhUY8 +NtkePVzF/F1JAZJNkzhJhmWH3eXjbjDcJOhmxj9ORHtviTq2xik1qqY//+wyM1lf +Du6fbuoPsack5slvVe2nIR3xtGApUlPl +-----END CERTIFICATE----- diff --git a/test_key/rsa2048/inter1.cert.der b/test_key/rsa2048/inter1.cert.der new file mode 100644 index 0000000..f30481d Binary files /dev/null and b/test_key/rsa2048/inter1.cert.der differ diff --git a/test_key/rsa3072/bundle_requester.certchain.der b/test_key/rsa3072/bundle_requester.certchain.der new file mode 100644 index 0000000..c7efb11 Binary files /dev/null and b/test_key/rsa3072/bundle_requester.certchain.der differ diff --git a/test_key/rsa3072/bundle_requester.certchain1.der b/test_key/rsa3072/bundle_requester.certchain1.der new file mode 100644 index 0000000..34f344f Binary files /dev/null and b/test_key/rsa3072/bundle_requester.certchain1.der differ diff --git a/test_key/rsa3072/bundle_responder.certchain.der b/test_key/rsa3072/bundle_responder.certchain.der new file mode 100644 index 0000000..4a14c62 Binary files /dev/null and b/test_key/rsa3072/bundle_responder.certchain.der differ diff --git a/test_key/rsa3072/bundle_responder.certchain1.der b/test_key/rsa3072/bundle_responder.certchain1.der new file mode 100644 index 0000000..e2ace1e Binary files /dev/null and b/test_key/rsa3072/bundle_responder.certchain1.der differ diff --git a/test_key/rsa3072/bundle_responder.certchain_alias.der b/test_key/rsa3072/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..75b7f8f Binary files /dev/null and b/test_key/rsa3072/bundle_responder.certchain_alias.der differ diff --git a/test_key/rsa3072/ca.cert b/test_key/rsa3072/ca.cert new file mode 100644 index 0000000..fa8ec04 --- /dev/null +++ b/test_key/rsa3072/ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUfEFgxM11tJl0tfNauCIxIDZPGaowDQYJKoZIhvcNAQEM +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwNTUy +MTVaFw0zMzAzMzEwNTUyMTVaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE7Q95ZXsDuY42dFp5 +0BwMg0NfThO/TWHMJv2m4f+Wx2MU9A8jSwaiKY/Va1vLahAobq071hajhJtlMLZo +fh5jYtwPXNija5x0UHHpZTrD7jEgnUlcQsmLBfDMRC20Ga7GxlEdYutPgFyf3r8g +m4TQpwieFaZsPsEniThQ6d9hq4mA/Fcv8w6p8N+f3etKwujLkMBrI4NOEj+alPGV +apX88WS71IPlFaUHaNqK9vgavCLtSgOqxyboCsEDfLWGiC+onvncIGgoe5M6kR9E +GWbnnTMvv7R7/GNqtqayavuug2P+vApAui/vxrr4BVwTSIc+wZuC+EZ72PKmgi08 +sujZTHalpN0x1eFsGz7bzdmMu6IRWsca/x4ozrtAUkOfFX2CNABHOvKRDv3ZOX94 +xYwaieIEo6GdvPzLuI37BJiGpW2kUZSJK6VnG1M6aQIqxeooNtneIufs/GhIk5IN +FQTmEgXKNXL745e0QEMV4j4htP2bhoLdo/QcMU5yLwOG3zeLLZJOu+8OWPZnotm/ +8b6agwzvlG1F9tBTB41gagWXWTqXDOS51qNLXJLrzyiehyquRxuPnFzLE32fjei5 +Bk2CemM2GLrkR4TJHQE814H7ENK2jCAg1NiR86AsLqxjmfeZGT5KYlofwlnzYj20 +cs++u0zD+x847X4Z/7wWLsmxqQIDAQABo1MwUTAdBgNVHQ4EFgQUGEZsFNuzD/28 +KwsH9RW4fQi4SIgwHwYDVR0jBBgwFoAUGEZsFNuzD/28KwsH9RW4fQi4SIgwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEAbtpqstjCo64GpuEi5vXo +8TMmDR2HkPpIhDk0W++KEyr4+/g/v9gzjsuSc0YPKyYP3u8vqGXiU08icrJ6fE4a +BIe3lILdb1YfA9aXUnb4HLDElcR53yrFj/ZO+5LR63i62Hu55HgQevvhXI0HRSQt +8TUwe3zolzLxrG/NhVd+nXGOB7Lto0t89J3eaVe2leMrfCqC0nKTFskpjehjUZTo +BXDQnmv0p7L6hI9qjFFdbQE7s1o1zmYSUzwjLeB0rkeHcCfXpMaGUOpaBuSyDJzz +FLhcE+gYrsySpl5uI1tAVUFaKPsYrx4mbUgkVrsZN6t0UwSny6k5bjESIzchaX+R +xbOn9ErHX/YPlX1zQh8WkZIai4PF6mGODzBR3HqNP5uCavC3p1NveVqhEPNusz+S +pcQ7zAfrBYieSc1SOJd9nDs0fn9ZGIdRordpfVR+F9fwtXDgW3abQomBNJNPxRJn +U0cbhqjkA2H1XqAfvZiJPpMwBI9XMqV+WKCIHakECyuNEurOi0iMVtBXP/14PqdR +dyiNvCVcXaU+DfcZbPwFC4PLnBtTBebWpj6j74vFB+6DUdjkMpS+1mUjJjfuXY5P +bCArdGNjQlp7RuIrb2Lal/aCdhfSWpWKsQiGaXws2m+Iq2jfuHmO/URqoLRB8uv+ +VDlOxPvfzKigE4M2f7xklfY= +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/ca.cert.der b/test_key/rsa3072/ca.cert.der new file mode 100644 index 0000000..251b441 Binary files /dev/null and b/test_key/rsa3072/ca.cert.der differ diff --git a/test_key/rsa3072/ca.key b/test_key/rsa3072/ca.key new file mode 100644 index 0000000..a757eef --- /dev/null +++ b/test_key/rsa3072/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDE7Q95ZXsDuY42 +dFp50BwMg0NfThO/TWHMJv2m4f+Wx2MU9A8jSwaiKY/Va1vLahAobq071hajhJtl +MLZofh5jYtwPXNija5x0UHHpZTrD7jEgnUlcQsmLBfDMRC20Ga7GxlEdYutPgFyf +3r8gm4TQpwieFaZsPsEniThQ6d9hq4mA/Fcv8w6p8N+f3etKwujLkMBrI4NOEj+a +lPGVapX88WS71IPlFaUHaNqK9vgavCLtSgOqxyboCsEDfLWGiC+onvncIGgoe5M6 +kR9EGWbnnTMvv7R7/GNqtqayavuug2P+vApAui/vxrr4BVwTSIc+wZuC+EZ72PKm +gi08sujZTHalpN0x1eFsGz7bzdmMu6IRWsca/x4ozrtAUkOfFX2CNABHOvKRDv3Z +OX94xYwaieIEo6GdvPzLuI37BJiGpW2kUZSJK6VnG1M6aQIqxeooNtneIufs/GhI +k5INFQTmEgXKNXL745e0QEMV4j4htP2bhoLdo/QcMU5yLwOG3zeLLZJOu+8OWPZn +otm/8b6agwzvlG1F9tBTB41gagWXWTqXDOS51qNLXJLrzyiehyquRxuPnFzLE32f +jei5Bk2CemM2GLrkR4TJHQE814H7ENK2jCAg1NiR86AsLqxjmfeZGT5KYlofwlnz +Yj20cs++u0zD+x847X4Z/7wWLsmxqQIDAQABAoICABJJiXRWjjPsWV6JM5W4U8J9 +thX1pDPRtdFFlayXtCqGXZcmivlWEEmi3m6NR7r+IH4AuSmjWfrZZ6zf9zCA9cV4 ++sKadqvGZIMQrWNlOS3Uws8qjBN7SEgWxyPQ+QWOlQJ0jDfUZdG+M9vMzabzikPu +Hwi/LfNDaKCJR6eL8Gibi2tlA5u6UJRLgBjSfPU2YHP2/0dzxs/LNgje6AheG4uf +xyECPTVa6zZi8FiTUrr42a17gBet4tkNlpsCS8EwiGx6Ru3APKv1vdhkfajPSxUb +LhOzE8mnyHuydox/DtxH61NOlw0nvSfhJp+9r61CwPx88joZYEJEBVSdJiJK4wCR +MpeDXIDZfR9ujhSsDm9ms6IeRL4L20DKgPdgagUEgvevV5E1EIAxqel0FyV+qsQ+ +JOXrjhBCdWzLzrPm4Zk7Ngo/TgY7SZy6gzIlO8pp7rPvYrjzdkJuU8M3NQR3tdJM +eyACI4E7jKo2dIb3xoRpqBh5Fhi581TGehrB7anod18DfxWVWpx6DXM/vli4jTKm +KQCJrt6xDglY+T0huze01lR8w5bAJenNfYUCkS1oFVOhfKOp+TgmF6LaavzyzSss +nSUZ0a5p+TQgI+EJ9U+rGdCGnbQzbvj+flj8ffBdWwfbFmc9GJSII/3AUvT6XylU +a5jwLmS13nDXshKy/b8ZAoIBAQDp8eZAIPCGh0OdMpzSKIYKfDTj2cbQ7BR79FES +EEiVJWMKE1rub5/29YNcfn6mZCHmLP/dK1UBdD1LjYZzXvFnGMZa2BrajyjpaERs +tVkVXhaX0NLvpkBD+koKXZ8z/mmh2CRetobMA9569QFokvjow5u0CEN7Huja0fig +oWhn5ZRdqKx89DHCIDf6SWc0QzSsTAJDc0/CepUgyWgLNw9BpW+tgbSEAzJ/CgT+ +LG/XMGi/uVmaaF/3wwI5uHs/O3lT4KUF73Ei1Ao9XD69/FkEM/xabKYXDHr7hf8z +pfq57PIHuez3Q4/naF/XLM/VxiFBjqj9lJotrFs0Eh3zUSwLAoIBAQDXfbwy2Nl/ +OM4RoMN6bNJRHWn4nZAN1gRD5Y/gUhF+lAMi4+X2dhn5EbXv0rlvfKY9h0Amc8Sh +Yg6rG+SkgtpyRNJMMrvTvlQ7LM4XTsTUbDCpGlwfhRC5Lb128HfGg1S3oHYV2i5L +6LrNhLP34aqD2wOO5ouwBfbGK6kWO0JMh5NAuTcMlFE/ArgQJE6w81ApNpePwqyY +lZPhGrODYzVkeUB7D8FGUJlE3zIFzyzeIf3m8O1LsoqZ2FseRPadVpnGVr+OLUe/ +gEizutDuGPS6s5tNHfNVF97g6Sa4RePQq/VNUiCH85SexT7lz02MdWUgslrEswxF +s66Nn5r5aXWbAoIBAQDM5gl8cV049o/JxuKDTurXlCHezobLxXnLdxjqcUihGLW9 +xWYHH81DR5VeFYxnv5vRNeiDlchGFcD5w2LW+XkFizVvq4cZlfmHNMN5UvxLMrUn +EsctDreK0lS273jY2SM7lUuFiOhXF6xslNo+9Tr84xYkgHhaBaB8xxqz1arUFMf1 +oB4y8s4B8KYWmOPDanlfztLMsNpSw3qJ1N1DtV2vaW5+0POCDCrWCbiFxfXOy59z +DKvmCTTElBAG7gVERJrnVAI1SJoWnxC43Wo2jCaK/90udaqi1VOBqML0QZNv9I+n +JLjfeFU5oLkQhTcjTP0jpgds0hKXnjXjTVreGWIxAoIBAQCI8gYVRkxKlp4XA9TW +y6uJEylSb0eqE1WYlJ4vz9gAWi34EV8Glx2AdOnrpD5mhI/dUEPLbA0NBpUN1uci +SWpr7iK7fA5zzWQYSywaEdvyp2LxRKhA+76aAGCE4uMrjDDdlaMV1hdP9HIqw+ff +Y1GLBDeprAgf8FpYrEyDrVs/6XUCT/KVEvjjE2ZIE9rSh35tAp2lJfGr8nsNNnvY +xsaauJfq3SNV/Ui6RSG0IWqBLJcAGiKj1a5RgPa/MNKNQQjuzBhmUY5kPDF3zwSS +G9gDgrryclM+w7HHu0P5Hale5rk4zzWPUJQlpnKHd4vv9Hc1JUOb97GX5k3LASBq +2sN7AoIBAQDo0Ros5FjqehTueMPmHZfRB5qy32nhDXz8BBZaWs4zNUwPq4wheJG8 +Stzyfg+YwfcFnFK2FKCox1W26jjY9rwJGirlBeI1du6rogwd8fP4euHUI6QxGo+x +V/zoXp+gZ4D3dp/DjnBpDTGBdTrouIruYGEZsr9kcLDLwDsFRAeC0enluLEF7iGB +EnPfXRYALgMk+3ypRbANpYyIwV8u/NLj4kZDRn/j73q6waW3mjPD9WcVmHzwcFX/ +RhlRsP/SrxuSf+3p0LkI0fnF7pP/2Trj1oWKluCQ5f4JIuaVKDSy5yiMtUyjw7VQ +wSLOji9dviMeNElqrH/UbvaDtNoj+b5d +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072/ca.key.der b/test_key/rsa3072/ca.key.der new file mode 100644 index 0000000..5db41c6 Binary files /dev/null and b/test_key/rsa3072/ca.key.der differ diff --git a/test_key/rsa3072/ca1.cert b/test_key/rsa3072/ca1.cert new file mode 100644 index 0000000..53546b6 --- /dev/null +++ b/test_key/rsa3072/ca1.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHTCCAoWgAwIBAgIUA0hSZ3c+uCCBrmwU5/YAv3xRvf0wDQYJKoZIhvcNAQEM +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwNTUy +NTFaFw0zMzAzMzEwNTUyNTFaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDEnHErmCFMdqe3VQcw +eTZyYS454s8wnCscovOFvskdg99IdmsckzmEq4Pn42S933ZjNqRz3L3+cn5Z/FK4 +SGMqgeK7jqCuLBCFMWO/Hyh5ZBZQcnqAqwmOOqtT0mJxJMk54TLHZPbNZk2D6wTf +oOOjXBtdM8zf6jSHGAUPbOMs5Yw+Sa6lrvjE5fIi+GT+HcxcCYn4lwv8OArB1c8M +xYgzto2Sq6zsfOQibXQtOvThjinoolfk54ol1iAArJ8twWYQMMC+cIIF+fb82nqt +WHAusJ4MLVnVvntK8i5DKvK4Pgf1MEEgK1psd1DmqEqoaCc+3ndGS9Tu6WtsgwEG +wOon0NgmWH0SGwj50eJce840/ylEQt7I1zVrOWs38Vw/AfACLry0mxMIO4ZAnx+6 +gWF2dgAjpXxxocs/uWho8LRQgG1gH2aI9eSteL+d1nsTz54tTobLoxoW8bx2G7y/ +EMpKniye1LEY2c6YwYBYId72kF68dZ8eQELVelMMW0fZXK8CAwEAAaNTMFEwHQYD +VR0OBBYEFLdCh3fkgwnRZecNoAkLzqi25zn7MB8GA1UdIwQYMBaAFLdCh3fkgwnR +ZecNoAkLzqi25zn7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggGB +ADG8GSONRFMlvV15HwmYzy5T7iV2z/gAqduMS4DqJrZGlIVpJIz6oV55tPRp9Xi5 +hNiAlSSmBz7dnK5soLjwFQDPhrpte2tDpy+m6tanc7h8FAqwmf2LyQGoBITbJ1Qr +bFfXqVpFKTKuF6hofd+bSnfmUHpMoMQkEGWGdCexnCb06HwyIV6ps6/fdoEO4tx+ +mw83ayD0f/w0B8MSl9+ugvU7zVm2cVKQQ162iRGp1+tkaFJ5UEX1VywYIuh57zMO +NDmngRkLF9AcBQjE0WEezRGf8OQ63yf7uobUR2bY+rAhXqA/Meio1Li+EEZJnXLP +0F7qggwcl24wHdhB2sMw8FJ/xILLPIJbhieoBklsarFhBtZjcgNk4Ln/ar6KWNjl +8hAXH4fV92R9bvpnT8fcZJBw/KPTiRfgZ91/FkedLgtdHe7dXVMBmvHw9Pcx74Pb +y2Vj/g1x6Gq5iWY56Jv/MUxvN9/XrtLfVhSsV0qy+KaeGdy5UU6BSLT2PCNrBsIo +og== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/ca1.cert.der b/test_key/rsa3072/ca1.cert.der new file mode 100644 index 0000000..eca2219 Binary files /dev/null and b/test_key/rsa3072/ca1.cert.der differ diff --git a/test_key/rsa3072/ca1.key b/test_key/rsa3072/ca1.key new file mode 100644 index 0000000..9325200 --- /dev/null +++ b/test_key/rsa3072/ca1.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDEnHErmCFMdqe3 +VQcweTZyYS454s8wnCscovOFvskdg99IdmsckzmEq4Pn42S933ZjNqRz3L3+cn5Z +/FK4SGMqgeK7jqCuLBCFMWO/Hyh5ZBZQcnqAqwmOOqtT0mJxJMk54TLHZPbNZk2D +6wTfoOOjXBtdM8zf6jSHGAUPbOMs5Yw+Sa6lrvjE5fIi+GT+HcxcCYn4lwv8OArB +1c8MxYgzto2Sq6zsfOQibXQtOvThjinoolfk54ol1iAArJ8twWYQMMC+cIIF+fb8 +2nqtWHAusJ4MLVnVvntK8i5DKvK4Pgf1MEEgK1psd1DmqEqoaCc+3ndGS9Tu6Wts +gwEGwOon0NgmWH0SGwj50eJce840/ylEQt7I1zVrOWs38Vw/AfACLry0mxMIO4ZA +nx+6gWF2dgAjpXxxocs/uWho8LRQgG1gH2aI9eSteL+d1nsTz54tTobLoxoW8bx2 +G7y/EMpKniye1LEY2c6YwYBYId72kF68dZ8eQELVelMMW0fZXK8CAwEAAQKCAYEA +qe6dUhSXE0OrCiYPpLHfgVTFY3rJoTYZfRLKcFrJ8Ry9rB/NzFDjcevcglxkAkhW +RsI/uXSdMoM6+gPAa08FhwPkOD+6WU/0p2pc0B/aF7GOJ9IKV5N9GtVSp4w7UZd9 +5OzjurtlJXq6nL5Q5AhnOBawAAp5lT8UT39PQFnYsEFmyZ9duA5XLbehZOBUSd7v +ds031wiWb1Tw10A5SMyiQDAUhSSkvXHkrGz18PH4HcuGJW/LkCkfmjxMRMjue9mf +G7LU0ZGgf8vV3kqaU/hpcXbvWBCobFonCXYDl90QuovOyZHEjdJsnKyQd3GaUfII +qw2U2sR3B74s3C3PvUub6iFSKQ0yVGX0QWlY1qzwh5FiD1BfOsPD3ULjIKg0GJ6O +SpK4S5nc3TLihoNrqgF0el/r4nlW3qTVJyNipB8DBDF5MeEh7r6C9leiltrQSUdY +gnWBZ06WQmFGUB4jZOJL4++G4WfKT7fiQJEq4mMTVKiIqUbuHa7ZW8qsHgXKDcyB +AoHBAPf/xLe+GgNfQJaG+ju7vaBuJvsz/LispwLkvj5lyiiZeQ7f6yx9F5h2v5yd +FangtiX5UzXleaOAvRi4S8oyaRUguxwd7GTdct5pNtaSt54+Y1NxRIQpQUhgGyQY +HLG2p9aRkJDUSiaanNBDXXiMlpNyXGpXvM8ZT2hcVkTmrEcuFZPOf1ACjrQcehoJ +cQZx7Y4LAWSKFCocNCQMw4pkrb76dSK8TzLVMjoWpc1qfRG8diHqlJaXNaYMntpc +UodicQKBwQDK9EI9FP5Nf84gU6TAITg28Spd2+mp/iCNs5qn3YGvvyBm3NhUuiCO +gXmt9/bYQbjOmmhXqBj3UtJ46V5JSVCd2Gz4J2Mq6pHvF8eZDAAGhQAl65+IZ0/N +2kToUfyR5FVqkw3QEQKXCmWucmsm+qN1tsMvvnnM5AyABvVKcnPpDO+ZuUkPZ9uV +V5pu5YnhSz4SqdeZUWaZ10htXz2+QUShyZhZvD21fLqhSWqtpuM96na5Kzaec76N +iqD5tggyAR8CgcAH/P4aKQ5vc18COkDPMcHu6/1ndAo87JrIlhOmsOKtIhxrJT1P +Box/BbwwUEMFYM6dNIXAo66iXKA6rp0KW0tVOeOtCS23JgbwMRVqHfm6KCpM4sYh +N675pNba98fc1ZRcbf3pHF1zFuHcN39IRccH4tQlPMRBK4CKTQceWwvLkylwxGMH +cb2lAZHRSuKQIZVUUPhvg58YqCXpz1txFsMd9rVVNBmc+o8OnfIjRr3Wl2p6tzKo +EyDQQ3HOeNDTuZECgcBBGcS9jyRbe6mE2Q+5yW4cwZMTdF0peCi9C2WKfxUAaNBd +7m0+EE4tJ/79/NIjYEGFlCXwKC2J9/kna8QgwfGoECo0F35J3+Bbz0bpIt5HORZp +E4Gi4XDJ2T/NPa9EpPd5Lh56JVqtVFp1cKJKaI9STQOjJvgu7t/LmW/JJ5liohGh +P7vdwzS+XNFezSZDLD2HAw/zUBcXNeU3oBtQEeOP+fhyoF0zAAVlgwVDGos96x2W +G/RzMzFmeZdVQjyyvYUCgcEAuKRtBJ2j27t5Hv/uk0Hk0GOscw4YrMQmrG/DwFOr +avaLyqcdac6C4E7PdkpvRBvD61BIlYSXcJ5HT1rg+frT3zWca+yL2TJ/b8rUeNzb +fNfBN2EG16VBfK5lgpQeF1kDfCndYGDQshJNqO++8wZTEoqdexqoat9E8SGVLRnQ +6NwnwVkAs5+2KhuKZ3Ml0yH0bJfgNFs49sPgfIQS0zOqgD2XpdJGTjX56iz6xBi3 +e6r1p+2AYLpygJZ4bpMaQ60d +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072/ca1.key.der b/test_key/rsa3072/ca1.key.der new file mode 100644 index 0000000..be56190 Binary files /dev/null and b/test_key/rsa3072/ca1.key.der differ diff --git a/test_key/rsa3072/end_requester.cert b/test_key/rsa3072/end_requester.cert new file mode 100644 index 0000000..0638383 --- /dev/null +++ b/test_key/rsa3072/end_requester.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTIxNloX +DTMzMDMzMTA1NTIxNlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4Jj +uSJpAZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCx +pD14VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+ +pnTk93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTg +L2PxpbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolV +n35o5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1j +FAXfRYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ +9y4ep7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES +8uFbQSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBStfQqc +M9LZex9O/ba/8+swhgk8ATAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEAoAT9lxTjWNU6RkYnbOU9C0f17/MhuMBswyNz5BbvAj3y +kLXboOPy7iIdJIaPOXrZL5ROAtpAeWKQnjesPDioInl+NxQmAaeDDoVzGi35saW4 +V3BckFnNcdKNfsBV4qhl2QLKcoer2gi0FANdA36T/OOCw8/5gk9KDMbxBo7fTf24 +aDRZy4q9QUCsnT+QAd7+x7c9hQwzOhiprJacyvxhQQwQC2jNzn3QS4D2s6kGyRxa +khkJWolCsVYrGm1+bRrnQ5x3GTEECnWC/aEd2GEIYMCJQgxcwG2ODil3UGf1om/z +S/iemrubQtf2nW1y1CYhRpRNQyeAphzkVAdPMw6jaYDxVeKbf3tOuP83U0cz4lkB +3+V6Rz4QRJGvbVsfJXxZOcN3jY/S6TIsv03XsOrmBElu3480Hyv674PIWgmxwpvA +ds30X5ygxnMjcgaTBU75hVK2pdKBTmecgcbhzZhLWxJ92iUt/lJ3lm6YQYKhZpSY +f8wGumoWAstEHn59mmOF +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_requester.cert.der b/test_key/rsa3072/end_requester.cert.der new file mode 100644 index 0000000..5ccda06 Binary files /dev/null and b/test_key/rsa3072/end_requester.cert.der differ diff --git a/test_key/rsa3072/end_requester.key b/test_key/rsa3072/end_requester.key new file mode 100644 index 0000000..ce4cdf5 --- /dev/null +++ b/test_key/rsa3072/end_requester.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCwRmeCY7kiaQGb +5/lS9wkbchUMZz7kbkEJ7QFC8dg8DaAMNftcNgAhWEobToWv54TJj7jgsaQ9eFRN +85KN5rWXmGjWTt7zLYm2V52wg5U8enF/+Q5Xd8xpqAGrLnswUDvR7sg9/qZ05Pd/ +8vzR5kq0e0ULWctTYEiRWdkbzGFcW+KypcrOk5beydv4OpQcPuRERK0E4C9j8aW3 +AVVPvLd+fY2Cy3S6xe3vnkFMsFRtFUgYBzwtRODiOJA1NO4Oxx4yWL6JVZ9+aOXn +f9HQYfSASODUl1B0yiemtc9upQ/JTyHH5sn9/hoziOO1p7g6T7/4xlRNYxQF30WB +ToSaCopFQFLP7hW3cWaYQxGEfC4bAtqykqEBhTexznARpM9G6wgi3a0FifcuHqe7 +Ns1/E6rs3SotI7HQxnT7hCM2upCgMDFI1VKpENlOW6e1BhxLHLFe6/DhEvLhW0Ei +8pNyYoV8clI3UFJ7leMspF67otV8pUz+ejFA2m/rpYdKSZaWMo8CAwEAAQKCAYEA +p3B46hYnyVPNP3a+EdyuPe/DpqB70SgZh4Albp2jNIgMuwyb0x9ISGRBIGcZ/dkA +/SUUC/sxc2JVUiZH05qOa41OKCOLC5r58MaQ9xZGL8hu/4xn3xXgiYwY6a2hPmc4 +K1WRx7GYE/laT6NUG12RIJbnIr0MsgoHZGngHNOqt7xgPinV1xvCd6Vu2P9rqNjk +oyRI5RS+b0UekBMoIjG0auaAAPmZy8AvHylIBbyItYU9kfVtZ+LBaqEn+iJo7oib +xk8f2yJwmSGnQX9rB3zJ01cA3tbGymFrGhCqjgy86WkWvNzUS8KsoANua1dPYGd2 +nqYN9nwQ30AhjN54xa1xRWUgdMKaJ5wOcApWsJHNqQk/4UsXPsjH5ui54aroSqq3 +3NY7QCmIE9NHlqUvuyGx0P024Fe5nkHUp3WabPu5NjLJFi7jh2h7bLVZn+0b6DDK +3+V28/0zJK5/BE2CEsIQCssg7ksaWGeIaWNi8ZY4yiIIq+4wYYBF/xCxEB/71AcB +AoHBAN8wJRRFhaa9jUHVfOjYi1myXoJV59jpvJVykaUHurs2iokypHV/mULMmsdj +5Yp5vBtHZJnM2mfHnH2xlw+aHY8Ied3NjgAGJ3w8Wg2V3Zrj03mljhIdktK2EYFg +g8qJlDPP0IDA5I8DQZvEwP256uJJ0viqz21FcaFnjeim9LLVukyXTDrkpCuhHjgF +HJyTserqIshBglFYTDvAhj6XMjhM7zlwC0+LCeFI5i5uPcdeP/N+rIxcGt4iPiLX +ecRu7wKBwQDKMKaTEsiE3vIwKD+oD01qrztAvQ0UlJ0oV4mGeLhuxtIkSbcOtT7J +a+db04/fADYkVw+PwICZVZ8O5ajp7zyFLErdnmNSVD31J0Zliy0jqhH0Cm8G5PGK +9GAIvOz+qbh2mp4RQk2JhznuoygW4pJAgBAJ/U8xRSie6OAbCsiDYx67Itw+t2wr +hp0S+iPdZXA5/TQ5eCPif3ZhWHvWyhzqDoovOUhK6PGJa9YpDrd0KONNkuZVLwhJ +aPdl2ZhadmECgcAo0ZNWe8iP0EcPbU4k/8Wsp/Sk/bUjdMwqwQNmHV3Hc5gus3Zk +juumzejY4qpOgykmDA6YGmEvbdBvJJWuIs+ZI0G2kSuRUY7TJ+6IYYpgE57Ptrmf +Eo2Rv/6/nLk9x5+1QiKuCZlDlqLfLELnpKMSs9HD7Ol24KaBkIDhtfc25ePmsh0d +AEgOOq9eK4EqGdEGV7/4xBJjcjSvEOz8cYabyWZPKPDIoXMzIrQGdd8SoWgszlQc +b5PyYGzgzmvUwz0CgcEAwB7EWSHS+TZjSNEl04pe1I2XLue0gybHwmqTWfxhu5ke +Wq7Uy5v7AieO2llH7uzjhVpYhg6z439ROTWOcGMLzbsNlFIJLFSx3r2oDZrWlHno +v0wevZ1TyuZ0Tjk+tKkOh1xZ8CphRNoCeTf9QumdcL5+/w78beO6Om0rbWasqvPH +Yqg4QTvHBADQRhT7eUcHAYMQWb9H0dOt58fNPIYmPVz9fuvePpfj0uFtyOub9DtZ +6P858B1VsXOVCOle9C5hAoHADxAhKrrvON+l4C1BR0BSRp2YQSQswPPNM9GyQ2Xd +p3DYn5Jnj9RCcZjsy/CBCIWySIBzw5EKyJj+O2+YSR0TI8yQb5fGCF9aC3FFE7L+ +/XWxljZaX2Jcs1S2TMPOU8FwDtPtWN6gFqed4Q5bMtUIyza3DKqoe4ExfHjOhUtI +enxwlkDmaUkltGa+LrQHh9a/y+QZtyqKO98VUkpbLKdZS+3A54SQ1Qv6lNEcU96J +VjmjOMKb34RnmHm1vEMnac+o +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072/end_requester.key.der b/test_key/rsa3072/end_requester.key.der new file mode 100644 index 0000000..bd882c9 Binary files /dev/null and b/test_key/rsa3072/end_requester.key.der differ diff --git a/test_key/rsa3072/end_requester.key.pub b/test_key/rsa3072/end_requester.key.pub new file mode 100644 index 0000000..c3dc808 --- /dev/null +++ b/test_key/rsa3072/end_requester.key.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsEZngmO5ImkBm+f5UvcJ +G3IVDGc+5G5BCe0BQvHYPA2gDDX7XDYAIVhKG06Fr+eEyY+44LGkPXhUTfOSjea1 +l5ho1k7e8y2JtledsIOVPHpxf/kOV3fMaagBqy57MFA70e7IPf6mdOT3f/L80eZK +tHtFC1nLU2BIkVnZG8xhXFvisqXKzpOW3snb+DqUHD7kREStBOAvY/GltwFVT7y3 +fn2Ngst0usXt755BTLBUbRVIGAc8LUTg4jiQNTTuDsceMli+iVWffmjl53/R0GH0 +gEjg1JdQdMonprXPbqUPyU8hx+bJ/f4aM4jjtae4Ok+/+MZUTWMUBd9FgU6EmgqK +RUBSz+4Vt3FmmEMRhHwuGwLaspKhAYU3sc5wEaTPRusIIt2tBYn3Lh6nuzbNfxOq +7N0qLSOx0MZ0+4QjNrqQoDAxSNVSqRDZTluntQYcSxyxXuvw4RLy4VtBIvKTcmKF +fHJSN1BSe5XjLKReu6LVfKVM/noxQNpv66WHSkmWljKPAgMBAAE= +-----END PUBLIC KEY----- diff --git a/test_key/rsa3072/end_requester.key.pub.der b/test_key/rsa3072/end_requester.key.pub.der new file mode 100644 index 0000000..de36f96 Binary files /dev/null and b/test_key/rsa3072/end_requester.key.pub.der differ diff --git a/test_key/rsa3072/end_requester.req b/test_key/rsa3072/end_requester.req new file mode 100644 index 0000000..7a96cb3 --- /dev/null +++ b/test_key/rsa3072/end_requester.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDbzCCAdcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1c2V0 +ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4JjuSJp +AZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCxpD14 +VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+pnTk +93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTgL2Px +pbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolVn35o +5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1jFAXf +RYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ9y4e +p7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES8uFb +QSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQABoAAw +DQYJKoZIhvcNAQEMBQADggGBACesbDkSVz1/mar4CwH+vjXwDTdM6qaFAjm43rCg +ad9ElFjMUcmVRV4ej6eOKNCYOnaFBdrqEnkTU0NcLAToTamX1f460OTsU7Y8Ym63 +Bc7Cy16CNh5o7Z6/8z3ww27dhiLQB3+Szde6e1YiMFEVn2Vu9ax1N9X/KpMR/nMf +mebhK2X1XkFmGH6Dw/ffx6gUo3aX+dMi8nAFY618oC9XapOCYWHtLTu3cFUeenxC +/JSW1AT5pHnUgR+yRzj7zMRjFnSLHxTHC6Uy1nwfko605Zg4NKSIZLdmnLVt94Gh +hi7/Yg8n/BREJ8R2xz7BpCsxygwY9hRgTQx0cDR8yWeWF8bEpxYanatsuSD/3ro4 +42ZHnuNCYiVDC5TOgFdwsOJ2oKROuOW4bW5KVXp8VGv76CcfyGbeWI5SLxxYbr5U +gL6BzmkhdHwVR/aI8YAIRZWdLc8nSxJ/SygtPDmjUSTYNgxCsc7FQFxSQqC9Ag/t +/TdoQQXTDh53E7xNFqreOfaB1A== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa3072/end_requester1.cert b/test_key/rsa3072/end_requester1.cert new file mode 100644 index 0000000..4ec2122 --- /dev/null +++ b/test_key/rsa3072/end_requester1.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTI1MVoX +DTMzMDMzMTA1NTI1MVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4Jj +uSJpAZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCx +pD14VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+ +pnTk93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTg +L2PxpbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolV +n35o5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1j +FAXfRYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ +9y4ep7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES +8uFbQSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBStfQqc +M9LZex9O/ba/8+swhgk8ATAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEAGSAxTViJ6MsPG5X8WQ6AsO+x+dlCXMvYKKLEKp2rJO4u +yt/m9D7lI8sKti/KpbPBM1rr3vcZLOK7RgNDUQvmBQRIuEI6Y996Sstzc6wY+p0f +mAx3a2zkqMxTg6bxAZkKfqYFZhjnrY1ZLGE9ZykEvyZiTgLAEP3OFR7KhO31J4+m +mcaIFwMGXsaXOhhBjkzmycMaExnyhc16UgRgfisRhNOSnhe0QsAiBXWR3CUdfEgp +gwu5tWL2+772omWDZVKMpMaOKPuJdfSrB9sMmJoAft1/p05vgMq/KL8H8rnk+Rq6 +90TAPPGSLLBTBlOYLUFOlz9GBxJF5m32K9gQc4lXE4KLL/JyE82dn3ABC2zbwGjH +sMonPDwXKaJ0vV7/fg9OsFrhiV3///lU5NfRnrw771r+8k7EyXvGuOfLZxoR6Bwr +r8C2lR988ugH6EnrUmetGlREwwkxVNIA2l4mJFWsb/ch6WSOoFPJH9ocsTqj/n50 +RiqAnTveuRhvRAQskjB/ +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_requester1.cert.der b/test_key/rsa3072/end_requester1.cert.der new file mode 100644 index 0000000..8e20f89 Binary files /dev/null and b/test_key/rsa3072/end_requester1.cert.der differ diff --git a/test_key/rsa3072/end_requester_with_spdm_req_eku.cert b/test_key/rsa3072/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..9c18a6f --- /dev/null +++ b/test_key/rsa3072/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBBTANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYwN1oX +DTMzMDQxNzAxMDYwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4Jj +uSJpAZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCx +pD14VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+ +pnTk93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTg +L2PxpbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolV +n35o5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1j +FAXfRYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ +9y4ep7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES +8uFbQSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUrX0KnDPS +2XsfTv22v/PrMIYJPAEwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQwFAAOCAYEANKG4vX+9 +W6vhxpcI6699zZQW3iARlN4foRfhJJoFSKXM9EL4Nmm4VPCVf9X0xUP3bhKB5mCA +aRGPEtDK8GaoufnLbykd/ytuucVNeK7tJpUtO53eTkvBsg9h+NyeX8VhfBGh+74o +1k5XSlCq+GAJ1zA0m+GgNFtNIooURvxR3V2sMQj3aJ4aNcgM2JsCVwwrGuD80K8+ +4SMlo8bFxoeY/8oxg2qtkTa8xdx1k2IT2S2qV3uLY+8cBipKC19HXLzng7HZR4VQ +flWgfVAMt31GRl7vyK/jkKnk71gxOtWaxJOmrTJgpBsWg4PCA8KPfqXYGvB+kPHh +kwBY/+M7ygh1oUfc3wcwHR7FlPH5LnDrL68tksIBxyBmxxMZRGk8bsC9+49I6yPB +MMhl5CLyErw2WRL0gstEFNjW39iphjh/DWiLIZTUrOKmnndzinKr5iwKoKbosEJG +KC0XI4xKHZ6K34t/1mL+6ePwgmFN7aJ+4R6xIcHj8wenjQlpfaj78cFo +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_requester_with_spdm_req_eku.cert.der b/test_key/rsa3072/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..35bc0e7 Binary files /dev/null and b/test_key/rsa3072/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert b/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..44d741e --- /dev/null +++ b/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCArugAwIBAgIBBDANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYwNFoX +DTMzMDQxNzAxMDYwNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4Jj +uSJpAZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCx +pD14VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+ +pnTk93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTg +L2PxpbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolV +n35o5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1j +FAXfRYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ +9y4ep7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES +8uFbQSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQAB +o4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFK19Cpwz +0tl7H079tr/z6zCGCTwBMEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcD +AgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwDQYJKoZIhvcNAQEM +BQADggGBAGT7KJOJbbjJisczip4p3rUvE5BiVO1ldELvnKuYrbXNHltJ/E9BZZ4U +0AyrAzzQrxxQL8NhypgO/LATTtCnWofmuFBAju7UsdinvtiOd+ixmQ2/JiJr8E9B +mCfGw+9XY3yN1ozZALZA5tb0537u28pYqf78PJCOD+Vu+wt4cXcpOM8yv/8nNksY +5QctcOef7lXqJIND6FvcLtPEwpS5Y8hrjVOS6svL7ogO8sSpKcJVAlLtcySvhRx7 +JPVHyemv9zD9sxzOvpzbfPMtkyH/Od7+DA0dNijxO/XgFKAwWh80ss2rSBQlZWHU +UDCrOJ3rIpmP/y5g4F8Y5xUjOBrZi7YxnB7a7n2vEaaPTHOPYwAuxaCG7rU3RZkk +2A7fPaI+2vNj+rgHvlEhM2gGEnIIkizaqTNqF9GCjR1Cny44FSYbztDwUPtFauUo +9Obp/+OB67ABDY4ZyzCGagrJ64gZodBRqSoF8rN8fNnCMf2rfC6DXgEWn47JUo7h +7Xop2tEGsg== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..933c5e5 Binary files /dev/null and b/test_key/rsa3072/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert b/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..c0c4caa --- /dev/null +++ b/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBBjANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYxMFoX +DTMzMDQxNzAxMDYxMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALBGZ4Jj +uSJpAZvn+VL3CRtyFQxnPuRuQQntAULx2DwNoAw1+1w2ACFYShtOha/nhMmPuOCx +pD14VE3zko3mtZeYaNZO3vMtibZXnbCDlTx6cX/5Dld3zGmoAasuezBQO9HuyD3+ +pnTk93/y/NHmSrR7RQtZy1NgSJFZ2RvMYVxb4rKlys6Tlt7J2/g6lBw+5ERErQTg +L2PxpbcBVU+8t359jYLLdLrF7e+eQUywVG0VSBgHPC1E4OI4kDU07g7HHjJYvolV +n35o5ed/0dBh9IBI4NSXUHTKJ6a1z26lD8lPIcfmyf3+GjOI47WnuDpPv/jGVE1j +FAXfRYFOhJoKikVAUs/uFbdxZphDEYR8LhsC2rKSoQGFN7HOcBGkz0brCCLdrQWJ +9y4ep7s2zX8TquzdKi0jsdDGdPuEIza6kKAwMUjVUqkQ2U5bp7UGHEscsV7r8OES +8uFbQSLyk3JihXxyUjdQUnuV4yykXrui1XylTP56MUDab+ulh0pJlpYyjwIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUrX0KnDPS +2XsfTv22v/PrMIYJPAEwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISAzANBgkqhkiG9w0BAQwFAAOCAYEAB2knOUuj +6nmBYjzcHCescdzCJHSJTaMXxEF7m7Pu8wqOOjKAU91gxrYW88uenFXgRaAhbtY0 +igHvT1gN3VxJK7zK7Ftw6uyUA+yVys2M5y6Sl7dtkUkGNW5y4Hearp3IuPOil2kR +UaHzPInRt+1cnDw8EqXRdtyVq+brUwfyRAcOvnp2IGtgYT5d55n2+nAehM0+K0CQ +XY6wU9VC8Pq1DCs4QTS3dY0GhODrmzYslVlMH/wqvSsvTdUcYYHC4wMP1mftaGG/ +BYvHwCDSmi3/xnNj/xW0XgId0AQyThdPk04FF2LSTkPeTjJRuDb53RVW43I3zaQE +XibZX1GQZnmSKnQZlDGf8+y3LGLjd30dlHfBwUmtS8pA3l+B1AJvnubiO8eqkt1Q +q7tJkHM62AmM0aeLq+JIJ0Dm467oOW5gC2nAx1L5Xz9B4Dt0Y5/nDqWi3XwX8giH +mGLEV6jgVXpNpQTf/E7pNDP89nBhEV6G0onf8w0fgwgrcgSWTeQhRDhW +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert.der b/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..8c10974 Binary files /dev/null and b/test_key/rsa3072/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa3072/end_responder.cert b/test_key/rsa3072/end_responder.cert new file mode 100644 index 0000000..424406e --- /dev/null +++ b/test_key/rsa3072/end_responder.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTIxNloX +DTMzMDMzMTA1NTIxNlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRjxkO1 +HyEB9itjk5U+NZPh9+wQ4DAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEACa1FSsbINJ4gvqipMKZnOy1f+i+if5T27UJSdWlr6WuZ +pGjING9rG+D0jevErqrkUCIUJ0uBhk7jDFYVd8vBsYtZmEHTZFnltlvWdVHq6YC3 +ToO18c+tw8jHLAucWmmOLnPECPh8FNxAKyNZniwHQ8SWDrDIj7gBvHTFEIr8uBIR +8KI5VUX3lL/LkJKxQYF85yLAmXdV2RwaXFCc032U6vf1mLvzzfc3W6l/P1bEUaGz +Nh9Ll4OCx1PjnJbQJzWTPfRM5ubtTScyaGEB5ktvqp2pn7xzZ5XDC373wkKW60ut +BUDPRcR5D03J7IsSgSlfu+7TxyWSjeV7a9pLvXhmVkqHN9Lf2/0zYdv+ofUFcvWb +VrWlkCpI70BxaVtVQaUuEbM62wZT45gOcCXsbpEFt1G0rLutpxGTbJX9Tu4zonck +f7LFJVt1HJpOGEefCUV3QeXoHvoWpTEdbQT2Q0Ig3AOX/u8VdaOIGpYBsnrV+uAx +AobAd1LDsgG+WUPDG8g0 +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder.cert.der b/test_key/rsa3072/end_responder.cert.der new file mode 100644 index 0000000..90cfde7 Binary files /dev/null and b/test_key/rsa3072/end_responder.cert.der differ diff --git a/test_key/rsa3072/end_responder.key b/test_key/rsa3072/end_responder.key new file mode 100644 index 0000000..f4c1ca6 --- /dev/null +++ b/test_key/rsa3072/end_responder.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCnsSJMFn556NXX +3SNGTgrWPL2rbObLr2K+TOVf/T5W2/iokzgO81meV+eRjlqL7rG/vjxx/TxDjpiu +pUjRBLPA26roIx205R5Polcz9rRxF9H7XDuYZIj7sKBIue6/GJZP8IY1zQmrTuef +wqys7fDOX5wD96LfDPe0JwLDsVrLBrn+u9u6EsAI72EKdJilz6XrgMg0Zth1v3S1 +DEmh2LrFvUp2FDNaWIAWzRvXqcjwOQAPgKkcsbllvaKrVIiWdoWgoHT3mvxt2PVL +vHO2oz/AD3xRcnKnjqXXPZpjMaq/2gRwfEwIwrTLRSv1uIun9FAXnRjTX4GzBRGh +McROJftdQQpYuy/1wKI1Viqd/imh7uscXxHidqNl/OxISwB4Wix6hWJSBcPI0GIf +roeZ73+3u1jYE1WY+b0bgLm1KI8F/ebVn0RTpjE/h2VTZ93UhMjSraw37YXqzuJ+ +vxqBx9Tt2CcrClag1/XUJsLrsEsPBhtMNewpXAD/1J3ZkLbR1rMCAwEAAQKCAYEA +j79NKjJCGtjXruJ2oYa2zW1mHXQN596hY4XhPkaE0MphvofsjwxV72FlNSX1QmzL +3BUEFabBqRuskFFJOTuxpwnm2HV5up6JPDRqUjYR+bw0mSc4QuszbaW70HvqR8+Y +0k/ZjHcF6d6KuS2U/ew993qH7/KwoEmqcLjcKsp2jQFoIRACS+BU05P3+JF4ZPK6 +RUWw2RKsTUtgjO5KlD2H5YfdM5kfaDvjGSibzGRTxnDmN2PQE7PZvHgx4HJnX6ua +f5kXWgxkW501mgzt6zHMtGbyY1LUVZqNZiH8hHyJmEoOWDsNgXalSugNYpKB1mNw +9sKEEc6Hi+2ZFps1oVl/CUaN+uJFrsL1fIQa2GoRtbLpFIN32NBcsAL9kIneLuMF +/p+9fBuHvyxsTzLRQ5cKCMXUwS4ko80iFlFSolx9G76Gz76WL9yZtDl9/+z3E/QI +Oh0s87lt3lP9hI2CuVyOfy0XNCYYmZsotgIG9hlg7GVHtj4Cbea7cCCJzHaSNr6h +AoHBANEhvz9I51R55xdz5gWrwiJjjoMfdHicxYGxHDSIGj7wYoCBoiAd6eTRWkis +p6+YOftfNVi7zsWVxGv91djPQV+YwNwNXCNWeTCj31wVzV7t4XVI83ZV+lmgTnHN ++iYOpdLsq04R9Ct5z4USmbNEZluE6LVvMHCFwC47W3mTBwjGBm+pivKivvtkVo/F +8t3620CJzP9lOh2+Mkpt7bftCKiy/mmqBxGcIqU9lx9d832bAvhUdydCPbg7CRT+ +F1dicQKBwQDNReilmP/AC4uhdXh6f/byLiIUv+BK/iqI9k4KmokaoFZL93v1pfgo +DSt5p5ZohDnmJSHGQy2scbLMLx0hupfNP0ONT3dEcCpAR4CTLys+n0DEGPJvBljD +hr8mkZdRQU9fVu55IKM0a5GI6N/XXXKAnjfae9YBbLFmOySJAlsnMXU85D+2lndl +4lllA5JF7+MSOPvNS0SUWw1tGsYb+iiuEHJPqIic35xeNAEICax1eF03R03wJVca +3q+wltbrlWMCgcAV4/5s1WjBgvEZl1wgg9YSW3FzcDt01JQn+y4Eoap9pBPrd6ZM +zlTJStC0gr4at0h6c4DWBPKj5AVneG6F/0vMgeTOI+fdGxQcb0rWDMIuiZ/r8vLp +FB7cetc7OmBQ03+wEG3uAhsY4etC9qt4BFTih4sEUtszLAztyfDNTQKTfIb38TtG +IprzHZGiAwplCfkhTEtVAHeQ3XPOLquPcRRS9EmFLfMHeNx3h3bmJaNzJmKtM8o1 +Jc3oFuXgeKhg0UECgcBpg3DFhjKX7ZdVZAOMvDAcZlhAYCyTf7gvdKPC0ZJ97ELP +g6PlLe2z8KkTPHCUwrrcMOP+fFOC22Kzj9gimT4kU0uO3HUK6bjeF6LghRNuef+Z +jNU4+oMv5hhlY9rq+m4pLI8iFgOuE0jYnhNJKZCMykcdeCAV1WAOk4IBJwPhzotb +xFt3qDoxVbrrsH1Ek70dhcrwyKq0s2TgWy3P/bNhXbTUe2XVdR90ULji/831B+yq +WG2Ybikq96JJXA+XQs8CgcBG7W9EdqTDKYgYw9wcQLgaRfcSM3v68o4A8nnQyIZ9 +zrWcz52yEYTKYzGWO3rVnQbpp2E7zYxPwBopzLHys+LSiR/uvDY6UD4TLaEtugUZ +zjnr5GKDi9QiQS0MVWNg5XbKqkMx3VmFHfx5dvbl45QVKRHzTg7O9S3q6pCN93qp +FStuWLHA3AnQ1CRkqMXvk1uyuEhOX2beuw+0xr8jQwDGWQFkPNB0f0QHY47BClkc +POKIaJe53qv0LFLY79a2uFM= +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072/end_responder.key.der b/test_key/rsa3072/end_responder.key.der new file mode 100644 index 0000000..31bf038 Binary files /dev/null and b/test_key/rsa3072/end_responder.key.der differ diff --git a/test_key/rsa3072/end_responder.key.pub b/test_key/rsa3072/end_responder.key.pub new file mode 100644 index 0000000..86a5bc5 --- /dev/null +++ b/test_key/rsa3072/end_responder.key.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAp7EiTBZ+eejV190jRk4K +1jy9q2zmy69ivkzlX/0+Vtv4qJM4DvNZnlfnkY5ai+6xv748cf08Q46YrqVI0QSz +wNuq6CMdtOUeT6JXM/a0cRfR+1w7mGSI+7CgSLnuvxiWT/CGNc0Jq07nn8KsrO3w +zl+cA/ei3wz3tCcCw7Faywa5/rvbuhLACO9hCnSYpc+l64DINGbYdb90tQxJodi6 +xb1KdhQzWliAFs0b16nI8DkAD4CpHLG5Zb2iq1SIlnaFoKB095r8bdj1S7xztqM/ +wA98UXJyp46l1z2aYzGqv9oEcHxMCMK0y0Ur9biLp/RQF50Y01+BswURoTHETiX7 +XUEKWLsv9cCiNVYqnf4poe7rHF8R4najZfzsSEsAeFoseoViUgXDyNBiH66Hme9/ +t7tY2BNVmPm9G4C5tSiPBf3m1Z9EU6YxP4dlU2fd1ITI0q2sN+2F6s7ifr8agcfU +7dgnKwpWoNf11CbC67BLDwYbTDXsKVwA/9Sd2ZC20dazAgMBAAE= +-----END PUBLIC KEY----- diff --git a/test_key/rsa3072/end_responder.key.pub.der b/test_key/rsa3072/end_responder.key.pub.der new file mode 100644 index 0000000..46381f8 Binary files /dev/null and b/test_key/rsa3072/end_responder.key.pub.der differ diff --git a/test_key/rsa3072/end_responder.req b/test_key/rsa3072/end_responder.req new file mode 100644 index 0000000..967b22f --- /dev/null +++ b/test_key/rsa3072/end_responder.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDbzCCAdcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwWfnno +1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9PEOO +mK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXNCatO +55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm2HW/ +dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea/G3Y +9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNfgbMF +EaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIFw8jQ +Yh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDftherO +4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQABoAAw +DQYJKoZIhvcNAQEMBQADggGBAGP6CcvkShdReoCoPE4H9bD3zhfHLr/eh1/S1AP0 +7vR1pdcuMU2B+WA1VKiC/LY1MTFtblWgnfHv/JzJaUbO26o1OwZNo5LhmLbvD1ML +qPCKPCpZMEXS8quwZwrUweHyjO5z1gr0mqBy7meS7WjYnTG6/OQO4E+76RHZhBKK +7R5CM8/63pZKGNha5gJPEgyUesU1GGpchHeX4D5XN0u129TS3JKVQPVVsruQ83pH +dBUa/4mWTEOl4xuTcu4memn2uixGXf9Loy3f7QF+T7hEFADBUA+ox6UwCh/7cdHt +UN5fyONjuOwDayp6t7KITO5RFdeaJUEiJnklmZuIfSSHl/Sx4/octw9FsG/m1CTE +lKmi9pxURGiXMZ9/bh2Rc+9YRoncwo5bCx7gO8xuo4JkinegHAr0z73azpOa4oU3 +lTVWP3OhbkpesgvX8yVU11L+OCY+f30Sh8EuplNjDxr5QpL5nlRR5dL5jig1EVPD +3lDMvucfjnWp9O/O1zoSX49e7Q== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa3072/end_responder1.cert b/test_key/rsa3072/end_responder1.cert new file mode 100644 index 0000000..76dbf89 --- /dev/null +++ b/test_key/rsa3072/end_responder1.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTI1MVoX +DTMzMDMzMTA1NTI1MVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRjxkO1 +HyEB9itjk5U+NZPh9+wQ4DAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEAElu515irLFxUmA639Q1cuR3v1KsK2sYoN6qJzGaH+m9A +MMSFWDDdBKNSStbMGJOZbM/GVmQw9GUU+SFG/ghYB33/PD1xKAgTAiqGgoakgZZG +cU+QaCCXitP+UZQ2Zx9xOP59TniOqMiq7s3sxLtcoiuyrGgUAXwL3H4jUoalhRoy +8zVo6LSkeP4rIJH2aC1Fd93cGBbd2sqs5A9yMlCphfkpxZ1IvOFtHeZkpZIfmenK +o6b/R7CMxwVPNoaceHNi7Ib2Tgsox4EyiP7WZnYO1qDajHf2oor63Jrw3vqeg4j6 +YANXZqXrJrH7uQ2kZ8NusPACUk8nFsZ4KYYrBiFm22Prt437XlVSXkWIX7aLK5KS +nV/Ek7QhGOR5u9mgNQwhFHhRx4V5hiLz9ZIqOUU1LtMKtdG5BjHmbAppNEVJot/z +YBMVDaJf9q6hWQNFd7nF512k4LKw7LU/hdoMUivEY/6g8/KrYg+iTyqSCOg1KpBD +nGlrTCpe3aa0SEfmuQB7 +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder1.cert.der b/test_key/rsa3072/end_responder1.cert.der new file mode 100644 index 0000000..f6faa6d Binary files /dev/null and b/test_key/rsa3072/end_responder1.cert.der differ diff --git a/test_key/rsa3072/end_responder_alias.cert b/test_key/rsa3072/end_responder_alias.cert new file mode 100644 index 0000000..659cb4b --- /dev/null +++ b/test_key/rsa3072/end_responder_alias.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAtqgAwIBAgIBAzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjI1MloX +DTMzMDYwMzA4MjI1MlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o4GfMIGcMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRj +xkO1HyEB9itjk5U+NZPh9+wQ4DAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwW +QUNNRTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYI +KwYBBQUHAwIGCCsGAQUFBwMJMA0GCSqGSIb3DQEBDAUAA4IBgQB3UBf/vgype4Ow +KBzSly88en+iqqFX0UExUswuQMMpBikBrwccUMzTMyxgiGGNErIwEC3A0qieVknQ +6eVmKwqOr0v9fWkJxLM6H5phAiLinz8FULMStPb1V7vNzkCwz+pDaYg4GE3NRjnF +U8nIbEy6Kk7YXHW/jJQjS2+H1qPdMt6MeXr46Iqob2mhlcE1hXkOjOcZJ5AaOEIL +kTY6DyZfl+jjyKbw85WUVcRuWsjuSaVpj1fUvY/nbs7Vsdw2bN6WAl4MrTtAggu3 +qiE9phQ03Yu0pCCUTHKAOoy1T7HELwkNl3pfsxIwuNNtLWQ94gfGwJYwYFVDRvqx +8VNmsiXdI+MFCebsG2Z67Wlwdf2hDPppu+H172WgPJ8UxTrSZFzsBZMkM6liTNzE +TNwRxYcI1Z8RNeOLh6CwkExS4zkAv8FHMexL7BJpeVYI4xlvTEFF1ANShcGBitJ0 +Uj4ihduf3fYumfVgGlXQOzD3kX/1ZNt6YQvzvxkPzOUfhJ6ff20= +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder_alias.cert.der b/test_key/rsa3072/end_responder_alias.cert.der new file mode 100644 index 0000000..f0e51df Binary files /dev/null and b/test_key/rsa3072/end_responder_alias.cert.der differ diff --git a/test_key/rsa3072/end_responder_with_spdm_req_eku.cert b/test_key/rsa3072/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..d60947f --- /dev/null +++ b/test_key/rsa3072/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBCDANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYyMloX +DTMzMDQxNzAxMDYyMlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUY8ZDtR8h +AfYrY5OVPjWT4ffsEOAwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQwFAAOCAYEAkvXgzhW1 +aj25XikjjFwplyXNNuHW7XzhQprXWeHV46BWJ1nwwS5aQN7eMLC/LShWhNeBW2PE +e1t8r8QN+l5CWGQb3Usc8/KKTIGKeA1BZKTkAlfCSxmiSX0P6zFIQdQ5dwG8tvAG +IoywER6ywfB8H1T2HVAHQJeOb7hnKEyz6BAnO3OfxLvQ8LaYGTDTEHOs8FgDKSiB +PFmXbz8ePex2Y3a9XX4kJ/QrQ0BVwRs3lVX3ts7XFiJsu6fwA+P2AVJ8K1qbmWFn +RY1E0uAOSzmZgjOoC30Jv79rcADlBKlfS3GDjmck0+LEpb9PPdEfMchfxlvKx/To +ozzIncwMEpaATdv/czyXBmaF9ILjhj6+YeB4XcpDER/G5IXPCgzu4zuIVJ9TZW4F +YiUtkx4LLGS/YvZEtCSk97S0eEOoGJ47gsGP/6AOmsKY5SgtBI5ydoV75vnep0Ab +au2B0m3aaeOxkzLj7Bhg4YsgvofHXvb7ldmXtT1zvGYLtqmiGMSbkPEd +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder_with_spdm_req_eku.cert.der b/test_key/rsa3072/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..1737b3d Binary files /dev/null and b/test_key/rsa3072/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert b/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..28c0b0a --- /dev/null +++ b/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCArugAwIBAgIBBzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYxOVoX +DTMzMDQxNzAxMDYxOVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFGPGQ7Uf +IQH2K2OTlT41k+H37BDgMEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcD +AgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwDQYJKoZIhvcNAQEM +BQADggGBAGzxnc3wmOnuo92iWGQkAxCBo72X7fUTukA6vpcflXJj2Iymnk4c3PHM +1TJowxsOa7Y+gezxI8rSdwbGFWWdvn9KGXz9SDg3Aa8AQjhKJxICjxiMxDmLGM+r +y8o2svCGpYaIjhUM3uCRlTskbjr+eDMI/wm5+8z0w5tj3SW6XSmZz4nU4eQ2n3qa +VCW8Ait/C2OEJ6chsGcfGcaGnlwjGLoHVpGyvFu1dZ+OcJwVRMIijzA4/QJPw4i6 +EBDZbStEpx7WvmfgGYfuGWtNw1aE2p3lwtK9oTUsoQZIUU13L/RaKAkuVi/txsCj +9R4567gOuIvmgnKnSzUOnjHctwzTtiFG/RuS+ZnRG8LRWkXP2XxBz96zx1Xl1Q2t +wl2ZZ0b7FgQhz5v+1CsDOYPAc8VhAO6CCbzbo4V50t0cz6Dh8rUM0b2kF4u/qBwJ +C1wwDv4A9ytPiOEunmHoh8VfwEKhzUJZ7cToSVXy0jciZ46MXGSdP0sp2FhiXhLS +UA7c6TgFpg== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..ba6d080 Binary files /dev/null and b/test_key/rsa3072/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert b/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..c6828be --- /dev/null +++ b/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBCTANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDYyNFoX +DTMzMDQxNzAxMDYyNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKexIkwW +fnno1dfdI0ZOCtY8vats5suvYr5M5V/9Plbb+KiTOA7zWZ5X55GOWovusb++PHH9 +PEOOmK6lSNEEs8DbqugjHbTlHk+iVzP2tHEX0ftcO5hkiPuwoEi57r8Ylk/whjXN +CatO55/CrKzt8M5fnAP3ot8M97QnAsOxWssGuf6727oSwAjvYQp0mKXPpeuAyDRm +2HW/dLUMSaHYusW9SnYUM1pYgBbNG9epyPA5AA+AqRyxuWW9oqtUiJZ2haCgdPea +/G3Y9Uu8c7ajP8APfFFycqeOpdc9mmMxqr/aBHB8TAjCtMtFK/W4i6f0UBedGNNf +gbMFEaExxE4l+11BCli7L/XAojVWKp3+KaHu6xxfEeJ2o2X87EhLAHhaLHqFYlIF +w8jQYh+uh5nvf7e7WNgTVZj5vRuAubUojwX95tWfRFOmMT+HZVNn3dSEyNKtrDft +herO4n6/GoHH1O3YJysKVqDX9dQmwuuwSw8GG0w17ClcAP/UndmQttHWswIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUY8ZDtR8h +AfYrY5OVPjWT4ffsEOAwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISAzANBgkqhkiG9w0BAQwFAAOCAYEAwURxy0Cz +R7uw1l2KO8uV9FbTFFG8n0WCxxXpZ/vTO51ziItEvWWBEDKzKyW4UiDV9QZ4S8z2 +p3cfhAbCiTVDqiwraK3DAbWuszavhu/1H3d7oQQFxDbpG0uKPtO4iBCtsc1hm0x5 +w+wKOUl/OcPPglvlNf/myONM0F0RhpvwalTmI1VA+CGqbUMK5LDWSsu3Txw6pFZk +Fi4yUKq+5NVBUY4+2KUh4x4jvi2BRVlKbsDuMTiT15iTJ6fMOD2ut4s+RzyJP2Rf +dGqRDOoRnhL7oGXQfUIbAZ1/GUlxjHdkNf+qafF//3HNKBfxSFxbLgf554Gyo7Tf +noSQv4xxcfexSjAYeRBsXPxJl76Q8VpUq2xIIvecPoJJ0rfu/N1mhIwyTbld++Qz +nvM+uPHlRNvxfycBFWZgDDkJmfCcv+my0KUeZODX2xzONB7j7bFR0FDQHDvlxZRA +H1NN7HCSSJbWZMg72ZaLIAoraRxnfsbQjwqkA4v++YqW/GeUqghHp2iK +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert.der b/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..16e3ba5 Binary files /dev/null and b/test_key/rsa3072/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa3072/inter.cert b/test_key/rsa3072/inter.cert new file mode 100644 index 0000000..8167832 --- /dev/null +++ b/test_key/rsa3072/inter.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQwFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzA1NTIxNloXDTMzMDMzMTA1NTIxNlow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANX+s+t8yxFImRw+byC9T+Ya +Sd84ORUBoZ3q5h8oA5IrWnVGBbXbuOh88E+PSnpV+JjsTtfD8kgr+y9YNIXA5ywu +UQOy1GF+hwvDX2gHdraZ5u4ij4r8zYasD5UdRlU5tQ2NaAcJUoHY4UBhjM0JtJza +qBTfAzN9ulyxulvKRSc0LwB1US/jgKntfU/FCaSMjBMKqRGppSrX0S8wOlOc82Ux +FgsmXlWBKxf4Nu/G5t1CP82yaWvNWdHS9fVerxXSU1xXPbtgXWXZ3Q/2GivBPrC1 +I+M3aXLZR7XNdZXyvI5wb6/v1zr8qG/17OsejjUX2OnpV6+0MziX+W9iFQWg1KV0 +o0JFlWXicp4rS2UDacDdVKakVGCtQ/K2NLulsXLTHIovXZGgG50SVuNHcLZBNtGr +u+s43+4D82jnfzHwCOLNbbHxMJka1WrHQOXN9a0pAlTRhd9wCJDmub/ph7ZF1Pig +jxG1X0D9OJ8OVeO7i4T4+zdhdB+uMIH/gKxfVnUkhwIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUzj7c5yqAbHE6bsTMWc3Q7eOt +wiUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +DAUAA4ICAQBF3DEtWHFGISr/h3UhT23Q1PSxJTiloF3uONuHZJCb61wx2zlqVXHB +wFGU59C9UU5/ry/7OehrsHpyKIXU4jUiXi8YrUvvx07UWJczvvC5v9zONIBhSVIz +wfhLgKrIhlnj5yRuZC6wr7OAAtVZhS0uVlNWmbNzX7aerGM7MBX5cdfV5za5Hz3y ++iku4YK/FnSmho3QHr4FDpAApICb7NxNQJHnINv2DwaRIBQIIc6BguvyIx+ThEfS +bTdVCvlGQEEE4fiis3aJTxip+frcFm730Kg6UlejuBqOwDrMAhKHZnCHmthNa3dp +lF3nNTWxl9Nr/nnu2n4d22zTConAS9n67iRwRNUD0zy6M9Fn39SippMMXinHnB6F +YMTKTZO7hR0YdakXYhlFPTr00jNL09dalnpnlPFYROT0GCgs4YBbOs/eALHtAsjG +ks7vA3losR7CMhPZn3PfRMC/SZr1BmSjEVc5R9yYJuYGgZYqajRMr0EP88ct1uL0 +7bcSwLo7cgx21KC1ypKuFTg5JdsYGQgSIsvFQs9ZVPv0h9oIidv325a/8Cnvi6n7 +iX8HWV7s49/gpejI4qkPJwb3F1vk6vGhaMHMTSIvzImiqLIAwjJVLODRhfozQngn +OMakKLFkjhKP1v7p304AWgq7F6LfSfp1Cq0o4FmICFq2d+Fzke2dsg== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/inter.cert.der b/test_key/rsa3072/inter.cert.der new file mode 100644 index 0000000..5448318 Binary files /dev/null and b/test_key/rsa3072/inter.cert.der differ diff --git a/test_key/rsa3072/inter.key b/test_key/rsa3072/inter.key new file mode 100644 index 0000000..92b54a8 --- /dev/null +++ b/test_key/rsa3072/inter.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDV/rPrfMsRSJkc +Pm8gvU/mGknfODkVAaGd6uYfKAOSK1p1RgW127jofPBPj0p6VfiY7E7Xw/JIK/sv +WDSFwOcsLlEDstRhfocLw19oB3a2mebuIo+K/M2GrA+VHUZVObUNjWgHCVKB2OFA +YYzNCbSc2qgU3wMzfbpcsbpbykUnNC8AdVEv44Cp7X1PxQmkjIwTCqkRqaUq19Ev +MDpTnPNlMRYLJl5VgSsX+DbvxubdQj/NsmlrzVnR0vX1Xq8V0lNcVz27YF1l2d0P +9horwT6wtSPjN2ly2Ue1zXWV8ryOcG+v79c6/Khv9ezrHo41F9jp6VevtDM4l/lv +YhUFoNSldKNCRZVl4nKeK0tlA2nA3VSmpFRgrUPytjS7pbFy0xyKL12RoBudElbj +R3C2QTbRq7vrON/uA/No538x8AjizW2x8TCZGtVqx0DlzfWtKQJU0YXfcAiQ5rm/ +6Ye2RdT4oI8RtV9A/TifDlXju4uE+Ps3YXQfrjCB/4CsX1Z1JIcCAwEAAQKCAYEA +yVKOQgVtphz+rquuMMbp3DjvNqnWSgT233KWfMlQUrumpp3x0V2dYFvqWW8dSmqH +LpditWsLDQsTjT8Wap9I3S/V1/zuAarfshlkMKKU9MVllLO/B6s+UGyfXFHmUVex +FcbrD3Odw7seb0tXA68V1FuBteD5SgAGzB4IjUKGPJPDhFLaxorqCPP86Icew0fW +oDNvS8amNOBFVHey5+bItXKwoly+cwLKYAqM5JfjqlUhYYtv0pOm5NfrvaQOZCEx +wiqaVGhAJlmE3/8NMdRfbHHgukDUWZMIk7XQwBsxJ+Nc29OCZIQgi149uOAli95w +OuDnTG2I39RURKwiw3qV5IABBhWABMi0Q6FTrHOC/MO7C1W2Kpljrzs7ErOh0CSu +u3Ibf0x8sDfrksC582hnFdV9rsCiN6x/nlxlReTXdlDAo7TxJBadqe8KpDOBGb9l +I8ar8/U2rApRlYEpJBBHFpBulydma0a/gVsyQ9iyuUQpH0jQE1aU0UMsjX32GSCB +AoHBAPuM1sNcuzfdL+Z5D+zTnf02cNljzSgAqFxyJCpfhxxMMZLkF6OZf3NHOpIo +bobA1BYudv8J/UMXN/qf7/FOsS0EqI2H2RTnjdclADaMkwdTvatEfjDFLdbkU9r1 +sggOIGp906LgHsipKYwXxmj/7B8YQGyOcHCpK6JNpLSd8+WmKiSMXlw9Fn/p/8zT +ETUiEF767FY80gAlbLPHL75IxIAc0/BhYZWuqnihfNqkUmOpF/NIYIxjnPWic7iT +3eJ6LwKBwQDZx8rr6aOloEmsFGLlqzj+5B8Kngm7HuZWijwJkd/3hT+ckA6uDBQY +jl9XzsTIqgKQGKwWDhIpmR6f1qzNx6ctivYhTIqdaImDeNxH2FTpznLQH45wJjVc +5URvsK0wvxO0/5oi7ufzP/kL7s6XHm/wzg/Sgudd7+R2iEzPuN1wDG3iibRnru+1 +1MPbkgF6cytYaMDz/IccQrB3HQBa3krvzBakvbqxh7WcZjB/qVlGjW2ZQdX5gRWG +e/N48xVb3SkCgcEAw9lOqII9XWw/zBA7nubP3gKR8B9s7pU8f+V6VOdVWWnVOwmN +ghmTilxNtNf33cCqH68DhOPxJFgihGYbuWPMPEGhPbgkAsuZuoUbWl0uaAkB5iOI +oE4Ut3fD9flPKEhfYqoeqXQXY6GZMHKeTsfavgbyudJYps5/o3kSIHHOH+G0dAo5 +uVTyfJriR0WZ4yVnW5u/gBEQa3632GzftiYPn7NSK5iWEqUQIqWQgOZpIyDW/do/ +GW7BGNnngTDXE2qPAoHBAMQQhXYi4DvqtKkBqY/PuP5xbijm4yfdx829ohOTiymS +gxR29WBoa2c4NkodUzi9JpWIQNWSUXO18MZCRUz2JGJyKukLuffA95yvoNHlx3y/ +aspIvrnlDEHX/ub3DtVGEX3waFpu79AllhfSJZgTxP/s5H3HcHk30l2MlGqmqmWI +Kx26j/qQmir/pFz3c/FD4pAzrxN6FEGzIJ/8Miec3aZJ/VDPp1bRMQXfUmZ8lm1Y +QoWpqfR47GIpEaegYWhVEQKBwEGR3ezrhmkpl5dK30vAyyLpD+NMY8MZEd0T0W5v +RI4ITjMhK48h+CkFrKG16bAKnIHlpsalXD9YZGG/QMDylxVr99f1khtkRy2hP7Cl +u1z8Brxco9hcVl5VUmYg1qSBo1MtiY9/yYFoszkq/2zRfFXepjepABpcKbH7sTGV +zmzO4A2GK0VpvtQ5OjFTjdRR+EfgGPAoudxttmixItCfpblF3rqbuhGfkUwkqPyw +t6CfKHbiZdBW54q2NiMZY/BWLg== +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072/inter.req b/test_key/rsa3072/inter.req new file mode 100644 index 0000000..4fab6f5 --- /dev/null +++ b/test_key/rsa3072/inter.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDcjCCAdoCAQAwLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANX+s+t8 +yxFImRw+byC9T+YaSd84ORUBoZ3q5h8oA5IrWnVGBbXbuOh88E+PSnpV+JjsTtfD +8kgr+y9YNIXA5ywuUQOy1GF+hwvDX2gHdraZ5u4ij4r8zYasD5UdRlU5tQ2NaAcJ +UoHY4UBhjM0JtJzaqBTfAzN9ulyxulvKRSc0LwB1US/jgKntfU/FCaSMjBMKqRGp +pSrX0S8wOlOc82UxFgsmXlWBKxf4Nu/G5t1CP82yaWvNWdHS9fVerxXSU1xXPbtg +XWXZ3Q/2GivBPrC1I+M3aXLZR7XNdZXyvI5wb6/v1zr8qG/17OsejjUX2OnpV6+0 +MziX+W9iFQWg1KV0o0JFlWXicp4rS2UDacDdVKakVGCtQ/K2NLulsXLTHIovXZGg +G50SVuNHcLZBNtGru+s43+4D82jnfzHwCOLNbbHxMJka1WrHQOXN9a0pAlTRhd9w +CJDmub/ph7ZF1PigjxG1X0D9OJ8OVeO7i4T4+zdhdB+uMIH/gKxfVnUkhwIDAQAB +oAAwDQYJKoZIhvcNAQEMBQADggGBAH2QqvoOhG8MmeJhv/6RFtYJ4O25ifFTrm9t +EK/dxEPfN/1eIaedODaxKjgPZlgNdtfGIB0dY0EcTau3TvPe4rIL7Ng1NMenn6it +GwvdWlYrMJNiesXjlJ9aXhkhJd9/NUCikSaIERivKLc+mrRtNn4L2IbKu4Z9Bg/H +sjgp6KJiYrpxt2tkDYi3NF8cdN0Ioxk+FRq6jW5yRQ6DkozKDBmcqMgtyOQel8Kh +qD9UWZz+AC70DA8PNZPZDZ2XLqR2zZxVeysPu62q+z/tAZCBJaiDU52tL/a1wpSv +8bLHX6TOvdsDgXOdiuUcyKHPekdIIK0rBiD1R0UpfxTcHBul63OAK9MdCAVkQ4Ks +YU4CMmS2CpIXkUVYN+BH+6B3gIVff+tCBXEtNSQGuWp1c/S+ECgK4t3Bx1chQsE9 +nNh5ESRnRI1TwqKU0cIkwzEFCtWoU9gB/jDoPpWEw2hKCGU6Rti+40IYEzHjatjB +NcRZHvbxN/nu76gq+2azL8sYFSMjFw== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa3072/inter1.cert b/test_key/rsa3072/inter1.cert new file mode 100644 index 0000000..86f7654 --- /dev/null +++ b/test_key/rsa3072/inter1.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQwFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzA1NTI1MVoXDTMzMDMzMTA1NTI1MVow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANX+s+t8yxFImRw+byC9T+Ya +Sd84ORUBoZ3q5h8oA5IrWnVGBbXbuOh88E+PSnpV+JjsTtfD8kgr+y9YNIXA5ywu +UQOy1GF+hwvDX2gHdraZ5u4ij4r8zYasD5UdRlU5tQ2NaAcJUoHY4UBhjM0JtJza +qBTfAzN9ulyxulvKRSc0LwB1US/jgKntfU/FCaSMjBMKqRGppSrX0S8wOlOc82Ux +FgsmXlWBKxf4Nu/G5t1CP82yaWvNWdHS9fVerxXSU1xXPbtgXWXZ3Q/2GivBPrC1 +I+M3aXLZR7XNdZXyvI5wb6/v1zr8qG/17OsejjUX2OnpV6+0MziX+W9iFQWg1KV0 +o0JFlWXicp4rS2UDacDdVKakVGCtQ/K2NLulsXLTHIovXZGgG50SVuNHcLZBNtGr +u+s43+4D82jnfzHwCOLNbbHxMJka1WrHQOXN9a0pAlTRhd9wCJDmub/ph7ZF1Pig +jxG1X0D9OJ8OVeO7i4T4+zdhdB+uMIH/gKxfVnUkhwIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUzj7c5yqAbHE6bsTMWc3Q7eOt +wiUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +DAUAA4IBgQAvHLRJ4eQVrSiACV8xqMU5SlTRDEIPEgiM/LPeRqLMtgerVY0XlbC+ +YPHWeJNtyL4z3rdEvrOiBB4GyzduLVxRllb+b4R7MjyHL5VJ3IlA3lyc9qMFkKxT +TkxQz7Vo/iOTzIRJox+ckEaiENnOlffKpgKoHRSKxRQhCehYAT8fpH8KyNlkBWAz +EpZ+zwWouJYfAv/H1CushfNEsdIHBrKHObJ8bve3dhs2in2hD75lx7Jm+tPHFjpw +OQtjM0lSqrlQ9i1CWABCMc0T5aGxF2pE5XfjF8fk7kIMPPGBJZjcPGCN2o5J+b6A +v9DqMbCXvMZmWPUkGPoXgPCVB9CsC+RhODDaZYceQh5iF/PQ6rmiPD/kYj7tbnJQ +IHXI2QUl0LIPh2NiYLfjgu+nb8LU9oo+AOPc9b+EcvBVe0BdUJeUGcWy1n0u0j7a +T2hCYbETULu4LhfJ0t1WOucPhdkm77tphbWuu3/fZ1jW9CPuURG6Fif3IgQdP4zQ +oo/zxuS19ac= +-----END CERTIFICATE----- diff --git a/test_key/rsa3072/inter1.cert.der b/test_key/rsa3072/inter1.cert.der new file mode 100644 index 0000000..b10b2b9 Binary files /dev/null and b/test_key/rsa3072/inter1.cert.der differ diff --git a/test_key/rsa3072_Expiration/bundle_requester.certchain.der b/test_key/rsa3072_Expiration/bundle_requester.certchain.der new file mode 100644 index 0000000..9390590 Binary files /dev/null and b/test_key/rsa3072_Expiration/bundle_requester.certchain.der differ diff --git a/test_key/rsa3072_Expiration/bundle_responder.certchain.der b/test_key/rsa3072_Expiration/bundle_responder.certchain.der new file mode 100644 index 0000000..7aec24f Binary files /dev/null and b/test_key/rsa3072_Expiration/bundle_responder.certchain.der differ diff --git a/test_key/rsa3072_Expiration/ca.cert b/test_key/rsa3072_Expiration/ca.cert new file mode 100644 index 0000000..357394b --- /dev/null +++ b/test_key/rsa3072_Expiration/ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUPbQ1787gpzPgG0D04PrQZkggygcwDQYJKoZIhvcNAQEM +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwNzM4 +MjNaFw0yMzA0MDQwNzM4MjNaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD4jo8PTukYjg+iZfI8 +ykSh7WnPvas5ZB7aMSU9VfpGphRFHqcMD9dcCaHpZ5F+SFMHRX+iRqzuw7+UtjFp +ZRWc260d9N8zjJqZxOYHpeDj4YoF7HFql9tqLzUrOrU8mM5obovWQkFDbSnn2GBP ++WaZTlQA5DBUaSIzCB0OuxkodfuGphVpa58kr3GYtXsU8PLDLSX1EeeFwa8yt6zn +nl7FFqwdlW6Mi4IVJH7H/rtN1bdtVLX/91GQyoogfV1mpLc/5EtQ2YBMZbv5veBN +cLyznb5GBpFlkg9PklzMi8Gk6lcFbYOEitMEtYDbHSr2fIsYop2BjAibiOgNPVJo +3JS/aW6GGZ5wEJT4JqrlUPodIvClIDlNYvOAOqXTVvdxdqZ5nMDFYz8SncsrD8oD +y9LUdOjPVMEdqYPtc6/E44qTqjZ9VGM2mLLjnXGkZfpxNjuD0BnpbrrBllj5rNDb +CeJLz+4AtWu8enxInH4IZGzxpdhrvDLo03Xnxexkl6lny//A0EP4vY+9nNpORKoE +SOi9iso45tiTbRmJbInmyfSZ5W8jXGLWHyoW9bksg6liuvqa3eL9VIXv+8D8GuRC +Bxa96nmDx+hsH9QodIJgwrpkoUfN843tz+7FKWUpchxPzhM85Xblupx0gqZ7KtpX +MKqoK7Y7P4zTjasrYu+Bkvbw5wIDAQABo1MwUTAdBgNVHQ4EFgQUY3g8TBdAWBLI +7WFf0cP33S1iT4YwHwYDVR0jBBgwFoAUY3g8TBdAWBLI7WFf0cP33S1iT4YwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEAEm5bSflpje/WXfp7YJ9Y +nYwVwH1tyjd2Vrv7cS7v1geZE4SE9ouHTeHnXxE8HnVfE9m8H1JOVxqaLahMjE8J +AqlfpSdrnGUwhqYH8LMcntcKgPqSynLbgBArWHihzIuXN00L7xdOnJD0UKli/8fG +B+vAkDrqzyUfuhtdXYjzbJT/qUXdSoIPwfX6ImbYsYQka4tPLbCRfRatjNCGwZ4a +gL1vO5+m6burKmwPW8wb4Yo38Y7KZt2r39B6omOlqBT3XpfEcWSvJp5xXMAsKyRc +OxB/ayO+lCkn804DXPMrtKwW6OcSPfEviQysd8bhzccdcwHZHw0H9yL7QjTJRC2+ +kJ7F7W4CXdAEt4kQqCCHv/eew+qSdVEcSsr08sdsIlBaEk2XkMicSD5a9Z57yOaM +rpR9PnhQGjnlxGWb21ippJkjhfgoOygk8lXpO+U7G8En7RgU269hYuz9Tn2sACOv +caGoP5orMwKQxCayKfNxBrL3VAQNj8nOY2vwrcYkWNug7WMJmhL4XFP/qEJfzLwv +psPq3m7RfnG7Hnm05aA1mOnto+KaYLyeDRI7bj1Avyro8SLksz95xfmkkQigx8p2 +L4pUXFKXuiaTKcbKyxRn/ogJxW24FDhHTKZZ0RH7Ux4pzQLfP4ALB4t6TooG4Cbu +an5mkh9zAfBDyAjYQpsynFE= +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/ca.cert.der b/test_key/rsa3072_Expiration/ca.cert.der new file mode 100644 index 0000000..5795750 Binary files /dev/null and b/test_key/rsa3072_Expiration/ca.cert.der differ diff --git a/test_key/rsa3072_Expiration/ca.key b/test_key/rsa3072_Expiration/ca.key new file mode 100644 index 0000000..0fc9491 --- /dev/null +++ b/test_key/rsa3072_Expiration/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQD4jo8PTukYjg+i +ZfI8ykSh7WnPvas5ZB7aMSU9VfpGphRFHqcMD9dcCaHpZ5F+SFMHRX+iRqzuw7+U +tjFpZRWc260d9N8zjJqZxOYHpeDj4YoF7HFql9tqLzUrOrU8mM5obovWQkFDbSnn +2GBP+WaZTlQA5DBUaSIzCB0OuxkodfuGphVpa58kr3GYtXsU8PLDLSX1EeeFwa8y +t6znnl7FFqwdlW6Mi4IVJH7H/rtN1bdtVLX/91GQyoogfV1mpLc/5EtQ2YBMZbv5 +veBNcLyznb5GBpFlkg9PklzMi8Gk6lcFbYOEitMEtYDbHSr2fIsYop2BjAibiOgN +PVJo3JS/aW6GGZ5wEJT4JqrlUPodIvClIDlNYvOAOqXTVvdxdqZ5nMDFYz8Sncsr +D8oDy9LUdOjPVMEdqYPtc6/E44qTqjZ9VGM2mLLjnXGkZfpxNjuD0BnpbrrBllj5 +rNDbCeJLz+4AtWu8enxInH4IZGzxpdhrvDLo03Xnxexkl6lny//A0EP4vY+9nNpO +RKoESOi9iso45tiTbRmJbInmyfSZ5W8jXGLWHyoW9bksg6liuvqa3eL9VIXv+8D8 +GuRCBxa96nmDx+hsH9QodIJgwrpkoUfN843tz+7FKWUpchxPzhM85Xblupx0gqZ7 +KtpXMKqoK7Y7P4zTjasrYu+Bkvbw5wIDAQABAoICAHGnRhUa4Q0AUHfSo9xWJOHi +HGMIeFXKySy+Eigku0c4w8YDSSED0VbddLK0T9vtmEGX7s+1/3dB/MU0Ng3aUfKi +pFsxUCpTHZI4bXKLz/SDechRoF68R3EbWvWEZ8DoomEwQzLaotsA/Itt7kRDZz2s +ik7KCKtgU2oASMEmnk9Y+4VLRjkpI+DzdD7+pOQjdO34JAYWhMYtlT3crOxQB0eZ +oWP5o04SsI2YXXx3pw/lLHWKqZn8bciGRHisulun778AVcwHWFoWnsiIoRrn9PEw +rQN6F1vZWLTq2RISyZ3uJZJuzBd8HxdlIyGOCcohkrzWBq1o6bqs9GaxZpBaZIzn +J7ccUvu6J4Pqt6K6fODn+nPrEm6w4r9oDJCMJBh2JT3xhzlKqsqX56CMBnCS7FZ+ +sxvkIwTpei6rBZhomSAoKiR2CrTzUjbK1OMrF+UjE3P0PBM74g/OhF2NzDxb9Nub +hgs7JUyVdVGKt31hoO8EVrJwp3pOKOv5sD0xEGzV49B15x1ppvmPOCiX/64lmCU3 +4HkeOnlKnuRk375TPQO7v20e4VpnuQpDLv9TqPu/GxPYKlIsBJW2hLqYmRxU+Nsp +PvCqn+82L1Shq5rDKR2AhSYs8Hs56Lwq5OEMLqIkD1qwiAuihmNNWLNVAlr223Zr +8efwVg+3m8DsPChePs2hAoIBAQD+N8a6Ist8gs2O6+JyLeGA9IZ4eI2b6f/T38PH +P3GBYNol/6ub4jMSjNJCo6MQzlJyzBuJ98K6bJBT1rYx6sIBxWbhcqoN9lGMUYG9 +LGhPlA7xCNjQ+bhAoAkqBhdaakazdukU3/14iHG/xannQNm2aHC42RokFM/fnwqm +z5ynu6s/zEe+lUaUKd+Ax4vnjcKBOfauhu0CoytAmt5zc19OuFClQO9SY49enTay +eUcZyvk43XG+GwQiFSc3Uc6fvaAGc7PMV0gcrqDWmx2ik3JDQD1aWFoOkdE216Bz +5k7Tj3iir8uJmV3mP7TdYVIy6didqBZVvCovSoGKs3qnp7WRAoIBAQD6TJ+K3Lan +VS75IxgSgqJKvlBgxuS0eoLHL+rN9tFjvZRELg5kaWCnHdiyktb8BR6Nr8cHPFTW +t9IUyGU4tLdyRz10GZr8yghvQIeIOOkwzMvqeJCLQarA2vbvA13/6fMVMJUrYufY +DR4DqF4jP69chaEzSxatgag3HVM7cMuxul9XfbyoqMk/XXVvijj7exgmmlbRrniO +xHTy0wt9hmxPN/tVW1lXFkjifPEE4JjmQ5rRIFl259XcQ7HaOGTYn4Qp1UGc/mmB +olliMArmO8Ss4/YaOXrTBXDG6oyDGImFB+YxjKA7BiGKE8jkwASy7qpu6gj5/rk6 +DvTMdj/GsaL3AoIBABHvvYXEjrbqQ7ahzghgVFjU5+f4GYW2rOY2E4orX8bRHpMv +xtvoydG1PeCVyxuUcxzGaesCICsnHcfMjm5XMfkOBIRDotv5VSehWJYQXAvBVoyL +I0EbXXSx1fOxGlS2yuY+rZNbenbWqa/uMl6upK3KEKn6J24ESeZtQkMiwtrS0vJd +Z3J69c/eZHahna1owyB7Bnyp6G8XNCYKx0c+DKtxNb9zJW+atrLmRMWy6OFZANyS +Q0Q2g8Qj2fB9RSbgKjpKT5VLUzsy1wZNS3n9DULRdYK6WSBOCYTlEd0bktQ6ezh/ +Ts0WlRl5xTkZdMNC3JXDFlBWRmOvzhQLNcw+eQECggEBAOxc70xyoQnjpzgdq93O +/vMWRVEegVrtVhJDbbiSG6nUnO7Fj1HDMUKfLMN1Zw8WxoOGOqzajEM302tM0kl6 +XsHMBHxesb2GC/EDPvmkxJEQ1H/W2qimmlkEbavHwjyo8KRR/Iu8GrQrruxFUqB2 +w2Lbzh5iCkhO6EsjpjW7jp+HIAG++ylKOsFbwEpUfPr+gw/xL4tS9wXa/5VPNsqS +5jTo6K7yVKuon6tB0ViJv9myfcB+i/19cLdQNeOc3Z6zBFt8xzk6BugkJ8RRGfnQ +9ylNHFonbZVYzecKFya1RSgbDYY9BhK293UsuclKiyVtvASBfXiW0tPAy+tIv3Ei +zoECggEAQDkWiwpTWlmJMPFLJvF6uhR8PPCcflZGCanuXi4/JiMLGXEjY5sNs5oM +pjNOtjUKGTVnFo5z3617XQiL+E9QtZfCxaL5izzOLQ/UhW5SgFwNa1ravOka7JHh +X+DALWhH/deCJC+ZDOd4+xl0TBzmWU8Vi2+nK4YD8PHMy4vwWaGLDaEDrRKDYPR9 +3ijpUC4tedDlFM5GNULe89LA8bOgcC0wgbyYKdCt3aSSCuPevrnppp8Cy8jpCQFK +ZcAlwsBo9VankNbOuogXE4XHYBDxgpJzQerV0dgJANf/vTcr93yBse8xALybj1bd +aa88bRD/Uwn3FlD5lm3Yx8SB+Py2wA== +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072_Expiration/ca.key.der b/test_key/rsa3072_Expiration/ca.key.der new file mode 100644 index 0000000..59c1389 Binary files /dev/null and b/test_key/rsa3072_Expiration/ca.key.der differ diff --git a/test_key/rsa3072_Expiration/end_requester.cert b/test_key/rsa3072_Expiration/end_requester.cert new file mode 100644 index 0000000..06b9491 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA3MzgyNFoX +DTIzMDQwNDA3MzgyNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqv9p/V +dUdDWgEvIDGOf2idafttvpPbHY7fiRs+EJhb7opwmHpSeUVb0wnBiq0HEjtH66y3 +dwKcl1ehkAHGpt9zAOl/xg2ILnE+LYHxHCjJMUAE6NF+G22DeLQ3irrASbAp7ReI +4u2J+5E6wFk+GGdRKvCfKIsGRLLeXyebPotcp/kXLLUiNk5xtO/KeSg75MtMrdvD +CDVpL/soGgPDT2KlUWNCNXWyj6D68xPEo4lsn2jKnBBMIytH5+U4JHKNkrEW6qpN +13Dn15kBKmPd44xd5/NP1PZm0YMycv5YUXS1LqU3ijtwTZNz1c1xW63HoIUlYq/o +hj2UQ8i/BLP8mYgc1ZCtGUaPJE2WDYreTeXIMulWJR7MWcW7CornTYvWgskzmTgW +IflS2gLbGXJkb6axEigY52Ilv4t9abejqnZg0iJp+cUq8Gd0q3obIDV+oqq2c2JF +XnvakOmuQizz9bxz/4DENbwW5W6owLFVG/V1MubWcsvNT+DdODVSYwRfGwIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBT+9iLz +UMddlIhnVSeGR2k8vyeQ4DAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEAZrXINjYshLNyqG/qBpmLoJPWB/a0HJLJ+bFP4Dwq75W7 +vrGU8d9zZfGk69Zwrnq0lSKgxiI35wMaLSE9XbuCmsRAjuVQESQ7I/1Meinh8/Rv +oozwyWfKU+g6WOGH5/EN+NZ0QLOte7SjJJ4gkA1P/LU1DnW3fubHbrCbvZ6KMoks +qu/96iORsBEAp1uDt0G0X/Ds7e7et6G0Axb4P5yi+5bHgTt/EUfVY/9ahrmzn6oT +VeVvSCjyG+LxS2zr0GtMZGAu6Zqeq5sQaG9rk8oDWqh4Kj/mnlqnVAe2waYZEfjt +2OJCD1i6wb9Fz2ID1ygzBjO5XPB5yCYsmPJ5ySk8rtE8rm5rzbJGuhM4JMsbZxZP +j40zn1YdOmFmJkzkcQXJlreLbnCKCLW9xai3YDVUR7XG2VGooOrBZfQ2ukAGq5EM +7cGKXRb5nfNiohbCAH4/Kvf35h2zeoyTqoyeVbA6dl1pzO+VCGYuV12sPzGQTWAl +staYujb7T3PjoolHDOxG +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_requester.cert.der b/test_key/rsa3072_Expiration/end_requester.cert.der new file mode 100644 index 0000000..61e0a0f Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_requester.key b/test_key/rsa3072_Expiration/end_requester.key new file mode 100644 index 0000000..0e5cbef --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDar/af1XVHQ1oB +LyAxjn9onWn7bb6T2x2O34kbPhCYW+6KcJh6UnlFW9MJwYqtBxI7R+ust3cCnJdX +oZABxqbfcwDpf8YNiC5xPi2B8RwoyTFABOjRfhttg3i0N4q6wEmwKe0XiOLtifuR +OsBZPhhnUSrwnyiLBkSy3l8nmz6LXKf5Fyy1IjZOcbTvynkoO+TLTK3bwwg1aS/7 +KBoDw09ipVFjQjV1so+g+vMTxKOJbJ9oypwQTCMrR+flOCRyjZKxFuqqTddw59eZ +ASpj3eOMXefzT9T2ZtGDMnL+WFF0tS6lN4o7cE2Tc9XNcVutx6CFJWKv6IY9lEPI +vwSz/JmIHNWQrRlGjyRNlg2K3k3lyDLpViUezFnFuwqK502L1oLJM5k4FiH5UtoC +2xlyZG+msRIoGOdiJb+LfWm3o6p2YNIiafnFKvBndKt6GyA1fqKqtnNiRV572pDp +rkIs8/W8c/+AxDW8FuVuqMCxVRv1dTLm1nLLzU/g3Tg1UmMEXxsCAwEAAQKCAYBW +B99n5Zurm01vJdDubfalezfUV8ofdJXePQY9F1+D8LaY886oYIWgyYzuS5t4kk2T +0KlgWxSQjHXlXYO/jxzazu1O7ptFe4t5tVJFykqfqPadDtFgiNHVdWEo1KjY6wiS +KwxAs/NCK4QyEADXmtwS2RWhb5uNhbvE+kJI3IPwY1UZYwqNf5YJqiXaJ7ceIuHR +MKs8xy8Vg/oCPjZtwIocbpjkCYnqcYKbe93gqv0C9R6JJRvcNXeocTNDM6DzB8ox +gHZefxve87kVblAwTwTy90S3QloKHmwmYDLY0bGjGHWt2yIVyHD2NyavH1Elqo9s +dn7kir5FD8dly/xU7m79NWaKzvewYWCrsfZTU42j2U1juctXmlg6Yv37/JMIibRT +DqCIFoFOq9SqRgkh741YoBmGIobQwnFq2kqdgwaL4chuVwxj4B6Q5Qh3Sqx9zimI +/Jzgxyl+zU21vUJrR8r/VIOi/NFutLR9MMUhTNVHcJ9tC1CGuFRXLWnYEOZDIaEC +gcEA7rwYqetY7EF5sKbP98U2NjE5jsPSAU3EMk00yAoFoFoNMnnPwb9/yWOh4Hfq +eTTNSwNffWCiTJ5FdvEdagYTVnoWr5cFNxuZcg7cTpbrwnReeoHINGbPgrdCHOI6 +tRv1Q2/lXAAQFF2K2t2iN76aEUhlqbetbEF73J5bTOEWorKjE5wPsA4QG++T7WFF +mmCFlwE3+/kozsg/qy16ToMunN5wOwTim/bYiV1skB/3Mriz3SDwWEvx9fi3b1oy +I0UzAoHBAOqAtlQiciVAjOHTTBP4iHV9XumcOSrUy2qhCSOnLgN64JD6YLlpkBnv +METZga2s7bp7L1pkHdn72OPP/MRdeRxIm+LMiUYIWpwc1AuL6BJg54v4dKcjUAdJ +hf4HyLwH+Unrn3Ulzdisl8JOVjRELQAYj9XHJvuJ9u+N6yE/DUtTlbTyyPLkGG0B +fnRye8Z7mHff1J3NfOPfu1v72CC/PLxqBQAeKo8D9UjalkJF2+Ve/gnSIWGGTRoe +ikp1y3CueQKBwQCqcqNNVhnT/F9sz3y2UxiEkpqcopTil2pX26WumPExbnnzquK5 +WwdaewcNY7CFvzw/rXXU51SZTXsdE8NDenj+Cgb+cN2pXcwtkgybE8fZuwnlf5m4 +SBsqIbtTMfZmbkKrVk20ZNsWHz9PSmRSVoRbiIwFI33vR8WuW2WmOyLVIKOsEYVl +1nSL7X55QjTWpslaaeVVwqvvDyveBIdJXQG/wFTy3mcIobIySQCE2j28+gB5BdZz +xC1Jx7z4BLa9Vd8CgcEAkvdhza7c3M3svWcAag+77e5Jup0HEvnUFpqgMLEI3HN5 +JENWtT0ca7SFCtFKPX+Aafvj/IF8V+5HytbB8osmaPx0fhpz+ekoaGiE2EuxgTss +QoPPECTIdhi1GjTksDtLF/HMuM2diar5XXRdAFqt3T6HfpJWsxSPJylJcEek3E2h +KIt0Nw2O5VonV3GccxNoxdAI33E2UVYZhRd8J2HS/b5wLde6EnGHm0YrH5PKsaDs +E1mXRBi4X6M+RlY2zwL5AoHBALeE/aArs+CnUYzPz1dG5F9PlUpQ+YiTWRjEtuJF +iE8dFVdvMwbey4yMVmTmKUDIBR6sCppUHyPXaHvvFMuEodSlEU4TDhDnP67T+zEO +VqaZHNbZaFXmbM4/PQrvFgd5fTPY5tPNENllpu65pr52L9dDcEmnx0IOC5KVLoAe +6P67vtC4eYVMtpyJ7UCedPKEwyyDJbsOgoZndtfq04L1Y5NYpx/XX8jsLxp0agCC +WjyBA9VGlgdjHmkscznM85mqSQ== +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072_Expiration/end_requester.key.der b/test_key/rsa3072_Expiration/end_requester.key.der new file mode 100644 index 0000000..6ae5123 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester.key.der differ diff --git a/test_key/rsa3072_Expiration/end_requester.key.pub b/test_key/rsa3072_Expiration/end_requester.key.pub new file mode 100644 index 0000000..7678fda --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester.key.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2q/2n9V1R0NaAS8gMY5/ +aJ1p+22+k9sdjt+JGz4QmFvuinCYelJ5RVvTCcGKrQcSO0frrLd3ApyXV6GQAcam +33MA6X/GDYgucT4tgfEcKMkxQATo0X4bbYN4tDeKusBJsCntF4ji7Yn7kTrAWT4Y +Z1Eq8J8oiwZEst5fJ5s+i1yn+RcstSI2TnG078p5KDvky0yt28MINWkv+ygaA8NP +YqVRY0I1dbKPoPrzE8SjiWyfaMqcEEwjK0fn5Tgkco2SsRbqqk3XcOfXmQEqY93j +jF3n80/U9mbRgzJy/lhRdLUupTeKO3BNk3PVzXFbrceghSVir+iGPZRDyL8Es/yZ +iBzVkK0ZRo8kTZYNit5N5cgy6VYlHsxZxbsKiudNi9aCyTOZOBYh+VLaAtsZcmRv +prESKBjnYiW/i31pt6OqdmDSImn5xSrwZ3SrehsgNX6iqrZzYkVee9qQ6a5CLPP1 +vHP/gMQ1vBblbqjAsVUb9XUy5tZyy81P4N04NVJjBF8bAgMBAAE= +-----END PUBLIC KEY----- diff --git a/test_key/rsa3072_Expiration/end_requester.key.pub.der b/test_key/rsa3072_Expiration/end_requester.key.pub.der new file mode 100644 index 0000000..65abc93 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester.key.pub.der differ diff --git a/test_key/rsa3072_Expiration/end_requester.req b/test_key/rsa3072_Expiration/end_requester.req new file mode 100644 index 0000000..1ca807b --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDbzCCAdcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1c2V0 +ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqv9p/VdUdD +WgEvIDGOf2idafttvpPbHY7fiRs+EJhb7opwmHpSeUVb0wnBiq0HEjtH66y3dwKc +l1ehkAHGpt9zAOl/xg2ILnE+LYHxHCjJMUAE6NF+G22DeLQ3irrASbAp7ReI4u2J ++5E6wFk+GGdRKvCfKIsGRLLeXyebPotcp/kXLLUiNk5xtO/KeSg75MtMrdvDCDVp +L/soGgPDT2KlUWNCNXWyj6D68xPEo4lsn2jKnBBMIytH5+U4JHKNkrEW6qpN13Dn +15kBKmPd44xd5/NP1PZm0YMycv5YUXS1LqU3ijtwTZNz1c1xW63HoIUlYq/ohj2U +Q8i/BLP8mYgc1ZCtGUaPJE2WDYreTeXIMulWJR7MWcW7CornTYvWgskzmTgWIflS +2gLbGXJkb6axEigY52Ilv4t9abejqnZg0iJp+cUq8Gd0q3obIDV+oqq2c2JFXnva +kOmuQizz9bxz/4DENbwW5W6owLFVG/V1MubWcsvNT+DdODVSYwRfGwIDAQABoAAw +DQYJKoZIhvcNAQEMBQADggGBANfOg4BFyP8I9kZ6IEG7IF/1TmvUgBKdpqZARDCz +A/MUkgDDqgFBC/1r3AmUp1mQHxjQTh4AzUlKnKJIGdEu2O+ieKK8XhY/zFHJJbGR +y9oNsuLof8I3zEkktkidC3V/bJWez+a5jPb7/++seQngrKJy75LAEuEnfOYvWV/4 +7RfssCvTJu14GY6mx9JKHIwOtK/C+uc5YLiGqMVB2ASFE+ocpfa0/uIn19tXf8Vh +rixHEVleiI2AMGIost+oZeUOf3YvoP+F28JLwi3yLILsELAQnBmXwrh5+axB7G6N +IcPyNSKtkLTJ9ujjW9k8PWkSV+YfBZ822nFsWwRC7jdyfB47p1A+rBBr5PQR+Mt8 +ZvLJ1TV49w5kv1fcYAqD4lDHU2LCFYgoJ2i+OLnJmbijmh/y4MA+RwMWkh452zA3 +7KAN0WZl1rG45qXSy9HCw5y1uzsCcgpAEIkv0QW9B1v9actcbOe3z79WGSLUcXc9 +XGs+Xb8BFedUhfXwPmAQTcDOXA== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..78cce4f --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBBTANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQ1MVoX +DTIzMDQyMTAxMjQ1MVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqv9p/V +dUdDWgEvIDGOf2idafttvpPbHY7fiRs+EJhb7opwmHpSeUVb0wnBiq0HEjtH66y3 +dwKcl1ehkAHGpt9zAOl/xg2ILnE+LYHxHCjJMUAE6NF+G22DeLQ3irrASbAp7ReI +4u2J+5E6wFk+GGdRKvCfKIsGRLLeXyebPotcp/kXLLUiNk5xtO/KeSg75MtMrdvD +CDVpL/soGgPDT2KlUWNCNXWyj6D68xPEo4lsn2jKnBBMIytH5+U4JHKNkrEW6qpN +13Dn15kBKmPd44xd5/NP1PZm0YMycv5YUXS1LqU3ijtwTZNz1c1xW63HoIUlYq/o +hj2UQ8i/BLP8mYgc1ZCtGUaPJE2WDYreTeXIMulWJR7MWcW7CornTYvWgskzmTgW +IflS2gLbGXJkb6axEigY52Ilv4t9abejqnZg0iJp+cUq8Gd0q3obIDV+oqq2c2JF +XnvakOmuQizz9bxz/4DENbwW5W6owLFVG/V1MubWcsvNT+DdODVSYwRfGwIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU/vYi81DH +XZSIZ1UnhkdpPL8nkOAwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQwFAAOCAYEAjJowLFw5 +XWLbi9gAnqs1vaVp+qycDYl6O86xaJSKTcfaAGfuWogxD/Ilp+zJVqzu0Z4uJW3g +erzFVomiNvA/pfGkM7OZWtWgS9jAiEVEXLTgWHuhuLe4QxPgnof5NhuM+vcvnDEm +5R287TR5UbrpfpciGu5QlCFnprWW7PT1PsuRukRv7yQU1hsTjS6xwn7K27v+vjnD +UeJdM3JzS+sHX3B8KYVS5x2nIXiS4B9uCuO7AIC1DyNUK8phJcNO0UM1irF+Mgo/ +T+AqGH4IXOzGEqGCMAe4w3+SKuLmWzVk1tjswb4xsezAczulpo/i2TvovNDKah1h +uVMMojxNKdfpm5hfEEjISwza9RnheHtWLUgBiuThjFSTkvJL4q520kIr+7o+gdy3 +NXreXvOSor0tXI2YScPE/5kzFRxfLVAhx0uDi3UhjHbltmqpmyQKQfnnG4eeRvzL +bkZooo2wdIYy2M9k3Gcl19QwAzJlpoB5cAXokedcx3AacXCsjT9M3i/B +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert.der b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..5e6d527 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..eeafaf9 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCArugAwIBAgIBBDANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQ0OVoX +DTIzMDQyMTAxMjQ0OVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqv9p/V +dUdDWgEvIDGOf2idafttvpPbHY7fiRs+EJhb7opwmHpSeUVb0wnBiq0HEjtH66y3 +dwKcl1ehkAHGpt9zAOl/xg2ILnE+LYHxHCjJMUAE6NF+G22DeLQ3irrASbAp7ReI +4u2J+5E6wFk+GGdRKvCfKIsGRLLeXyebPotcp/kXLLUiNk5xtO/KeSg75MtMrdvD +CDVpL/soGgPDT2KlUWNCNXWyj6D68xPEo4lsn2jKnBBMIytH5+U4JHKNkrEW6qpN +13Dn15kBKmPd44xd5/NP1PZm0YMycv5YUXS1LqU3ijtwTZNz1c1xW63HoIUlYq/o +hj2UQ8i/BLP8mYgc1ZCtGUaPJE2WDYreTeXIMulWJR7MWcW7CornTYvWgskzmTgW +IflS2gLbGXJkb6axEigY52Ilv4t9abejqnZg0iJp+cUq8Gd0q3obIDV+oqq2c2JF +XnvakOmuQizz9bxz/4DENbwW5W6owLFVG/V1MubWcsvNT+DdODVSYwRfGwIDAQAB +o4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFP72IvNQ +x12UiGdVJ4ZHaTy/J5DgMEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcD +AgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwDQYJKoZIhvcNAQEM +BQADggGBAKCpxSZtvA8N160Prt60eGbzFZNbzFt6YUHi7KRwWm1vzdc7NqQBtrjI +uWnhr9BMMKEuZKNZUqXMR880opIJu12jbJujz/zwhz5bFml50/EcsmttlKVLPudM +PtYxLjNc1cP9GORjcVT+3jED1l1g4E5yHubdPdlg60MUUdxrI9yJWoctAAcfeE6S +lNvyjOxjgo9/KBVIH8U47Ys57eJHvu3WHG5aisjcGZT1hYmDZDeeAs0H3YZ+/tJa +xys4Gw5pd/HBCKUOxLBNwwjGe3PNmpJENmqDlKZyBx6Q+U34KPKyjC3WqdjVgzVr +o8Am7i3Y7CjM2dpngkyrPsrg0ieF1T14VWb4Fa2QgHd2DvJcN8LBeRY4riGlahGK +Ox/4haLZmDuSVcr10B/EcXdM60TA+5Q0z/QMi4WUepQbTshTd2y8HBOuARVTr4Fj +R7HhxO2hZKVi4ROXs5UXEMmDUwV0eDDHyp0YUoPHSim5lQgK3/xoHZOOvM8WXiD4 +kdfUwJu7aw== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..1ecca51 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert b/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..d13c9c2 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBBjANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQ1M1oX +DTIzMDQyMTAxMjQ1M1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqv9p/V +dUdDWgEvIDGOf2idafttvpPbHY7fiRs+EJhb7opwmHpSeUVb0wnBiq0HEjtH66y3 +dwKcl1ehkAHGpt9zAOl/xg2ILnE+LYHxHCjJMUAE6NF+G22DeLQ3irrASbAp7ReI +4u2J+5E6wFk+GGdRKvCfKIsGRLLeXyebPotcp/kXLLUiNk5xtO/KeSg75MtMrdvD +CDVpL/soGgPDT2KlUWNCNXWyj6D68xPEo4lsn2jKnBBMIytH5+U4JHKNkrEW6qpN +13Dn15kBKmPd44xd5/NP1PZm0YMycv5YUXS1LqU3ijtwTZNz1c1xW63HoIUlYq/o +hj2UQ8i/BLP8mYgc1ZCtGUaPJE2WDYreTeXIMulWJR7MWcW7CornTYvWgskzmTgW +IflS2gLbGXJkb6axEigY52Ilv4t9abejqnZg0iJp+cUq8Gd0q3obIDV+oqq2c2JF +XnvakOmuQizz9bxz/4DENbwW5W6owLFVG/V1MubWcsvNT+DdODVSYwRfGwIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU/vYi81DH +XZSIZ1UnhkdpPL8nkOAwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISAzANBgkqhkiG9w0BAQwFAAOCAYEAtghsS4ZA +iozuTPk0medZDf3Qx/DpsWsl9n4SPHC1ktqeOy7GHRg+A8JKBHeGMIwhNxLBHzoq +MYS7YBtCNfXhVJHM0HA72SGa4NMAkazfQGQ4WIf0owvuUxdd0Ep+8YmHJPXiYMdX +8Xw6/wgpWiKKLbOUU/xq0S7XqqKnHYWw/afGbU2bwMmM/z7EXSw8ENGxcj9ihBou +NyR16zHBWYuXDacGqfN8z5Wy/cbP2gVDIG/eisSDs5VebdwCfvqTvVFTgIXGbw1K +19OMWPOyi+40NFcAGKQ47RrfYEarbAp03lqbFMMKSFL1pQCw+OQspqcqWLtL7t3y +apHl89xEFo2nhzhcv+Dwv14mICo5SQ3oPvaNtFnr+bnDgfpNHkJcWwiaPTJzw2CH +sT2qGtID+UlS2nodNs8fTNSWXT5ag93qJV8iMxoC4B4uZR5RckTRif2hh1akaRQi +qttt1DTZK7bVaa3+kisWO8bObEWgwjdkQHOUF4qvp4ySio4EgZ1PxjKo +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert.der b/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..a7cf595 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_responder.cert b/test_key/rsa3072_Expiration/end_responder.cert new file mode 100644 index 0000000..ab61eb6 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIBAzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA3MzgyNFoX +DTIzMDQwNDA3MzgyNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJwvFRNh +RyVI4rfm0W5io9V0yamOurdN7MUtxhgg2gblYujDotRdhcDXbwvB09XFSJJl2Onh +6mB49Sj5RzLMV3i1uH1Jn/SVZ489Z8kHc8+/Ue3kYE3wi09xlt99bwpp1jK+tJnK +T6HJlQLqpxyX9OaF24uyv7S3v2/XTZ8BO5SCAUE7wVfoc5t+ijLA9zCd0P3qjX4p +FW//ZDQBc1GWAMWMhDQ7mKV9WBzX7ib8qxo5Pl2aIbhPQ16hPjx3czpaieAnxAO8 +67JmLDwzQBUfOgy04USgLpIncceGexuZw9yiMw+WTIMDDQoGu+urCn1ojUhYqO+B +ELeiOGDwSi0ZjtWXGo2gluObmDpir9Xo9pLm2gc0fKkSfxKbKz4DiEuFlOEMO0Yn +JJDDi+79/KWg5Y+mnv/jxlIIvYJDt5x0ddTb1G8Xm/ltvlc36rse6JVvJfudgHZw +7krMuAGVk02ta8y7/Eq4bpahs1JiHV2Qi+zLxeLuzmPX3LWLG1SmJqWq1wIDAQAB +o4G4MIG1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSfzepS +8BvmVqFaB0phWlri1bf14jAxBgNVHREEKjAooCYGCisGAQQBgxyCEgGgGAwWQUNN +RTpXSURHRVQ6MTIzNDU2Nzg5MDAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMJMBoGCisGAQQBgxyCEgYEDAYKKwYBBAGDHIISAjANBgkq +hkiG9w0BAQwFAAOCAYEAX1I5aQBZOTShuVomfFa2qrmbj7S+3vVpV7qs1CtCZU9F +Cyl7Zc+p5LQ9sosyH3xXyOJ/zFJryzjntPDTwnSnZ68IgvushZq+aQdhJk+sMQbK +t3z+/ChyBnQlg5Smmps1ZJTYX7lbq193aEvEIlc2d7lVxwaLDNAi0bFUNHekF5db +YE8ZrragFkpkUrZhUtWIyA2MZuZHcWEOLiuWseDhkZCxrRwBDlM0kwFxAYSvd5tF +NKUNcFDfJeQsjL5GDSlWIT73Q82Maj8qPtoGxu//ME3ZFO0yR4C9ecUokbjeCg0L +4paPTN5WMxqqiT22AwjraLExPX7ktUyjEqpom9KT69z6cutN9/hitrqHenLnzr4c +X8EMxM+DEfUOq7WcTr6Nix9fHmcFLznycWTsAL+xgdBhovw/diR5Z5rw5HZjbEvN +R7OgIum2AGS+sd22vMkILyOkRQo01qjfOGinlvxLYQe7GXOoqGCTeeHtvgd3uxuw +xLINv3i+fj10hZutYYhv +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_responder.cert.der b/test_key/rsa3072_Expiration/end_responder.cert.der new file mode 100644 index 0000000..83567cf Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_responder.key b/test_key/rsa3072_Expiration/end_responder.key new file mode 100644 index 0000000..441d778 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCcLxUTYUclSOK3 +5tFuYqPVdMmpjrq3TezFLcYYINoG5WLow6LUXYXA128LwdPVxUiSZdjp4epgePUo ++UcyzFd4tbh9SZ/0lWePPWfJB3PPv1Ht5GBN8ItPcZbffW8KadYyvrSZyk+hyZUC +6qccl/TmhduLsr+0t79v102fATuUggFBO8FX6HObfooywPcwndD96o1+KRVv/2Q0 +AXNRlgDFjIQ0O5ilfVgc1+4m/KsaOT5dmiG4T0NeoT48d3M6WongJ8QDvOuyZiw8 +M0AVHzoMtOFEoC6SJ3HHhnsbmcPcojMPlkyDAw0KBrvrqwp9aI1IWKjvgRC3ojhg +8EotGY7VlxqNoJbjm5g6Yq/V6PaS5toHNHypEn8Smys+A4hLhZThDDtGJySQw4vu +/fyloOWPpp7/48ZSCL2CQ7ecdHXU29RvF5v5bb5XN+q7HuiVbyX7nYB2cO5KzLgB +lZNNrWvMu/xKuG6WobNSYh1dkIvsy8Xi7s5j19y1ixtUpialqtcCAwEAAQKCAYEA +jChERYv6iJ8LtfTQ5LpoQ9n2Ts7jCDRJ0fjt2CFDBwU66Z8GtIToztGFuYtLSn8s +TRRQwDIYXlKtzwNEvXVa2dxZnzU+8gJRWN3GEUU6zKfoIg/bzJWcrsJEnnK1/yZT +Ll6tO4WuSIXZzzA8nxBOmcBt8MOL/eUXSopwAczdZrvz3FJ/gx/6/wNjiYBZU6uM +LREbwKelsUgC6BiVIBX4w08CJM2GgpwlQl0UPrBn67SLHvx+XiPjVTxl2WVoZmlw +AlqCW7eqEhHMRIlX53vnP2lvqHB1FRNUYOrVBCBE9Knl6F16T1fGyJSAK6JFbyuD +exjWRlBDjxuYqTqNe3HrIygGSWSaoC2BYbKM6HUiC7O1MxnufQzqahBL+v8WY8/B +vZIX9zWaG3VVRNi4XMgk6rayEklGdPDDZx3yGlgCDiR8HpBgrKjx3omxcxsepaos +cDBqCnIGxW4MC3ZjfsoiLVQJfscCC68C/kCpMaee6fefOYj3xGacsd6Ors25eRLh +AoHBAMyEZn7FOh6PZATtU7MgBGfstTnF5jms6fW1KgaEtZFWgV4496Ht1IqoT02K +Gvyl/GXenUu36V4CxURp8071K1h7A/r+tBTItvcmnooMJFJccqdRputX0mdgoMmW +aZM/HVzXaaLSkDMEqviE+WGtEamw8aRxz+uUq+3hKAOOvhIvwKPQKF5gDSOCWwQ4 +178oBIee6TbdL65des7a28jZewTEqoawx+ghZ/XoVIR+sj4x3IhLUa+IRp8iA2LH +l1dJ9QKBwQDDf/b9xsttB48G09v6Ryi1wUxv1p6czJoDcZAdv16b4XS1TV79305C +n6BzbNyxPyaGP0IxhWFeHmE+ZLTCQG1bNp3sRWnzruI9u6EwRiZCL+U2Rs3pEZys +FmLG+lINr7HWwSplTdpfdFHmsHZ81VU8N64wTXKRmi5GLzoNwOiJsOPznoMP/7ec +lH9GS+6sI39t+91r2qN4E3COJWawoL8tqBFZQstJP8p1g8xsspKVll8wgI3dtHIh +gT2idEMMphsCgcAIMd3xgnGbu98kG2ZZLRVAHMn+MKHS+cy+Ha47aKHl2vOAFQRH +JsJ3c9sJnlkKepQseMkQuaPOMoo4/Y3UQhqkhvlX21DX7Fr4eEGuAmKKMk4dyjXI +BFLX9ZU7vp0oW0UP7Um8Tnecs7kuEBX2BftJM1/bWPwd0m05MOZrjhKro+IyLisP +7QVZwOVou+ZZMH9N994cZqx8bh53n2ljGOPHAyJaF0dLU9tYjSCl1nXJ7DGL/Iif +YfSCd9hu4tR7mOkCgcB70HV68AYx/RGGP3MYJS0RP2TLh99YavQ3rhqZ3HNswfMK +SAAbROvpofMaZx22W8poR3QCrPinhRINU/Zu+CLKG+MUmjmqDV5XvpctXaApVvAR +2fHa5D6Xdm4EmtCQvm8hFaFmG1JsFd0w/x1rniinRJRbHxGqST15UbuwrjYXziHw +TrmuzkNZNWsN+FUmTC0OWO84uXXCPH2SaPmKb6PkpIaoQ3c/4ti0aE51oPrZJi0P +KLuwZ/HIanPAiWVVg3UCgcEAniHyCJ8oN3CUp0F+11pzizlNpqwBN3hzXnFuDj7V +iA9OQXxBQFzr8zB/r9iB4gzoh9EOBfjgTxFvYjJDEfCGi1lZeTBQktosDIohEGOl +xRvgCKaVJ+64ssb5rI0THYZJpxz6aBiVkeuFdyKImInfiiVNS09VFgvKNRKTULH3 +bNflYuEp+Rz4woZ7qm1WFIlK2Ii0mASzDl1GTo59khANNLhVmKgruhNTE9N/VRkU +wtlPLRw3v4rHlm16IIOozAht +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072_Expiration/end_responder.key.der b/test_key/rsa3072_Expiration/end_responder.key.der new file mode 100644 index 0000000..c8d6fbb Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder.key.der differ diff --git a/test_key/rsa3072_Expiration/end_responder.key.pub b/test_key/rsa3072_Expiration/end_responder.key.pub new file mode 100644 index 0000000..5e41d19 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder.key.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnC8VE2FHJUjit+bRbmKj +1XTJqY66t03sxS3GGCDaBuVi6MOi1F2FwNdvC8HT1cVIkmXY6eHqYHj1KPlHMsxX +eLW4fUmf9JVnjz1nyQdzz79R7eRgTfCLT3GW331vCmnWMr60mcpPocmVAuqnHJf0 +5oXbi7K/tLe/b9dNnwE7lIIBQTvBV+hzm36KMsD3MJ3Q/eqNfikVb/9kNAFzUZYA +xYyENDuYpX1YHNfuJvyrGjk+XZohuE9DXqE+PHdzOlqJ4CfEA7zrsmYsPDNAFR86 +DLThRKAukidxx4Z7G5nD3KIzD5ZMgwMNCga766sKfWiNSFio74EQt6I4YPBKLRmO +1ZcajaCW45uYOmKv1ej2kubaBzR8qRJ/EpsrPgOIS4WU4Qw7RickkMOL7v38paDl +j6ae/+PGUgi9gkO3nHR11NvUbxeb+W2+Vzfqux7olW8l+52AdnDuSsy4AZWTTa1r +zLv8SrhulqGzUmIdXZCL7MvF4u7OY9fctYsbVKYmparXAgMBAAE= +-----END PUBLIC KEY----- diff --git a/test_key/rsa3072_Expiration/end_responder.key.pub.der b/test_key/rsa3072_Expiration/end_responder.key.pub.der new file mode 100644 index 0000000..3929013 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder.key.pub.der differ diff --git a/test_key/rsa3072_Expiration/end_responder.req b/test_key/rsa3072_Expiration/end_responder.req new file mode 100644 index 0000000..a715d25 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDbzCCAdcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJwvFRNhRyVI +4rfm0W5io9V0yamOurdN7MUtxhgg2gblYujDotRdhcDXbwvB09XFSJJl2Onh6mB4 +9Sj5RzLMV3i1uH1Jn/SVZ489Z8kHc8+/Ue3kYE3wi09xlt99bwpp1jK+tJnKT6HJ +lQLqpxyX9OaF24uyv7S3v2/XTZ8BO5SCAUE7wVfoc5t+ijLA9zCd0P3qjX4pFW// +ZDQBc1GWAMWMhDQ7mKV9WBzX7ib8qxo5Pl2aIbhPQ16hPjx3czpaieAnxAO867Jm +LDwzQBUfOgy04USgLpIncceGexuZw9yiMw+WTIMDDQoGu+urCn1ojUhYqO+BELei +OGDwSi0ZjtWXGo2gluObmDpir9Xo9pLm2gc0fKkSfxKbKz4DiEuFlOEMO0YnJJDD +i+79/KWg5Y+mnv/jxlIIvYJDt5x0ddTb1G8Xm/ltvlc36rse6JVvJfudgHZw7krM +uAGVk02ta8y7/Eq4bpahs1JiHV2Qi+zLxeLuzmPX3LWLG1SmJqWq1wIDAQABoAAw +DQYJKoZIhvcNAQEMBQADggGBAF0Mbf8zDtKP8Wz0182qJsmdSk6fz34yHKH98XkI +bgfA9IWMLytEfQTc0bgbdGdkPzIGtokRiqhYoKqynmXMYNqgGmWZI1tGqZZy0JFl +v8YBcTIzThEbYzy1iEFYEXeHDve6F513yptHilg3dO3uZUFfXFHWNX2Z8YfAefR4 +z5h6D8rjaC6ol9bA8wI42dfuzZCFzfVAgY/5orncPyjsouh0dUiCxWI5ZwXB3557 +JaQq0bycf/URP1B2Q2+HBkdc6frTMMXw4EJ/V2y7ut2Xaqw8gofny/gKbXXlcIG6 +M/0VAQrvZ6OUeqBlUs2VcF2bB54Dasjj5hOnQf4C1VmjT6PgvNH/oiMFsUaERxMy +NM33LzEL6yjhr4bqmxjDSMmRBlQ+innNBYEJc3EBlKdnBURMrpCuKVLduqm6GQFN +8IcCaTg31oLmJ7/m2UwwsZ7IZirzGhVMrrtlWo0GvnVTJ5ogRHCN/wSBEs9gTUDB +XKoZcxE+l7nYHrRZcVEy7OiRZg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..a03b3b2 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBCDANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjUwNVoX +DTIzMDQyMTAxMjUwNVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJwvFRNh +RyVI4rfm0W5io9V0yamOurdN7MUtxhgg2gblYujDotRdhcDXbwvB09XFSJJl2Onh +6mB49Sj5RzLMV3i1uH1Jn/SVZ489Z8kHc8+/Ue3kYE3wi09xlt99bwpp1jK+tJnK +T6HJlQLqpxyX9OaF24uyv7S3v2/XTZ8BO5SCAUE7wVfoc5t+ijLA9zCd0P3qjX4p +FW//ZDQBc1GWAMWMhDQ7mKV9WBzX7ib8qxo5Pl2aIbhPQ16hPjx3czpaieAnxAO8 +67JmLDwzQBUfOgy04USgLpIncceGexuZw9yiMw+WTIMDDQoGu+urCn1ojUhYqO+B +ELeiOGDwSi0ZjtWXGo2gluObmDpir9Xo9pLm2gc0fKkSfxKbKz4DiEuFlOEMO0Yn +JJDDi+79/KWg5Y+mnv/jxlIIvYJDt5x0ddTb1G8Xm/ltvlc36rse6JVvJfudgHZw +7krMuAGVk02ta8y7/Eq4bpahs1JiHV2Qi+zLxeLuzmPX3LWLG1SmJqWq1wIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUn83qUvAb +5lahWgdKYVpa4tW39eIwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQwFAAOCAYEAKaoJy2Kz +DvvaHhJ+abRs1WUTfTBYAYCFwc4EQq7wRjdKtM3Qm1TeQG9Zoc2wYvW+bu64GaTm +KgJEC73da49ustqx+hEvFJtZUTBrLnYH1RsTZXGl/10km3j7/KGzxcthkB0k/dP6 +7baUUSfNnySx1qC5CjA9WCgKcdePrMil93sx+5Zu32QlL5xnnyuBQJbWCKvb9QtP +/0Wz8Zzq0BGCxH2sP/uMrq9IkAZfRaSGp9qPWKWzjGuQMa7AtJDOTl6VEG9Uwjd1 +diBWB/DISvdBuHGge9AMa6W8mcRTT/nJc7u55jtxIqVxYh3BIlupwJHkIHy7C7iR +YnLZqYAZYgtMZlJ8ibzOPbhE2txWmCaASnis6xSWXyqwoWS/F6M4C67EFCP9+bQ3 +4H/ObvWddNpxYuZrprQDexl5H0x3yjeKpYRhoP1ai3cBS0wxYGdhno1/3hl+FJgc +ZS0nGTUKs2M81Z8f8LQQoUcC5Mi+60Q7FdVGf7rPVUe5PilItO1R1bjM +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert.der b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..839f46c Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..6462377 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCArugAwIBAgIBBzANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjUwMloX +DTIzMDQyMTAxMjUwMlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJwvFRNh +RyVI4rfm0W5io9V0yamOurdN7MUtxhgg2gblYujDotRdhcDXbwvB09XFSJJl2Onh +6mB49Sj5RzLMV3i1uH1Jn/SVZ489Z8kHc8+/Ue3kYE3wi09xlt99bwpp1jK+tJnK +T6HJlQLqpxyX9OaF24uyv7S3v2/XTZ8BO5SCAUE7wVfoc5t+ijLA9zCd0P3qjX4p +FW//ZDQBc1GWAMWMhDQ7mKV9WBzX7ib8qxo5Pl2aIbhPQ16hPjx3czpaieAnxAO8 +67JmLDwzQBUfOgy04USgLpIncceGexuZw9yiMw+WTIMDDQoGu+urCn1ojUhYqO+B +ELeiOGDwSi0ZjtWXGo2gluObmDpir9Xo9pLm2gc0fKkSfxKbKz4DiEuFlOEMO0Yn +JJDDi+79/KWg5Y+mnv/jxlIIvYJDt5x0ddTb1G8Xm/ltvlc36rse6JVvJfudgHZw +7krMuAGVk02ta8y7/Eq4bpahs1JiHV2Qi+zLxeLuzmPX3LWLG1SmJqWq1wIDAQAB +o4GAMH4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJ/N6lLw +G+ZWoVoHSmFaWuLVt/XiMEIGA1UdJQEB/wQ4MDYGCCsGAQUFBwMBBggrBgEFBQcD +AgYIKwYBBQUHAwkGCisGAQQBgxyCEgMGCisGAQQBgxyCEgQwDQYJKoZIhvcNAQEM +BQADggGBAGOf4NWp8dlIQ6IEGXIiKIjO3aSzU+Yi+zEssbgPnQtK8S5+phGJOiKT +nxau9pq6n0fwLL6JpvA8TEheH3C0B2dozlb7marxzRbHVwodzfi47mvvwX+oMSnP +enPHpEBWWutpy8PbEJHoUVSodplCMabA1IW4tnexNmRUrw/g+plYdkj5oJ04W9Iy +ieRniwQcunbL+emnSGiJOvJQwSpOTcXO4gNZqzMGOp3EdgKHkxyWlowd6BD5uRxp +AqR3gP1ZVzzRnerR2wnEas5PReGC/NOvwI3hNZ6wwMKBkAtvq20dc4MZnav/OELc +LTOH5TrGxW+AmnpVSTapOQdC0v1yQheDSLsSBA5/0SoYHvyKxQpFT7k6Osp5l9uR +gIAyCUWCEWhuHUo97gg5gDzd7MIpzD0z7gdgdKhENPAVHy02G2ymyTjNpRwg+yyd +oQClnrdEQeDEcR3XGR/k6UjuSN3HKFhRVOZWp4W7wvo5Q+8DKe0Sbn3Y3DCk6cwr +QxXhOcWZvA== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..c765008 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert b/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..5a55c50 --- /dev/null +++ b/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERjCCAq6gAwIBAgIBCTANBgkqhkiG9w0BAQwFADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjUwN1oX +DTIzMDQyMTAxMjUwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJwvFRNh +RyVI4rfm0W5io9V0yamOurdN7MUtxhgg2gblYujDotRdhcDXbwvB09XFSJJl2Onh +6mB49Sj5RzLMV3i1uH1Jn/SVZ489Z8kHc8+/Ue3kYE3wi09xlt99bwpp1jK+tJnK +T6HJlQLqpxyX9OaF24uyv7S3v2/XTZ8BO5SCAUE7wVfoc5t+ijLA9zCd0P3qjX4p +FW//ZDQBc1GWAMWMhDQ7mKV9WBzX7ib8qxo5Pl2aIbhPQ16hPjx3czpaieAnxAO8 +67JmLDwzQBUfOgy04USgLpIncceGexuZw9yiMw+WTIMDDQoGu+urCn1ojUhYqO+B +ELeiOGDwSi0ZjtWXGo2gluObmDpir9Xo9pLm2gc0fKkSfxKbKz4DiEuFlOEMO0Yn +JJDDi+79/KWg5Y+mnv/jxlIIvYJDt5x0ddTb1G8Xm/ltvlc36rse6JVvJfudgHZw +7krMuAGVk02ta8y7/Eq4bpahs1JiHV2Qi+zLxeLuzmPX3LWLG1SmJqWq1wIDAQAB +o3QwcjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUn83qUvAb +5lahWgdKYVpa4tW39eIwNgYDVR0lAQH/BCwwKgYIKwYBBQUHAwEGCCsGAQUFBwMC +BggrBgEFBQcDCQYKKwYBBAGDHIISAzANBgkqhkiG9w0BAQwFAAOCAYEAEnPAIIvA +oRYkg8Q1Uut8CLxEdftnNmBVFQruFZHSDlEBByiNGVqo6ag/1Ph2B7gkEk9EpTAo +UITGMSQLiBKf864Cs6okyXTiUlXT/rnAJ4zqnpTSjR6ZOmjn2KH4iZNhKrGl9bq6 +s2b5xo8v85sSda10FI7dfF37tZ7IQuV7rg9cKik8gst9kkeYT3WGUxyRFlgyzszR +BJBuxg07LOYAD0t1FOn06YB9M9LLamhiem3h82AK6Ve9Kn9qguxvTWtQzmkjsfnc +iJp13iU+vp4BLxpcLATMJvockCZIzibvAWaS3cfEbnDNHy2LvB3oCREBy29jNYUn +74bBXxlEbSM6i+BB0rtA4gjKR9GJSRuQtAsA2kIkl5QFzqW1TJP2PTO81+E+1jGD +/D170kOaxxxyVAUTH9mFrkQbDDrdhxeDcVzaa5aLh3B9cUQXn0sEtU/tn7nr7nLE +Ihy1nOqxEH9prRw9gkqwKDFmSMYxwOz0+1GUUu6Z2hSFRv67NzAeH4Kk +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert.der b/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..bcc0e93 Binary files /dev/null and b/test_key/rsa3072_Expiration/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa3072_Expiration/inter.cert b/test_key/rsa3072_Expiration/inter.cert new file mode 100644 index 0000000..38cd210 --- /dev/null +++ b/test_key/rsa3072_Expiration/inter.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQwFADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzA3MzgyNFoXDTIzMDQwNDA3MzgyNFow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL7COj07sBK2VaSzdCLo6HDZ +Z9/RzdiCN8cfpQVHa67CcAjDofoxHNMBCOeEc79733RRhf01FWwI5eKyk2x98P8V +h64jrmeViiVDMwLgSxqUtwGhq3FvgKlon0fS4PrdY8YpnT7e1XltF0qidV5mk9ts +V2pIdEs9Ta2HGAiHFQ6ri9xPItTf3luBg98pmvwoH1kfMomWbDINJvh8nTTmsJyH +tt9FZmuv0tv/U4p3PWz4imiBQKY9miBtEVx3M7Diam9QHBWmSDgjLQZ1hJQYvDHU +zeXTSUBFRziOqwigGfjBy57XfDcNoYBoVSXggIKVBmfXvn67XyeKukFc5vGRCvlC +dE05JwiEcIHqCOXgo0kEkvgo6wUWhpHVON7kvO93YmvURQEB9nEh6AWQO7mF5VJj +KWcMCz6qvR4cevnQYjcoMIYWEIbnbeqZzd9THWVgNFofNnOWq1E0gLsnFZoST5Ek +tDIl/jXHnoaWL1DETVf34wyq8B/SG6Vz/NZGrsXQUwIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUhmGTE9XsQZD+yNrPr12m+5HH +RkQwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +DAUAA4ICAQAE6WvY9PSRkQEANbd6oCfoYUySv29nFgbc/G/kusWYvQYuD1kdwj5i +txq9tHVVxdco6fg3H813/IdiZX/9BTIIKyBvPq+P6G1rWR899Fi6NBdmnVUXweZs +qiTfw+haTGdFI462rWXShZv/fT8dxwcqK+O3bvi4XnWPMFT1Nm+mTAwEqF0ildxc +1k+3LDha9HvC2MsVQHAs5F+5FqLmpL7o0h/udz6jkGsUUWm6pfMoTtcbB8WzRPlW +zhuErK9lcBnT0fep6Ze9cWjX3Gl6P6TW0adZ/FBnSmz5A0KWZpMCCulVPj668IXk +SuB5d/F2VcITrENJE9gjKgORRz/DT+ZKrgHOSKGc+xgKwE15/F0kgzotBgCQOF3M +9gRdwVYw61N80gyrHM4vj5ze4jkcogLxuVr1qgVbTG+n5Exq4zfNspr2g5ZBkd5d +IiepewveI8wAb1ecRq1Qoi4Ld3e7YgZ5vqRqw5w8o47pK8NYtET3pwKNj3X5VWuK +2KIncuyzgtTnRKmyURaUDkVLkAsAkxeC44EmfQj07CV2IexxniPhllHtZEJAzCG9 +qvgZ7lHmPjErQP990R0WGU15La8m4HdP8qoKq2wDTnyN2fH3dDuDlEa/WRqnhpbD +3bAkbKCGKq946X0jTZMpIt0F5aELV9nX3dQD7muw7rQGb9XF0e5laA== +-----END CERTIFICATE----- diff --git a/test_key/rsa3072_Expiration/inter.cert.der b/test_key/rsa3072_Expiration/inter.cert.der new file mode 100644 index 0000000..7692b35 Binary files /dev/null and b/test_key/rsa3072_Expiration/inter.cert.der differ diff --git a/test_key/rsa3072_Expiration/inter.key b/test_key/rsa3072_Expiration/inter.key new file mode 100644 index 0000000..b9d8a07 --- /dev/null +++ b/test_key/rsa3072_Expiration/inter.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQC+wjo9O7AStlWk +s3Qi6Ohw2Wff0c3YgjfHH6UFR2uuwnAIw6H6MRzTAQjnhHO/e990UYX9NRVsCOXi +spNsffD/FYeuI65nlYolQzMC4EsalLcBoatxb4CpaJ9H0uD63WPGKZ0+3tV5bRdK +onVeZpPbbFdqSHRLPU2thxgIhxUOq4vcTyLU395bgYPfKZr8KB9ZHzKJlmwyDSb4 +fJ005rCch7bfRWZrr9Lb/1OKdz1s+IpogUCmPZogbRFcdzOw4mpvUBwVpkg4Iy0G +dYSUGLwx1M3l00lARUc4jqsIoBn4wcue13w3DaGAaFUl4ICClQZn175+u18nirpB +XObxkQr5QnRNOScIhHCB6gjl4KNJBJL4KOsFFoaR1Tje5Lzvd2Jr1EUBAfZxIegF +kDu5heVSYylnDAs+qr0eHHr50GI3KDCGFhCG523qmc3fUx1lYDRaHzZzlqtRNIC7 +JxWaEk+RJLQyJf41x56Gli9QxE1X9+MMqvAf0hulc/zWRq7F0FMCAwEAAQKCAYBw +Sr+j2iYM7d6+hJECF970x1YZcFTfddBF3H/0+pUOHBF9Z0RLlmukXoCSYOsONmpU ++8SHSJ9iqF5DM+IKxJyAXHkxbnm1KldXFhbKQ6SScibExBm7PescTqUsz5t2saqR +NWAGaYB66VgDrFyxBGtXiJBw1VP4Eo9Obi8cngAsUZmUR9V2QI6RiU1KqiA8/ZVu +jineynjIgeuF7T1RrdcbXdyt1Bm1nJvgu42+/fBf3HMFj8ix06OOIQZOSzFXmAAQ +sziB0zRglv1eQC6d5Z7GrSOyUjz06tS//lw5X40Fb/9/CXK0mtCGjiUZn8XNfgGt +lTQFZQgr9VL/PhHN9CUXi8aCn/r1Z3oy01c9lcz77JcbjW1iHM2pYtjpEyVrCzmo +qN7V8zbVI3U8EhQAVLkUZPyr0wJtipAf4aAw7xN1AUnhWVWeevVBoYpwToxzbWWi +coEHWaFhPwQcmQu2qbHHDLC9Ujq71d6UxuJ0yArjFyiuW8MlnyBIYnm4GOTfOdkC +gcEA7qZM4VtkCuD+tzcgRmrbEJh0CabUgcouQEP2qmwQ1GFBDuyctnyz/JZYHPOh +ohTtL6NuxiCNzs2JemIbPtuBRD5BucBZdZBUKqRmZTech84DDtNMWEB6GOTfcmxT +G8TK0EhZsyweqeAs1BY5rfcgjsnp7tMgGEz8UzfgCYCeabGEeqQiYgEQKkrVr6XX +bAdTNQVrT51aLnlvonz43DiJPJcOGt2RrLNu44//oqvPXUjFQGdVWT98Z8rDzDb/ +eix9AoHBAMygl0qQYR9VlYUpe8YERa+PPfymPWT1pgN6m0KX7Wy59U3rOEZT1Ouh +wx6lFstmZ2DBj/HFcSROijrW0rSMLVVFMATGF5mIhzbLC7gifV7NJz69TAYDNNYZ +6C3E2N45aZOG7rPmM4+9gwFHeEIPDfZJ3u8oHzC2HeOSrF+rs0rXP9F7AGMSp6SQ +2Tz5lfzkRPDWN/sWNfF4lm5DsbxVxGNBR47mG8qaTFNQCKagjav/SMLHVylghCgz +4ebT/WkZDwKBwQCLKG+2DPuGGHKO1Vc9mHuK7srjAePylrlngfnooEEkBl3QXQp4 +ori1NdnFcA81Guy/lZY3c64dA98BfQmUGp0C9SaQMOg5VGKvxtNqfAYLboZ785wV +7esEbxkYeK/xhkwZLccYYkazGeQp+5fAqFTUzkpZl8SkRufvgqpiABzfVsMAXIss +CKCreJ2n4ZV/CbpsNW/Aqel3JhqBbkwS5eioaxCve7nBMZQcn9AZxAOTyqYyis7K +zuk1AJgxkXRhgmUCgcAgFPGDZD2F7yIhHY7lTdgrHTcnvFyVzpm3o+pht3Ym/MTD +8aQCCrSwOM1hqZp4S1bb6Z0K19zUR2gOr42bdvrIiq9roC8lCC3C3nS46tdjHKER +ihY4Pxpykt8/BcTGmpO96ILWO7pLx/eZJL5rBPc4bP6B2nWBapwnCODzovTaQAMm +cbVu0wbrmzYkBDGK07MnWz6tpB7S/AgBw6VDFONUeHCiq9shma1rxnmEvllX5Q9g +UmaM+y/dKb06NnRdnOsCgcA2yitfCDN0+UIWv480o0jhR5Fgpuj241gViPHXCsws +1l+4SZRVj4SUvduY8jFNd0DfSyxDpJbb4F2SZJzNeiCXdEXua0BEbAYWxezFgCPI +tERi4QeB60CJlg6ti5tvePO4lznK6RqxrYGuu+woBWR5rQcQVSRTYhqchndzJ9+U +RdD2gTF0YtO6vVCPBBay8xTaXbDBtq34kUywiyie0JQvCs3ZcOg9J5P2O2PiX/cu +kY4C3A5GA/aGw5655yKmPS8= +-----END PRIVATE KEY----- diff --git a/test_key/rsa3072_Expiration/inter.req b/test_key/rsa3072_Expiration/inter.req new file mode 100644 index 0000000..7a4814d --- /dev/null +++ b/test_key/rsa3072_Expiration/inter.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDcjCCAdoCAQAwLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL7COj07 +sBK2VaSzdCLo6HDZZ9/RzdiCN8cfpQVHa67CcAjDofoxHNMBCOeEc79733RRhf01 +FWwI5eKyk2x98P8Vh64jrmeViiVDMwLgSxqUtwGhq3FvgKlon0fS4PrdY8YpnT7e +1XltF0qidV5mk9tsV2pIdEs9Ta2HGAiHFQ6ri9xPItTf3luBg98pmvwoH1kfMomW +bDINJvh8nTTmsJyHtt9FZmuv0tv/U4p3PWz4imiBQKY9miBtEVx3M7Diam9QHBWm +SDgjLQZ1hJQYvDHUzeXTSUBFRziOqwigGfjBy57XfDcNoYBoVSXggIKVBmfXvn67 +XyeKukFc5vGRCvlCdE05JwiEcIHqCOXgo0kEkvgo6wUWhpHVON7kvO93YmvURQEB +9nEh6AWQO7mF5VJjKWcMCz6qvR4cevnQYjcoMIYWEIbnbeqZzd9THWVgNFofNnOW +q1E0gLsnFZoST5EktDIl/jXHnoaWL1DETVf34wyq8B/SG6Vz/NZGrsXQUwIDAQAB +oAAwDQYJKoZIhvcNAQEMBQADggGBAINXdTNBnSpSwRs1/qRaKpdJ46SBeGgaHMsv +OZqe4pSZ5v0EfYafgI0/GPQTlTVnEZV8XgsAwO51nSgJHSrpJnKUiU/9EGm//gDY +Ht6PiIFZrXdhKuDNfcPA1HRr+cio+sGxK03fdVEimPCl5XmzzNDkP5Ksl+DwPvsv +uTNRTb87Bf4UKIvQqkrqP7vvHzL66+SibMKzGtCeaWOgvIosMnUZk7UTZ6RB5oi+ +CVRMEGPa6XoTkhsRChkvzDHJmmdsGs7KY6m0QR9XXEQB2vPuRbPuhB6PZ09YvlJB +8yYN6oA2lBkquTmlpMn9inCvYp8GDpNvQj+BWmlIhgx4zG2FDxTq1GjfUr0uk1tg +xJk8cFW0bCNfzImzI3gCFeijDUsl79jZoI2d1/c5aurVEzsBExjvf9r3yxD8bZ6g +8EChbl0ZCgCWo8WnwDolQiIVphpRg8aeyYdDneFghkfqt8UJyFIf/dhZA9ON/aXi +rzS7tavZc8ht2loioty267gmO5vuWg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa4096/bundle_requester.certchain.der b/test_key/rsa4096/bundle_requester.certchain.der new file mode 100644 index 0000000..e7fdd01 Binary files /dev/null and b/test_key/rsa4096/bundle_requester.certchain.der differ diff --git a/test_key/rsa4096/bundle_requester.certchain1.der b/test_key/rsa4096/bundle_requester.certchain1.der new file mode 100644 index 0000000..858ab60 Binary files /dev/null and b/test_key/rsa4096/bundle_requester.certchain1.der differ diff --git a/test_key/rsa4096/bundle_responder.certchain.der b/test_key/rsa4096/bundle_responder.certchain.der new file mode 100644 index 0000000..bf34e10 Binary files /dev/null and b/test_key/rsa4096/bundle_responder.certchain.der differ diff --git a/test_key/rsa4096/bundle_responder.certchain1.der b/test_key/rsa4096/bundle_responder.certchain1.der new file mode 100644 index 0000000..97c786e Binary files /dev/null and b/test_key/rsa4096/bundle_responder.certchain1.der differ diff --git a/test_key/rsa4096/bundle_responder.certchain_alias.der b/test_key/rsa4096/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..11b339c Binary files /dev/null and b/test_key/rsa4096/bundle_responder.certchain_alias.der differ diff --git a/test_key/rsa4096/ca.cert b/test_key/rsa4096/ca.cert new file mode 100644 index 0000000..ce9b86f --- /dev/null +++ b/test_key/rsa4096/ca.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUBgIdjb3erWg+LGjwYN9aZPBOEL8wDQYJKoZIhvcNAQEN +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwNTUz +NDdaFw0zMzAzMzEwNTUzNDdaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+Bhv5MMIoVqG3spah +t6oMn/yi8npPsdoXW+x1KT3T/FoU9or5Tw28h1RLDrB0Qu1VMWlcjPy31MpfQRPp +WQRvcCs0Usl52Y6sO0OBxeZs2NGQlpz+xvEJqKGCV8ikaVv78FIb8bHTSZHY8T96 +DMFApsraPT+5lOZYCGxQxoTQAHcRdWn/LH+cAXRMUh82qTg3UODdQlTe7/2gLHyd +lhcIB2ljtFe+LWjKOmhUNMlPgubPZf3FSwEs8TMZQu5XtFTFN70tO7c9+uo2CAyq +4xqxgLTQDQAsE54baFn93Bc3xfVrP4bIloqil6HG/5zOlKX9Cs3s5+NRm/xHmLhz +T0ZPA0dihx2RDO58GwTbedzYlKKK4FpxlkEdr83nqz8V9c6nKjnMQMylQRQQZJ3v +Y415uF8lTzF1SrXBfz0xBgb+EV7166f8vblVJnw/DSLMHvNJ1L0+m9FPqusIAtrY +Ms9mtTtmZmlhL+hYnO8U9fkl4VVhXfbxgIABHAnqTvzpUtIOIpPWgXmY7mEiBi6C +uquGsb5tWWqYeXMgxOjaWI1y/NWW4Yy7LVeVwbtnE2KXgYT1sAOYdslQt3wiIexd +13VxMYH+XtzcDrIptT2poutJmFT6Tz3Z824YU81uU9CIyPBiDhkCvAC3fNrTf1cl +1mQGgFX6u9QmUaRPWiwKlwp9awIDAQABo1MwUTAdBgNVHQ4EFgQUdjXCiIyenPSs +LHO8xWDe2upQh5cwHwYDVR0jBBgwFoAUdjXCiIyenPSsLHO8xWDe2upQh5cwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAmdgfTlGetzPETi/+Cx74 +FJenFoI99VbHIs+zCsRCEU6Q67pFJSi4V7LGpQ6YxYYzjrjrUGjkhaF7PaL4QzPx +RH6hI5w+YHp6GyqsRYZbWMRLv5fFg5g3alip06cKqWO+c2R3+78WINK+OE3x8Q/I +KUtA90QJJx0thxyb+UyBdl6zCcxFbSXkYh8OTTy2D1uqFSyKn6JNIpsL6hwY+nmu +HAfOtECa/1Pkp9HMGJL+Sfhvh8M1YLvMEGIG9WuSjY28PEU7cPAMs52H/BHCoxjp ++gR9yi8vGX/+z69oVVw6z4IaAricBotCHfW3gz+Ae+SwtYUyzKRqEGQVIDUOQxdI +3LLw/iNqvr3XRAyIFBtwaRhOSYrpRHkByh2eXTGm4sekB944IdAAoGuAKL5DLyc8 +jpheFnISdnRhVc1xWR9Lpv9kaLW4vJgdrEqgptlGvc8Vor+Qdy7EkoOqJdVlUaP8 +mxyr9jypcYWolx/yqhfuTzwRAwNtnHZ8tkwDxOTfZsI7iSOs1olMWJENailtGGJB +YpWNta2xLE/OWu6b+4BJDtS2geLZUHplfIUfWnp9KJ0WkcM4jLj3GrLbANy8jcUt +3NqAsOMP0An4/zvhuRD1wHc3cXT1AaHdjul3sNLkGXoNVvEXEGgvidxs4so0uxP3 +1WiSLHA6fBf5yJy7XNnrIjI= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/ca.cert.der b/test_key/rsa4096/ca.cert.der new file mode 100644 index 0000000..8d2c9ca Binary files /dev/null and b/test_key/rsa4096/ca.cert.der differ diff --git a/test_key/rsa4096/ca.key b/test_key/rsa4096/ca.key new file mode 100644 index 0000000..c6caa4a --- /dev/null +++ b/test_key/rsa4096/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC+Bhv5MMIoVqG3 +spaht6oMn/yi8npPsdoXW+x1KT3T/FoU9or5Tw28h1RLDrB0Qu1VMWlcjPy31Mpf +QRPpWQRvcCs0Usl52Y6sO0OBxeZs2NGQlpz+xvEJqKGCV8ikaVv78FIb8bHTSZHY +8T96DMFApsraPT+5lOZYCGxQxoTQAHcRdWn/LH+cAXRMUh82qTg3UODdQlTe7/2g +LHydlhcIB2ljtFe+LWjKOmhUNMlPgubPZf3FSwEs8TMZQu5XtFTFN70tO7c9+uo2 +CAyq4xqxgLTQDQAsE54baFn93Bc3xfVrP4bIloqil6HG/5zOlKX9Cs3s5+NRm/xH +mLhzT0ZPA0dihx2RDO58GwTbedzYlKKK4FpxlkEdr83nqz8V9c6nKjnMQMylQRQQ +ZJ3vY415uF8lTzF1SrXBfz0xBgb+EV7166f8vblVJnw/DSLMHvNJ1L0+m9FPqusI +AtrYMs9mtTtmZmlhL+hYnO8U9fkl4VVhXfbxgIABHAnqTvzpUtIOIpPWgXmY7mEi +Bi6CuquGsb5tWWqYeXMgxOjaWI1y/NWW4Yy7LVeVwbtnE2KXgYT1sAOYdslQt3wi +Iexd13VxMYH+XtzcDrIptT2poutJmFT6Tz3Z824YU81uU9CIyPBiDhkCvAC3fNrT +f1cl1mQGgFX6u9QmUaRPWiwKlwp9awIDAQABAoICADOG3pD8urlLfICeaaAieHcB +7vSUgbwYgwXwhDbk3wIbnKWwkNC3sgbcP2w26HwuJcMDKgnRpTmH9vRLZkXRQJWj +OePvSvjCmKB1VYHcEvaS+IiXfqzLb1LqKhl5Ckwi0bGIYgt3x3t+qJDGIitLSB/q +2njBQQVmretTJWPl4N+yMJdIWly6SUQZVNrZLeOZkUfWo5L7yJ3HP+PuDECDEW24 +7Mf/gAdussqbeezTf38TBNlaU6zrAL+aC/wenRilKpNr4N1iIvcokdfi6ORxvqxB +NUZxMAnDrAzMiBKBWr5h7IGPcVH1GFSsf07Bw1h1EGmEQ4CpBIf9nzQe4m1KIssU +GZpic/IqffYwMgOJT/8uHjZH+Dtx/0109VdWkJMeOSr//dSbOiVAqAQ1kYlPEKZy +smEvL5sNCVbxIehD2eFRui6iy2tQ//41yojUUTk0UQWfZHXwtctr3Kttg0T67KT1 +pB71MU+5wCDX8vhAYQRZpnwc/J3A+UnFhUPJHI6Xd52hVlssowd/QeyuOZQKn08C +fBgYIrTS+1xz3X2VUoYLwLYWfi3XI02UYnl3HNKuAH2YCyBJFhJzYPtOEqP5a7lq +gVzxkxO/R1LeAHLchLhmWHIFTHkzJKnUNVRmtqAlpzX/SxnoXJcmRZSD3BM2YDe3 +jp7NrVyuXsQFKhhQ0BZ5AoIBAQDvWt+UwiyQr8GK4zKMsKhJakqvTWYNyydowRwj +Qw/5aAz4yDNZ/UrJRG1hLtqi+qkDRPt4pFcg8V89y43D2N094NXx0eYmUsXC6QEk +/JYGgjM3QoxI+tMnBXcX94MXhtBSDscAidplFELXKjlKX6EVvH7Y/3WAwC4VZjtS +9HUgs0X54o/ZxN6jQ3PHGfaAy4UEmG8v3vYX/JzXYlVOl6uhTXe2u/KBVTY/jqbj ++zcxgsPJJ2ObKfh6k+Mvozp6SGKvl6hsTLEJi7wbpGIRLu2MnWYZ+Vk8890cRzez +DJWxD3pl8iLNkSPDdehYp5zBLLNasNODwwnmnS+o1kF+RK29AoIBAQDLPQROpfJJ +ZE2KPJoc55yFSFmvzCgf6MvKv3ZLlV/Zre9iikPois4eP44S5Qj1uvhrGooo0vPF +37JqV9/+3Hm2tAoYJQdb2Ad2O+Rza7mF/gSlQc3za2/xtWAjTeWtY7NELCreDeYk +MBWZOtm/1eVjkCiUt0EHYjTp/IDd+m1eAsMEUZ28hNs4Yfpc5Vn9wYBCqVkhMXEt +EUgc65xoRXNBGeSp4e+equ+RYt/TWTunMCsuX4H/CldH2WJL9e5sQ00U5dWyQbm6 +7pcgV9oPJ/Dh4sLmY/Fa2Joi83EDSMF9vA+J064cS7bj1jEnzQIRb4ifnI/1AcOV +UN/R3G0/qWZHAoIBAQCNnj7bTWgA03y4KGUoSP3JMlKuFiVj0+elW1zCoFM7Rg0m +xY1cmTk+jHYLIiXKeHS3soD3iITkwOuRLHbcgdulWPo88ewykJbiE+rRb4F0qGSV +NZK7O2zjkaA9Vf0CVom7g3LLJsVJOQuzMxBiqOIucjC7Q6rKWurpTmubUXhbuLaW +ey6RsqHoB2jhTMNEwSYa6fYfZNRGrPg/l7bRoXuzHJrQS7PYQgqu4EBuc5zcdnpQ +8jVFATg7jnTFItbesyVwr1K/gUDeXQcXc9NyR0nWAOsAQ0BBiCgzKxARqEiJUpcg +6nsdFdsLMyAeFE3zHfegmS8MrsGU6TvhsaNeilQhAoIBAA+ni4VjUt5EU5SqRlSj +onLBt+bKmuyaSdg8FyiLQO7LbvzwGXr39hhuXMsnySDkXe4iBTJPzWcYa+21BxPi +d52TEJP7hi2U3j5FLruVOJ0Ri9oOz4ZIaD798YHGpkJMw6oknMit2WRAL+m1lsAo +AZtBp16NHv0qm1jKkkKG35W2ML9MahHzSc91/IrbP6tEFFUOJkdgP49xHVTc8Rc3 +AkGpdOuA86wNDpbsPsFQxj+CflD8Gk9CxKZMID4pm0vLg0xwx50LYvr7FbjwC2PP +d8ZuaQTF/fk5ZeX7SmEuYXkF20yKeYbEbjnubarbJ6WgKa3hqVT95crCh/rqN6AH +tFECggEBANhOLZ0/YWdDaZ8H8FzWWH8PUTRR+O2wJtxAjddAuq+Hunx4CIsY4dLL +JLiq7a98kUjmusDgQywhdRssg4PyGPJ4S/3UMTfo2C0FsaLdSTm4+DWhivW4ZgRz +f5Cb8CJobCznIRijaC5vjLvlxI1y7YQvixja2kn2XMnNv66BKeU9AIDFP8EJOxDT +3tUfFWY/apAaWFbP3vDbTLztCCjpl7F0Db473BzjxeDkG3wj6sRA+hmhk64e8UBl +Z2N3yea2b3+xm/AzaW/vJUJi/Bc7Q8SzUgg4qCiNQBRw+TjX6eM+eyA27feYcgRK +JmqkqJ6iGd8b6BjfL8MX6pcTukEniHw= +-----END PRIVATE KEY----- diff --git a/test_key/rsa4096/ca.key.der b/test_key/rsa4096/ca.key.der new file mode 100644 index 0000000..765dba7 Binary files /dev/null and b/test_key/rsa4096/ca.key.der differ diff --git a/test_key/rsa4096/ca1.cert b/test_key/rsa4096/ca1.cert new file mode 100644 index 0000000..aef81d5 --- /dev/null +++ b/test_key/rsa4096/ca1.cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHTCCAwWgAwIBAgIUDLbIgt/NwyT/Fjm5Sv6X80ijkWEwDQYJKoZIhvcNAQEN +BQAwHjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFJTQSBDQTAeFw0yMzA0MDMwNTU0 +MDdaFw0zMzAzMzEwNTU0MDdaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBSU0Eg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsysUAfJqP8W566VXS +M5R9wy5BoidUfLzPlnjxw43Dm3VL8Lvu9Sahh9D4/p55BVSgJkCT7BCripxE2G+6 +3qkfQHLCPyHHnB4DajPyG4w8TfA8Ol0em0OYTYWMzvByfvEDxq1Ecl7hlfhHndWV +zwKkbkrAq1ZnQD6iNvqOUeOS4uYV9StupwjiKgb0c7DAobKxKPsR0XjB1BSoAXF0 +Kqwgpv/oFCDNlQavsW9cL4gwe5QccQBbkU4YsP4bQUcamWspLDgh1ZlLVY8PA0t7 ++01ejd2jI8Va7V/P3KlSCc5krsHYDtUfuEe27CUCkBp0EdtwF8/a91LFM/1A2zqn +QfcPMNdS3mmWBCqUWkTXhEZ3mOkPQbBtbL2YwGotT0fYHYs8DbCjftT7/31TETrq +GbyDpOnvk2cG6j6WA+4W+jpeg5Tp6iFg3+1k7Sve63oHTTi9tOQZmaAOkJN+pog2 +j0K1+wsOMqd9cWkpdznfhVNtUEISSy6l6AB20xF+936zPGornWXCGaQ0jUOaFobB +V+Pd+0XiTUc7662C7aYGEb0cZ4NgAlyFI2LZxVSyjwz1Lnqy/q8FDNlobAHgIKsW +z+yrq2iaRvckihV17B5aKIAQi5fZHQXfewUVFVfU4XmB75kah6VJqM6NY2cxCr4d +JcZ8uVptshUCoyDhGV4wLc4nrwIDAQABo1MwUTAdBgNVHQ4EFgQUMJG/1HxJBb18 +4+HGGFxulf2DE7MwHwYDVR0jBBgwFoAUMJG/1HxJBb184+HGGFxulf2DE7MwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAJX9rP6XkWFjgsdvNYN8t +iXZtPoJxgHcEr0bdJUe4D4HyZwnwLSGzNfvMfvHrgHNSB73iNIJMsazBpVbtyBxI +fKMeDMemDkPUc1Gd2Ou6mzrBjn7Aypi4tTaHrBx2b3n7QXUpUbwSEgcTZbLmje4L +MW/FFPK32AfoPGsbkNUo/HhIpCfK26STKlHsNfmRnZeEzF9YrMwh5Hy932SjRVyF +/GNa6qOk1uT+VJMlYHtuM2eIqKkPOtIhwI3QiUL36MLRt7YTiirvQDuAcHliCWdL +iLFZFTLzte5Mg95xEGXe39blCzUZa2O0GyDS1rFJkmdC31jfxullcxmkJzIkr3GZ +fGOCnikMllnmPyarAVUORKQkQmgrAcipXQGoYDI1ObOH2kkl4mUdynefp6wB/61c +WoGvSXuHpKSvnBbN7YVWjwRMWnatksbXTohCTKVkmUoXE+5p4fxiXj9BBlFTvNNQ +5oYhisBexbOsyW3TOCFLJmRQ0FU2xHQ0dOzgvq2FUdIEB65Z/slEv1SlUgcZ1DUj +6elRGRev+8FrZML78yw7hDeXCWVed64mHaazVEbXMtqyN7K2icQwS82Tt/zW/fJK +ARY+S3WRpgWuTfBbCug1+UdQOmrJdtzIpN3OAWXyng/vgXu+nvcknEcD9zwLjwO7 +OeWaJgioVBKWtzCkLuKNFmM= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/ca1.cert.der b/test_key/rsa4096/ca1.cert.der new file mode 100644 index 0000000..da9d63f Binary files /dev/null and b/test_key/rsa4096/ca1.cert.der differ diff --git a/test_key/rsa4096/ca1.key b/test_key/rsa4096/ca1.key new file mode 100644 index 0000000..0039c1c --- /dev/null +++ b/test_key/rsa4096/ca1.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQCsysUAfJqP8W56 +6VXSM5R9wy5BoidUfLzPlnjxw43Dm3VL8Lvu9Sahh9D4/p55BVSgJkCT7BCripxE +2G+63qkfQHLCPyHHnB4DajPyG4w8TfA8Ol0em0OYTYWMzvByfvEDxq1Ecl7hlfhH +ndWVzwKkbkrAq1ZnQD6iNvqOUeOS4uYV9StupwjiKgb0c7DAobKxKPsR0XjB1BSo +AXF0Kqwgpv/oFCDNlQavsW9cL4gwe5QccQBbkU4YsP4bQUcamWspLDgh1ZlLVY8P +A0t7+01ejd2jI8Va7V/P3KlSCc5krsHYDtUfuEe27CUCkBp0EdtwF8/a91LFM/1A +2zqnQfcPMNdS3mmWBCqUWkTXhEZ3mOkPQbBtbL2YwGotT0fYHYs8DbCjftT7/31T +ETrqGbyDpOnvk2cG6j6WA+4W+jpeg5Tp6iFg3+1k7Sve63oHTTi9tOQZmaAOkJN+ +pog2j0K1+wsOMqd9cWkpdznfhVNtUEISSy6l6AB20xF+936zPGornWXCGaQ0jUOa +FobBV+Pd+0XiTUc7662C7aYGEb0cZ4NgAlyFI2LZxVSyjwz1Lnqy/q8FDNlobAHg +IKsWz+yrq2iaRvckihV17B5aKIAQi5fZHQXfewUVFVfU4XmB75kah6VJqM6NY2cx +Cr4dJcZ8uVptshUCoyDhGV4wLc4nrwIDAQABAoICAQCCM3yEpF+3DT6poT9I2BMR +PMyTKkOmlyOS7JiP3EHrXi3hnjGOmu2UFAo0RXBWUtz0nD5W+C+LgzPDcK+oSPV5 +FhAjLH0gsxOukQ05Zuah3jyitXvLf0VM80Up2Bk4vUyRAtk21VOHeoEOPfFeJBGi +o3Tyf2jo/nDzvKfKLAxmd1DWxNoIVBcOjIqXEsHiNTW35uBhCc2LiGpUOloqJal0 +JUJ5twkMwDm8k+AMv8hIeCYf1EpntTL6ygt/sA2LDoXADZDydchACuV0c5AiiTdA +g3e54U9p96oVr/lqVvdNyJ1KV8riTvLC9Gfi6YD1aytF6Lt4DJsy+7zebRNiSwOF +EeC2t6jcan/2/VKgFoCDW5RPhSm/k7kPCsqbGOhL+XLxdUfEuftfWRlhpqNEE5pp +qeVGrnYzE0bV/TIZ0XlJAMEe/G2rgASXGNQaYTNHZBhOJaNhivVb63tMPJob3ATO +DgwYV3jAZslWxWnyzcj1JAFy8dwBBlVpywgid7PIAUYVz1c376YsDcyZpRzVNF3f +NGc4L4fQNAZb607aEGxqb91qGCIW2Yy3S8QxnuLcoacFBaJEUAtjpCUVD9SNmrbc +dsO4V9GFk9aMxwaGS7fBfHAttvqZAgru3Ag7gBlrtjQLFAQFqwGySWX+WSK/Lj32 +TQ11pCalDuTBA97x7AKHiQKCAQEA436X1PJVrp4UTEu25lGcazm6kBbNMwVl2V9a +b1kLc45/bTakaCp0q43KknBFSesFEnJqw8SxFrdErjZiSguTS4Ur2kjhfdN/k+MW +P+SLWsBgbv1Fe6E8nK3Kbk2G5xwl8oEfcsgeAfZW9rczpYt31evHHahH5PDkR2j+ +BJLNduhhy9C+F98Pof3dMZC1kWiJUYWPMAh4X5uhR7XbuhVbfgVfgNhAVAEFWs2Y +LTNLYdX3IPutGhVLxiOAZJCaDbBOAAG53AikKxh7HrdR3snWlHh/yjkTtgtHbOLW +8MSgi0Gif/qMxKpoYnNSV9dlZsAo/cG2AsbKozr6Vb7pIK7TiwKCAQEAwnF4emFL ++w4zWzNkop5x/sbgO8BjRRhU469VGT1TrTj0TTHkfv42NOfkr9kRLEmXD0LKJeVg +c3G0UUD034cHF/jZ8uUe9TIisuoDvsWFXU7lghG8QOuZPaymkh4UIG+gCCeHSkIW +LDVmUv3PbrBXU1RwJKPKw8R4u3RtmmoNDNfXgeDfCmvsqFVmykWFEZ4p/g5Ueppx +mYuV9sXiDO5Zft/O4yaO6WB3mDoieAOv4fjfEnjNHrZNrioYW236ZWNzvVkKQTY1 +kdZMhPxsH/BqWfuFjrROlWceRNoKUrMWd6c6XHNEDXyU4OS76em9BgYMrREvKBXb +h8QE+8PIvSbw7QKCAQEAyFXl/Uf+/kwFUf7nLUI3PhHTYipCQCkDvP4ElMPUmsml +G5cgBv9ESQMPng+yZNrLV6hcrtOao4d2uvf3bH9vEfVPXeYKdRT4Z1J2eIOZ2KxK +/9KYCrw9tTgyaRpqr0ERhdIB0MG78zxs7sz8dU8xk7gTW+GillEwplYmQ/7HY2xX +GvZTQJBVovD9hjWKP2fQbXLxWnpLDt7tk0nqGp/ON1ch+EP3ukI/5evhlAR04M5c +17XqhWq1lOIUofrZPy7AMa9TbhpKAA2J9s23EjuqdIr89id3XTvnhVLpt5NgUeHV +6V/J8TKjw/cMT4DGskqMjpK05xMKxd4dL790ayyp6wKCAQEAkvgxmE7yn1CcgNLX +vhMFFw47bu58Gj3J7E8ag3lXRhdGkRKlI1gCoPqmYEQyNsdo5qAVK4+0142aPdBb +RplJQ1VVZ8LHI45Bq/o12nxx0ZVQ5H+DS47IxVU6kjcp/1pgG8nE+Nv65m92aERw +BbpERzgLi6ZCHLbkisv2DEEcnBiJTCIsdDQfLR1gFIN3kVl7ZAxwzjruoqBfOadY +tW1zN/Ly7b63Rq8jtmw6oXwn9SWnds7YO96P2JT41CLMoNYLJZOnrKLM2u6f5+Tj +1UBjIqB60uJ2g3bt6hzksJ2s3cQI2NhHF+qSnWpGnweNWIA6FJZojmP3CyeenK3f +jRliAQKCAQEAkglM8a1xT2gaLvGWnYu/jP8CQNGfBtlhL+StZz5QTiJaPlvj6Yf7 +7HF900cpek4CklKRzmOxUwdIXa4eGRiyy6B0+b7S0ydyaPYBn8Z7H8MIu2KtYtlE ++CLVAzzvVAXz07Aj2qPiAY/6+E7zPebro9uBzmpKKX2Out5BLB437eRcXRj6+je0 +1gC9ykShzG+f2X3fpR9/RPDsZVeyVEf0nf5Ukfc7zRPzG6v0Ul+3N+bOg27Qr0kF +vkhGhwNoBjLwt627wYNCFncoKivZ8w0f2L76gIDwj44jQ6jkVY7ZyjHtAUm0xXbm +UhGUAOq/Yq8IcBdb6iu3W7DDPY3cV0y4fw== +-----END PRIVATE KEY----- diff --git a/test_key/rsa4096/ca1.key.der b/test_key/rsa4096/ca1.key.der new file mode 100644 index 0000000..14ec08e Binary files /dev/null and b/test_key/rsa4096/ca1.key.der differ diff --git a/test_key/rsa4096/end_requester.cert b/test_key/rsa4096/end_requester.cert new file mode 100644 index 0000000..733abac --- /dev/null +++ b/test_key/rsa4096/end_requester.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCzCCA3OgAwIBAgIBAjANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTM0OVoX +DTMzMDMzMTA1NTM0OVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRn +powwGQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48 +qlpwjbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0 +pyOpCZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8M +hN7UaULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2G +mhNbkraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJY +krOzsIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL +6tx/QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggy +xv+OG9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzg +F9Lfgkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3z +nq84kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9 +KSBK6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGjgbgwgbUwDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFFTFOBuIC9LYcKclhQvrWfxbr4ru +MDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3 +ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkw +GgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMA0GCSqGSIb3DQEBDQUAA4IBgQB4 +UmV6SyG/AFPk1/6bAUnWjwfIl+meRVqk9O8R4sFNAaqRukui9iW1thLv9ZFeRZ7i +u7K6LeijJp5SkBSNslstyndANIVjmQ5i1mUdCEgP+fQHW09L+RsTlK3qaasbKaLa +a/O9/jLj7r1PWBgMl2fsDItyWEI+Hs6FYkH7lfJuRJOdPWEmP8OGIb90gmLZuinB +5M5pRCrouIovnlmg/IUOu3+yOzZMje0hxKfpUnZPL1EOfs3SyatnZz1ngJvvzYZn +5rOIbSSUrDQ85EE0jksNvsRJKHr2Ct9EH+FN7YQOusiyxIKumS9qKElPqLkMCcOn +Xw6GHvaV/gqgxzNv+gDTC/0BS8vJ3BTcDWwC4AVFxM4TIptlREaeYFHC8lzkYt9m +XFtxJKvgzvprUOj3drTr51BcrnawGfm6ASxph7ISSYf0UUGOOZd0A56f3EwDmxeE +qzr9EgFe+RW8FfpFoItQXlIip0qiZfBnOvXDpYa8DhEfMJalU04M0mj/EiCMK/M= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_requester.cert.der b/test_key/rsa4096/end_requester.cert.der new file mode 100644 index 0000000..42c09ff Binary files /dev/null and b/test_key/rsa4096/end_requester.cert.der differ diff --git a/test_key/rsa4096/end_requester.key b/test_key/rsa4096/end_requester.key new file mode 100644 index 0000000..e7ae833 --- /dev/null +++ b/test_key/rsa4096/end_requester.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC8wEoUZ6aMMBkG +eLOLKLxtQdEsZHFXUbf09RK90atFLwCnn1D4qPXewkz6VwfOOpvIzXcePKpacI23 +MvGpYtFxb2owN4fVRwWLDk01AIQd/rbjRt2IJgS3NxZDCUm0PknkYA2RNKcjqQmR +xUgnsJnbBI3TiwoWg4HzVyTAznH0fSXugW8heSo0DBl8e1LralQYrZCvDITe1GlC +yuR7663ZmWLk1wNzlgd+q8qeuUaAHkPU6wVuZkkgNEMeXJXoCM5cl5QNhpoTW5K2 +kaABzA9JoFWxhgq5ujfYqD1l3HZk4Zlr6+BRBYuJdSD1qb+cYiNwSIjiWJKzs7CH +4w7QkzHwbu+3K33nqIB5QUqTTMlJzgl3wNXUPOWPuE4ZGEBlr8xjdYFCS+rcf0KX +aWKyuQqob966e2JJHoe0sKbUYYISVtFNra2v9xpSqDhiJH1QF0N2hvoIMsb/jhvd +vPRVu2iBt99Nnenvvm22J/44mt7qhrmrnsPmU6LRKnqeQlGzPOOxVnX84BfS34JI +cPrm2wXC3ivXaNzAjTCjam9+islNHas5DL4C4jU6uNoKuTMZi360TdAN856vOJMq +4EVG7xPQTPXA28iXwqrQf/ast6eDywwVnf3JP6IaUdkNlri/tWYTABOH/SkgSurj +FuqobLCBHDBHjX4uwT1heX2OsgctoQIDAQABAoICAA8e0FBmJT9hsv+Dt85UCxQt +i5YkzbeTAkuLPl8aZr/6DfFfn9rrnhakNgpv4l4w773cR8iST4tDLPcaC6XoFqMh +q74FFMqPD/Cdyq2ORwcoGnqGeMSpVwNeVFg2bEMWIlE7KJsTPrhqmCunRCp5yTl0 +WfAyWTKIgmZ9+qG/Z/2P8PP0RnTGAg19UqVYM8JMGESJ0udS92nqVixVmIwcyyZ9 +VSDD4LDnud354Rdp/C3TPtfVo+++HemIhj/uZsvZuL5OHjwfJkSat1wMumaqdCcP +ww2fkUhjlIm0oIaCbLGUKPguQx/6c70lNui3GnRqoDAkf2Kyeb4PjPq1w8ANqphW +4bK8SaZ80akOD3IGXWwMQU6ij77wZi6cW2afv2wROQNv0U/Vz6P4nvDn8L+g7y6E +r9YBDoS3uO1fwbZpMBphrh2rZCBEASLvAkv3yz9D6F/KRFHlpJUixuMnyVJmIwv2 +qud2W+9O51C6DJAeSDf46C08xgip9w0L52DDH/vDRR74vIsVp6kKnmbt71qrP+dV +unlMhlktK1fGZNUPTXeK07Ujh6b0SzOIMcvz0JF9u1J8ahdszOcgRl2l4PPV2T4Y +qkumj0VUK+ai2PlUizXoXo6+mQi1KhCNW4YjGMS3NAnrMlqcYP0AZEo0/b627Fb7 +uhCK5lP7HLhT0HrK5RJhAoIBAQDpv1JuQm6Xcd+cvE4GGkjtgL5SFtSDpt2cHrEZ +ConWBsGDIT5klKxhk+XRCm3h2ZTx1b7W7y/LKW7QhvvYbPRWhpTyG60qAqitwIoQ +hxrRxNWLwwE4Ii0glRO2WFAKAwoehtChFDxixchGPmABrJCzqWjzeDoqGQM3oKWV +WFARDcThUPH6CQXESPM20DXhYh6AVfa4OzdiQYO24qYDnnSDwA1IpQkRUmLX7vtV +Hw+P+TzVf9Q/3dog8poQNB85BYjx3F5wrZVXo13FCTS0U+Y7+nNbQFX4xEAHLJHU +Y6Zds6oZgoOLq2wvU81UiieysuKBp3g3UG5paD0qINu4NO7VAoIBAQDOuFxBW7cq +md7NAPRXMS12EcymtMiEn/mqkcKKX+aL/ioMq4P+xJh0JDulVRJWtpzo52auFDgh +pf88IkaYkE+NxlDk1Ti5tt/m50QhQ2UyZcZmMXXdjvBNJcGbHW1jHJysByWkaPpQ +ggKvdjUbeNkiu7NDRfIvNWWmLVJfgP/tq30wm+7NWRST41bFarwpM/LkIpQuvxmf +vgX3yYhCYyx1F1nVnP/ddYcPkTvIgJ3pV56v+KgnNJjD4Qhdcn9xip/Qf6vo3cUa +USMESNcGUtAxt0XAdYL37qP/xZJat81fdkfHo1x4ujLSSW1F8F1j7FzFlr4gG6qf +YYGERzbbymGdAoIBAHuS2OpPlpXb7sK2zmztgnaFJJjTVwBOvEPn+epqJtqOccl4 +Trrv2n4vqUStRdArrlF3lc+dXeADBIGbixMs7rO7rIyeUxqtky1gZ906/9O8QsUD +j+Z0MvVRur0gzRet6bCfxzYRM6doNmvkV+8qoslIm6JzghR1ar0C4eclbBbH97jC +iVqNYI4XnvTweDuyGrvwNmHJdIsuZYrPIcMyBxkL9Dneff+5VWYhAqBKrniH5EBe +twAYslPOzeIZHBSSN4bd4NOjARv20wDyz/kxjbtRuaCZT5oXbl4cku/8ypwo+plH +5XF2a9hNbnTuIPSZG6Q9vBFKJUT2hbd67Y3h9g0CggEBAIwiSE/6J5oWgwX/7qOo +78OJX21nQkM921b4xqNdTYF7Q/Ag2TL8/MhGw7RZjjwAQTBVpbK+fCq7R+Hw7mB/ ++54FYVMvA+xJf1EdV38hG9nlSnB+eQM/4cC6pptLgJrei4rGsYrZq06mQ8HEZU4B +R1kXWvdw1DOShBz5vkyFu3jXdt9b5a+JAr0aMPlVWMaps69ZjZB+9ZTnkU4fbWJr +rniV4s0/R+hNwsgX0SojnmjPgACUlRE2w5SN2UjX1HMY4SvLULNkmzgy5oUCB9n+ +i6oYLo3AW49NVBmQSp162hsrqI86O/aPauJI6m2t+vFBCsbbYHmNp8WxqMYOLK8k +a7UCggEBAKNaaUTSJqkJlKUeRRTvAp3HujIAXUeAIv+23XSlrW97zlG6dCTHeDQG +B3WpX/Zp4uq4ewyRyFdDIGYPbQ6uCV+yooHd18MluuAznreWoLm84yWtg8Hihl42 +I5eRjxR2UDQQGN2+2A0h42PIuVp8to9uUSW3wqvNKN6uLs3OOQ6wR2KBwWmp4b8B +/ZCdf/imgBypeQcRAWiJrqdYKRQT4/j5Kf5rLEJIQ2UgewddrCqko9jjVSBBGEjn +AEL8IVhB9mMtxzJrYZthXOxcdgnBOjx3dQXDLXnVwnzoHluVXoIYcvlvQf2VsgAN +frBq6gJCmorVDKTuUX6DoICi7IySwfA= +-----END PRIVATE KEY----- diff --git a/test_key/rsa4096/end_requester.key.der b/test_key/rsa4096/end_requester.key.der new file mode 100644 index 0000000..120b8e0 Binary files /dev/null and b/test_key/rsa4096/end_requester.key.der differ diff --git a/test_key/rsa4096/end_requester.key.pub b/test_key/rsa4096/end_requester.key.pub new file mode 100644 index 0000000..aea6745 --- /dev/null +++ b/test_key/rsa4096/end_requester.key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvMBKFGemjDAZBniziyi8 +bUHRLGRxV1G39PUSvdGrRS8Ap59Q+Kj13sJM+lcHzjqbyM13HjyqWnCNtzLxqWLR +cW9qMDeH1UcFiw5NNQCEHf6240bdiCYEtzcWQwlJtD5J5GANkTSnI6kJkcVIJ7CZ +2wSN04sKFoOB81ckwM5x9H0l7oFvIXkqNAwZfHtS62pUGK2QrwyE3tRpQsrke+ut +2Zli5NcDc5YHfqvKnrlGgB5D1OsFbmZJIDRDHlyV6AjOXJeUDYaaE1uStpGgAcwP +SaBVsYYKubo32Kg9Zdx2ZOGZa+vgUQWLiXUg9am/nGIjcEiI4liSs7Owh+MO0JMx +8G7vtyt956iAeUFKk0zJSc4Jd8DV1Dzlj7hOGRhAZa/MY3WBQkvq3H9Cl2lisrkK +qG/euntiSR6HtLCm1GGCElbRTa2tr/caUqg4YiR9UBdDdob6CDLG/44b3bz0Vbto +gbffTZ3p775ttif+OJre6oa5q57D5lOi0Sp6nkJRszzjsVZ1/OAX0t+CSHD65tsF +wt4r12jcwI0wo2pvforJTR2rOQy+AuI1OrjaCrkzGYt+tE3QDfOerziTKuBFRu8T +0Ez1wNvIl8Kq0H/2rLeng8sMFZ39yT+iGlHZDZa4v7VmEwATh/0pIErq4xbqqGyw +gRwwR41+LsE9YXl9jrIHLaECAwEAAQ== +-----END PUBLIC KEY----- diff --git a/test_key/rsa4096/end_requester.key.pub.der b/test_key/rsa4096/end_requester.key.pub.der new file mode 100644 index 0000000..6b061e7 Binary files /dev/null and b/test_key/rsa4096/end_requester.key.pub.der differ diff --git a/test_key/rsa4096/end_requester.req b/test_key/rsa4096/end_requester.req new file mode 100644 index 0000000..a343d0d --- /dev/null +++ b/test_key/rsa4096/end_requester.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEbzCCAlcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1c2V0 +ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRnpoww +GQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48qlpw +jbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0pyOp +CZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8MhN7U +aULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2GmhNb +kraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJYkrOz +sIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL6tx/ +QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggyxv+O +G9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzgF9Lf +gkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3znq84 +kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9KSBK +6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGgADANBgkqhkiG9w0BAQ0FAAOC +AgEAu9U9mYsiMaW4ruGcpkJadKdL0GsEn+FisiKbac3lxLrTcI11wVIXXk89T7It +9e8Ia0XnqG2gPWLqvqCLeobnXsaEknXNm8SVSD44BEha0DmpTBKSkW4M+eRV3TZI +vhAoG6fNzr4R5Lx/8C/OOAmzzzhZiQVCEmSzNlMPfUps01kXw2pWGfNRsjPDOBEp +L/STIIvBr5IAYd3Ru7+cHad5tBo5LqVsWPU/Ay9BP5Jg7MF1rK8jXARoCxFDQQWS +R/sxdRWtWZ/9kMhEtza5eiSzEKYRrnbu8/a5HWX+bSGDb4jJ9MANb9WXvKZe/ZWK +Ek16FUXZhR47z4wkyY1ryTofH7KIH/XuMGhQbG04IrhS2FKD0dWY+fybd+Xszxth +PSlLvdgEBr3cml4KmxZoOjxEuyd/XS0Y7Siwo8CSPWb3Bizg/ljQjwPRSf2DQA8E +KndxgLsIxGApNmkvEgHbsdS/geTp5DKrPa5q49+JOOtX3piLeGFnOGwGui+oOvIK +vT6hmWKSFhBLAfmsSxn0TdrTwEDJ7o6vhfjE09ywbvvomMCaBhwJZR/H+O8JcX8l +FtMOL77OW2+829vDESVca450f0+k+qE/ix486Mv+xod9eFa5ERpkUx2KLeNKC9dE +0aARgyoChoxZx/1KNY4Xk+uC9qRWkAREvPJbSsuKtP5U/lE= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa4096/end_requester1.cert b/test_key/rsa4096/end_requester1.cert new file mode 100644 index 0000000..2bff593 --- /dev/null +++ b/test_key/rsa4096/end_requester1.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCzCCA3OgAwIBAgIBAjANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTQwOFoX +DTMzMDMzMTA1NTQwOFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRn +powwGQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48 +qlpwjbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0 +pyOpCZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8M +hN7UaULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2G +mhNbkraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJY +krOzsIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL +6tx/QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggy +xv+OG9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzg +F9Lfgkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3z +nq84kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9 +KSBK6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGjgbgwgbUwDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFFTFOBuIC9LYcKclhQvrWfxbr4ru +MDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3 +ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkw +GgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMA0GCSqGSIb3DQEBDQUAA4IBgQAE +nN4+pLnqiE0jdaNIDUyhkYSiSz78zt6b7+jQCIULP5MTBe/vDaAQT8IBzz8ZODba +VdBCcAhw8LniV2vTpc7NW5thJAwWLUf5eM6wZ3Wcf/S0tgi9GkT8olLdizg3m14V +97iJApZMQaKbEYcR5s7r20hcPn6bI4AA0dzCFZI4dUhsjOVov2R9D+y/A2+c4VzG +dABtKPlx/Qfq2bfDgo4KEojiPuz/K+Za85vuwM9KF7nClopLhcxZWmu6DfKUWM9w +2qocHdiejqphvypuaJGppWFUZpGAsSaoZlshuYw8KMrVrDleM3JzY9sJigwuLvpv +d6pmtMfKBh5Lzk+Pycc4+sJ8r290c/T3/5f9acxDinbEbHNxmX2aH8Vkqy5iWou1 +o2VbzZBZMKoRM9JSYJYMquGCdAArJOh9hj8KgyqVM2LPrdA0giOrmYZsph/Obowp +Ak2Ga7bRU8QPbyhEXwC2NkmV0eCQGerVVZ5C1APAE/wy0uxg3I28DuUYJgaRlaA= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_requester1.cert.der b/test_key/rsa4096/end_requester1.cert.der new file mode 100644 index 0000000..258a0d4 Binary files /dev/null and b/test_key/rsa4096/end_requester1.cert.der differ diff --git a/test_key/rsa4096/end_requester_with_spdm_req_eku.cert b/test_key/rsa4096/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..2d60641 --- /dev/null +++ b/test_key/rsa4096/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBBTANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDY1MloX +DTMzMDQxNzAxMDY1MlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRn +powwGQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48 +qlpwjbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0 +pyOpCZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8M +hN7UaULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2G +mhNbkraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJY +krOzsIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL +6tx/QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggy +xv+OG9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzg +F9Lfgkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3z +nq84kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9 +KSBK6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGjdDByMAwGA1UdEwEB/wQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRUxTgbiAvS2HCnJYUL61n8W6+K7jA2 +BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEE +AYMcghIEMA0GCSqGSIb3DQEBDQUAA4IBgQBuh0vmjF63e49IN0RwHMLJDvgHHORY +aJlp79CE0oBtNW+0nhHentTXM+XTOlDAyDJ+cINlm7lfzfxBCUy2u+RjSvEcWGE0 +irAUtPGucz8nHSO5WTuKxPcAP14bQEion++P/cLMfCW1X325lwSKvVbvJdRSaTXQ +OMNhZwJnoYzcHRmotPZrBhyNGd+B3ASDf4q/H3GFjVQgtX8VygBl+EXneP2zXcrQ +MUuaO4dPmcv4/+x9cpYgYEKD8RzKSsxIEF+fTsNxDBtG7PUeHJ3MS6/27fH+U5r1 +HPkqKZ92xzx26axNNzfnz7G2xM4J/lRqQTIsOHSTjICUGjwuV2omgRw4qbUNlOKg +xpJGVTm2SfG+C1HHI5hI1LB7wAAGpC0dz/cclcF1w3d+NAEsfOt4CT8gsNYCaibD +uRXX1caL/TzzwoSKR4ttL+nV/jX9IaGtnuqXzEgX2AMG1bjhit+X27y/EmKJ9Z4V +WKdXNn/q3e6C0ygKHxLSHOVWgSgqBJeGas8= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_requester_with_spdm_req_eku.cert.der b/test_key/rsa4096/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..5c5a1a5 Binary files /dev/null and b/test_key/rsa4096/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert b/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..090492e --- /dev/null +++ b/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCAzugAwIBAgIBBDANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDY1MFoX +DTMzMDQxNzAxMDY1MFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRn +powwGQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48 +qlpwjbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0 +pyOpCZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8M +hN7UaULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2G +mhNbkraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJY +krOzsIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL +6tx/QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggy +xv+OG9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzg +F9Lfgkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3z +nq84kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9 +KSBK6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGjgYAwfjAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUVMU4G4gL0thwpyWFC+tZ/Fuviu4w +QgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYB +BAGDHIISAwYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQ0FAAOCAYEAoXbtGRyxpAsO +Y9YCFnvPDzESENMBCtDCI9p5s+bmeCkwxY9BpQTJTRVuw7T9++4YJ8KHY5SRej2x +luUj45OTNTbJ3ECkQuBj5frP1YbVojmDGzfEiSR3Il3+qXoSdYsCYEYeI63+1XTS +t9omJ01oo1YjOVTSXDw/lPZFiT1kcp7/6yQ+pHOfyHQ/B/tdjFO0nMBZZoTYbFSG +h8a6MyImpoNewwLbhOc81FpMtszRyoQfRXlyw0xLxAne3HCu0Wwmn93X5G1QpNdR +pG1XQ0uEAwq3LimL5KWUZBdpR2KNHwL7uuVssGkVbWCYR7DcyIbP3cLdhcG0+LpT +4+vfaQsUab1DZrKLSyCZd8+845WoHwPliSAuET6xga6IKdINXW3guIpIIxrVhELn +kjQKjH9V9lC59KI6+KwROGelv5WtQ1gY+NNuLgn499qPq64AC2TxIB0LUNcl8dT2 +hlmbj+qvNfr5KiDXzZZG4uto2KAftFOPAdqO8mgb0MTIm+jjCYwP +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..85873f0 Binary files /dev/null and b/test_key/rsa4096/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert b/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..58a8498 --- /dev/null +++ b/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBBjANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDY1NVoX +DTMzMDQxNzAxMDY1NVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXF1 +c2V0ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzAShRn +powwGQZ4s4sovG1B0SxkcVdRt/T1Er3Rq0UvAKefUPio9d7CTPpXB846m8jNdx48 +qlpwjbcy8ali0XFvajA3h9VHBYsOTTUAhB3+tuNG3YgmBLc3FkMJSbQ+SeRgDZE0 +pyOpCZHFSCewmdsEjdOLChaDgfNXJMDOcfR9Je6BbyF5KjQMGXx7UutqVBitkK8M +hN7UaULK5HvrrdmZYuTXA3OWB36ryp65RoAeQ9TrBW5mSSA0Qx5clegIzlyXlA2G +mhNbkraRoAHMD0mgVbGGCrm6N9ioPWXcdmThmWvr4FEFi4l1IPWpv5xiI3BIiOJY +krOzsIfjDtCTMfBu77crfeeogHlBSpNMyUnOCXfA1dQ85Y+4ThkYQGWvzGN1gUJL +6tx/QpdpYrK5Cqhv3rp7Ykkeh7SwptRhghJW0U2tra/3GlKoOGIkfVAXQ3aG+ggy +xv+OG9289FW7aIG3302d6e++bbYn/jia3uqGuauew+ZTotEqep5CUbM847FWdfzg +F9Lfgkhw+ubbBcLeK9do3MCNMKNqb36KyU0dqzkMvgLiNTq42gq5MxmLfrRN0A3z +nq84kyrgRUbvE9BM9cDbyJfCqtB/9qy3p4PLDBWd/ck/ohpR2Q2WuL+1ZhMAE4f9 +KSBK6uMW6qhssIEcMEeNfi7BPWF5fY6yBy2hAgMBAAGjdDByMAwGA1UdEwEB/wQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRUxTgbiAvS2HCnJYUL61n8W6+K7jA2 +BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEE +AYMcghIDMA0GCSqGSIb3DQEBDQUAA4IBgQCWLrSlGhwoR2KZacNXJg+Uw2BeZMys +bLbpi027bDX3tFD1vMsgKRE3vtcb4Yy+3YMcmilgUvm04sBQLTU8soR/NYsdwc9G +nL/Kbhk4p/RYLhkqn/lGqEVdRBHCJiTRMZPh6bP2nomtsr0U4RnksbK+nk+/BrpO +yhT5A6UlTo6cso2mS4Z7XrlopYU7hjoTAj7Aj7awkCziJ62zYCw7J49TI39D32Vt +Kfw3DMNKJlczBUAU0Tprp73pFTXvtP3RGzBUy9u18yrNwgwQNgG1uxuAwuJT+zxX +yXo+/ZkobXBMe8894OhH5t1GBHVCdOKuqabFG66GgrSr0kRDl8NoYeQ1Fdyo4M91 +LSpXnex+xuvAfPJ+pTCR0DCBt++4HGQLFHcBAaImyR84BBuh/6RRt5259+3n8NEX +Ke2qX/pYMfU2ZQ1cNKo+OZaxmd4FAs1R0IARK4fd9W38ds5OFXVDDn+VP3I4VTqF +viyoBNQKWxURuuVyW6cipOj2fUJimphlGzs= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert.der b/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..d801d3e Binary files /dev/null and b/test_key/rsa4096/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa4096/end_responder.cert b/test_key/rsa4096/end_responder.cert new file mode 100644 index 0000000..c25b44f --- /dev/null +++ b/test_key/rsa4096/end_responder.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCzCCA3OgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTM0OVoX +DTMzMDMzMTA1NTM0OVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjgbgwgbUwDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFKnY2u95gJUGh/5ezb8nFTjP0R1b +MDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3 +ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkw +GgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMA0GCSqGSIb3DQEBDQUAA4IBgQCd +uNUqygY77RHYIwbAIQxJ7prpPQecyhBEuT4xLEfPmLDL7VSr3tQIFAp1YPe9iuuP +RXya6jE3bvMC0UYqgcewlWtMnm+JsrEQSsaFnS7ZqR9tLqxdWrCGDP3nQ3sVYPmT +tl6Sta28nXL1EhWVMcipD19OtOD8hs1qB0uRFsNWVXGMS5Zf319UQJJkk5Yqq59r +QPZqTLkebktYSFffJFI2DfZwoa3iFVcJen3u4O5oDkfh81JfPjgXLv/O+dEiBDeG +Yin9bQkJ2FIZWh8sCEwUPWWMKzW3ETBSTVQBID3OMO3oE+XruXoUH5Th4k5j4d6N +iUgv4lEfxByEDnhgWWlLqs1vXglsGGx/OSBFpgSMoVTgDMZOGveYgPt5gwmNWED0 +TCXV9z5AByR2WD8vMkGFvBdqxY1Nm0Mtt9n6ywUstO2sluw4u4sQJv/0PlufGXtz +RdPPbeUGE/aNNz5XhnRVqTfC6blQM1HlyVmFkcsiWUNArNCwvHagk1UGv7SsNLA= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder.cert.der b/test_key/rsa4096/end_responder.cert.der new file mode 100644 index 0000000..36309bc Binary files /dev/null and b/test_key/rsa4096/end_responder.cert.der differ diff --git a/test_key/rsa4096/end_responder.key b/test_key/rsa4096/end_responder.key new file mode 100644 index 0000000..3c9de4c --- /dev/null +++ b/test_key/rsa4096/end_responder.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDPVXmOFdP6W/jv +tcdHC2aLjqm+1xU8LiKwyunzjPVUSg3RstmgvFFOJtypdy8NekiQjfU5nvtwCNpG +42L0W2CQIxrG0XVyOBx9kIMIITrmz1OIBD9U/YBRsqh/3nsEY3KxqkYiuSY6FT4o +1+hi3SOccNCvQzIU3qlPwkLsdSuBqQHQ/MyUDCspOqTn6MXC3XfjKdcG9fYDVv61 +2OvrM/BrvGCkc36ZGwxB98oG/sdk8zKXUVpUvtTNwknCLnIRUyKLW+JLVNFxk9M3 +xMjiIbyHTllXvdAL0MGC2ty/ki3YQimd58JJvN+ZZC+SCV2whIk0FAzeCMg3ymfO +caHJtGbVtKCyhFTr9GIV1cGGvW5uQ89jzQbGgcV0H1TH1ZJwYbFUp0S0X3b6Jt/d +pQQwFnT2gCKvMAsKUjNGy2PChXgZPAvQWwP8qlkAsZ5SaIhWNR3/SmiBwhA+iPlQ +kf+FhrsjGlqudeWqOvQ42yQE0W4iEem4fwKQCc2VLZ5I72zP1RM/euaLmSuI+/Qc +gJ/pLyj8aKJmGm2+nEcozwhH4hAcHP8xfElVTfJOEKJum9cCISm6jM739ixcJlRL +A1LTqi6AfTNo6l9Oarb0ZRiETL4KmCRLNxnN/kw0aqkA2jJ3FuG1E36KZ5BiyRRX +mYjYvmCSsm5G9WbRozQwA2V2pdS1zwIDAQABAoICABhc7eSxUfBoYE8iqCEECO+7 +Ot0O/xLMRQ1LOsSAus9FyGvsvT/zAQbS8DkFpUTLKr25wKgds2QN1kBgNd+K4UTu +qxXTxR4/07E5ivwok3hNwn4IKbz98NcozD4CUahJW0/fN1CbOw+2MVCxVkBPxgB7 +DTqbBcaIB5M0u5J3jj41Mt5w5kU7TNMSbhBGPP7R8WWDJB5QRrFLxrBtpgNEXir6 +vsx0OdsZ343c5SN/SsTlAvve9mNg7TakbvBfbs30W+nOSUAa3mWfPkGeYRCZcELi +BQOXbVwGEscimq/0KGjyFVvVwPHTPN8Uc7aQXS8B0/GHrZ9lnslXgm0y0xUVmsOp +qxWmevgWzdH5qiCCs3XX7QHj1yk5EuV2b7ZdF2sAFKVZ+rpHeeKdPBKg9RQ/rzwa +wiTqPFA6jgaLCX0/NiCt9u4DtzipY/Y2y4WVFzftF5IvI3NiedtdKVFK34Xu1UGS +je1cpxI5IVDneb9ThMycAlxMcinJG0mV2NrqKRwu1EjoFjE5oiTEvw0gZikjscAK +cqjHiPpQnjStqtoJbARM6IJP79ty7jTmeLuWgEOSP5S9tyB8osWmxRWaFmwKL+OL +h3LE7bi7KGMIBwuYKNTrdR1zp60fnLqAgzRYtgrn5iyRPwltTRFjWl9JgfA662B5 +fSuGhUUGAFn6YOzNy4fBAoIBAQD2T5RyJslkaDqpZzBs//G3vuxpDyqq2yYTIWnl +H7myiB8w3Lu7PqUJQoJAYhpefhd08M3DhS8Alj/Mtu+2olKZ7Wdmv/5gGhUJpihL +8cBmbXut4RnjdHhdusfCOz5K/47PMOXfIeJ/xWGsQl6kyqP1sbhDQ4aSjImVcNmP +pA5xa0EmSMkQMY6A1G6ThTfNeqZMwRhktqOCZQVEUO44EAd/Vv2dTe11ZKQ5H54X +OmbXu60/Q24ffvTeHSdoiaHg0Q3YHFVVPt0tQNhBiNrk8a8Cl5cpCdZ1kMKGs6fG +WypYVaW62YAYspwtuKKEwS9UUBYiu6tgjkt29v5hwqq8skahAoIBAQDXfWLDrJqC +N3YzKgezmEEQRkI9q5TIyINB+ykfoFo4bkWygX4raVyw45pR7WfE0Cada4ina773 +pqGR8CFFIeebUSv/030F6W8jV0IxLAJmbLk9u8/JsONr8dQ7enQIRGRDu8mAHL23 +8MaaIhRdPCM7Va0ZuU/DvhSQv/FAeBCKolFbmAgmiIq5OgL6hlBijImgyxcNhD/6 ++9vPFAo9ISp96rahxu+uetqWAJoXpeD6rGpFq8bhLGFHysGiKjmUC+m9F2Yk6szk +u78c4HyWfV7/oAUskx2ez2L043fc4NpkbJjbM22xFM1oVsyncCSmFH7tDeQX7XLi +GI+3abaUDlZvAoIBAQCOnjeK/TBhRgSpcAlXI7+XMCJ9Fn4THf9m1lMVixAf8rd0 +uGqvGa+/s9XtZ6BzFDmKyZ+q1WQIx/a7FzWnn0eKvy6/DO5CQPfrdV0h1CIebMhP +PuaZkCfdxbfCnEEOdfj/uQVw9JLMfsJ2VpuseXUEX1odAG1cT6mecRBYHpsKSxsX +Cs/442jq6ZX5LwrHnHvMN4ZjUmlMqCerjdzRc16T+g+xVJzo+1Qni0ojkvpXceD3 +n5iU/hLUxTa7Te4AWavVdVpnmJXCjShqkc6E//fg3Vt2NK8Ltb0c98tui/zx1u22 +ShfktQ6/XogjrCQ2goS+qcGqj9ncUVmry2bHCcbhAoIBAGEjpaz9lt0ScVcZIEWm +YdYbResU+MoWEY1h0iTunR0JIKQaWazqHx2iTEOYWInRJ0cZXY3TNU/gLr9h1y2Z +3hUW31XAmYBbvXzZ7f3Kj/5qDos0qbOK6MoVRo3VYo8DfYtHEMuOqTtM78o1iKaK +4Hrz4UdSURG1EwI5dGCSfypvh2tZunrcXGSpMQSMHZp/Ld9tDaRLNKhIdsr/hqoN +1GDUuKVuz0cBHJ44AT6dyTBXHsTvbYS+A9BgJy+aB0CkqiZScPo9WkXWGI3E6ITS +WUu0cACrBNQ9OqeYDsVkGy7gAXv20ADelsXtMu5b0DmJzbnA5Eyg/oPLfKW6otJV +MEMCggEASPzFZP+ITm4kLWw7HloATXw5/kdyMzwPLHKJsJF/zWd9EZn/9eBH7D71 +nVAwtYp3PqIhOyz7uahVMQpw4LKUF7ZHUJlv1R/TOFqmUL1LeIFj497gbDSVK/PH +fiWIFTXcWTL4dvBGsmHUO5ukpclyhoUqZ++7JfFKfZEXggGiiz/iWRSZgUAkQxgs +2GbsdEotnmno2Td+03BQSMzkiNixbGT3HhJhIpOz4evCF3egJMQjyzFaBiLa7mwM +M37rvVtrCxDZhwv+1KCoIOyVOdYgEMxWxs7br4qrGBwesFtvss/hTEnf/rXjlSk5 +Mvg+GLINtKXoFw6judXVhkESqa14EA== +-----END PRIVATE KEY----- diff --git a/test_key/rsa4096/end_responder.key.der b/test_key/rsa4096/end_responder.key.der new file mode 100644 index 0000000..8fec1d1 Binary files /dev/null and b/test_key/rsa4096/end_responder.key.der differ diff --git a/test_key/rsa4096/end_responder.key.pub b/test_key/rsa4096/end_responder.key.pub new file mode 100644 index 0000000..67ccce4 --- /dev/null +++ b/test_key/rsa4096/end_responder.key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz1V5jhXT+lv477XHRwtm +i46pvtcVPC4isMrp84z1VEoN0bLZoLxRTibcqXcvDXpIkI31OZ77cAjaRuNi9Ftg +kCMaxtF1cjgcfZCDCCE65s9TiAQ/VP2AUbKof957BGNysapGIrkmOhU+KNfoYt0j +nHDQr0MyFN6pT8JC7HUrgakB0PzMlAwrKTqk5+jFwt134ynXBvX2A1b+tdjr6zPw +a7xgpHN+mRsMQffKBv7HZPMyl1FaVL7UzcJJwi5yEVMii1viS1TRcZPTN8TI4iG8 +h05ZV73QC9DBgtrcv5It2EIpnefCSbzfmWQvkgldsISJNBQM3gjIN8pnznGhybRm +1bSgsoRU6/RiFdXBhr1ubkPPY80GxoHFdB9Ux9WScGGxVKdEtF92+ibf3aUEMBZ0 +9oAirzALClIzRstjwoV4GTwL0FsD/KpZALGeUmiIVjUd/0pogcIQPoj5UJH/hYa7 +IxparnXlqjr0ONskBNFuIhHpuH8CkAnNlS2eSO9sz9UTP3rmi5kriPv0HICf6S8o +/GiiZhptvpxHKM8IR+IQHBz/MXxJVU3yThCibpvXAiEpuozO9/YsXCZUSwNS06ou +gH0zaOpfTmq29GUYhEy+CpgkSzcZzf5MNGqpANoydxbhtRN+imeQYskUV5mI2L5g +krJuRvVm0aM0MANldqXUtc8CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/test_key/rsa4096/end_responder.key.pub.der b/test_key/rsa4096/end_responder.key.pub.der new file mode 100644 index 0000000..9c47259 Binary files /dev/null and b/test_key/rsa4096/end_responder.key.pub.der differ diff --git a/test_key/rsa4096/end_responder.req b/test_key/rsa4096/end_responder.req new file mode 100644 index 0000000..c51fabc --- /dev/null +++ b/test_key/rsa4096/end_responder.req @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEbzCCAlcCAQAwKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNwb25k +ZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V0/pb ++O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme+3AI +2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5JjoV +PijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb19gNW +/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU0XGT +0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4IyDfK +Z85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRfdvom +392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHCED6I ++VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZK4j7 +9ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2LFwm +VEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopnkGLJ +FFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGgADANBgkqhkiG9w0BAQ0FAAOC +AgEADTHOhFcUh3iNR9Zl+B06ELIKBkKijLuINWcUKvAjMg6lXYgdrEK62AoIhoZU +S7oScUJCIrTBMsfz188qJ3PpcZRW2LrWka0l3tRm5Fw8IkCk4fDoun/PPItvsby+ +lAK30gtqgicyN59zvnXdlx2mGH2Vd/2L2cGe99myVl47pb/oFCx97JHpvqqwdv04 +sPuGJ7/NZU4uDACVf17E3hLjFaYJOKZy7ESmEcY01nr63u2VDd+d6BaB+fIYc1gS +8eMxfEu2Y4TkM8zkyFYd/ej/oj3SVDYmHeXYyuj79RyU1+eYTbObsSzc2aj4Zi8F +ZqQUQQ9/H0O/bNm9bgWZYhWfD9ueDoLbxJv5lPnaN5lg/70wD9k82RbL2A5fELJu +UIodqnyoq4Kf/Jl4yz5M97uXNBg7zcfmU/pF7Tn+tMZP2axaplWuGutvbJZbmTl4 +nnphWjNZfsxGDjirSJ/zLaSD+o/ggMOaQXZpoiAjzwchhjLhoitIXpO2fwOUvemq +8sHy2bSv1MEQGL3K3NF8PQsxl+ubm1lXhCLNPpduUrt+W3zQohU0vqAE4DFZpABo +3n7LI1hG0m0GpWRa3qiSY/F3vqRzR3ZxcfFErGfwd13N5ocz11t5Mi8PkpWsi5r4 +pLDHwRUc4xjGK+pSfKNFtXOVNq4cIF3ocgamrjJRy1F+i7k= +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa4096/end_responder1.cert b/test_key/rsa4096/end_responder1.cert new file mode 100644 index 0000000..46859d6 --- /dev/null +++ b/test_key/rsa4096/end_responder1.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCzCCA3OgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA1NTQwOFoX +DTMzMDMzMTA1NTQwOFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjgbgwgbUwDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFKnY2u95gJUGh/5ezb8nFTjP0R1b +MDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3 +ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkw +GgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMA0GCSqGSIb3DQEBDQUAA4IBgQCT +DxGiiF+c9NWQnZdT2v7mN8w84f8yJrnEj2WlnpWCAShRw3uSVbWV9Bf7E//ye1sE +oriotl84ubHOkM6/6wdZDzgM/Ybff58XDiMXmqaBhgvBJHFqWwr/BuB7IA5p42bz +204XOYoHA8S0vTzQ00BdsouvzE/dTxo+m/0XQ1gRnyKAAOpS0vOLKElnNGeH+SRI +Sv7RSs3YnRAa15EqzWXFussPw7OScAkZL/Xz59cqJ/aMdjoSXoQLMqdanZBVv9RS +EIuMuGxJJ0E7H7D9q5ATveUF7ej1l7eH9oV3M7oHKsRKAyrAU2t/h+YFOOSbE6oB +5Wz8u1OaiBVwf+VtrTd/LBBwUOxLKHTGRryGVR5jVniXfLRfL58bN0/ddEQU2f45 +DJDp75TuHClnbdviyrK+8TmXxUKuIgP9+0mTW5RRbmxdamvQqiW4yP7lO4vmOFAG +osT302gT4kDkPNvv3Ao3hmMdy3JiV4WlD1igji5gMTN6qHoum5teKyPSd1VlJkM= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder1.cert.der b/test_key/rsa4096/end_responder1.cert.der new file mode 100644 index 0000000..d72d8ed Binary files /dev/null and b/test_key/rsa4096/end_responder1.cert.der differ diff --git a/test_key/rsa4096/end_responder_alias.cert b/test_key/rsa4096/end_responder_alias.cert new file mode 100644 index 0000000..5283898 --- /dev/null +++ b/test_key/rsa4096/end_responder_alias.cert @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCA1qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjMwOVoX +DTMzMDYwMzA4MjMwOVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjgZ8wgZwwDwYDVR0TAQH/ +BAUwAwEB/zALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFKnY2u95gJUGh/5ezb8nFTjP +0R1bMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0 +NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH +AwkwDQYJKoZIhvcNAQENBQADggGBAGwYK2afqKfzALo9Fz6kvqEVHaaTm1P0i7GI +EIIMSid/4zczU9lIEhp37av/IZxUohvleQnOxktyeHs52+kGbt6xrM9cYDWgm1Or +6XZ/Sfy9VIh15H/Fga+Q9uqbECR1ePQ3lzORmZByiO++ed84d8coUsJZRlV4UqRX +mUI4cqtyfvtS8aF4RzV9Pfm4miJd+w01J4R09HbXGMqp44e0nObKJTotodUX/T5A +wAu7IALZNW7oHKBxr4ZF+aoGhiVrnvy5DtCKxBMTmrrbIfdMzAWWq3CSd8FCoGvC +a5zL0CdoT1VxqMVCkVata1/c21U8MaapPoOqoImqEhdztsqj9qPkmFYycvFeVRs1 +YElLhdAGHcc1TDkUO+hXCBbtjvuZSqhVagdfo1A5IBEXrWrZPnT/7Kp4RN97P/sU +rCUa4s/7NhjF8Pgf4RxvG1Z3osJEHkBxlDS4GZo26dnECtAvzorrtbNz6h74fEPm +5fnWEQJWI0bfPuXXPwjx/hDj3IaAiA== +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder_alias.cert.der b/test_key/rsa4096/end_responder_alias.cert.der new file mode 100644 index 0000000..f2f1a37 Binary files /dev/null and b/test_key/rsa4096/end_responder_alias.cert.der differ diff --git a/test_key/rsa4096/end_responder_with_spdm_req_eku.cert b/test_key/rsa4096/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..9963096 --- /dev/null +++ b/test_key/rsa4096/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBCDANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDcwN1oX +DTMzMDQxNzAxMDcwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjdDByMAwGA1UdEwEB/wQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSp2NrveYCVBof+Xs2/JxU4z9EdWzA2 +BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEE +AYMcghIEMA0GCSqGSIb3DQEBDQUAA4IBgQBI8u0Q39OqGnZ/AA32eT2KpsI9SNsx +8qCtSXdhFNb23W5igqVEo6/uowbyTeflJtnQYp3ElQ1X4meIcNkogtZCc0OhxHPW +f3kVgBhnUEVZxje6ZIZpGf2xk+F647QB8tLXwcDtc+6gk27/oMRjcQewMoH2x1cY +O8RBFfSxLWo165L8Fe0wATVcGxrLe6Klxq+whr/MaMWAOd2TlG0L2drEjgOC/vTc ++zSQ6Fef57FSb/GWg6o0Kr+LsBkjKFGzWxe8FOomo9w8JJrAoO9HCrJnGIfhbL2T +fnyvDdBBw8WgXG2+Hx6LjCLgXXLbhwDj86v6uhppt50BL4D8AsZI+2DXttpwylMR ++7b4bwXaZVnmv96RaXDV3CdS0Kg0bY8vmxuDnx8ipT4KqYLyQo7wzqjdMYHvruvM +bgDNgiRGHDkDsBb8ymokorMX298UGbP50ahDvGF81BEzhLq9W9IRrVcjjTY4MlRb +qUyETnfRUZO5/unbO3uefDTiRRTrN3BTsis= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder_with_spdm_req_eku.cert.der b/test_key/rsa4096/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..2dccb74 Binary files /dev/null and b/test_key/rsa4096/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert b/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..365f172 --- /dev/null +++ b/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCAzugAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDcwNVoX +DTMzMDQxNzAxMDcwNVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjgYAwfjAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUqdja73mAlQaH/l7NvycVOM/RHVsw +QgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCQYKKwYB +BAGDHIISAwYKKwYBBAGDHIISBDANBgkqhkiG9w0BAQ0FAAOCAYEAu6r38oPlNtkI +bAz1dHf+u0FMU4mWwMUc9MnfZ3MeXGmhVZBc4AjhgFbtpovXmLAPuSfZfHKHmfC/ +ZO8xVDmkCiU2UDSYd2cnpkeT/Tzq9uPDqp/Y/ncRIcZXAnqN4QhXFN7rLUDeP+y9 +YEFf8ZaBHlXqPm3Yz07HPFos2rZqjTPDrEstE/dqFXmKI+oOZq8reEZ0KFLq/qN1 +5LbLjRjlCWunCBkB4gX7cijlY6df0y5lsb4tV0PzDdFxzNJR3O6OGj1AxBHlt9DB +J5kQasZxHbcVKYfuW+XE96YlV8nO9TaDtl2/Vi6QNMPni82H9bORS5Kqk6+APftG +5liVtkyzUs36KtvmZdjMTebkSe0klkXuYLKD/oVmsGXQzeGq4kUADEs6X0kkgz0p +DYDOdIgXfLyRCMM+lAyyp7NY+kPNEwbLNJMbI5llZRpmh0QxzCgEPr6zn7YPCGjh +z78ZP+j/iDSRoGcNnyDXV68f3OIr9d5gsXikaUOd1W966AfxqqNE +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..2caf90a Binary files /dev/null and b/test_key/rsa4096/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert b/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..e707434 --- /dev/null +++ b/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBCTANBgkqhkiG9w0BAQ0FADAtMSswKQYDVQQDDCJETVRG +IGxpYnNwZG0gUlNBIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMDcxMFoX +DTMzMDQxNzAxMDcxMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFJTQSByZXNw +b25kZXIgY2VydDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9VeY4V +0/pb+O+1x0cLZouOqb7XFTwuIrDK6fOM9VRKDdGy2aC8UU4m3Kl3Lw16SJCN9Tme ++3AI2kbjYvRbYJAjGsbRdXI4HH2QgwghOubPU4gEP1T9gFGyqH/eewRjcrGqRiK5 +JjoVPijX6GLdI5xw0K9DMhTeqU/CQux1K4GpAdD8zJQMKyk6pOfoxcLdd+Mp1wb1 +9gNW/rXY6+sz8Gu8YKRzfpkbDEH3ygb+x2TzMpdRWlS+1M3CScIuchFTIotb4ktU +0XGT0zfEyOIhvIdOWVe90AvQwYLa3L+SLdhCKZ3nwkm835lkL5IJXbCEiTQUDN4I +yDfKZ85xocm0ZtW0oLKEVOv0YhXVwYa9bm5Dz2PNBsaBxXQfVMfVknBhsVSnRLRf +dvom392lBDAWdPaAIq8wCwpSM0bLY8KFeBk8C9BbA/yqWQCxnlJoiFY1Hf9KaIHC +ED6I+VCR/4WGuyMaWq515ao69DjbJATRbiIR6bh/ApAJzZUtnkjvbM/VEz965ouZ +K4j79ByAn+kvKPxoomYabb6cRyjPCEfiEBwc/zF8SVVN8k4Qom6b1wIhKbqMzvf2 +LFwmVEsDUtOqLoB9M2jqX05qtvRlGIRMvgqYJEs3Gc3+TDRqqQDaMncW4bUTfopn +kGLJFFeZiNi+YJKybkb1ZtGjNDADZXal1LXPAgMBAAGjdDByMAwGA1UdEwEB/wQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSp2NrveYCVBof+Xs2/JxU4z9EdWzA2 +BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJBgorBgEE +AYMcghIDMA0GCSqGSIb3DQEBDQUAA4IBgQA7YUFekLdz/ie6PRWtfxJzLzMDOKNM +E3uZYE/0OTkUKEMMXiN+zXeNppc8Kt4miQrFin1GtHZVEuq3hNcIm0Wu0gp+je3Z +pPJ3WJAdz6r9lkEDSDqf3/gekzStYcPBQqqm4L5+7UN971/WOf+h2R4xHxJIFfWK +WBjKcAAFwUqhWZZSYYDYYVtu4Q8UZNB4XE8vd4+kZ/ZH3dUrPsePIbioVsISjAu0 +5rmPEsnFeCrySa2T6K5xBRB1EEjbCTO5dB8yrABnt00ohwMUwehY2aaf7sWYg4tT +I9L27L9Bxh1nfpA6A4w1Mq4cezW+TZKZM4LkSn7pK4kxL9IGpES8ipHt4D+iMutb +U8Vhpg1LIY1boMBXCbOisbsAbtYiAmDK9SWzbX1ihXmlMzKrgw+a8uC60/3MG0wA +e9DbZ8owVHBql5pMQAQCfC86ZWmH72TZA7p7AoAo3xpwouWQzgIuToHH/rPck91Y +UUHiDmrRAYUy9CVtqjIKlI18zzyrALZl7DA= +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert.der b/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..c9301e3 Binary files /dev/null and b/test_key/rsa4096/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/rsa4096/inter.cert b/test_key/rsa4096/inter.cert new file mode 100644 index 0000000..9608998 --- /dev/null +++ b/test_key/rsa4096/inter.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQ0FADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzA1NTM0OVoXDTMzMDMzMTA1NTM0OVow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALxRDz0oG4WPoBCgLRdTfdYx +XtxQfn7SAN8qd4QacTdAgIsXN/fjaSt8seR3wmNRQws2rGfwtRxVUsxPzTm5HZT1 +QRqu6xxby6WpolvNX5ask0Asgg/kMbF8NXxCgvJnVVtnPkonNBiEn80HMl2gCklw +ZUie1lewq+oCV6I7+QaGMsiCGEWQ5qqBpRO8GV8RuKz+jYB11/x3edBqSvb+h5MB +cQeFBcviwa12HnILCJIkWAltB+d11dbmTbWRXP4uZuRf/Zsrt0p8+V7lOvFcHMCM +bCpMlcZo6gFfYwEo6qz9iPc3cLhRhFPwu7NIIsWGcZZrlnbSHFt6IeJ9W3vO98GA +WbHKZOBWAIwY8nD4GmOTCOQhZWMlnBF7WIVNvEVL6IgAG7UHaTfG9oM0XCh4lmp4 +SdoulRA3xanHfx0Pq9bUgVbskrCtb2YVjlA6kRAbMpFTOZ5uoKgCn9/3TrDvbfcw +qpF/LH5zsQirNycYmF15NrxKTIUv38i3JZu4ugoF0wIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUSNjHbM+1sLLhkOl0E5pzzWtd +h50wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +DQUAA4ICAQB2Fmq9WgYESEu65pdmCRaSIdHTv0Fx28aTkd5TOIPVg6o7Hr4PEQEr +4LVF8ACoOevhhg+4eM38HgxSiXcZIxh4ZenlF6F8POPaRdN96Qv3YDVwG9PhPsDr +0Ox3i66TrUL2XcDapqBuXenFav+O/jHdJ3PQo5WxGgdp3ecyVX/JBH2aMt03LV3W +NWnY7Yx2Sp0wTEkpVOTT7Xo4wGIuYtZE61lZ8i/Kw5oQS9ob8Qi9pF4b4ZNq5OCa +OEjVzVb2p2ZO0UyAT6ddY1bMEs80SWuPSHreof9hhm2xlrA1rLulvkQr2ePEM0Gx +DNCDolnFZbJLo4LGDb9Y5u7cYPYH8o8yb5ApspitX9MQjGeymR/x+mGGRE5iBhfr +waAOtaMAmunZVUaEfGZ/ZZt9K0QGw9+V1DNUke9nVNZwAQYC4Ob3kLX6jXHyKuvm +zJz1HsGeoFcD/uZm0qg36Jht2YH3XDguU2kf2lH8S2MfxNkVqUXzOGf9hsKtfoV6 +MZNnBPLaLYBwZi829MDjPYWJAeowL9P3e7MDbICF58MZygt+MsgtQLu62Wa2h6OA +lEOclKhzxHMf22DGfOG3kYt9LWU7qpk475gJ9vFQuEicUpN0JOXZLh0UYyFxW0+h ++tATU0W3MDSUxmCoFny3Rmmp4dGTZq10lBg7REkq2WeEm7JMcUtD0w== +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/inter.cert.der b/test_key/rsa4096/inter.cert.der new file mode 100644 index 0000000..d46d6d6 Binary files /dev/null and b/test_key/rsa4096/inter.cert.der differ diff --git a/test_key/rsa4096/inter.key b/test_key/rsa4096/inter.key new file mode 100644 index 0000000..5cf967b --- /dev/null +++ b/test_key/rsa4096/inter.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQC8UQ89KBuFj6AQ +oC0XU33WMV7cUH5+0gDfKneEGnE3QICLFzf342krfLHkd8JjUUMLNqxn8LUcVVLM +T805uR2U9UEaruscW8ulqaJbzV+WrJNALIIP5DGxfDV8QoLyZ1VbZz5KJzQYhJ/N +BzJdoApJcGVIntZXsKvqAleiO/kGhjLIghhFkOaqgaUTvBlfEbis/o2Addf8d3nQ +akr2/oeTAXEHhQXL4sGtdh5yCwiSJFgJbQfnddXW5k21kVz+LmbkX/2bK7dKfPle +5TrxXBzAjGwqTJXGaOoBX2MBKOqs/Yj3N3C4UYRT8LuzSCLFhnGWa5Z20hxbeiHi +fVt7zvfBgFmxymTgVgCMGPJw+BpjkwjkIWVjJZwRe1iFTbxFS+iIABu1B2k3xvaD +NFwoeJZqeEnaLpUQN8Wpx38dD6vW1IFW7JKwrW9mFY5QOpEQGzKRUzmebqCoAp/f +906w7233MKqRfyx+c7EIqzcnGJhdeTa8SkyFL9/ItyWbuLoKBdMCAwEAAQKCAYAj +wRQunV3UVveiEHdfNWfv8gG7vMC3nXGy7WIxv799KQ7+2ZKzywadzhgMc7yBlN0w +1NmZBnesgHqu9fvWGNKIBKSux0U2ZitdMb70xSJ//hYbGhg7oizZMOcKx6oLEhl/ +uDN4ascWXJ/mkpY6dnddiCyCxD2X+qA5VuaCk/ZtCa+8qA6prqBNAT5xZ8Y9aaTx +m4cMO9OdSKXlLzk6egsNmzl1nwkBs/Tn1URkjLm83Y+lgoD8rj/ChIl+jrHkRLTK +2rxda+e2wwAoSaZWtiKQTFEQ3SyONzl/27DsRDeiijdBag60z/tz37zEGRobvF25 +CQ7RpxoYrEzJxj/cl5Gsc+tNdlPDoDAtXvCGZKQGM/xyggGmDKiYv87KSeT0oDgy +XfRovEPBUOwAXFMqaSfLv60I6qFJmYZq6mcYOc0NjvOwVkre65AQ1+ZHpsWtmXYe +J8Md5Wjut1QVmuEfknVnsRLm+OakNcNoiguZdKJsqxk2IK26ks8ABZ6rZyzJiqEC +gcEA6o5Ml9/MW12TUKRR74ZiO4qkuqFnW7+ZTNKzxWa+TaUoB3ziUSqzZtPSHpoL +ftXLH+C/ebENk0HHhrFGDOhDAjbArsY0Z0BdhJ649QrPAzGTGFU+SaHbv25E9jQ7 +5CBApS5IKxwitGaL7IEdl7kN6KK8Pq1Bp5ezNjAgySgMO4x2llKFtRgtgK7Vh+H2 +x/WO19QiwkGAqwG8YBnUwJTw97o0BzHs8IG243n8aGt98FatvHk0ywJ+csH2axLZ +FLcDAoHBAM2IjAnaoq+I7GWSoxcEIzCyqkzKhvVVW/+j2umatvu1lQ66Hym5gIGR +10C92KHXxa+T1WPV0w+aZfXvemmqpUZ3QYttqqlvGIkMhvAKyeiezEH20dHumS5D +z+5NGHiZurg1SOXujqIPD5r+TrNjS+tTt1wvlPO/0S6sNaPwZxp9PaViC2TpfKWF +MGhzUj7Id2/iw4sK+deDOlfJwGpdY8AwO34QeyzUF1qXtG275fTz1cavf6PyTQ2w +k7aWMpSU8QKBwANVACuMJ1gI7UXQ/8T6ULztzEdGcbRw9VmNCLa+Lefmd7obgQ+M +Hr5QNgTvRUiI+vi59Z5h8IJuBcqZDBi01/bZFkWlVSs+U9XFd3UrsSMneiJ3W4oq +PXfrthkVRuCHwMNX8/iAztFnP4edkfEM1PDAFxKA3ZTm58nWRzD0W7Ag37Jk+7dF +36ebVDc484uFpoDUZ6YAzjYfsTBgTZBqzT2HrKOJhwcnoJR8sCQ/mqtmX9N0mVZk +86znqnt86g6MRwKBwAFIXd9d3vALgbYskRn+q52NL+TkyqzTSIyy4BXfIk811eVO +og0nnDayy04bITP5XcF3wbgqyHNrekFrqi7oorlq2xzcpVkDWXrZeiobVyE9hHbQ +7IRL4ebZA34wOvvdsb2ej4Ln1zoJsAY+mg0ijIG+dwF7Romy48JPztHkGTCgIXdb +wkhx8JYz25Z7ScMciypGlwPSILcImZ+cobfIN2wmoOhrf+lKtY6aLcUVjBzYPLhN +thU22OZB+NoF2/DzcQKBwDfH/Bf+2vx3SiOa5k4FKW/Dc5fkjuZGq+fyFXKu7jgc +AkzDCnggLWChyGD1OX4//E+M2snHRLz8kICu+m50fN9ZNWljc4wZ8v1tZxobxVEl +2oEIIKitzAo4uT5bFUt33qB7Z6sm4bVCn23Bne47KA3g479h3Bt6MAcSEC4//MK/ +PMqBVSWPO4BuD0+4yy9QYQHl9DrcBt1LxHCqjNl42gQFyIP7pLcQGl4NjHEgM/cT +ygGAoBgFhPnYz9uXdskaLQ== +-----END PRIVATE KEY----- diff --git a/test_key/rsa4096/inter.req b/test_key/rsa4096/inter.req new file mode 100644 index 0000000..b1b7487 --- /dev/null +++ b/test_key/rsa4096/inter.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDcjCCAdoCAQAwLTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1l +ZGlhdGUgY2VydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALxRDz0o +G4WPoBCgLRdTfdYxXtxQfn7SAN8qd4QacTdAgIsXN/fjaSt8seR3wmNRQws2rGfw +tRxVUsxPzTm5HZT1QRqu6xxby6WpolvNX5ask0Asgg/kMbF8NXxCgvJnVVtnPkon +NBiEn80HMl2gCklwZUie1lewq+oCV6I7+QaGMsiCGEWQ5qqBpRO8GV8RuKz+jYB1 +1/x3edBqSvb+h5MBcQeFBcviwa12HnILCJIkWAltB+d11dbmTbWRXP4uZuRf/Zsr +t0p8+V7lOvFcHMCMbCpMlcZo6gFfYwEo6qz9iPc3cLhRhFPwu7NIIsWGcZZrlnbS +HFt6IeJ9W3vO98GAWbHKZOBWAIwY8nD4GmOTCOQhZWMlnBF7WIVNvEVL6IgAG7UH +aTfG9oM0XCh4lmp4SdoulRA3xanHfx0Pq9bUgVbskrCtb2YVjlA6kRAbMpFTOZ5u +oKgCn9/3TrDvbfcwqpF/LH5zsQirNycYmF15NrxKTIUv38i3JZu4ugoF0wIDAQAB +oAAwDQYJKoZIhvcNAQENBQADggGBAHJgmKmNIbgFOTdl7r+vtOT2ExiHMwCRutAi +olc6EEravLkcQFKbffXVziaPPA9fskUD/ZBDMHDxbgfRRMOEYcXrSXAcGTWbJbV5 +OynmHHVRuVIWmzspGG0sj+4zE2hMHTTGJUdAJvH2/8Ty5xCkxE4T5UF+1Gannn7h +rngCtqRYb2Hx2Y8dds/ELgCmyw7Gg3imXDd6O7G28SAE0Q2pGsr1nfMHxRQW6eTB +S0nkntQMxsAOwC3Ndl/1OsgEZ0t1fIL+qm6UfBIDmVSDqf+hVf6++gP+2uEZH+1e +HYpGINAT8pI2M9ugTG38njL377AVlo9jlTHAD5uWTs/k54DeT5FKqtzvsuvoJmJT +eQGkRVkkVYMqSXx6FBEv3615SQ5VzDrE7/lPupITPDvQihkMe+a8d3N3VgrvNeQP +lP1wwRXIiw6hjV+ohKBTtt3pSi8nIMWY89QHgQV2DkmyVHMNkQfri6PcXKrqajfl +hfLi2FGJAlH16i5fTpqNSH+ZlQxB3w== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/rsa4096/inter1.cert b/test_key/rsa4096/inter1.cert new file mode 100644 index 0000000..793a684 --- /dev/null +++ b/test_key/rsa4096/inter1.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQ0FADAeMRwwGgYDVQQDDBNETVRG +IGxpYnNwZG0gUlNBIENBMB4XDTIzMDQwMzA1NTQwOFoXDTMzMDMzMTA1NTQwOFow +LTErMCkGA1UEAwwiRE1URiBsaWJzcGRtIFJTQSBpbnRlcm1lZGlhdGUgY2VydDCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALxRDz0oG4WPoBCgLRdTfdYx +XtxQfn7SAN8qd4QacTdAgIsXN/fjaSt8seR3wmNRQws2rGfwtRxVUsxPzTm5HZT1 +QRqu6xxby6WpolvNX5ask0Asgg/kMbF8NXxCgvJnVVtnPkonNBiEn80HMl2gCklw +ZUie1lewq+oCV6I7+QaGMsiCGEWQ5qqBpRO8GV8RuKz+jYB11/x3edBqSvb+h5MB +cQeFBcviwa12HnILCJIkWAltB+d11dbmTbWRXP4uZuRf/Zsrt0p8+V7lOvFcHMCM +bCpMlcZo6gFfYwEo6qz9iPc3cLhRhFPwu7NIIsWGcZZrlnbSHFt6IeJ9W3vO98GA +WbHKZOBWAIwY8nD4GmOTCOQhZWMlnBF7WIVNvEVL6IgAG7UHaTfG9oM0XCh4lmp4 +SdoulRA3xanHfx0Pq9bUgVbskrCtb2YVjlA6kRAbMpFTOZ5uoKgCn9/3TrDvbfcw +qpF/LH5zsQirNycYmF15NrxKTIUv38i3JZu4ugoF0wIDAQABo14wXDAMBgNVHRME +BTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUSNjHbM+1sLLhkOl0E5pzzWtd +h50wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB +DQUAA4ICAQCFoywB4HNFt+owsAPmdBYywkCfO57xlp2NHb9vO23035+5mKNmN4ur +rzpUMb1RKgA5XYH5JgUCnKYR0DUOG9QPb7D6JQj7o8JRSwsXsUQ1VcJO6JS/xGkP +qbTXQHDmMmL6fYfJAMSwtZxuS9u0U3mh77lUuCGYR2eEmNFBaOrEllgwRbJkDgfV +BRPUSM53M3ac7YFXrcmFmrBuYdYvkwAofXU+P/SY9hflXgRW+ujGv2uZ1mEs7nGN +PrZknTvQsLDiIh8u0lTNPkkqmE7BkRsC6bosmLn/xrcPgn5zBvxGOrYkI/47ugw7 ++wlxdwcvgi29ZvUy/aME67Ot+ZkoPzdt/tKDlP1h1iCwzLqv6Y1BLHom/ZBn0Csu +wHqD+FcoRkHR0cF1qqKgPRRdYGCL57JTR7cmEsh0yctqKynihQ1ORgqLgOwNujl5 +yHyXfvbZfUGGm+2C2tJeCaqVHHy1GJFid7oINEy9WlBr1jzXpfYE6sZC7MHaGp0F +IMIJYX8c5e2cNkaJRLIh0vlgUxV+AYP43raSvDyRNxzRLZ2P2YMUvoUT/RGb1AZZ +bnIA93p3fIKEJ4w4OcnLvJ8PRDSi3Ws6ImCdJhnbS8wJnbX4eFFP6WfEYCghYGLK +ZI9K8mf3zhXrAJXrQr8xFRUF5Dcmt1ca6KOwhqZCOnMqnAtX+qrP9w== +-----END CERTIFICATE----- diff --git a/test_key/rsa4096/inter1.cert.der b/test_key/rsa4096/inter1.cert.der new file mode 100644 index 0000000..8be70a6 Binary files /dev/null and b/test_key/rsa4096/inter1.cert.der differ diff --git a/test_key/sm2/bundle_requester.certchain.der b/test_key/sm2/bundle_requester.certchain.der new file mode 100644 index 0000000..c710400 Binary files /dev/null and b/test_key/sm2/bundle_requester.certchain.der differ diff --git a/test_key/sm2/bundle_requester.certchain1.der b/test_key/sm2/bundle_requester.certchain1.der new file mode 100644 index 0000000..76afb64 Binary files /dev/null and b/test_key/sm2/bundle_requester.certchain1.der differ diff --git a/test_key/sm2/bundle_responder.certchain.der b/test_key/sm2/bundle_responder.certchain.der new file mode 100644 index 0000000..2c888ed Binary files /dev/null and b/test_key/sm2/bundle_responder.certchain.der differ diff --git a/test_key/sm2/bundle_responder.certchain1.der b/test_key/sm2/bundle_responder.certchain1.der new file mode 100644 index 0000000..19119c5 Binary files /dev/null and b/test_key/sm2/bundle_responder.certchain1.der differ diff --git a/test_key/sm2/bundle_responder.certchain_alias.der b/test_key/sm2/bundle_responder.certchain_alias.der new file mode 100644 index 0000000..9d90a11 Binary files /dev/null and b/test_key/sm2/bundle_responder.certchain_alias.der differ diff --git a/test_key/sm2/ca.cert b/test_key/sm2/ca.cert new file mode 100644 index 0000000..dd906fe --- /dev/null +++ b/test_key/sm2/ca.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkDCCATegAwIBAgIUdikKDsSuph9Zq5deiE4x7IB+NDgwCgYIKoZIzj0EAwIw +HjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFNNMiBDQTAeFw0yMzA0MDMwNjAwMTla +Fw0zMzAzMzEwNjAwMTlaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBTTTIgQ0Ew +WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATsoLjCdGWv/gIFJlAhFEkMsjuXZznV +dZ5aL15yyXhk8IL1BwGjVoSmwgtoWxAqALfBAOOgdD2QjlufLs2VORPso1MwUTAd +BgNVHQ4EFgQUHXzKkSC1EidZqIibB9YyvzPiOnIwHwYDVR0jBBgwFoAUHXzKkSC1 +EidZqIibB9YyvzPiOnIwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE +AiApI0F7YPAsYjjy0UQe5r7Ss4lo+r/pP6ApBce1X/GaeQIgG6POckuQYOLtz8Ps +h0jORA7zCDerNszsHxwOMbFcDkc= +-----END CERTIFICATE----- diff --git a/test_key/sm2/ca.cert.der b/test_key/sm2/ca.cert.der new file mode 100644 index 0000000..4d47921 Binary files /dev/null and b/test_key/sm2/ca.cert.der differ diff --git a/test_key/sm2/ca.key b/test_key/sm2/ca.key new file mode 100644 index 0000000..928a0f2 --- /dev/null +++ b/test_key/sm2/ca.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqgRzPVQGCLQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJiwB4k1hXTJ/00bsNbs8l/s6TILguMU3xdWIGhSCSpFoAoGCCqBHM9V +AYItoUQDQgAE7KC4wnRlr/4CBSZQIRRJDLI7l2c51XWeWi9ecsl4ZPCC9QcBo1aE +psILaFsQKgC3wQDjoHQ9kI5bny7NlTkT7A== +-----END EC PRIVATE KEY----- diff --git a/test_key/sm2/ca1.cert b/test_key/sm2/ca1.cert new file mode 100644 index 0000000..864af61 --- /dev/null +++ b/test_key/sm2/ca1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkDCCATegAwIBAgIUevpE9AHpqj3dPum84GLMWLpFf1EwCgYIKoZIzj0EAwIw +HjEcMBoGA1UEAwwTRE1URiBsaWJzcGRtIFNNMiBDQTAeFw0yMzA0MDMwNjAwMjla +Fw0zMzAzMzEwNjAwMjlaMB4xHDAaBgNVBAMME0RNVEYgbGlic3BkbSBTTTIgQ0Ew +WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAS/QP1lHf1gYSoZtgoyR+YytDqsMh9T +8Nxny3wTvY/hU0ZFs/NLPOAbSiVKWto96xbx4Lb5Z32U3GOcCbWtbtF5o1MwUTAd +BgNVHQ4EFgQU93PB+Z9nHrc5OPdchQNxXeg5udowHwYDVR0jBBgwFoAU93PB+Z9n +Hrc5OPdchQNxXeg5udowDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBE +AiA+r61KoZ16OGW6O1RqZiocqSMkgHynaYVKSco6txHn+QIgA4wKneGmlKiyqggy +XWV/8T7YUJHR/sVnccU5L/cuTCI= +-----END CERTIFICATE----- diff --git a/test_key/sm2/ca1.cert.der b/test_key/sm2/ca1.cert.der new file mode 100644 index 0000000..95c6f7f Binary files /dev/null and b/test_key/sm2/ca1.cert.der differ diff --git a/test_key/sm2/ca1.key b/test_key/sm2/ca1.key new file mode 100644 index 0000000..9cf94d1 --- /dev/null +++ b/test_key/sm2/ca1.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqgRzPVQGCLQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKk2vPfK8fExVBRZ4CwMSlQEv33HNZRc3rPEzMXBwK2ooAoGCCqBHM9V +AYItoUQDQgAEv0D9ZR39YGEqGbYKMkfmMrQ6rDIfU/DcZ8t8E72P4VNGRbPzSzzg +G0olSlraPesW8eC2+Wd9lNxjnAm1rW7ReQ== +-----END EC PRIVATE KEY----- diff --git a/test_key/sm2/ca1.key.der b/test_key/sm2/ca1.key.der new file mode 100644 index 0000000..24c4cf3 Binary files /dev/null and b/test_key/sm2/ca1.key.der differ diff --git a/test_key/sm2/end_requester.cert b/test_key/sm2/end_requester.cert new file mode 100644 index 0000000..b8f5bef --- /dev/null +++ b/test_key/sm2/end_requester.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/zCCAaWgAwIBAgIBAjAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNzA5MjEwN1oXDTMz +MDYwNDA5MjEwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXF1c2V0 +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABGVJBS2XwRfLbh/3IloW +ooESP/mVe/yHlLXnTvcwKj+2k8wR8TqVw5GcXF0I+uCVaaMx9gmeRXR81dLVu6rz +pIKjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFHUB +vGQceDjxW+fssVlZ+bA4M4bWMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZB +Q01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoG +CCqGSM49BAMCA0gAMEUCIB1waU3WaEcTY23+16y18QRvnOitYhgxfKnmtAvaOOkW +AiEA4n5Lbwln0wX6sDGaZn3wnQo5HXsHQ2ci8nKFLl0/zhM= +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_requester.cert.der b/test_key/sm2/end_requester.cert.der new file mode 100644 index 0000000..b66d822 Binary files /dev/null and b/test_key/sm2/end_requester.cert.der differ diff --git a/test_key/sm2/end_requester.key b/test_key/sm2/end_requester.key new file mode 100644 index 0000000..855b323 --- /dev/null +++ b/test_key/sm2/end_requester.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqgRzPVQGCLQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMBpUPwSPWVjF7RDnkZ73M6S7cMSBpZSaC1UkmrJ/hWzoAoGCCqBHM9V +AYItoUQDQgAEZUkFLZfBF8tuH/ciWhaigRI/+ZV7/IeUtedO9zAqP7aTzBHxOpXD +kZxcXQj64JVpozH2CZ5FdHzV0tW7qvOkgg== +-----END EC PRIVATE KEY----- diff --git a/test_key/sm2/end_requester.key.der b/test_key/sm2/end_requester.key.der new file mode 100644 index 0000000..c17aee6 Binary files /dev/null and b/test_key/sm2/end_requester.key.der differ diff --git a/test_key/sm2/end_requester.key.p8 b/test_key/sm2/end_requester.key.p8 new file mode 100644 index 0000000..a14b786 Binary files /dev/null and b/test_key/sm2/end_requester.key.p8 differ diff --git a/test_key/sm2/end_requester.key.pub b/test_key/sm2/end_requester.key.pub new file mode 100644 index 0000000..30d9aea --- /dev/null +++ b/test_key/sm2/end_requester.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEZUkFLZfBF8tuH/ciWhaigRI/+ZV7 +/IeUtedO9zAqP7aTzBHxOpXDkZxcXQj64JVpozH2CZ5FdHzV0tW7qvOkgg== +-----END PUBLIC KEY----- diff --git a/test_key/sm2/end_requester.key.pub.der b/test_key/sm2/end_requester.key.pub.der new file mode 100644 index 0000000..58b5b0e Binary files /dev/null and b/test_key/sm2/end_requester.key.pub.der differ diff --git a/test_key/sm2/end_requester.req b/test_key/sm2/end_requester.req new file mode 100644 index 0000000..9ce5c48 --- /dev/null +++ b/test_key/sm2/end_requester.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHlMIGMAgEAMCoxKDAmBgNVBAMMH0RNVEYgbGlic3BkbSBTTTIgcmVxdXNldGVy +IGNlcnQwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARlSQUtl8EXy24f9yJaFqKB +Ej/5lXv8h5S15073MCo/tpPMEfE6lcORnFxdCPrglWmjMfYJnkV0fNXS1buq86SC +oAAwCgYIKoZIzj0EAwIDSAAwRQIgZzlynLOI3KqfHhDXmaoPWgGxdTmGukFrmZRG +Yh98fZwCIQCRN9ihBJdGZl9ioFf0LejyNrwxpi5Isbdi3bpzZz85Lg== +-----END CERTIFICATE REQUEST----- diff --git a/test_key/sm2/end_requester1.cert b/test_key/sm2/end_requester1.cert new file mode 100644 index 0000000..5be8560 --- /dev/null +++ b/test_key/sm2/end_requester1.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/zCCAaWgAwIBAgIBAjAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA2MDAyOVoXDTMz +MDMzMTA2MDAyOVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXF1c2V0 +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABGVJBS2XwRfLbh/3IloW +ooESP/mVe/yHlLXnTvcwKj+2k8wR8TqVw5GcXF0I+uCVaaMx9gmeRXR81dLVu6rz +pIKjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFHUB +vGQceDjxW+fssVlZ+bA4M4bWMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZB +Q01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoG +CCqGSM49BAMCA0gAMEUCIQC5mYYk8B1CUIXyJcglgbktWCzwhDjnW/UewJs12rYX +egIgZo65bnTo2T2FqNEtIbRZ4nZ0FLbAR+iaelYoB8ZNb1w= +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_requester1.cert.der b/test_key/sm2/end_requester1.cert.der new file mode 100644 index 0000000..5168505 Binary files /dev/null and b/test_key/sm2/end_requester1.cert.der differ diff --git a/test_key/sm2/end_requester_with_spdm_req_eku.cert b/test_key/sm2/end_requester_with_spdm_req_eku.cert new file mode 100644 index 0000000..bfeaecb --- /dev/null +++ b/test_key/sm2/end_requester_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBujCCAWCgAwIBAgIBBTAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjM1MloXDTMz +MDQxNzAxMjM1MlowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXF1c2V0 +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABGVJBS2XwRfLbh/3IloW +ooESP/mVe/yHlLXnTvcwKj+2k8wR8TqVw5GcXF0I+uCVaaMx9gmeRXR81dLVu6rz +pIKjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBR1Abxk +HHg48Vvn7LFZWfmwODOG1jA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMJBgorBgEEAYMcghIEMAoGCCqGSM49BAMCA0gAMEUCIEe+i/P+ +BrgdiB5LYga+8G0zEjU6NokL6SLLhNbX4FUxAiEAoCekYPfy7lP2kZUz+hy5knLi +5a4eLh3hugrNPNJjqLs= +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_requester_with_spdm_req_eku.cert.der b/test_key/sm2/end_requester_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..472aef4 Binary files /dev/null and b/test_key/sm2/end_requester_with_spdm_req_eku.cert.der differ diff --git a/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert b/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..e91c2a5 --- /dev/null +++ b/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxjCCAW2gAwIBAgIBBDAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjM0OVoXDTMz +MDQxNzAxMjM0OVowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXF1c2V0 +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABGVJBS2XwRfLbh/3IloW +ooESP/mVe/yHlLXnTvcwKj+2k8wR8TqVw5GcXF0I+uCVaaMx9gmeRXR81dLVu6rz +pIKjgYAwfjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUdQG8 +ZBx4OPFb5+yxWVn5sDgzhtYwQgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAwYKKwYBBAGDHIISBDAKBggqhkjOPQQD +AgNHADBEAiBESnw0Zv0Vq8BOUgZH47dsaqeD3q6V9FPZOSqs0Kv2hwIgNtz6fYUR +9Jj7ZMI1CVHyOs7vH7dkWzzbKER3MYr9/Wo= +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert.der b/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..163db32 Binary files /dev/null and b/test_key/sm2/end_requester_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/sm2/end_requester_with_spdm_rsp_eku.cert b/test_key/sm2/end_requester_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..55d3d96 --- /dev/null +++ b/test_key/sm2/end_requester_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuzCCAWCgAwIBAgIBBjAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjM1NFoXDTMz +MDQxNzAxMjM1NFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXF1c2V0 +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABGVJBS2XwRfLbh/3IloW +ooESP/mVe/yHlLXnTvcwKj+2k8wR8TqVw5GcXF0I+uCVaaMx9gmeRXR81dLVu6rz +pIKjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBR1Abxk +HHg48Vvn7LFZWfmwODOG1jA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMJBgorBgEEAYMcghIDMAoGCCqGSM49BAMCA0kAMEYCIQCIKFOT +aZc+a1dSkJ0Ju+lprgnsOjWZTbH98ZtP4Ik41QIhAIuvGBFfHp/Zhz62Z2h+BNm/ +ZvRO0jWWzXfq6TsfiE5t +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_requester_with_spdm_rsp_eku.cert.der b/test_key/sm2/end_requester_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..64f8af7 Binary files /dev/null and b/test_key/sm2/end_requester_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/sm2/end_responder.cert b/test_key/sm2/end_responder.cert new file mode 100644 index 0000000..668747d --- /dev/null +++ b/test_key/sm2/end_responder.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/jCCAaWgAwIBAgIBAzAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNzA5MjEwN1oXDTMz +MDYwNDA5MjEwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFICI +7J6WSUayY+xMtbLuBGuWKBqmMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZB +Q01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoG +CCqGSM49BAMCA0cAMEQCIF8YeR72a7vHIcnjLQOZlsoujuixtTyAqrikSK909Img +AiA5fj4ocXWFYyb70ea/qEpdPULEZolSLs5CpnAxEzeUQA== +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder.cert.der b/test_key/sm2/end_responder.cert.der new file mode 100644 index 0000000..23a4e70 Binary files /dev/null and b/test_key/sm2/end_responder.cert.der differ diff --git a/test_key/sm2/end_responder.key b/test_key/sm2/end_responder.key new file mode 100644 index 0000000..547ae5e --- /dev/null +++ b/test_key/sm2/end_responder.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqgRzPVQGCLQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMV1Lc3lIwwgedw65M80jR/bQDHfX2lhsAFDJzbp9A3DoAoGCCqBHM9V +AYItoUQDQgAE2L/q2b5MwpOs1Z17Na5XjMSZrQ0BOokSP3/rQlerWcZEPHyFyW4X +kTEdtAhBtDVwa3WU78Br+wZQSckxHscBmg== +-----END EC PRIVATE KEY----- diff --git a/test_key/sm2/end_responder.key.der b/test_key/sm2/end_responder.key.der new file mode 100644 index 0000000..3f6077d Binary files /dev/null and b/test_key/sm2/end_responder.key.der differ diff --git a/test_key/sm2/end_responder.key.p8 b/test_key/sm2/end_responder.key.p8 new file mode 100644 index 0000000..e67836f Binary files /dev/null and b/test_key/sm2/end_responder.key.p8 differ diff --git a/test_key/sm2/end_responder.key.pub b/test_key/sm2/end_responder.key.pub new file mode 100644 index 0000000..3656c3c --- /dev/null +++ b/test_key/sm2/end_responder.key.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE2L/q2b5MwpOs1Z17Na5XjMSZrQ0B +OokSP3/rQlerWcZEPHyFyW4XkTEdtAhBtDVwa3WU78Br+wZQSckxHscBmg== +-----END PUBLIC KEY----- diff --git a/test_key/sm2/end_responder.key.pub.der b/test_key/sm2/end_responder.key.pub.der new file mode 100644 index 0000000..e1261cd Binary files /dev/null and b/test_key/sm2/end_responder.key.pub.der differ diff --git a/test_key/sm2/end_responder.req b/test_key/sm2/end_responder.req new file mode 100644 index 0000000..1e0a582 --- /dev/null +++ b/test_key/sm2/end_responder.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHkMIGMAgEAMCoxKDAmBgNVBAMMH0RNVEYgbGlic3BkbSBTTTIgcmVzcG9uZGVy +IGNlcnQwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATYv+rZvkzCk6zVnXs1rleM +xJmtDQE6iRI/f+tCV6tZxkQ8fIXJbheRMR20CEG0NXBrdZTvwGv7BlBJyTEexwGa +oAAwCgYIKoZIzj0EAwIDRwAwRAIgVzGklYiKxFz/B+fMfVa5bJb8b9IQBqZPDfuy +/hp2+/sCIDMqAqxskm26z74ysyYH7bYdBe+KhYnoyLvWWhkfPL6l +-----END CERTIFICATE REQUEST----- diff --git a/test_key/sm2/end_responder1.cert b/test_key/sm2/end_responder1.cert new file mode 100644 index 0000000..64daa56 --- /dev/null +++ b/test_key/sm2/end_responder1.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/zCCAaWgAwIBAgIBAzAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQwMzA2MDAzMFoXDTMz +MDMzMTA2MDAzMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjgbgwgbUwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFICI +7J6WSUayY+xMtbLuBGuWKBqmMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAYDBZB +Q01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwkwGgYKKwYBBAGDHIISBgQMBgorBgEEAYMcghICMAoG +CCqGSM49BAMCA0gAMEUCIQCSJlcAelqgZT3BE0w4uZT2OA1uTPNaBUxhfdzXsvFj +1wIgCrY5+BXKK4soTZuheM8u/br3Ae7glwvnirbwKPTZU6E= +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder1.cert.der b/test_key/sm2/end_responder1.cert.der new file mode 100644 index 0000000..b6b975d Binary files /dev/null and b/test_key/sm2/end_responder1.cert.der differ diff --git a/test_key/sm2/end_responder_alias.cert b/test_key/sm2/end_responder_alias.cert new file mode 100644 index 0000000..7889172 --- /dev/null +++ b/test_key/sm2/end_responder_alias.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB5jCCAYygAwIBAgIBAzAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDYwNjA4MjU1N1oXDTMz +MDYwMzA4MjU1N1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjgZ8wgZwwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCBeAwHQYDVR0OBBYE +FICI7J6WSUayY+xMtbLuBGuWKBqmMDEGA1UdEQQqMCigJgYKKwYBBAGDHIISAaAY +DBZBQ01FOldJREdFVDoxMjM0NTY3ODkwMCoGA1UdJQEB/wQgMB4GCCsGAQUFBwMB +BggrBgEFBQcDAgYIKwYBBQUHAwkwCgYIKoZIzj0EAwIDSAAwRQIgNeOHRh7pDNKZ +q7sYNWE/wL2NFYNVtFclGY18sB4V7SICIQCxPoa1q99pMeTsN3iB7GE6ppfS70uK +3lcslhH1jsG7+Q== +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder_alias.cert.der b/test_key/sm2/end_responder_alias.cert.der new file mode 100644 index 0000000..5ae32ee Binary files /dev/null and b/test_key/sm2/end_responder_alias.cert.der differ diff --git a/test_key/sm2/end_responder_with_spdm_req_eku.cert b/test_key/sm2/end_responder_with_spdm_req_eku.cert new file mode 100644 index 0000000..7cc687d --- /dev/null +++ b/test_key/sm2/end_responder_with_spdm_req_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuTCCAWCgAwIBAgIBCDAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQwN1oXDTMz +MDQxNzAxMjQwN1owKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSAiOye +lklGsmPsTLWy7gRrligapjA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMJBgorBgEEAYMcghIEMAoGCCqGSM49BAMCA0cAMEQCIBrbqem+ +JK5XIQiQ+gSVrbreVJmfnFa3dBtupqfC1qy0AiB1HcAOAOZSTfPCJTkWODgeqsfF +qUxU8HlDcNeQdhdrAQ== +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder_with_spdm_req_eku.cert.der b/test_key/sm2/end_responder_with_spdm_req_eku.cert.der new file mode 100644 index 0000000..5ad82f5 Binary files /dev/null and b/test_key/sm2/end_responder_with_spdm_req_eku.cert.der differ diff --git a/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert b/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert new file mode 100644 index 0000000..6843114 --- /dev/null +++ b/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByDCCAW2gAwIBAgIBBzAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQwNFoXDTMz +MDQxNzAxMjQwNFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjgYAwfjAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUgIjs +npZJRrJj7Ey1su4Ea5YoGqYwQgYDVR0lAQH/BDgwNgYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDCQYKKwYBBAGDHIISAwYKKwYBBAGDHIISBDAKBggqhkjOPQQD +AgNJADBGAiEAmsmrx66pKc7uEuAUV+nuDaSDbmAiSX3VfWg3K15mBEUCIQCpJ/C0 +O37kLzhAgWgMYOiYaJT4hSay6TRaxTojf4YKyQ== +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert.der b/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert.der new file mode 100644 index 0000000..7f0fabc Binary files /dev/null and b/test_key/sm2/end_responder_with_spdm_req_rsp_eku.cert.der differ diff --git a/test_key/sm2/end_responder_with_spdm_rsp_eku.cert b/test_key/sm2/end_responder_with_spdm_rsp_eku.cert new file mode 100644 index 0000000..2558fc0 --- /dev/null +++ b/test_key/sm2/end_responder_with_spdm_rsp_eku.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuTCCAWCgAwIBAgIBCTAKBggqhkjOPQQDAjAtMSswKQYDVQQDDCJETVRGIGxp +YnNwZG0gU00yIGludGVybWVkaWF0ZSBjZXJ0MB4XDTIzMDQyMDAxMjQxMFoXDTMz +MDQxNzAxMjQxMFowKjEoMCYGA1UEAwwfRE1URiBsaWJzcGRtIFNNMiByZXNwb25k +ZXIgY2VydDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABNi/6tm+TMKTrNWdezWu +V4zEma0NATqJEj9/60JXq1nGRDx8hcluF5ExHbQIQbQ1cGt1lO/Aa/sGUEnJMR7H +AZqjdDByMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSAiOye +lklGsmPsTLWy7gRrligapjA2BgNVHSUBAf8ELDAqBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMJBgorBgEEAYMcghIDMAoGCCqGSM49BAMCA0cAMEQCIDPBnubm +/3D9Y2zs80fV7+pLkS3HN6228FCWbcvNvg8DAiASrXZ563GK2teKlCKqX0bgD4di +2W1Lw7cYv+rNek8kBQ== +-----END CERTIFICATE----- diff --git a/test_key/sm2/end_responder_with_spdm_rsp_eku.cert.der b/test_key/sm2/end_responder_with_spdm_rsp_eku.cert.der new file mode 100644 index 0000000..59d2b04 Binary files /dev/null and b/test_key/sm2/end_responder_with_spdm_rsp_eku.cert.der differ diff --git a/test_key/sm2/inter.cert b/test_key/sm2/inter.cert new file mode 100644 index 0000000..e19f4cf --- /dev/null +++ b/test_key/sm2/inter.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmDCCAT6gAwIBAgIBATAKBggqhkjOPQQDAjAeMRwwGgYDVQQDDBNETVRGIGxp +YnNwZG0gU00yIENBMB4XDTIzMDQwMzA2MDAxOVoXDTMzMDMzMTA2MDAxOVowLTEr +MCkGA1UEAwwiRE1URiBsaWJzcGRtIFNNMiBpbnRlcm1lZGlhdGUgY2VydDBZMBMG +ByqGSM49AgEGCCqBHM9VAYItA0IABJBRGUOz7/C7StvPCQDjpwHRbT63buDLj34d +r0g6DVHb6SGvkU1EW3OgTJnhM9ZY72cZw1+xSM91LVbDC9JvwEujXjBcMAwGA1Ud +EwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBQ+BUzMU1FrhRg8AjsoXeNL +AUvVQjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0E +AwIDSAAwRQIgc40igsLUmToRm0B4iv143CE3w9Ck+nRrjmhBE1mr2NACIQCxoqVJ +3vDLQNwUFLXXpaAJXCkJcfzOqeniFweIyauwiQ== +-----END CERTIFICATE----- diff --git a/test_key/sm2/inter.cert.der b/test_key/sm2/inter.cert.der new file mode 100644 index 0000000..040c902 Binary files /dev/null and b/test_key/sm2/inter.cert.der differ diff --git a/test_key/sm2/inter.key b/test_key/sm2/inter.key new file mode 100644 index 0000000..be86852 --- /dev/null +++ b/test_key/sm2/inter.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqgRzPVQGCLQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOqzfb2gLUVYpXQ3LLQ0XRS69Zlm3um+F+saXdQLg+ofoAoGCCqBHM9V +AYItoUQDQgAEkFEZQ7Pv8LtK288JAOOnAdFtPrdu4MuPfh2vSDoNUdvpIa+RTURb +c6BMmeEz1ljvZxnDX7FIz3UtVsML0m/ASw== +-----END EC PRIVATE KEY----- diff --git a/test_key/sm2/inter.req b/test_key/sm2/inter.req new file mode 100644 index 0000000..9eda187 --- /dev/null +++ b/test_key/sm2/inter.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHnMIGPAgEAMC0xKzApBgNVBAMMIkRNVEYgbGlic3BkbSBTTTIgaW50ZXJtZWRp +YXRlIGNlcnQwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAASQURlDs+/wu0rbzwkA +46cB0W0+t27gy49+Ha9IOg1R2+khr5FNRFtzoEyZ4TPWWO9nGcNfsUjPdS1WwwvS +b8BLoAAwCgYIKoZIzj0EAwIDRwAwRAIgDXHXjXrZfB9QIvBLk7q3DhjdA3LYz5vd +H3+w06Jh4IcCIBXEl3vVAEMZBfk8FXODIieQmtxRWw6HBP1kYMBZmAO/ +-----END CERTIFICATE REQUEST----- diff --git a/test_key/sm2/inter1.cert b/test_key/sm2/inter1.cert new file mode 100644 index 0000000..6f16d1a --- /dev/null +++ b/test_key/sm2/inter1.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmTCCAT6gAwIBAgIBATAKBggqhkjOPQQDAjAeMRwwGgYDVQQDDBNETVRGIGxp +YnNwZG0gU00yIENBMB4XDTIzMDQwMzA2MDAyOVoXDTMzMDMzMTA2MDAyOVowLTEr +MCkGA1UEAwwiRE1URiBsaWJzcGRtIFNNMiBpbnRlcm1lZGlhdGUgY2VydDBZMBMG +ByqGSM49AgEGCCqBHM9VAYItA0IABJBRGUOz7/C7StvPCQDjpwHRbT63buDLj34d +r0g6DVHb6SGvkU1EW3OgTJnhM9ZY72cZw1+xSM91LVbDC9JvwEujXjBcMAwGA1Ud +EwQFMAMBAf8wCwYDVR0PBAQDAgH+MB0GA1UdDgQWBBQ+BUzMU1FrhRg8AjsoXeNL +AUvVQjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0E +AwIDSQAwRgIhAL424gzAJurubQhu4NKN4hA8pC7O6kcGL5aAPqOmi+4FAiEAyZFx +TwRGIZ1XiRPEo/OfXVeuqaExQ1wZK88soBw/68U= +-----END CERTIFICATE----- diff --git a/test_key/sm2/inter1.cert.der b/test_key/sm2/inter1.cert.der new file mode 100644 index 0000000..80c0d0b Binary files /dev/null and b/test_key/sm2/inter1.cert.der differ diff --git a/test_key/spdm-emu-version.txt b/test_key/spdm-emu-version.txt new file mode 100644 index 0000000..aa140eb --- /dev/null +++ b/test_key/spdm-emu-version.txt @@ -0,0 +1 @@ +https://github.com/DMTF/spdm-emu/releases/tag/3.1.1 \ No newline at end of file diff --git a/test_key/spdm_requester_emu b/test_key/spdm_requester_emu new file mode 100644 index 0000000..9a3c178 Binary files /dev/null and b/test_key/spdm_requester_emu differ diff --git a/test_key/spdm_responder_emu b/test_key/spdm_responder_emu new file mode 100644 index 0000000..9cce307 Binary files /dev/null and b/test_key/spdm_responder_emu differ diff --git a/test_key/test_csr/Readme.txt b/test_key/test_csr/Readme.txt new file mode 100644 index 0000000..818d2c5 --- /dev/null +++ b/test_key/test_csr/Readme.txt @@ -0,0 +1,4 @@ +==== NOTE ==== +Just an example to simulate the CSR generated by device through reset. + +openssl req -nodes -sha256 -newkey rsa:2048 -keyout rsa2048.key -outform DER -out cached.csr diff --git a/test_key/test_csr/cached.csr b/test_key/test_csr/cached.csr new file mode 100644 index 0000000..4d0a9d3 Binary files /dev/null and b/test_key/test_csr/cached.csr differ diff --git a/test_key/test_csr/rsa2048.key b/test_key/test_csr/rsa2048.key new file mode 100644 index 0000000..4663fb9 --- /dev/null +++ b/test_key/test_csr/rsa2048.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDB6wSdEupu7Sjv +H36/WJr9qu9ajaCGncQogvsSdIczdHVsvgdBP61Z6oys7OA6LEF905k1lbrAQ2Y9 +o6PwC6Mx2meR2K+VUtNIKvR/J6ZY4LQVvrfwVu6FtpQpcdwdv1Zxc7KlFuZkpmGt +d2ZSn+yXxLEegstpY6UqoWG1yiHh9r2YuGDmJpLZSxxmm0rhyVNcSdNfkXFlNACA +OtxJRWBs0LXjcQ6rJNOWjo7+f77rrvBdpU2WMUhm/gvE49HsZxYPfF6lfityv3xa +RoSiC3eKP2elQ26xwF2aQxvIpVdfO3cU/UJgXT2yrUz3/g8lwTKj9ut10CBIjKyk +ZfH4SEEJAgMBAAECggEBAI24TK7e3CYlfP0Fb4Q4JU2uVy8+wkqfknRpBUT/lK+u +NQM7/eFZwD8ug5D9rQHWxiZHNnlK7CkHGPmDVpRgbOxKSdb1HZ1r4q2jdvxW5eOe +lP4vXA5x+fAO90kyxUOYSnyvqaetjMOSNWCpGkbYSfjA7xD1VeO3x0XYm6hYCVsx +ymDb+POdzIcVEuKrUkKXiVurzefC4OFmEZg7etNyqqGL8EMTes+Lblu4MOf3dCoy +yqLkcWl1Ln3xXhH+IRsso9u+TE7yVSOa7s6eGz9NE+vFDmuGwR1VtEQEdFv7/b8+ +FeN/IfN21XWs/cMlLUF4lZR4tflEitm/DoeI17j4E4ECgYEA6eClhId+QUEiSihe +bcQ+hIXVuvg8fITUCC9cXQK/Z5sf4DM8z3EId6piJZBjlVCk63t+UDoyil4iSDhB +5eQYDGDKDu8Qi0TCCjGETYiBAvrTwm7GKGBW+oUQ3dmybuNhzfeJ2WiVN7/o2ISq +4kZJH+7CtbbAaux3n/rSKmsxvmUCgYEA1ELAPXp1LYWtys3rKscH0KjCSy7B0X3c +8IABaklQ6vw+caMDpBR98nCbWPeJWQRRcazsAGgPjAhCtPNRY8BmTda1LQyuV2oR +BE1giwHkqQV5RhzvNBSoMSF23l0uNL/GOG+QivKab9bKKo/JcgWfM/KSnAQarPH8 +dh1JjaU0i9UCgYEA2qku9xaa4zWbcowFpUi6Trq2ViVqn9ysRK7LAybjf2FYTwx4 +iVYb3Y3OT2KMyHhqiMOgGDAhOp7CHJWEfwRfu4ruv0GiTSNO66raEIdUX03VmE5r +NCrGh1jLqS+1FNnAgooyNrMB9+qUL4LyJbYi/hkDsFMZ2Z4WRduCjShFjMUCgYA8 +K5f3VYl2GBkGDo2FmNocSlqZmW2UB0vkWUUNbi8kDdFdwUo87xos6cL/21vyAglc +YhqcmuMdXRIb3YXK8zWNBzpgxOF/IjAkuhKOFUFOsKCKQZWFe/2Zv9TEgEGi7mIw +iV++I7unzImOuyftzK4uuarZ00gEkqxwhyjcoGJe6QKBgBfSqOEjls7/lwRrKMZc +i86pWnl1tglPOLnk2tGaMUi7G8mYAqSDhxCHEDpOYZEAdpPZYKm7ObWozb5alTbB +Cz0nQn+um8hUErGhfD/DB/RxESW8y/ak1+2+3qmfXVW9IXiBBvwt52OGelyG+wxH +da6U2RNyICP/Ioza1d+sTo22 +-----END PRIVATE KEY-----