Skip to content

Commit 0edfcd3

Browse files
committed
1.4 Add SET_KEY_PAIR_RESET_CAP support
fix #3133 Signed-off-by: Aaron Li <[email protected]>
1 parent 1c19b6d commit 0edfcd3

File tree

4 files changed

+259
-3
lines changed

4 files changed

+259
-3
lines changed

library/spdm_requester_lib/libspdm_req_handle_error_response.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,18 @@ libspdm_return_t libspdm_handle_simple_error_response(libspdm_context_t *spdm_co
131131
}
132132
}
133133

134+
if (last_spdm_request->header.request_response_code == SPDM_SET_KEY_PAIR_INFO) {
135+
if (error_code == SPDM_ERROR_CODE_RESET_REQUIRED) {
136+
if ((libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_14) &&
137+
!libspdm_is_capabilities_flag_supported(
138+
spdm_context, true, 0,
139+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_RESET_CAP)) {
140+
return LIBSPDM_STATUS_ERROR_PEER;
141+
}
142+
return LIBSPDM_STATUS_RESET_REQUIRED_PEER;
143+
}
144+
}
145+
134146
if (error_code == SPDM_ERROR_CODE_REQUEST_RESYNCH) {
135147
spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
136148
return LIBSPDM_STATUS_RESYNCH_PEER;

library/spdm_responder_lib/libspdm_rsp_set_key_pair_info_ack.c

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -276,9 +276,15 @@ libspdm_return_t libspdm_get_response_set_key_pair_info_ack(libspdm_context_t *s
276276
}
277277
}
278278

279-
need_reset = libspdm_is_capabilities_flag_supported(
280-
spdm_context, false, 0,
281-
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP);
279+
if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_14) {
280+
need_reset = libspdm_is_capabilities_flag_supported(
281+
spdm_context, false, 0,
282+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_RESET_CAP);
283+
} else {
284+
need_reset = libspdm_is_capabilities_flag_supported(
285+
spdm_context, false, 0,
286+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP);
287+
}
282288
result = libspdm_write_key_pair_info(
283289
spdm_context,
284290
key_pair_id,

unit_test/test_spdm_requester/set_key_pair_info.c

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ libspdm_return_t libspdm_requester_set_key_pair_info_test_send_message(
2121
case 0x1:
2222
case 0x2:
2323
case 0x3:
24+
case 0x4:
2425
return LIBSPDM_STATUS_SUCCESS;
2526
default:
2627
return LIBSPDM_STATUS_SEND_FAIL;
@@ -97,7 +98,26 @@ libspdm_return_t libspdm_requester_set_key_pair_info_test_receive_message(
9798
response);
9899
}
99100
return LIBSPDM_STATUS_SUCCESS;
101+
case 0x4: {
102+
spdm_error_response_t *spdm_response;
103+
size_t spdm_response_size;
104+
size_t transport_header_size;
105+
106+
transport_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE;
107+
spdm_response = (void *)((uint8_t *)*response + transport_header_size);
108+
spdm_response_size = sizeof(spdm_error_response_t);
109+
110+
spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_14;
111+
spdm_response->header.request_response_code = SPDM_ERROR;
112+
spdm_response->header.param1 = SPDM_ERROR_CODE_RESET_REQUIRED;
113+
spdm_response->header.param2 = 0;
100114

115+
libspdm_transport_test_encode_message(spdm_context, NULL, false,
116+
false, spdm_response_size,
117+
spdm_response, response_size,
118+
response);
119+
}
120+
return LIBSPDM_STATUS_SUCCESS;
101121
default:
102122
return LIBSPDM_STATUS_RECEIVE_FAIL;
103123
}
@@ -228,6 +248,47 @@ void libspdm_test_requester_set_key_pair_info_case3(void **state)
228248
assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
229249
}
230250

251+
/**
252+
* Test 4: Successful reset required error code
253+
* Expected Behavior: get a RESET_REQURED_PEER return code
254+
**/
255+
void libspdm_test_requester_set_key_pair_info_case4(void **state)
256+
{
257+
libspdm_return_t status;
258+
libspdm_test_context_t *spdm_test_context;
259+
libspdm_context_t *spdm_context;
260+
261+
uint8_t key_pair_id;
262+
uint8_t operation;
263+
uint16_t desired_key_usage;
264+
uint32_t desired_asym_algo;
265+
uint8_t desired_assoc_cert_slot_mask;
266+
267+
spdm_test_context = *state;
268+
spdm_context = spdm_test_context->spdm_context;
269+
spdm_test_context->case_id = 0x4;
270+
spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
271+
SPDM_VERSION_NUMBER_SHIFT_BIT;
272+
273+
spdm_context->connection_info.connection_state =
274+
LIBSPDM_CONNECTION_STATE_NEGOTIATED;
275+
spdm_context->connection_info.capability.flags |=
276+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP;
277+
spdm_context->connection_info.capability.flags |=
278+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_RESET_CAP;
279+
280+
key_pair_id = 1;
281+
operation = SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION;
282+
desired_key_usage = 0;
283+
desired_asym_algo = 0;
284+
desired_assoc_cert_slot_mask = 0;
285+
status = libspdm_set_key_pair_info(spdm_context, NULL, key_pair_id,
286+
operation, desired_key_usage, desired_asym_algo,
287+
desired_assoc_cert_slot_mask);
288+
289+
assert_int_equal(status, LIBSPDM_STATUS_RESET_REQUIRED_PEER);
290+
}
291+
231292
int libspdm_requester_set_key_pair_info_test_main(void)
232293
{
233294
const struct CMUnitTest spdm_requester_set_key_pair_info_tests[] = {
@@ -237,6 +298,8 @@ int libspdm_requester_set_key_pair_info_test_main(void)
237298
cmocka_unit_test(libspdm_test_requester_set_key_pair_info_case2),
238299
/* The response code is incorrect */
239300
cmocka_unit_test(libspdm_test_requester_set_key_pair_info_case3),
301+
/* Successful response with reset required error code */
302+
cmocka_unit_test(libspdm_test_requester_set_key_pair_info_case4),
240303
};
241304

242305
libspdm_test_context_t test_context = {

unit_test/test_spdm_responder/set_key_pair_info_ack.c

Lines changed: 175 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -503,6 +503,179 @@ void libspdm_test_responder_set_key_pair_info_ack_case3(void **state)
503503
assert_int_equal(spdm_response->header.param2, 0);
504504
}
505505

506+
/**
507+
* Test 4: Successful response to set key pair info with key pair id 4: need reset, spdm 1.4
508+
* Expected Behavior: get a RETURN_SUCCESS return code, and correct response message size and fields
509+
**/
510+
void libspdm_test_responder_set_key_pair_info_ack_case4(void **state)
511+
{
512+
/* reference case 2 */
513+
libspdm_return_t status;
514+
libspdm_test_context_t *spdm_test_context;
515+
libspdm_context_t *spdm_context;
516+
size_t response_size;
517+
uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
518+
spdm_set_key_pair_info_ack_response_t *spdm_response;
519+
520+
uint8_t key_pair_id;
521+
size_t set_key_pair_info_request_size;
522+
spdm_set_key_pair_info_request_t *set_key_pair_info_request;
523+
uint8_t *ptr;
524+
uint16_t desired_key_usage;
525+
uint32_t desired_asym_algo;
526+
uint8_t desired_assoc_cert_slot_mask;
527+
uint8_t desired_pqc_asym_algo_len;
528+
uint32_t desired_pqc_asym_algo;
529+
530+
set_key_pair_info_request = malloc(sizeof(spdm_set_key_pair_info_request_t) +
531+
sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) +
532+
sizeof(uint8_t) + sizeof(uint8_t) + sizeof(uint32_t));
533+
534+
spdm_test_context = *state;
535+
spdm_context = spdm_test_context->spdm_context;
536+
spdm_test_context->case_id = 0x4;
537+
spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
538+
SPDM_VERSION_NUMBER_SHIFT_BIT;
539+
spdm_context->connection_info.connection_state =
540+
LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
541+
spdm_context->connection_info.algorithm.base_asym_algo =
542+
m_libspdm_use_asym_algo;
543+
spdm_context->local_context.capability.flags = 0; /* clear flags */
544+
spdm_context->local_context.capability.flags |=
545+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP;
546+
spdm_context->local_context.total_key_pairs = libspdm_read_total_key_pairs();
547+
key_pair_id = 4;
548+
549+
/*set responder need reset, spdm 1.4 */
550+
spdm_context->local_context.capability.flags |=
551+
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_RESET_CAP;
552+
553+
response_size = sizeof(response);
554+
555+
/*Before reset, change: remove an association with slot*/
556+
set_key_pair_info_request_size =
557+
sizeof(spdm_set_key_pair_info_request_t) +
558+
sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t) +
559+
sizeof(uint8_t);
560+
561+
libspdm_zero_mem(set_key_pair_info_request, set_key_pair_info_request_size);
562+
set_key_pair_info_request->header.spdm_version = SPDM_MESSAGE_VERSION_14;
563+
set_key_pair_info_request->header.request_response_code = SPDM_SET_KEY_PAIR_INFO;
564+
set_key_pair_info_request->header.param1 = SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION;
565+
set_key_pair_info_request->header.param2 = 0;
566+
set_key_pair_info_request->key_pair_id = key_pair_id;
567+
568+
status = libspdm_get_response_set_key_pair_info_ack(
569+
spdm_context, set_key_pair_info_request_size,
570+
set_key_pair_info_request, &response_size, response);
571+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
572+
assert_int_equal(response_size, sizeof(spdm_error_response_t));
573+
spdm_response = (void *)response;
574+
assert_int_equal(spdm_response->header.request_response_code,
575+
SPDM_ERROR);
576+
assert_int_equal(spdm_response->header.param1,
577+
SPDM_ERROR_CODE_RESET_REQUIRED);
578+
assert_int_equal(spdm_response->header.param2, 0);
579+
580+
/*After reset, change: remove an association with slot*/
581+
status = libspdm_get_response_set_key_pair_info_ack(
582+
spdm_context, set_key_pair_info_request_size,
583+
set_key_pair_info_request, &response_size, response);
584+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
585+
assert_int_equal(response_size,
586+
sizeof(spdm_set_key_pair_info_ack_response_t));
587+
spdm_response = (void *)response;
588+
assert_int_equal(spdm_response->header.request_response_code,
589+
SPDM_SET_KEY_PAIR_INFO_ACK);
590+
591+
/*Before reset, erase: erase the keyusage and asymalgo*/
592+
set_key_pair_info_request->header.param1 = SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION;
593+
set_key_pair_info_request_size =
594+
sizeof(spdm_set_key_pair_info_request_t);
595+
status = libspdm_get_response_set_key_pair_info_ack(
596+
spdm_context, set_key_pair_info_request_size,
597+
set_key_pair_info_request, &response_size, response);
598+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
599+
assert_int_equal(response_size, sizeof(spdm_error_response_t));
600+
spdm_response = (void *)response;
601+
assert_int_equal(spdm_response->header.request_response_code,
602+
SPDM_ERROR);
603+
assert_int_equal(spdm_response->header.param1,
604+
SPDM_ERROR_CODE_RESET_REQUIRED);
605+
assert_int_equal(spdm_response->header.param2, 0);
606+
607+
/*After reset, erase: erase the keyusage and asymalgo*/
608+
status = libspdm_get_response_set_key_pair_info_ack(
609+
spdm_context, set_key_pair_info_request_size,
610+
set_key_pair_info_request, &response_size, response);
611+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
612+
assert_int_equal(response_size,
613+
sizeof(spdm_set_key_pair_info_ack_response_t));
614+
spdm_response = (void *)response;
615+
assert_int_equal(spdm_response->header.request_response_code,
616+
SPDM_SET_KEY_PAIR_INFO_ACK);
617+
618+
619+
/*Before reset, generate: generate a new key pair*/
620+
desired_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
621+
desired_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256;
622+
desired_pqc_asym_algo_len = sizeof(desired_pqc_asym_algo);
623+
desired_pqc_asym_algo = 0;
624+
desired_assoc_cert_slot_mask = 0x08;
625+
set_key_pair_info_request_size =
626+
sizeof(spdm_set_key_pair_info_request_t) +
627+
sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t) +
628+
sizeof(uint8_t) + sizeof(uint32_t);
629+
630+
libspdm_zero_mem(set_key_pair_info_request, set_key_pair_info_request_size);
631+
set_key_pair_info_request->header.spdm_version = SPDM_MESSAGE_VERSION_14;
632+
set_key_pair_info_request->header.request_response_code = SPDM_SET_KEY_PAIR_INFO;
633+
set_key_pair_info_request->header.param1 = SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION;
634+
set_key_pair_info_request->header.param2 = 0;
635+
set_key_pair_info_request->key_pair_id = key_pair_id;
636+
637+
ptr = (uint8_t*)(set_key_pair_info_request + 1);
638+
ptr += sizeof(uint8_t);
639+
640+
libspdm_write_uint16(ptr, desired_key_usage);
641+
ptr += sizeof(uint16_t);
642+
643+
libspdm_write_uint32(ptr, desired_asym_algo);
644+
ptr += sizeof(uint32_t);
645+
646+
*ptr = desired_assoc_cert_slot_mask;
647+
ptr += sizeof(uint8_t);
648+
649+
*ptr = desired_pqc_asym_algo_len;
650+
ptr += sizeof(uint8_t);
651+
652+
libspdm_write_uint32(ptr, desired_pqc_asym_algo);
653+
654+
status = libspdm_get_response_set_key_pair_info_ack(
655+
spdm_context, set_key_pair_info_request_size,
656+
set_key_pair_info_request, &response_size, response);
657+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
658+
assert_int_equal(response_size, sizeof(spdm_error_response_t));
659+
spdm_response = (void *)response;
660+
assert_int_equal(spdm_response->header.request_response_code,
661+
SPDM_ERROR);
662+
assert_int_equal(spdm_response->header.param1,
663+
SPDM_ERROR_CODE_RESET_REQUIRED);
664+
assert_int_equal(spdm_response->header.param2, 0);
665+
666+
/*After reset, generate: generate a new key pair*/
667+
status = libspdm_get_response_set_key_pair_info_ack(
668+
spdm_context, set_key_pair_info_request_size,
669+
set_key_pair_info_request, &response_size, response);
670+
assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
671+
assert_int_equal(response_size,
672+
sizeof(spdm_set_key_pair_info_ack_response_t));
673+
spdm_response = (void *)response;
674+
assert_int_equal(spdm_response->header.request_response_code,
675+
SPDM_SET_KEY_PAIR_INFO_ACK);
676+
free(set_key_pair_info_request);
677+
}
678+
506679
int libspdm_responder_set_key_pair_info_ack_test_main(void)
507680
{
508681
const struct CMUnitTest spdm_responder_set_key_pair_info_ack_tests[] = {
@@ -512,6 +685,8 @@ int libspdm_responder_set_key_pair_info_ack_test_main(void)
512685
cmocka_unit_test(libspdm_test_responder_set_key_pair_info_ack_case2),
513686
/* The collection of multiple sub-cases.*/
514687
cmocka_unit_test(libspdm_test_responder_set_key_pair_info_ack_case3),
688+
/* Success Case to set key pair info with reset, spdm 1.4*/
689+
cmocka_unit_test(libspdm_test_responder_set_key_pair_info_ack_case4),
515690
};
516691

517692
libspdm_test_context_t test_context = {

0 commit comments

Comments
 (0)