LCOV - code coverage report
Current view: top level - unit_test/test_spdm_responder - finish_rsp.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 100.0 % 1792 1792
Test Date: 2025-10-12 08:10:56 Functions: 100.0 % 32 32

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "spdm_unit_test.h"
       8              : #include "internal/libspdm_responder_lib.h"
       9              : #include "internal/libspdm_secured_message_lib.h"
      10              : 
      11              : #pragma pack(1)
      12              : 
      13              : typedef struct {
      14              :     spdm_message_header_t header;
      15              :     uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
      16              :     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
      17              : } libspdm_finish_request_mine_t;
      18              : 
      19              : typedef struct {
      20              :     spdm_message_header_t header;
      21              :     uint16_t opaque_data_size;
      22              :     uint8_t opaque_data[8];
      23              :     uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
      24              :     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
      25              : } libspdm_finish_request_mine_14_t;
      26              : 
      27              : #pragma pack()
      28              : 
      29              : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
      30              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
      31              : };
      32              : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
      33              : 
      34              : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
      35              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
      36              : };
      37              : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
      38              : 
      39              : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
      40              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
      41              : };
      42              : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
      43              : 
      44              : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
      45              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
      46              : };
      47              : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
      48              : 
      49              : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
      50              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
      51              : };
      52              : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
      53              : 
      54              : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
      55              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
      56              : };
      57              : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
      58              : 
      59              : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
      60              :     { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
      61              : };
      62              : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
      63              : 
      64              : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
      65              : 
      66              : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
      67              : 
      68              : static libspdm_th_managed_buffer_t th_curr;
      69              : 
      70           28 : void libspdm_secured_message_set_request_finished_key(
      71              :     void *spdm_secured_message_context, const void *key, size_t key_size)
      72              : {
      73              :     libspdm_secured_message_context_t *secured_message_context;
      74              : 
      75           28 :     secured_message_context = spdm_secured_message_context;
      76           28 :     LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
      77           28 :     libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
      78              :                      sizeof(secured_message_context->handshake_secret.request_finished_key),
      79              :                      key, secured_message_context->hash_size);
      80           28 : }
      81              : 
      82              : /**
      83              :  * Test 1: receiving a correct FINISH message from the requester with a
      84              :  * correct MAC, no signature (no mutual authentication), and 'handshake in
      85              :  * the clear'.
      86              :  * Expected behavior: the responder accepts the request and produces a valid
      87              :  * FINISH_RSP response message.
      88              :  **/
      89            1 : void rsp_finish_rsp_case1(void **state)
      90              : {
      91              :     libspdm_return_t status;
      92              :     libspdm_test_context_t *spdm_test_context;
      93              :     libspdm_context_t *spdm_context;
      94              :     size_t response_size;
      95              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
      96              :     spdm_finish_response_t *spdm_response;
      97              :     void *data1;
      98              :     size_t data_size1;
      99              :     uint8_t *ptr;
     100              :     uint8_t *cert_buffer;
     101              :     size_t cert_buffer_size;
     102              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     103              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     104              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     105              :     libspdm_session_info_t *session_info;
     106              :     uint32_t session_id;
     107              :     uint32_t hash_size;
     108              :     uint32_t hmac_size;
     109              : 
     110            1 :     spdm_test_context = *state;
     111            1 :     spdm_context = spdm_test_context->spdm_context;
     112            1 :     spdm_test_context->case_id = 0x1;
     113            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     114              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     115            1 :     spdm_context->connection_info.connection_state =
     116              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     117            1 :     spdm_context->connection_info.capability.flags |=
     118              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     119            1 :     spdm_context->local_context.capability.flags |=
     120              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     121            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     122              :         m_libspdm_use_hash_algo;
     123            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     124              :         m_libspdm_use_asym_algo;
     125            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     126              :         m_libspdm_use_measurement_spec;
     127            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     128              :         m_libspdm_use_measurement_hash_algo;
     129            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     130              :         m_libspdm_use_dhe_algo;
     131            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     132              :         m_libspdm_use_aead_algo;
     133            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     134              :                                                     m_libspdm_use_asym_algo, &data1,
     135              :                                                     &data_size1, NULL, NULL);
     136            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     137            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     138              :         data_size1;
     139            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     140            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     141              :         data_size1;
     142              : 
     143            1 :     libspdm_reset_message_a(spdm_context);
     144            1 :     spdm_context->local_context.mut_auth_requested = 0;
     145              : 
     146            1 :     session_id = 0xFFFFFFFF;
     147            1 :     spdm_context->latest_session_id = session_id;
     148            1 :     session_info = &spdm_context->session_info[0];
     149            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     150              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     151            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     152            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     153            1 :     libspdm_secured_message_set_request_finished_key(
     154              :         session_info->secured_message_context, m_dummy_buffer,
     155              :         hash_size);
     156            1 :     libspdm_secured_message_set_session_state(
     157              :         session_info->secured_message_context,
     158              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     159              : 
     160            1 :     spdm_context->connection_info.capability.flags |=
     161              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     162            1 :     spdm_context->local_context.capability.flags |=
     163              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     164            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     165            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     166            1 :     ptr = m_libspdm_finish_request1.signature;
     167            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     168            1 :     cert_buffer = (uint8_t *)data1;
     169            1 :     cert_buffer_size = data_size1;
     170            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     171              :                      cert_buffer_hash);
     172              :     /* transcript.message_a size is 0*/
     173            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     174              :     /* session_transcript.message_k is 0*/
     175            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     176              :                                   sizeof(spdm_finish_request_t));
     177            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     178            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     179              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     180            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     181              :                      request_finished_key, hash_size, ptr);
     182            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     183            1 :     response_size = sizeof(response);
     184            1 :     status = libspdm_get_response_finish(spdm_context,
     185              :                                          m_libspdm_finish_request1_size,
     186              :                                          &m_libspdm_finish_request1,
     187              :                                          &response_size, response);
     188            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     189            1 :     assert_int_equal(response_size,
     190              :                      sizeof(spdm_finish_response_t) + hmac_size);
     191            1 :     spdm_response = (void *)response;
     192            1 :     assert_int_equal(spdm_response->header.request_response_code,
     193              :                      SPDM_FINISH_RSP);
     194            1 :     free(data1);
     195            1 : }
     196              : 
     197              : /**
     198              :  * Test 2:
     199              :  * Expected behavior:
     200              :  **/
     201            1 : void rsp_finish_rsp_case2(void **state)
     202              : {
     203            1 : }
     204              : 
     205              : /**
     206              :  * Test 3: receiving a correct FINISH from the requester, but the
     207              :  * responder is in a Busy state.
     208              :  * Expected behavior: the responder accepts the request, but produces an
     209              :  * ERROR message indicating the Busy state.
     210              :  **/
     211            1 : void rsp_finish_rsp_case3(void **state)
     212              : {
     213              :     libspdm_return_t status;
     214              :     libspdm_test_context_t *spdm_test_context;
     215              :     libspdm_context_t *spdm_context;
     216              :     size_t response_size;
     217              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     218              :     spdm_finish_response_t *spdm_response;
     219              :     void *data1;
     220              :     size_t data_size1;
     221              :     uint8_t *ptr;
     222              :     uint8_t *cert_buffer;
     223              :     size_t cert_buffer_size;
     224              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     225              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     226              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     227              :     libspdm_session_info_t *session_info;
     228              :     uint32_t session_id;
     229              :     uint32_t hash_size;
     230              :     uint32_t hmac_size;
     231              : 
     232            1 :     spdm_test_context = *state;
     233            1 :     spdm_context = spdm_test_context->spdm_context;
     234            1 :     spdm_test_context->case_id = 0x3;
     235            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     236              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     237            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
     238            1 :     spdm_context->connection_info.connection_state =
     239              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     240            1 :     spdm_context->connection_info.capability.flags |=
     241              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     242            1 :     spdm_context->local_context.capability.flags |=
     243              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     244            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     245              :         m_libspdm_use_hash_algo;
     246            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     247              :         m_libspdm_use_asym_algo;
     248            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     249              :         m_libspdm_use_measurement_spec;
     250            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     251              :         m_libspdm_use_measurement_hash_algo;
     252            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     253              :         m_libspdm_use_dhe_algo;
     254            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     255              :         m_libspdm_use_aead_algo;
     256            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     257              :                                                     m_libspdm_use_asym_algo, &data1,
     258              :                                                     &data_size1, NULL, NULL);
     259            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     260            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     261              :         data_size1;
     262            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     263            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     264              :         data_size1;
     265              : 
     266            1 :     libspdm_reset_message_a(spdm_context);
     267            1 :     spdm_context->local_context.mut_auth_requested = 0;
     268              : 
     269            1 :     session_id = 0xFFFFFFFF;
     270            1 :     spdm_context->latest_session_id = session_id;
     271            1 :     session_info = &spdm_context->session_info[0];
     272            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     273              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     274            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     275            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     276            1 :     libspdm_secured_message_set_request_finished_key(
     277              :         session_info->secured_message_context, m_dummy_buffer,
     278              :         hash_size);
     279            1 :     libspdm_secured_message_set_session_state(
     280              :         session_info->secured_message_context,
     281              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     282              : 
     283            1 :     spdm_context->connection_info.capability.flags |=
     284              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     285            1 :     spdm_context->local_context.capability.flags |=
     286              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     287            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     288            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     289            1 :     ptr = m_libspdm_finish_request1.signature;
     290            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     291            1 :     cert_buffer = (uint8_t *)data1;
     292            1 :     cert_buffer_size = data_size1;
     293            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     294              :                      cert_buffer_hash);
     295              :     /* transcript.message_a size is 0*/
     296            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     297              :     /* session_transcript.message_k is 0*/
     298            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     299              :                                   sizeof(spdm_finish_request_t));
     300            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     301            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     302              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     303            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     304              :                      request_finished_key, hash_size, ptr);
     305            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     306            1 :     response_size = sizeof(response);
     307            1 :     status = libspdm_get_response_finish(spdm_context,
     308              :                                          m_libspdm_finish_request1_size,
     309              :                                          &m_libspdm_finish_request1,
     310              :                                          &response_size, response);
     311            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     312            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     313            1 :     spdm_response = (void *)response;
     314            1 :     assert_int_equal(spdm_response->header.request_response_code,
     315              :                      SPDM_ERROR);
     316            1 :     assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
     317            1 :     assert_int_equal(spdm_response->header.param2, 0);
     318            1 :     assert_int_equal(spdm_context->response_state,
     319              :                      LIBSPDM_RESPONSE_STATE_BUSY);
     320            1 :     free(data1);
     321            1 : }
     322              : 
     323              : /**
     324              :  * Test 4: receiving a correct FINISH from the requester, but the responder
     325              :  * requires resynchronization with the requester.
     326              :  * Expected behavior: the responder accepts the request, but produces an
     327              :  * ERROR message indicating the NeedResynch state.
     328              :  **/
     329            1 : void rsp_finish_rsp_case4(void **state)
     330              : {
     331              :     libspdm_return_t status;
     332              :     libspdm_test_context_t *spdm_test_context;
     333              :     libspdm_context_t *spdm_context;
     334              :     size_t response_size;
     335              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     336              :     spdm_finish_response_t *spdm_response;
     337              :     void *data1;
     338              :     size_t data_size1;
     339              :     uint8_t *ptr;
     340              :     uint8_t *cert_buffer;
     341              :     size_t cert_buffer_size;
     342              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     343              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     344              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     345              :     libspdm_session_info_t *session_info;
     346              :     uint32_t session_id;
     347              :     uint32_t hash_size;
     348              :     uint32_t hmac_size;
     349              : 
     350            1 :     spdm_test_context = *state;
     351            1 :     spdm_context = spdm_test_context->spdm_context;
     352            1 :     spdm_test_context->case_id = 0x4;
     353            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     354              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     355            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
     356            1 :     spdm_context->connection_info.connection_state =
     357              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     358            1 :     spdm_context->connection_info.capability.flags |=
     359              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     360            1 :     spdm_context->local_context.capability.flags |=
     361              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     362            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     363              :         m_libspdm_use_hash_algo;
     364            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     365              :         m_libspdm_use_asym_algo;
     366            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     367              :         m_libspdm_use_measurement_spec;
     368            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     369              :         m_libspdm_use_measurement_hash_algo;
     370            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     371              :         m_libspdm_use_dhe_algo;
     372            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     373              :         m_libspdm_use_aead_algo;
     374            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     375              :                                                     m_libspdm_use_asym_algo, &data1,
     376              :                                                     &data_size1, NULL, NULL);
     377            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     378            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     379              :         data_size1;
     380            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     381            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     382              :         data_size1;
     383              : 
     384            1 :     libspdm_reset_message_a(spdm_context);
     385            1 :     spdm_context->local_context.mut_auth_requested = 0;
     386              : 
     387            1 :     session_id = 0xFFFFFFFF;
     388            1 :     spdm_context->latest_session_id = session_id;
     389            1 :     session_info = &spdm_context->session_info[0];
     390            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     391              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     392            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     393            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     394            1 :     libspdm_secured_message_set_request_finished_key(
     395              :         session_info->secured_message_context, m_dummy_buffer,
     396              :         hash_size);
     397            1 :     libspdm_secured_message_set_session_state(
     398              :         session_info->secured_message_context,
     399              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     400              : 
     401            1 :     spdm_context->connection_info.capability.flags |=
     402              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     403            1 :     spdm_context->local_context.capability.flags |=
     404              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     405            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     406            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     407            1 :     ptr = m_libspdm_finish_request1.signature;
     408            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     409            1 :     cert_buffer = (uint8_t *)data1;
     410            1 :     cert_buffer_size = data_size1;
     411            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     412              :                      cert_buffer_hash);
     413              :     /* transcript.message_a size is 0*/
     414            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     415              :     /* session_transcript.message_k is 0*/
     416            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     417              :                                   sizeof(spdm_finish_request_t));
     418            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     419            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     420              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     421            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     422              :                      request_finished_key, hash_size, ptr);
     423            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     424            1 :     response_size = sizeof(response);
     425            1 :     status = libspdm_get_response_finish(spdm_context,
     426              :                                          m_libspdm_finish_request1_size,
     427              :                                          &m_libspdm_finish_request1,
     428              :                                          &response_size, response);
     429            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     430            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     431            1 :     spdm_response = (void *)response;
     432            1 :     assert_int_equal(spdm_response->header.request_response_code,
     433              :                      SPDM_ERROR);
     434            1 :     assert_int_equal(spdm_response->header.param1,
     435              :                      SPDM_ERROR_CODE_REQUEST_RESYNCH);
     436            1 :     assert_int_equal(spdm_response->header.param2, 0);
     437            1 :     assert_int_equal(spdm_context->response_state,
     438              :                      LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
     439            1 :     free(data1);
     440            1 : }
     441              : 
     442              : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
     443              : /**
     444              :  * Test 5: receiving a correct FINISH from the requester, but the responder
     445              :  * could not produce the response in time.
     446              :  * Expected behavior: the responder accepts the request, but produces an
     447              :  * ERROR message indicating the ResponseNotReady state.
     448              :  **/
     449            1 : void rsp_finish_rsp_case5(void **state)
     450              : {
     451              :     libspdm_return_t status;
     452              :     libspdm_test_context_t *spdm_test_context;
     453              :     libspdm_context_t *spdm_context;
     454              :     size_t response_size;
     455              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     456              :     spdm_finish_response_t *spdm_response;
     457              :     void *data1;
     458              :     size_t data_size1;
     459              :     uint8_t *ptr;
     460              :     uint8_t *cert_buffer;
     461              :     size_t cert_buffer_size;
     462              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     463              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     464              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     465              :     libspdm_session_info_t *session_info;
     466              :     uint32_t session_id;
     467              :     uint32_t hash_size;
     468              :     uint32_t hmac_size;
     469              :     spdm_error_data_response_not_ready_t *error_data;
     470              : 
     471            1 :     spdm_test_context = *state;
     472            1 :     spdm_context = spdm_test_context->spdm_context;
     473            1 :     spdm_test_context->case_id = 0x5;
     474            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     475              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     476            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
     477            1 :     spdm_context->connection_info.connection_state =
     478              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     479            1 :     spdm_context->connection_info.capability.flags |=
     480              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     481            1 :     spdm_context->local_context.capability.flags |=
     482              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     483            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     484              :         m_libspdm_use_hash_algo;
     485            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     486              :         m_libspdm_use_asym_algo;
     487            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     488              :         m_libspdm_use_measurement_spec;
     489            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     490              :         m_libspdm_use_measurement_hash_algo;
     491            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     492              :         m_libspdm_use_dhe_algo;
     493            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     494              :         m_libspdm_use_aead_algo;
     495            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     496              :                                                     m_libspdm_use_asym_algo, &data1,
     497              :                                                     &data_size1, NULL, NULL);
     498            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     499            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     500              :         data_size1;
     501            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     502            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     503              :         data_size1;
     504              : 
     505            1 :     libspdm_reset_message_a(spdm_context);
     506            1 :     spdm_context->local_context.mut_auth_requested = 0;
     507              : 
     508            1 :     session_id = 0xFFFFFFFF;
     509            1 :     spdm_context->latest_session_id = session_id;
     510            1 :     session_info = &spdm_context->session_info[0];
     511            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     512              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     513            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     514            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     515            1 :     libspdm_secured_message_set_request_finished_key(
     516              :         session_info->secured_message_context, m_dummy_buffer,
     517              :         hash_size);
     518            1 :     libspdm_secured_message_set_session_state(
     519              :         session_info->secured_message_context,
     520              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     521              : 
     522            1 :     spdm_context->connection_info.capability.flags |=
     523              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     524            1 :     spdm_context->local_context.capability.flags |=
     525              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     526            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     527            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     528            1 :     ptr = m_libspdm_finish_request1.signature;
     529            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     530            1 :     cert_buffer = (uint8_t *)data1;
     531            1 :     cert_buffer_size = data_size1;
     532            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     533              :                      cert_buffer_hash);
     534              :     /* transcript.message_a size is 0*/
     535            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     536              :     /* session_transcript.message_k is 0*/
     537            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     538              :                                   sizeof(spdm_finish_request_t));
     539            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     540            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     541              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     542            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     543              :                      request_finished_key, hash_size, ptr);
     544            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     545            1 :     response_size = sizeof(response);
     546            1 :     status = libspdm_get_response_finish(spdm_context,
     547              :                                          m_libspdm_finish_request1_size,
     548              :                                          &m_libspdm_finish_request1,
     549              :                                          &response_size, response);
     550            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     551            1 :     assert_int_equal(response_size,
     552              :                      sizeof(spdm_error_response_t) +
     553              :                      sizeof(spdm_error_data_response_not_ready_t));
     554            1 :     spdm_response = (void *)response;
     555            1 :     error_data =
     556              :         (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
     557            1 :     assert_int_equal(spdm_response->header.request_response_code,
     558              :                      SPDM_ERROR);
     559            1 :     assert_int_equal(spdm_response->header.param1,
     560              :                      SPDM_ERROR_CODE_RESPONSE_NOT_READY);
     561            1 :     assert_int_equal(spdm_response->header.param2, 0);
     562            1 :     assert_int_equal(spdm_context->response_state,
     563              :                      LIBSPDM_RESPONSE_STATE_NOT_READY);
     564            1 :     assert_int_equal(error_data->request_code, SPDM_FINISH);
     565            1 :     free(data1);
     566            1 : }
     567              : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
     568              : 
     569              : /**
     570              :  * Test 6: receiving a correct FINISH from the requester, but the responder
     571              :  * is not set no receive a FINISH message because previous messages (namely,
     572              :  * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
     573              :  * received.
     574              :  * Expected behavior: the responder rejects the request, and produces an
     575              :  * ERROR message indicating the UnexpectedRequest.
     576              :  **/
     577            1 : void rsp_finish_rsp_case6(void **state)
     578              : {
     579              :     libspdm_return_t status;
     580              :     libspdm_test_context_t *spdm_test_context;
     581              :     libspdm_context_t *spdm_context;
     582              :     size_t response_size;
     583              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     584              :     spdm_finish_response_t *spdm_response;
     585              :     void *data1;
     586              :     size_t data_size1;
     587              :     uint8_t *ptr;
     588              :     uint8_t *cert_buffer;
     589              :     size_t cert_buffer_size;
     590              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     591              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     592              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     593              :     libspdm_session_info_t *session_info;
     594              :     uint32_t session_id;
     595              :     uint32_t hash_size;
     596              :     uint32_t hmac_size;
     597              : 
     598            1 :     spdm_test_context = *state;
     599            1 :     spdm_context = spdm_test_context->spdm_context;
     600            1 :     spdm_test_context->case_id = 0x6;
     601            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     602              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     603            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
     604            1 :     spdm_context->connection_info.connection_state =
     605              :         LIBSPDM_CONNECTION_STATE_NOT_STARTED;
     606            1 :     spdm_context->connection_info.capability.flags |=
     607              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     608            1 :     spdm_context->local_context.capability.flags |=
     609              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     610            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     611              :         m_libspdm_use_hash_algo;
     612            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     613              :         m_libspdm_use_asym_algo;
     614            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     615              :         m_libspdm_use_measurement_spec;
     616            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     617              :         m_libspdm_use_measurement_hash_algo;
     618            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     619              :         m_libspdm_use_dhe_algo;
     620            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     621              :         m_libspdm_use_aead_algo;
     622            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     623              :                                                     m_libspdm_use_asym_algo, &data1,
     624              :                                                     &data_size1, NULL, NULL);
     625            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     626            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     627              :         data_size1;
     628            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     629            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     630              :         data_size1;
     631              : 
     632            1 :     libspdm_reset_message_a(spdm_context);
     633            1 :     spdm_context->local_context.mut_auth_requested = 0;
     634              : 
     635            1 :     session_id = 0xFFFFFFFF;
     636            1 :     spdm_context->latest_session_id = session_id;
     637            1 :     session_info = &spdm_context->session_info[0];
     638            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     639              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     640            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     641            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     642            1 :     libspdm_secured_message_set_request_finished_key(
     643              :         session_info->secured_message_context, m_dummy_buffer,
     644              :         hash_size);
     645            1 :     libspdm_secured_message_set_session_state(
     646              :         session_info->secured_message_context,
     647              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     648              : 
     649            1 :     spdm_context->connection_info.capability.flags |=
     650              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     651            1 :     spdm_context->local_context.capability.flags |=
     652              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     653            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     654            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     655            1 :     ptr = m_libspdm_finish_request1.signature;
     656            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     657            1 :     cert_buffer = (uint8_t *)data1;
     658            1 :     cert_buffer_size = data_size1;
     659            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     660              :                      cert_buffer_hash);
     661              :     /* transcript.message_a size is 0*/
     662            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     663              :     /* session_transcript.message_k is 0*/
     664            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     665              :                                   sizeof(spdm_finish_request_t));
     666            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     667            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     668              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     669            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     670              :                      request_finished_key, hash_size, ptr);
     671            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     672            1 :     response_size = sizeof(response);
     673            1 :     status = libspdm_get_response_finish(spdm_context,
     674              :                                          m_libspdm_finish_request1_size,
     675              :                                          &m_libspdm_finish_request1,
     676              :                                          &response_size, response);
     677            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     678            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     679            1 :     spdm_response = (void *)response;
     680            1 :     assert_int_equal(spdm_response->header.request_response_code,
     681              :                      SPDM_ERROR);
     682            1 :     assert_int_equal(spdm_response->header.param1,
     683              :                      SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
     684            1 :     assert_int_equal(spdm_response->header.param2, 0);
     685            1 :     free(data1);
     686            1 : }
     687              : 
     688            1 : void rsp_finish_rsp_case7(void **state)
     689              : {
     690              :     libspdm_return_t status;
     691              :     libspdm_test_context_t *spdm_test_context;
     692              :     libspdm_context_t *spdm_context;
     693              :     size_t response_size;
     694              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     695              :     spdm_finish_response_t *spdm_response;
     696              :     void *data1;
     697              :     size_t data_size1;
     698              :     uint8_t *ptr;
     699              :     uint8_t *cert_buffer;
     700              :     size_t cert_buffer_size;
     701              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     702              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     703              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     704              :     libspdm_session_info_t *session_info;
     705              :     uint32_t session_id;
     706              :     uint32_t hash_size;
     707              :     uint32_t hmac_size;
     708              : 
     709            1 :     spdm_test_context = *state;
     710            1 :     spdm_context = spdm_test_context->spdm_context;
     711            1 :     spdm_test_context->case_id = 0x7;
     712            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     713              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     714            1 :     spdm_context->connection_info.connection_state =
     715              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     716            1 :     spdm_context->connection_info.capability.flags |=
     717              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     718            1 :     spdm_context->local_context.capability.flags |=
     719              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     720            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     721              :         m_libspdm_use_hash_algo;
     722            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     723              :         m_libspdm_use_asym_algo;
     724            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     725              :         m_libspdm_use_measurement_spec;
     726            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     727              :         m_libspdm_use_measurement_hash_algo;
     728            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     729              :         m_libspdm_use_dhe_algo;
     730            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     731              :         m_libspdm_use_aead_algo;
     732            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     733              :                                                     m_libspdm_use_asym_algo, &data1,
     734              :                                                     &data_size1, NULL, NULL);
     735            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     736            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     737              :         data_size1;
     738            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     739            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     740              :         data_size1;
     741              : 
     742            1 :     libspdm_reset_message_a(spdm_context);
     743            1 :     spdm_context->local_context.mut_auth_requested = 0;
     744              : 
     745            1 :     session_id = 0xFFFFFFFF;
     746            1 :     spdm_context->latest_session_id = session_id;
     747            1 :     session_info = &spdm_context->session_info[0];
     748            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     749              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     750            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     751            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     752            1 :     libspdm_secured_message_set_request_finished_key(
     753              :         session_info->secured_message_context, m_dummy_buffer,
     754              :         hash_size);
     755            1 :     libspdm_secured_message_set_session_state(
     756              :         session_info->secured_message_context,
     757              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     758              : 
     759            1 :     spdm_context->connection_info.capability.flags |=
     760              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     761            1 :     spdm_context->local_context.capability.flags |=
     762              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     763            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     764            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     765            1 :     ptr = m_libspdm_finish_request1.signature;
     766            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     767            1 :     cert_buffer = (uint8_t *)data1;
     768            1 :     cert_buffer_size = data_size1;
     769              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     770              :     session_info->session_transcript.message_m.buffer_size =
     771              :         session_info->session_transcript.message_m.max_buffer_size;
     772              :     spdm_context->transcript.message_b.buffer_size =
     773              :         spdm_context->transcript.message_b.max_buffer_size;
     774              :     spdm_context->transcript.message_c.buffer_size =
     775              :         spdm_context->transcript.message_c.max_buffer_size;
     776              :     spdm_context->transcript.message_mut_b.buffer_size =
     777              :         spdm_context->transcript.message_mut_b.max_buffer_size;
     778              :     spdm_context->transcript.message_mut_c.buffer_size =
     779              :         spdm_context->transcript.message_mut_c.max_buffer_size;
     780              : #endif
     781              : 
     782            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     783              :                      cert_buffer_hash);
     784              :     /* transcript.message_a size is 0*/
     785            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     786              :     /* session_transcript.message_k is 0*/
     787            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     788              :                                   sizeof(spdm_finish_request_t));
     789            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     790            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     791              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     792            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     793              :                      request_finished_key, hash_size, ptr);
     794            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     795            1 :     response_size = sizeof(response);
     796            1 :     status = libspdm_get_response_finish(spdm_context,
     797              :                                          m_libspdm_finish_request1_size,
     798              :                                          &m_libspdm_finish_request1,
     799              :                                          &response_size, response);
     800            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     801            1 :     assert_int_equal(response_size,
     802              :                      sizeof(spdm_finish_response_t) + hmac_size);
     803            1 :     spdm_response = (void *)response;
     804            1 :     assert_int_equal(spdm_response->header.request_response_code,
     805              :                      SPDM_FINISH_RSP);
     806              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     807              :     assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
     808              :     assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
     809              :     assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
     810              :     assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
     811              :     assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
     812              : #endif
     813              : 
     814            1 :     free(data1);
     815            1 : }
     816              : 
     817              : 
     818              : /**
     819              :  * Test 8: receiving a correct FINISH message from the requester with
     820              :  * correct MAC and signature (with mutual authentication), and 'handshake in
     821              :  * the clear'.
     822              :  * Expected behavior: the responder accepts the request and produces a valid
     823              :  * FINISH_RSP response message.
     824              :  **/
     825            1 : void rsp_finish_rsp_case8(void **state)
     826              : {
     827              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
     828              :     libspdm_return_t status;
     829              :     libspdm_test_context_t *spdm_test_context;
     830              :     libspdm_context_t *spdm_context;
     831              :     size_t response_size;
     832              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     833              :     spdm_finish_response_t *spdm_response;
     834              :     void *data1;
     835              :     size_t data_size1;
     836              :     void *data2;
     837              :     size_t data_size2;
     838              :     uint8_t *ptr;
     839              :     uint8_t *cert_buffer;
     840              :     size_t cert_buffer_size;
     841              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     842              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     843              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     844              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     845              :     libspdm_session_info_t *session_info;
     846              :     uint32_t session_id;
     847              :     uint32_t hash_size;
     848              :     uint32_t hmac_size;
     849              :     size_t req_asym_signature_size;
     850              : 
     851            1 :     spdm_test_context = *state;
     852            1 :     spdm_context = spdm_test_context->spdm_context;
     853            1 :     spdm_test_context->case_id = 0x8;
     854            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     855              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     856            1 :     spdm_context->connection_info.connection_state =
     857              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     858            1 :     spdm_context->connection_info.capability.flags |=
     859              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     860            1 :     spdm_context->local_context.capability.flags |=
     861              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     862            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     863              :         m_libspdm_use_hash_algo;
     864            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     865              :         m_libspdm_use_asym_algo;
     866            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
     867              :         m_libspdm_use_req_asym_algo;
     868            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     869              :         m_libspdm_use_measurement_spec;
     870            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     871              :         m_libspdm_use_measurement_hash_algo;
     872            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     873              :         m_libspdm_use_dhe_algo;
     874            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     875              :         m_libspdm_use_aead_algo;
     876            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     877              :                                                     m_libspdm_use_asym_algo, &data1,
     878              :                                                     &data_size1, NULL, NULL);
     879            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     880            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     881              :         data_size1;
     882            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     883            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     884              :         data_size1;
     885              : 
     886            1 :     libspdm_reset_message_a(spdm_context);
     887            1 :     spdm_context->local_context.mut_auth_requested = 1;
     888            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
     889              :                                                     m_libspdm_use_req_asym_algo, &data2,
     890              :                                                     &data_size2, NULL, NULL);
     891              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     892              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
     893              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
     894              :                      data2, data_size2);
     895              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
     896              :         data_size2;
     897              : #else
     898            1 :     libspdm_hash_all(
     899              :         spdm_context->connection_info.algorithm.base_hash_algo,
     900              :         data2, data_size2,
     901            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
     902            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
     903            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
     904            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
     905              :         spdm_context->connection_info.algorithm.base_hash_algo,
     906            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
     907              :         data2,
     908              :         data_size2,
     909              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
     910              : #endif
     911            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
     912              : 
     913            1 :     session_id = 0xFFFFFFFF;
     914            1 :     spdm_context->latest_session_id = session_id;
     915            1 :     session_info = &spdm_context->session_info[0];
     916            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     917              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     918            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     919            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     920            1 :     libspdm_secured_message_set_request_finished_key(
     921              :         session_info->secured_message_context, m_dummy_buffer,
     922              :         hash_size);
     923            1 :     libspdm_secured_message_set_session_state(
     924              :         session_info->secured_message_context,
     925              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     926            1 :     session_info->mut_auth_requested = 1;
     927              : 
     928            1 :     spdm_context->connection_info.capability.flags |=
     929              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     930            1 :     spdm_context->local_context.capability.flags |=
     931              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     932            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     933            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     934            1 :     req_asym_signature_size =
     935            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
     936            1 :     ptr = m_libspdm_finish_request3.signature;
     937            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     938            1 :     cert_buffer = (uint8_t *)data1;
     939            1 :     cert_buffer_size = data_size1;
     940            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     941              :                      cert_buffer_hash);
     942            1 :     cert_buffer = (uint8_t *)data2;
     943            1 :     cert_buffer_size = data_size2;
     944            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     945              :                      req_cert_buffer_hash);
     946              :     /* transcript.message_a size is 0*/
     947            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     948              :     /* session_transcript.message_k is 0*/
     949            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
     950            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
     951              :                                   sizeof(spdm_finish_request_t));
     952              : 
     953            1 :     libspdm_requester_data_sign(
     954              :         spdm_context,
     955            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
     956              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
     957            1 :             false, libspdm_get_managed_buffer(&th_curr),
     958              :             libspdm_get_managed_buffer_size(&th_curr),
     959              :             ptr, &req_asym_signature_size);
     960            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
     961            1 :     ptr += req_asym_signature_size;
     962            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     963            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     964              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     965            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     966              :                      request_finished_key, hash_size, ptr);
     967            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
     968            1 :                                      req_asym_signature_size + hmac_size;
     969            1 :     response_size = sizeof(response);
     970            1 :     status = libspdm_get_response_finish(spdm_context,
     971              :                                          m_libspdm_finish_request3_size,
     972              :                                          &m_libspdm_finish_request3,
     973              :                                          &response_size, response);
     974            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     975            1 :     assert_int_equal(response_size,
     976              :                      sizeof(spdm_finish_response_t) + hmac_size);
     977            1 :     spdm_response = (void *)response;
     978            1 :     assert_int_equal(spdm_response->header.request_response_code,
     979              :                      SPDM_FINISH_RSP);
     980            1 :     free(data1);
     981            1 :     free(data2);
     982              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
     983            1 : }
     984              : 
     985              : /**
     986              :  * Test 9: receiving a correct FINISH message from the requester, but the
     987              :  * responder has no capabilities for key exchange.
     988              :  * Expected behavior: the responder refuses the FINISH message and produces
     989              :  * an ERROR message indicating the UnsupportedRequest.
     990              :  **/
     991            1 : void rsp_finish_rsp_case9(void **state)
     992              : {
     993              :     libspdm_return_t status;
     994              :     libspdm_test_context_t *spdm_test_context;
     995              :     libspdm_context_t *spdm_context;
     996              :     size_t response_size;
     997              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     998              :     spdm_finish_response_t *spdm_response;
     999              :     void *data1;
    1000              :     size_t data_size1;
    1001              :     uint8_t *ptr;
    1002              :     uint8_t *cert_buffer;
    1003              :     size_t cert_buffer_size;
    1004              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1005              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1006              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1007              :     libspdm_session_info_t *session_info;
    1008              :     uint32_t session_id;
    1009              :     uint32_t hash_size;
    1010              :     uint32_t hmac_size;
    1011              : 
    1012            1 :     spdm_test_context = *state;
    1013            1 :     spdm_context = spdm_test_context->spdm_context;
    1014            1 :     spdm_test_context->case_id = 0x9;
    1015            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1016              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1017            1 :     spdm_context->connection_info.connection_state =
    1018              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1019            1 :     spdm_context->connection_info.capability.flags = 0;
    1020            1 :     spdm_context->local_context.capability.flags = 0;
    1021            1 :     spdm_context->connection_info.capability.flags |=
    1022              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1023              :     /* no key exchange capabilities (responder)*/
    1024            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1025              :         m_libspdm_use_hash_algo;
    1026            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1027              :         m_libspdm_use_asym_algo;
    1028            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1029              :         m_libspdm_use_measurement_spec;
    1030            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1031              :         m_libspdm_use_measurement_hash_algo;
    1032            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1033              :         m_libspdm_use_dhe_algo;
    1034            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1035              :         m_libspdm_use_aead_algo;
    1036            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1037              :                                                     m_libspdm_use_asym_algo, &data1,
    1038              :                                                     &data_size1, NULL, NULL);
    1039            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1040            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1041              :         data_size1;
    1042            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1043            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1044              :         data_size1;
    1045              : 
    1046            1 :     libspdm_reset_message_a(spdm_context);
    1047            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1048              : 
    1049            1 :     session_id = 0xFFFFFFFF;
    1050            1 :     spdm_context->latest_session_id = session_id;
    1051            1 :     session_info = &spdm_context->session_info[0];
    1052            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1053              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1054            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1055            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1056            1 :     libspdm_secured_message_set_request_finished_key(
    1057              :         session_info->secured_message_context, m_dummy_buffer,
    1058              :         hash_size);
    1059            1 :     libspdm_secured_message_set_session_state(
    1060              :         session_info->secured_message_context,
    1061              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1062              : 
    1063            1 :     spdm_context->connection_info.capability.flags |=
    1064              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1065            1 :     spdm_context->local_context.capability.flags |=
    1066              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1067            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1068            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1069            1 :     ptr = m_libspdm_finish_request1.signature;
    1070            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1071            1 :     cert_buffer = (uint8_t *)data1;
    1072            1 :     cert_buffer_size = data_size1;
    1073            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1074              :                      cert_buffer_hash);
    1075              :     /* transcript.message_a size is 0*/
    1076            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1077              :     /* session_transcript.message_k is 0*/
    1078            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1079              :                                   sizeof(spdm_finish_request_t));
    1080            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1081            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1082              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1083            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1084              :                      request_finished_key, hash_size, ptr);
    1085            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1086            1 :     response_size = sizeof(response);
    1087            1 :     status = libspdm_get_response_finish(spdm_context,
    1088              :                                          m_libspdm_finish_request1_size,
    1089              :                                          &m_libspdm_finish_request1,
    1090              :                                          &response_size, response);
    1091            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1092            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1093            1 :     spdm_response = (void *)response;
    1094            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1095              :                      SPDM_ERROR);
    1096            1 :     assert_int_equal(spdm_response->header.param1,
    1097              :                      SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
    1098            1 :     assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
    1099            1 :     free(data1);
    1100            1 : }
    1101              : 
    1102              : /**
    1103              :  * Test 10: receiving a correct FINISH message from the requester, but the
    1104              :  * responder is not correctly setup by not initializing a session during
    1105              :  * KEY_EXCHANGE.
    1106              :  * Expected behavior: the responder refuses the FINISH message and produces
    1107              :  * an ERROR message indicating the UnsupportedRequest.
    1108              :  **/
    1109            1 : void rsp_finish_rsp_case10(void **state)
    1110              : {
    1111              :     libspdm_return_t status;
    1112              :     libspdm_test_context_t *spdm_test_context;
    1113              :     libspdm_context_t *spdm_context;
    1114              :     size_t response_size;
    1115              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1116              :     spdm_finish_response_t *spdm_response;
    1117              :     void *data1;
    1118              :     size_t data_size1;
    1119              :     uint8_t *ptr;
    1120              :     uint8_t *cert_buffer;
    1121              :     size_t cert_buffer_size;
    1122              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1123              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1124              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1125              :     libspdm_session_info_t *session_info;
    1126              :     uint32_t session_id;
    1127              :     uint32_t hash_size;
    1128              :     uint32_t hmac_size;
    1129              : 
    1130            1 :     spdm_test_context = *state;
    1131            1 :     spdm_context = spdm_test_context->spdm_context;
    1132            1 :     spdm_test_context->case_id = 0xA;
    1133            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1134              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1135            1 :     spdm_context->connection_info.connection_state =
    1136              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1137            1 :     spdm_context->connection_info.capability.flags |=
    1138              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1139            1 :     spdm_context->local_context.capability.flags |=
    1140              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1141            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1142              :         m_libspdm_use_hash_algo;
    1143            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1144              :         m_libspdm_use_asym_algo;
    1145            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1146              :         m_libspdm_use_measurement_spec;
    1147            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1148              :         m_libspdm_use_measurement_hash_algo;
    1149            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1150              :         m_libspdm_use_dhe_algo;
    1151            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1152              :         m_libspdm_use_aead_algo;
    1153            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1154              :                                                     m_libspdm_use_asym_algo, &data1,
    1155              :                                                     &data_size1, NULL, NULL);
    1156            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1157            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1158              :         data_size1;
    1159            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1160            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1161              :         data_size1;
    1162              : 
    1163            1 :     libspdm_reset_message_a(spdm_context);
    1164            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1165              : 
    1166            1 :     session_id = 0xFFFFFFFF;
    1167            1 :     spdm_context->latest_session_id = session_id;
    1168            1 :     session_info = &spdm_context->session_info[0];
    1169            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1170              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1171            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1172            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1173            1 :     libspdm_secured_message_set_request_finished_key(
    1174              :         session_info->secured_message_context, m_dummy_buffer,
    1175              :         hash_size);
    1176            1 :     libspdm_secured_message_set_session_state(
    1177              :         session_info->secured_message_context,
    1178              :         LIBSPDM_SESSION_STATE_NOT_STARTED);
    1179              : 
    1180            1 :     spdm_context->connection_info.capability.flags |=
    1181              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1182            1 :     spdm_context->local_context.capability.flags |=
    1183              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1184            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1185            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1186            1 :     ptr = m_libspdm_finish_request1.signature;
    1187            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1188            1 :     cert_buffer = (uint8_t *)data1;
    1189            1 :     cert_buffer_size = data_size1;
    1190            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1191              :                      cert_buffer_hash);
    1192              :     /* transcript.message_a size is 0*/
    1193            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1194              :     /* session_transcript.message_k is 0*/
    1195            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1196              :                                   sizeof(spdm_finish_request_t));
    1197            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1198            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1199              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1200            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1201              :                      request_finished_key, hash_size, ptr);
    1202            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1203            1 :     response_size = sizeof(response);
    1204            1 :     status = libspdm_get_response_finish(spdm_context,
    1205              :                                          m_libspdm_finish_request1_size,
    1206              :                                          &m_libspdm_finish_request1,
    1207              :                                          &response_size, response);
    1208            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1209            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1210            1 :     spdm_response = (void *)response;
    1211            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1212              :                      SPDM_ERROR);
    1213            1 :     assert_int_equal(spdm_response->header.param1,
    1214              :                      SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
    1215            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1216            1 :     free(data1);
    1217            1 : }
    1218              : 
    1219              : /**
    1220              :  * Test 11: receiving a FINISH message from the requester with an incorrect
    1221              :  * MAC (all-zero).
    1222              :  * Expected behavior: the responder refuses the FINISH message and produces
    1223              :  * an ERROR message indicating the DecryptError.
    1224              :  **/
    1225            1 : void rsp_finish_rsp_case11(void **state)
    1226              : {
    1227              :     libspdm_return_t status;
    1228              :     libspdm_test_context_t *spdm_test_context;
    1229              :     libspdm_context_t *spdm_context;
    1230              :     size_t response_size;
    1231              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1232              :     spdm_finish_response_t *spdm_response;
    1233              :     void *data1;
    1234              :     size_t data_size1;
    1235              :     uint8_t *ptr;
    1236              :     libspdm_session_info_t *session_info;
    1237              :     uint32_t session_id;
    1238              :     uint32_t hash_size;
    1239              :     uint32_t hmac_size;
    1240              : 
    1241            1 :     spdm_test_context = *state;
    1242            1 :     spdm_context = spdm_test_context->spdm_context;
    1243            1 :     spdm_test_context->case_id = 0xB;
    1244            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1245              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1246            1 :     spdm_context->connection_info.connection_state =
    1247              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1248            1 :     spdm_context->connection_info.capability.flags |=
    1249              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1250            1 :     spdm_context->local_context.capability.flags |=
    1251              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1252            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1253              :         m_libspdm_use_hash_algo;
    1254            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1255              :         m_libspdm_use_asym_algo;
    1256            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1257              :         m_libspdm_use_measurement_spec;
    1258            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1259              :         m_libspdm_use_measurement_hash_algo;
    1260            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1261              :         m_libspdm_use_dhe_algo;
    1262            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1263              :         m_libspdm_use_aead_algo;
    1264            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1265              :                                                     m_libspdm_use_asym_algo, &data1,
    1266              :                                                     &data_size1, NULL, NULL);
    1267            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1268            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1269              :         data_size1;
    1270            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1271            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1272              :         data_size1;
    1273              : 
    1274            1 :     libspdm_reset_message_a(spdm_context);
    1275            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1276              : 
    1277            1 :     session_id = 0xFFFFFFFF;
    1278            1 :     spdm_context->latest_session_id = session_id;
    1279            1 :     session_info = &spdm_context->session_info[0];
    1280            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1281              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1282            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1283            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1284            1 :     libspdm_secured_message_set_request_finished_key(
    1285              :         session_info->secured_message_context, m_dummy_buffer,
    1286              :         hash_size);
    1287            1 :     libspdm_secured_message_set_session_state(
    1288              :         session_info->secured_message_context,
    1289              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1290              : 
    1291            1 :     spdm_context->connection_info.capability.flags |=
    1292              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1293            1 :     spdm_context->local_context.capability.flags |=
    1294              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1295            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1296            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1297            1 :     ptr = m_libspdm_finish_request1.signature;
    1298            1 :     libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
    1299            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1300            1 :     response_size = sizeof(response);
    1301            1 :     status = libspdm_get_response_finish(spdm_context,
    1302              :                                          m_libspdm_finish_request1_size,
    1303              :                                          &m_libspdm_finish_request1,
    1304              :                                          &response_size, response);
    1305            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1306            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1307            1 :     spdm_response = (void *)response;
    1308            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1309              :                      SPDM_ERROR);
    1310            1 :     assert_int_equal(spdm_response->header.param1,
    1311              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1312            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1313            1 :     free(data1);
    1314            1 : }
    1315              : 
    1316              : /**
    1317              :  * Test 12: receiving a FINISH message from the requester with an incorrect
    1318              :  * MAC (arbitrary).
    1319              :  * Expected behavior: the responder refuses the FINISH message and produces
    1320              :  * an ERROR message indicating the DecryptError.
    1321              :  **/
    1322            1 : void rsp_finish_rsp_case12(void **state)
    1323              : {
    1324              :     libspdm_return_t status;
    1325              :     libspdm_test_context_t *spdm_test_context;
    1326              :     libspdm_context_t *spdm_context;
    1327              :     size_t response_size;
    1328              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1329              :     spdm_finish_response_t *spdm_response;
    1330              :     void *data1;
    1331              :     size_t data_size1;
    1332              :     uint8_t *ptr;
    1333              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1334              :     uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
    1335              :     libspdm_session_info_t *session_info;
    1336              :     uint32_t session_id;
    1337              :     uint32_t hash_size;
    1338              :     uint32_t hmac_size;
    1339              : 
    1340            1 :     spdm_test_context = *state;
    1341            1 :     spdm_context = spdm_test_context->spdm_context;
    1342            1 :     spdm_test_context->case_id = 0xC;
    1343            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1344              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1345            1 :     spdm_context->connection_info.connection_state =
    1346              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1347            1 :     spdm_context->connection_info.capability.flags |=
    1348              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1349            1 :     spdm_context->local_context.capability.flags |=
    1350              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1351            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1352              :         m_libspdm_use_hash_algo;
    1353            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1354              :         m_libspdm_use_asym_algo;
    1355            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1356              :         m_libspdm_use_measurement_spec;
    1357            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1358              :         m_libspdm_use_measurement_hash_algo;
    1359            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1360              :         m_libspdm_use_dhe_algo;
    1361            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1362              :         m_libspdm_use_aead_algo;
    1363            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1364              :                                                     m_libspdm_use_asym_algo, &data1,
    1365              :                                                     &data_size1, NULL, NULL);
    1366            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1367            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1368              :         data_size1;
    1369            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1370            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1371              :         data_size1;
    1372              : 
    1373            1 :     libspdm_reset_message_a(spdm_context);
    1374            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1375              : 
    1376            1 :     session_id = 0xFFFFFFFF;
    1377            1 :     spdm_context->latest_session_id = session_id;
    1378            1 :     session_info = &spdm_context->session_info[0];
    1379            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1380              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1381            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1382            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1383            1 :     libspdm_secured_message_set_request_finished_key(
    1384              :         session_info->secured_message_context, m_dummy_buffer,
    1385              :         hash_size);
    1386            1 :     libspdm_secured_message_set_session_state(
    1387              :         session_info->secured_message_context,
    1388              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1389              : 
    1390            1 :     spdm_context->connection_info.capability.flags |=
    1391              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1392            1 :     spdm_context->local_context.capability.flags |=
    1393              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1394            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1395            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1396            1 :     ptr = m_libspdm_finish_request1.signature;
    1397              :     /*arbitrary MAC*/
    1398            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1399            1 :     libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
    1400            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
    1401              :                      request_finished_key, hash_size, ptr);
    1402            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1403            1 :     response_size = sizeof(response);
    1404            1 :     status = libspdm_get_response_finish(spdm_context,
    1405              :                                          m_libspdm_finish_request1_size,
    1406              :                                          &m_libspdm_finish_request1,
    1407              :                                          &response_size, response);
    1408            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1409            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1410            1 :     spdm_response = (void *)response;
    1411            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1412              :                      SPDM_ERROR);
    1413            1 :     assert_int_equal(spdm_response->header.param1,
    1414              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1415            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1416            1 :     free(data1);
    1417            1 : }
    1418              : 
    1419              : /**
    1420              :  * Test 13:
    1421              :  * Expected behavior:
    1422              :  **/
    1423            1 : void rsp_finish_rsp_case13(void **state)
    1424              : {
    1425            1 : }
    1426              : 
    1427              : /**
    1428              :  * Test 14: receiving a FINISH message from the requester with an incorrect
    1429              :  * MAC size (only the correct first half of the MAC).
    1430              :  * Expected behavior: the responder refuses the FINISH message and produces
    1431              :  * an ERROR message indicating the InvalidRequest.
    1432              :  **/
    1433            1 : void rsp_finish_rsp_case14(void **state)
    1434              : {
    1435              :     libspdm_return_t status;
    1436              :     libspdm_test_context_t *spdm_test_context;
    1437              :     libspdm_context_t *spdm_context;
    1438              :     size_t response_size;
    1439              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1440              :     spdm_finish_response_t *spdm_response;
    1441              :     void *data1;
    1442              :     size_t data_size1;
    1443              :     uint8_t *ptr;
    1444              :     uint8_t *cert_buffer;
    1445              :     size_t cert_buffer_size;
    1446              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1447              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1448              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1449              :     libspdm_session_info_t *session_info;
    1450              :     uint32_t session_id;
    1451              :     uint32_t hash_size;
    1452              :     uint32_t hmac_size;
    1453              : 
    1454            1 :     spdm_test_context = *state;
    1455            1 :     spdm_context = spdm_test_context->spdm_context;
    1456            1 :     spdm_test_context->case_id = 0xE;
    1457            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1458              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1459            1 :     spdm_context->connection_info.connection_state =
    1460              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1461            1 :     spdm_context->connection_info.capability.flags |=
    1462              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1463            1 :     spdm_context->local_context.capability.flags |=
    1464              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1465            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1466              :         m_libspdm_use_hash_algo;
    1467            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1468              :         m_libspdm_use_asym_algo;
    1469            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1470              :         m_libspdm_use_measurement_spec;
    1471            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1472              :         m_libspdm_use_measurement_hash_algo;
    1473            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1474              :         m_libspdm_use_dhe_algo;
    1475            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1476              :         m_libspdm_use_aead_algo;
    1477            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1478              :                                                     m_libspdm_use_asym_algo, &data1,
    1479              :                                                     &data_size1, NULL, NULL);
    1480            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1481            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1482              :         data_size1;
    1483            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1484            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1485              :         data_size1;
    1486              : 
    1487            1 :     libspdm_reset_message_a(spdm_context);
    1488            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1489              : 
    1490            1 :     session_id = 0xFFFFFFFF;
    1491            1 :     spdm_context->latest_session_id = session_id;
    1492            1 :     session_info = &spdm_context->session_info[0];
    1493            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1494              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1495            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1496            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1497            1 :     libspdm_secured_message_set_request_finished_key(
    1498              :         session_info->secured_message_context, m_dummy_buffer,
    1499              :         hash_size);
    1500            1 :     libspdm_secured_message_set_session_state(
    1501              :         session_info->secured_message_context,
    1502              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1503              : 
    1504            1 :     spdm_context->connection_info.capability.flags |=
    1505              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1506            1 :     spdm_context->local_context.capability.flags |=
    1507              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1508            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1509            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1510            1 :     ptr = m_libspdm_finish_request1.signature;
    1511            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1512            1 :     cert_buffer = (uint8_t *)data1;
    1513            1 :     cert_buffer_size = data_size1;
    1514            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1515              :                      cert_buffer_hash);
    1516              :     /* transcript.message_a size is 0*/
    1517            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1518              :     /* session_transcript.message_k is 0*/
    1519            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1520              :                                   sizeof(spdm_finish_request_t));
    1521            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1522            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1523              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1524            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1525              :                      request_finished_key, hash_size, ptr);
    1526            1 :     libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
    1527            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
    1528            1 :     response_size = sizeof(response);
    1529            1 :     status = libspdm_get_response_finish(spdm_context,
    1530              :                                          m_libspdm_finish_request1_size,
    1531              :                                          &m_libspdm_finish_request1,
    1532              :                                          &response_size, response);
    1533            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1534            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1535            1 :     spdm_response = (void *)response;
    1536            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1537              :                      SPDM_ERROR);
    1538            1 :     assert_int_equal(spdm_response->header.param1,
    1539              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    1540            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1541            1 :     free(data1);
    1542            1 : }
    1543              : 
    1544              : /**
    1545              :  * Test 15: receiving a FINISH message from the requester with an incorrect
    1546              :  * signature (all-zero), but a correct MAC.
    1547              :  * Expected behavior: the responder refuses the FINISH message and produces
    1548              :  * an ERROR message indicating the DecryptError.
    1549              :  **/
    1550            1 : void rsp_finish_rsp_case15(void **state)
    1551              : {
    1552              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1553              :     libspdm_return_t status;
    1554              :     libspdm_test_context_t *spdm_test_context;
    1555              :     libspdm_context_t *spdm_context;
    1556              :     size_t response_size;
    1557              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1558              :     spdm_finish_response_t *spdm_response;
    1559              :     void *data1;
    1560              :     size_t data_size1;
    1561              :     void *data2;
    1562              :     size_t data_size2;
    1563              :     uint8_t *ptr;
    1564              :     uint8_t *cert_buffer;
    1565              :     size_t cert_buffer_size;
    1566              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1567              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1568              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1569              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1570              :     libspdm_session_info_t *session_info;
    1571              :     uint32_t session_id;
    1572              :     uint32_t hash_size;
    1573              :     uint32_t hmac_size;
    1574              :     size_t req_asym_signature_size;
    1575              : 
    1576            1 :     spdm_test_context = *state;
    1577            1 :     spdm_context = spdm_test_context->spdm_context;
    1578            1 :     spdm_test_context->case_id = 0xF;
    1579            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1580              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1581            1 :     spdm_context->connection_info.connection_state =
    1582              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1583            1 :     spdm_context->connection_info.capability.flags |=
    1584              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1585            1 :     spdm_context->local_context.capability.flags |=
    1586              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1587            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1588              :         m_libspdm_use_hash_algo;
    1589            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1590              :         m_libspdm_use_asym_algo;
    1591            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    1592              :         m_libspdm_use_req_asym_algo;
    1593            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1594              :         m_libspdm_use_measurement_spec;
    1595            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1596              :         m_libspdm_use_measurement_hash_algo;
    1597            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1598              :         m_libspdm_use_dhe_algo;
    1599            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1600              :         m_libspdm_use_aead_algo;
    1601            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1602              :                                                     m_libspdm_use_asym_algo, &data1,
    1603              :                                                     &data_size1, NULL, NULL);
    1604            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1605            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1606              :         data_size1;
    1607            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1608            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1609              :         data_size1;
    1610              : 
    1611            1 :     libspdm_reset_message_a(spdm_context);
    1612            1 :     spdm_context->local_context.mut_auth_requested = 1;
    1613            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    1614              :                                                     m_libspdm_use_req_asym_algo, &data2,
    1615              :                                                     &data_size2, NULL, NULL);
    1616              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1617              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    1618              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    1619              :                      data2, data_size2);
    1620              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    1621              :         data_size2;
    1622              : #endif
    1623              : 
    1624            1 :     session_id = 0xFFFFFFFF;
    1625            1 :     spdm_context->latest_session_id = session_id;
    1626            1 :     session_info = &spdm_context->session_info[0];
    1627            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1628              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1629            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1630            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1631            1 :     libspdm_secured_message_set_request_finished_key(
    1632              :         session_info->secured_message_context, m_dummy_buffer,
    1633              :         hash_size);
    1634            1 :     libspdm_secured_message_set_session_state(
    1635              :         session_info->secured_message_context,
    1636              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1637            1 :     session_info->mut_auth_requested = 1;
    1638              : 
    1639            1 :     spdm_context->connection_info.capability.flags |=
    1640              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1641            1 :     spdm_context->local_context.capability.flags |=
    1642              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1643            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1644            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1645            1 :     req_asym_signature_size =
    1646            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    1647            1 :     ptr = m_libspdm_finish_request3.signature;
    1648            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1649            1 :     cert_buffer = (uint8_t *)data1;
    1650            1 :     cert_buffer_size = data_size1;
    1651            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1652              :                      cert_buffer_hash);
    1653            1 :     cert_buffer = (uint8_t *)data2;
    1654            1 :     cert_buffer_size = data_size2;
    1655            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1656              :                      req_cert_buffer_hash);
    1657              :     /* transcript.message_a size is 0*/
    1658            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1659              :     /* session_transcript.message_k is 0*/
    1660            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    1661            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
    1662              :                                   sizeof(spdm_finish_request_t));
    1663              : 
    1664            1 :     libspdm_requester_data_sign(
    1665              :         spdm_context,
    1666            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    1667              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    1668            1 :             false, libspdm_get_managed_buffer(&th_curr),
    1669              :             libspdm_get_managed_buffer_size(&th_curr),
    1670              :             ptr, &req_asym_signature_size);
    1671              : 
    1672            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    1673            1 :     ptr += req_asym_signature_size;
    1674            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1675            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1676              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1677            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1678              :                      request_finished_key, hash_size, ptr);
    1679            1 :     libspdm_set_mem(m_libspdm_finish_request3.signature,
    1680              :                     req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
    1681            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
    1682            1 :                                      req_asym_signature_size + hmac_size;
    1683            1 :     response_size = sizeof(response);
    1684            1 :     status = libspdm_get_response_finish(spdm_context,
    1685              :                                          m_libspdm_finish_request3_size,
    1686              :                                          &m_libspdm_finish_request3,
    1687              :                                          &response_size, response);
    1688            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1689            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1690            1 :     spdm_response = (void *)response;
    1691            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1692              :                      SPDM_ERROR);
    1693            1 :     assert_int_equal(spdm_response->header.param1,
    1694              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1695            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1696            1 :     free(data1);
    1697            1 :     free(data2);
    1698              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    1699            1 : }
    1700              : 
    1701              : /**
    1702              :  * Test 16: receiving a FINISH message from the requester with an incorrect
    1703              :  * signature (arbitrary), but a correct MAC.
    1704              :  * Expected behavior: the responder refuses the FINISH message and produces
    1705              :  * an ERROR message indicating the DecryptError.
    1706              :  **/
    1707            1 : void rsp_finish_rsp_case16(void **state)
    1708              : {
    1709              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1710              :     libspdm_return_t status;
    1711              :     libspdm_test_context_t *spdm_test_context;
    1712              :     libspdm_context_t *spdm_context;
    1713              :     size_t response_size;
    1714              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1715              :     spdm_finish_response_t *spdm_response;
    1716              :     void *data1;
    1717              :     size_t data_size1;
    1718              :     void *data2;
    1719              :     size_t data_size2;
    1720              :     uint8_t *ptr;
    1721              :     uint8_t *cert_buffer;
    1722              :     size_t cert_buffer_size;
    1723              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1724              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1725              :     uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
    1726              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1727              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1728              :     libspdm_session_info_t *session_info;
    1729              :     uint32_t session_id;
    1730              :     uint32_t hash_size;
    1731              :     uint32_t hmac_size;
    1732              :     size_t req_asym_signature_size;
    1733              : 
    1734            1 :     spdm_test_context = *state;
    1735            1 :     spdm_context = spdm_test_context->spdm_context;
    1736            1 :     spdm_test_context->case_id = 0x10;
    1737            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1738              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1739            1 :     spdm_context->connection_info.connection_state =
    1740              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1741            1 :     spdm_context->connection_info.capability.flags |=
    1742              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1743            1 :     spdm_context->local_context.capability.flags |=
    1744              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1745            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1746              :         m_libspdm_use_hash_algo;
    1747            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1748              :         m_libspdm_use_asym_algo;
    1749            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    1750              :         m_libspdm_use_req_asym_algo;
    1751            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1752              :         m_libspdm_use_measurement_spec;
    1753            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1754              :         m_libspdm_use_measurement_hash_algo;
    1755            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1756              :         m_libspdm_use_dhe_algo;
    1757            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1758              :         m_libspdm_use_aead_algo;
    1759            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1760              :                                                     m_libspdm_use_asym_algo, &data1,
    1761              :                                                     &data_size1, NULL, NULL);
    1762            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1763            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1764              :         data_size1;
    1765            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1766            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1767              :         data_size1;
    1768              : 
    1769            1 :     libspdm_reset_message_a(spdm_context);
    1770            1 :     spdm_context->local_context.mut_auth_requested = 1;
    1771            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    1772              :                                                     m_libspdm_use_req_asym_algo, &data2,
    1773              :                                                     &data_size2, NULL, NULL);
    1774              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1775              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    1776              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    1777              :                      data2, data_size2);
    1778              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    1779              :         data_size2;
    1780              : #endif
    1781              : 
    1782            1 :     session_id = 0xFFFFFFFF;
    1783            1 :     spdm_context->latest_session_id = session_id;
    1784            1 :     session_info = &spdm_context->session_info[0];
    1785            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1786              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1787            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1788            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1789            1 :     libspdm_secured_message_set_request_finished_key(
    1790              :         session_info->secured_message_context, m_dummy_buffer,
    1791              :         hash_size);
    1792            1 :     libspdm_secured_message_set_session_state(
    1793              :         session_info->secured_message_context,
    1794              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1795            1 :     session_info->mut_auth_requested = 1;
    1796              : 
    1797            1 :     spdm_context->connection_info.capability.flags |=
    1798              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1799            1 :     spdm_context->local_context.capability.flags |=
    1800              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1801            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1802            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1803            1 :     req_asym_signature_size =
    1804            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    1805            1 :     ptr = m_libspdm_finish_request3.signature;
    1806            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1807            1 :     cert_buffer = (uint8_t *)data1;
    1808            1 :     cert_buffer_size = data_size1;
    1809            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1810              :                      cert_buffer_hash);
    1811            1 :     cert_buffer = (uint8_t *)data2;
    1812            1 :     cert_buffer_size = data_size2;
    1813            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1814              :                      req_cert_buffer_hash);
    1815              :     /* transcript.message_a size is 0*/
    1816            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1817              :     /* session_transcript.message_k is 0*/
    1818            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    1819            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
    1820              :                                   sizeof(spdm_finish_request_t));
    1821              :     /*randomize signature*/
    1822            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1823              :                      libspdm_get_managed_buffer_size(&th_curr), random_buffer);
    1824              : 
    1825            1 :     libspdm_requester_data_sign(
    1826              :         spdm_context,
    1827            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    1828              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    1829              :             false, random_buffer, hash_size, ptr, &req_asym_signature_size);
    1830              : 
    1831            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    1832            1 :     ptr += req_asym_signature_size;
    1833            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1834            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1835              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1836            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1837              :                      request_finished_key, hash_size, ptr);
    1838            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
    1839            1 :                                      req_asym_signature_size + hmac_size;
    1840            1 :     response_size = sizeof(response);
    1841            1 :     status = libspdm_get_response_finish(spdm_context,
    1842              :                                          m_libspdm_finish_request3_size,
    1843              :                                          &m_libspdm_finish_request3,
    1844              :                                          &response_size, response);
    1845            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1846            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1847            1 :     spdm_response = (void *)response;
    1848            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1849              :                      SPDM_ERROR);
    1850            1 :     assert_int_equal(spdm_response->header.param1,
    1851              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1852            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1853            1 :     free(data1);
    1854            1 :     free(data2);
    1855              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    1856            1 : }
    1857              : 
    1858              : /**
    1859              :  * Test 17: receiving a correct FINISH from the requester.
    1860              :  * Expected behavior: the responder accepts the request and produces a valid FINISH
    1861              :  * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
    1862              :  **/
    1863            1 : void rsp_finish_rsp_case17(void **state)
    1864              : {
    1865              :     libspdm_return_t status;
    1866              :     libspdm_test_context_t *spdm_test_context;
    1867              :     libspdm_context_t *spdm_context;
    1868              :     size_t response_size;
    1869              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1870              :     spdm_finish_response_t *spdm_response;
    1871              :     void *data1;
    1872              :     size_t data_size1;
    1873              :     uint8_t *ptr;
    1874              :     uint8_t *cert_buffer;
    1875              :     size_t cert_buffer_size;
    1876              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1877              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1878              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1879              :     libspdm_session_info_t *session_info;
    1880              :     uint32_t session_id;
    1881              :     uint32_t hash_size;
    1882              :     uint32_t hmac_size;
    1883              : 
    1884            1 :     spdm_test_context = *state;
    1885            1 :     spdm_context = spdm_test_context->spdm_context;
    1886            1 :     spdm_test_context->case_id = 0x11;
    1887            1 :     spdm_context->connection_info.connection_state =
    1888              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1889            1 :     spdm_context->connection_info.capability.flags |=
    1890              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1891            1 :     spdm_context->local_context.capability.flags |=
    1892              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1893            1 :     spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
    1894            1 :     spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
    1895            1 :     spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
    1896            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1897              :         m_libspdm_use_measurement_hash_algo;
    1898            1 :     spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
    1899            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
    1900            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1901              :                                                     m_libspdm_use_asym_algo, &data1,
    1902              :                                                     &data_size1, NULL, NULL);
    1903            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1904            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
    1905            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1906            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
    1907              : 
    1908            1 :     libspdm_reset_message_a(spdm_context);
    1909            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1910              : 
    1911            1 :     session_id = 0xFFFFFFFF;
    1912            1 :     spdm_context->latest_session_id = session_id;
    1913            1 :     session_info = &spdm_context->session_info[0];
    1914            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1915              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1916            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1917            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1918            1 :     libspdm_secured_message_set_request_finished_key(
    1919              :         session_info->secured_message_context, m_dummy_buffer, hash_size);
    1920            1 :     libspdm_secured_message_set_session_state(
    1921              :         session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
    1922              : 
    1923            1 :     spdm_context->connection_info.capability.flags |=
    1924              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1925            1 :     spdm_context->local_context.capability.flags |=
    1926              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1927            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1928            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1929            1 :     ptr = m_libspdm_finish_request1.signature;
    1930            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1931            1 :     cert_buffer = (uint8_t *)data1;
    1932            1 :     cert_buffer_size = data_size1;
    1933            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
    1934              :     /* transcript.message_a size is 0*/
    1935            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1936              :     /* session_transcript.message_k is 0*/
    1937            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1938              :                                   sizeof(spdm_finish_request_t));
    1939            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1940            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1941              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1942            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1943              :                      request_finished_key, hash_size, ptr);
    1944            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1945            1 :     response_size = sizeof(response);
    1946            1 :     status = libspdm_get_response_finish(
    1947              :         spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
    1948              :         &response_size, response);
    1949            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1950            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    1951            1 :     spdm_response = (void *)response;
    1952            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    1953              : 
    1954              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1955              :     assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
    1956              :                      m_libspdm_finish_request1_size + response_size);
    1957              :     assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
    1958              :                         &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
    1959              :     assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
    1960              :                         m_libspdm_finish_request1_size,
    1961              :                         response, response_size);
    1962              : #endif
    1963              : 
    1964            1 :     free(data1);
    1965            1 : }
    1966              : 
    1967              : /**
    1968              :  * Test 18: receiving a correct FINISH message from the requester with
    1969              :  * correct MAC and signature (with mutual authentication), and 'handshake in
    1970              :  * the clear'. The slot_id for requester mutual authentication is 0xFF.
    1971              :  * Expected behavior: the responder accepts the request and produces a valid
    1972              :  * FINISH_RSP response message.
    1973              :  **/
    1974            1 : void rsp_finish_rsp_case18(void **state)
    1975              : {
    1976              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1977              :     libspdm_return_t status;
    1978              :     libspdm_test_context_t *spdm_test_context;
    1979              :     libspdm_context_t *spdm_context;
    1980              :     size_t response_size;
    1981              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1982              :     spdm_finish_response_t *spdm_response;
    1983              :     void *data1;
    1984              :     size_t data_size1;
    1985              :     void *data2;
    1986              :     size_t data_size2;
    1987              :     uint8_t *ptr;
    1988              :     uint8_t *cert_buffer;
    1989              :     size_t cert_buffer_size;
    1990              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1991              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1992              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1993              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1994              :     libspdm_session_info_t *session_info;
    1995              :     uint32_t session_id;
    1996              :     uint32_t hash_size;
    1997              :     uint32_t hmac_size;
    1998              :     size_t req_asym_signature_size;
    1999              : 
    2000            1 :     spdm_test_context = *state;
    2001            1 :     spdm_context = spdm_test_context->spdm_context;
    2002            1 :     spdm_test_context->case_id = 0x12;
    2003            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2004              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2005            1 :     spdm_context->connection_info.connection_state =
    2006              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2007            1 :     spdm_context->connection_info.capability.flags |=
    2008              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2009            1 :     spdm_context->local_context.capability.flags |=
    2010              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2011            1 :     spdm_context->connection_info.capability.flags |=
    2012              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
    2013            1 :     spdm_context->local_context.capability.flags |=
    2014              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
    2015            1 :     spdm_context->connection_info.capability.flags |=
    2016              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2017            1 :     spdm_context->local_context.capability.flags |=
    2018              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2019            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2020              :         m_libspdm_use_hash_algo;
    2021            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2022              :         m_libspdm_use_asym_algo;
    2023            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2024              :         m_libspdm_use_req_asym_algo;
    2025            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2026              :         m_libspdm_use_dhe_algo;
    2027            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2028              :         m_libspdm_use_aead_algo;
    2029            1 :     libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
    2030            1 :     spdm_context->local_context.local_public_key_provision = data1;
    2031            1 :     spdm_context->local_context.local_public_key_provision_size = data_size1;
    2032            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2033            1 :     libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
    2034            1 :     spdm_context->local_context.peer_public_key_provision = data2;
    2035            1 :     spdm_context->local_context.peer_public_key_provision_size = data_size2;
    2036              : 
    2037            1 :     spdm_context->encap_context.req_slot_id = 0xFF;
    2038            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
    2039            1 :     spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
    2040              : 
    2041            1 :     libspdm_reset_message_a(spdm_context);
    2042              : 
    2043            1 :     session_id = 0xFFFFFFFF;
    2044            1 :     spdm_context->latest_session_id = session_id;
    2045            1 :     session_info = &spdm_context->session_info[0];
    2046            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2047              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2048            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2049            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2050            1 :     libspdm_secured_message_set_request_finished_key(
    2051              :         session_info->secured_message_context, m_dummy_buffer,
    2052              :         hash_size);
    2053            1 :     libspdm_secured_message_set_session_state(
    2054              :         session_info->secured_message_context,
    2055              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2056            1 :     session_info->mut_auth_requested = 1;
    2057              : 
    2058            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2059            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2060            1 :     req_asym_signature_size =
    2061            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2062            1 :     ptr = m_libspdm_finish_request4.signature;
    2063            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2064            1 :     cert_buffer = (uint8_t *)data1;
    2065            1 :     cert_buffer_size = data_size1;
    2066            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2067              :                      cert_buffer_hash);
    2068            1 :     cert_buffer = (uint8_t *)data2;
    2069            1 :     cert_buffer_size = data_size2;
    2070            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2071              :                      req_cert_buffer_hash);
    2072              :     /* transcript.message_a size is 0*/
    2073            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2074              :     /* session_transcript.message_k is 0*/
    2075            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2076            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
    2077              :                                   sizeof(spdm_finish_request_t));
    2078              : 
    2079            1 :     libspdm_requester_data_sign(
    2080              :         spdm_context,
    2081            1 :         m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2082              :             SPDM_FINISH,
    2083              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2084            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2085              :             libspdm_get_managed_buffer_size(&th_curr),
    2086              :             ptr, &req_asym_signature_size);
    2087              : 
    2088            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2089            1 :     ptr += req_asym_signature_size;
    2090              : 
    2091            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2092            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2093              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2094            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2095              :                      request_finished_key, hash_size, ptr);
    2096            1 :     m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
    2097            1 :                                      req_asym_signature_size + hmac_size;
    2098            1 :     response_size = sizeof(response);
    2099            1 :     status = libspdm_get_response_finish(spdm_context,
    2100              :                                          m_libspdm_finish_request4_size,
    2101              :                                          &m_libspdm_finish_request4,
    2102              :                                          &response_size, response);
    2103            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2104            1 :     assert_int_equal(response_size,
    2105              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2106            1 :     spdm_response = (void *)response;
    2107            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2108              :                      SPDM_FINISH_RSP);
    2109            1 :     free(data1);
    2110            1 :     free(data2);
    2111              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    2112            1 : }
    2113              : 
    2114              : /**
    2115              :  * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
    2116              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
    2117              :  * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
    2118              :  * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
    2119              :  **/
    2120            1 : void rsp_finish_rsp_case19(void **state)
    2121              : {
    2122              :     libspdm_return_t status;
    2123              :     libspdm_test_context_t *spdm_test_context;
    2124              :     libspdm_context_t *spdm_context;
    2125              :     size_t response_size;
    2126              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2127              :     spdm_finish_response_t *spdm_response;
    2128              :     void *data1;
    2129              :     size_t data_size1;
    2130              :     void *data2;
    2131              :     size_t data_size2;
    2132              :     uint8_t *ptr;
    2133              :     uint8_t *cert_buffer;
    2134              :     size_t cert_buffer_size;
    2135              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2136              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2137              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2138              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2139              :     libspdm_session_info_t *session_info;
    2140              :     uint32_t session_id;
    2141              :     uint32_t hash_size;
    2142              :     uint32_t hmac_size;
    2143              :     size_t req_asym_signature_size;
    2144              : 
    2145            1 :     spdm_test_context = *state;
    2146            1 :     spdm_context = spdm_test_context->spdm_context;
    2147            1 :     spdm_test_context->case_id = 0x13;
    2148            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2149              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2150            1 :     spdm_context->connection_info.connection_state =
    2151              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2152            1 :     spdm_context->connection_info.capability.flags |=
    2153              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2154            1 :     spdm_context->local_context.capability.flags |=
    2155              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2156            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2157              :         m_libspdm_use_hash_algo;
    2158            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2159              :         m_libspdm_use_asym_algo;
    2160            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2161              :         m_libspdm_use_req_asym_algo;
    2162            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2163              :         m_libspdm_use_measurement_spec;
    2164            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2165              :         m_libspdm_use_measurement_hash_algo;
    2166            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2167              :         m_libspdm_use_dhe_algo;
    2168            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2169              :         m_libspdm_use_aead_algo;
    2170            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2171              :                                                     m_libspdm_use_asym_algo, &data1,
    2172              :                                                     &data_size1, NULL, NULL);
    2173            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2174            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2175              :         data_size1;
    2176            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2177            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2178              :         data_size1;
    2179              : 
    2180            1 :     libspdm_reset_message_a(spdm_context);
    2181            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2182            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2183              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2184              :                                                     &data_size2, NULL, NULL);
    2185              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2186              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2187              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2188              :                      data2, data_size2);
    2189              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2190              :         data_size2;
    2191              : #else
    2192            1 :     libspdm_hash_all(
    2193              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2194              :         data2, data_size2,
    2195            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2196            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2197            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2198            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2199              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2200            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2201              :         data2,
    2202              :         data_size2,
    2203              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2204              : #endif
    2205            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2206              : 
    2207            1 :     session_id = 0xFFFFFFFF;
    2208            1 :     spdm_context->latest_session_id = session_id;
    2209            1 :     session_info = &spdm_context->session_info[0];
    2210            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2211              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2212            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2213            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2214            1 :     libspdm_secured_message_set_request_finished_key(
    2215              :         session_info->secured_message_context, m_dummy_buffer,
    2216              :         hash_size);
    2217            1 :     libspdm_secured_message_set_session_state(
    2218              :         session_info->secured_message_context,
    2219              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2220            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2221              : 
    2222            1 :     spdm_context->connection_info.capability.flags |=
    2223              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2224            1 :     spdm_context->local_context.capability.flags |=
    2225              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2226            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2227            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2228            1 :     req_asym_signature_size =
    2229            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2230            1 :     ptr = m_libspdm_finish_request5.signature;
    2231            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2232            1 :     cert_buffer = (uint8_t *)data1;
    2233            1 :     cert_buffer_size = data_size1;
    2234            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2235              :                      cert_buffer_hash);
    2236            1 :     cert_buffer = (uint8_t *)data2;
    2237            1 :     cert_buffer_size = data_size2;
    2238            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2239              :                      req_cert_buffer_hash);
    2240              :     /* transcript.message_a size is 0*/
    2241            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2242              :     /* session_transcript.message_k is 0*/
    2243            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2244            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
    2245              :                                   sizeof(spdm_finish_request_t));
    2246              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2247            1 :     libspdm_requester_data_sign(
    2248              :         spdm_context,
    2249            1 :         m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    2250              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2251            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2252              :             libspdm_get_managed_buffer_size(&th_curr),
    2253              :             ptr, &req_asym_signature_size);
    2254              : #endif
    2255            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2256            1 :     ptr += req_asym_signature_size;
    2257            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2258            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2259              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2260            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2261              :                      request_finished_key, hash_size, ptr);
    2262            1 :     m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
    2263            1 :                                      req_asym_signature_size + hmac_size;
    2264            1 :     response_size = sizeof(response);
    2265            1 :     status = libspdm_get_response_finish(spdm_context,
    2266              :                                          m_libspdm_finish_request5_size,
    2267              :                                          &m_libspdm_finish_request5,
    2268              :                                          &response_size, response);
    2269            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2270            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2271            1 :     spdm_response = (void *)response;
    2272            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2273              :                      SPDM_ERROR);
    2274            1 :     assert_int_equal(spdm_response->header.param1,
    2275              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    2276            1 :     assert_int_equal(spdm_response->header.param2, 0);
    2277            1 :     free(data1);
    2278            1 :     free(data2);
    2279            1 : }
    2280              : 
    2281              : /**
    2282              :  * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
    2283              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
    2284              :  * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
    2285              :  * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
    2286              :  **/
    2287            1 : void rsp_finish_rsp_case20(void **state)
    2288              : {
    2289              :     libspdm_return_t status;
    2290              :     libspdm_test_context_t *spdm_test_context;
    2291              :     libspdm_context_t *spdm_context;
    2292              :     size_t response_size;
    2293              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2294              :     spdm_finish_response_t *spdm_response;
    2295              :     void *data1;
    2296              :     size_t data_size1;
    2297              :     void *data2;
    2298              :     size_t data_size2;
    2299              :     uint8_t *ptr;
    2300              :     uint8_t *cert_buffer;
    2301              :     size_t cert_buffer_size;
    2302              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2303              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2304              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2305              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2306              :     libspdm_session_info_t *session_info;
    2307              :     uint32_t session_id;
    2308              :     uint32_t hash_size;
    2309              :     uint32_t hmac_size;
    2310              :     size_t req_asym_signature_size;
    2311              : 
    2312            1 :     spdm_test_context = *state;
    2313            1 :     spdm_context = spdm_test_context->spdm_context;
    2314            1 :     spdm_test_context->case_id = 0x14;
    2315            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2316              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2317            1 :     spdm_context->connection_info.connection_state =
    2318              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2319            1 :     spdm_context->connection_info.capability.flags |=
    2320              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2321            1 :     spdm_context->local_context.capability.flags |=
    2322              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2323            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2324              :         m_libspdm_use_hash_algo;
    2325            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2326              :         m_libspdm_use_asym_algo;
    2327            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2328              :         m_libspdm_use_req_asym_algo;
    2329            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2330              :         m_libspdm_use_measurement_spec;
    2331            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2332              :         m_libspdm_use_measurement_hash_algo;
    2333            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2334              :         m_libspdm_use_dhe_algo;
    2335            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2336              :         m_libspdm_use_aead_algo;
    2337            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2338              :                                                     m_libspdm_use_asym_algo, &data1,
    2339              :                                                     &data_size1, NULL, NULL);
    2340            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2341            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2342              :         data_size1;
    2343            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2344            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2345              :         data_size1;
    2346              : 
    2347            1 :     libspdm_reset_message_a(spdm_context);
    2348            1 :     spdm_context->local_context.mut_auth_requested =
    2349              :         SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
    2350            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2351              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2352              :                                                     &data_size2, NULL, NULL);
    2353              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2354              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2355              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2356              :                      data2, data_size2);
    2357              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2358              :         data_size2;
    2359              : #else
    2360            1 :     libspdm_hash_all(
    2361              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2362              :         data2, data_size2,
    2363            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2364            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2365            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2366            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2367              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2368            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2369              :         data2,
    2370              :         data_size2,
    2371              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2372              : #endif
    2373            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2374              : 
    2375            1 :     session_id = 0xFFFFFFFF;
    2376            1 :     spdm_context->latest_session_id = session_id;
    2377            1 :     session_info = &spdm_context->session_info[0];
    2378            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2379              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2380            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2381            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2382            1 :     libspdm_secured_message_set_request_finished_key(
    2383              :         session_info->secured_message_context, m_dummy_buffer,
    2384              :         hash_size);
    2385            1 :     libspdm_secured_message_set_session_state(
    2386              :         session_info->secured_message_context,
    2387              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2388            1 :     session_info->mut_auth_requested =
    2389              :         SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
    2390              : 
    2391            1 :     spdm_context->connection_info.capability.flags |=
    2392              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2393            1 :     spdm_context->local_context.capability.flags |=
    2394              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2395            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2396            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2397            1 :     req_asym_signature_size =
    2398            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2399            1 :     ptr = m_libspdm_finish_request7.signature;
    2400            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2401            1 :     cert_buffer = (uint8_t *)data1;
    2402            1 :     cert_buffer_size = data_size1;
    2403            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2404              :                      cert_buffer_hash);
    2405            1 :     cert_buffer = (uint8_t *)data2;
    2406            1 :     cert_buffer_size = data_size2;
    2407            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2408              :                      req_cert_buffer_hash);
    2409              :     /* transcript.message_a size is 0*/
    2410            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2411              :     /* session_transcript.message_k is 0*/
    2412            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2413            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
    2414              :                                   sizeof(spdm_finish_request_t));
    2415              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2416            1 :     libspdm_requester_data_sign(
    2417              :         spdm_context,
    2418            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    2419              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2420            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2421              :             libspdm_get_managed_buffer_size(&th_curr),
    2422              :             ptr, &req_asym_signature_size);
    2423              : #endif
    2424            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2425            1 :     ptr += req_asym_signature_size;
    2426            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2427            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2428              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2429            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2430              :                      request_finished_key, hash_size, ptr);
    2431            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2432            1 :                                      req_asym_signature_size + hmac_size;
    2433            1 :     response_size = sizeof(response);
    2434            1 :     status = libspdm_get_response_finish(spdm_context,
    2435              :                                          m_libspdm_finish_request7_size,
    2436              :                                          &m_libspdm_finish_request7,
    2437              :                                          &response_size, response);
    2438            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2439            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2440            1 :     spdm_response = (void *)response;
    2441            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2442              :                      SPDM_ERROR);
    2443            1 :     assert_int_equal(spdm_response->header.param1,
    2444              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    2445            1 :     assert_int_equal(spdm_response->header.param2, 0);
    2446            1 :     free(data1);
    2447            1 :     free(data2);
    2448            1 : }
    2449              : 
    2450              : /**
    2451              :  * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
    2452              :  * although SlotID in FINISH request message is 10, it shall be ignored when read.
    2453              :  * Expected behavior: the responder accepts the request and produces a valid
    2454              :  * FINISH_RSP response message.
    2455              :  **/
    2456            1 : void rsp_finish_rsp_case21(void **state)
    2457              : {
    2458              :     libspdm_return_t status;
    2459              :     libspdm_test_context_t *spdm_test_context;
    2460              :     libspdm_context_t *spdm_context;
    2461              :     size_t response_size;
    2462              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2463              :     spdm_finish_response_t *spdm_response;
    2464              :     void *data1;
    2465              :     size_t data_size1;
    2466              :     uint8_t *ptr;
    2467              :     uint8_t *cert_buffer;
    2468              :     size_t cert_buffer_size;
    2469              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2470              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2471              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2472              :     libspdm_session_info_t *session_info;
    2473              :     uint32_t session_id;
    2474              :     uint32_t hash_size;
    2475              :     uint32_t hmac_size;
    2476              : 
    2477            1 :     spdm_test_context = *state;
    2478            1 :     spdm_context = spdm_test_context->spdm_context;
    2479            1 :     spdm_test_context->case_id = 0x15;
    2480            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2481              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2482            1 :     spdm_context->connection_info.connection_state =
    2483              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2484            1 :     spdm_context->connection_info.capability.flags |=
    2485              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2486            1 :     spdm_context->local_context.capability.flags |=
    2487              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2488            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2489              :         m_libspdm_use_hash_algo;
    2490            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2491              :         m_libspdm_use_asym_algo;
    2492            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2493              :         m_libspdm_use_measurement_spec;
    2494            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2495              :         m_libspdm_use_measurement_hash_algo;
    2496            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2497              :         m_libspdm_use_dhe_algo;
    2498            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2499              :         m_libspdm_use_aead_algo;
    2500            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2501              :                                                     m_libspdm_use_asym_algo, &data1,
    2502              :                                                     &data_size1, NULL, NULL);
    2503            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2504            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2505              :         data_size1;
    2506            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2507            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2508              :         data_size1;
    2509              : 
    2510            1 :     libspdm_reset_message_a(spdm_context);
    2511            1 :     spdm_context->local_context.mut_auth_requested = 0;
    2512              : 
    2513            1 :     session_id = 0xFFFFFFFF;
    2514            1 :     spdm_context->latest_session_id = session_id;
    2515            1 :     session_info = &spdm_context->session_info[0];
    2516            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2517              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2518            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2519            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2520            1 :     libspdm_secured_message_set_request_finished_key(
    2521              :         session_info->secured_message_context, m_dummy_buffer,
    2522              :         hash_size);
    2523            1 :     libspdm_secured_message_set_session_state(
    2524              :         session_info->secured_message_context,
    2525              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2526            1 :     session_info->mut_auth_requested = 0;
    2527              : 
    2528            1 :     spdm_context->connection_info.capability.flags |=
    2529              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2530            1 :     spdm_context->local_context.capability.flags |=
    2531              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2532            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2533            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2534            1 :     ptr = m_libspdm_finish_request6.signature;
    2535            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2536            1 :     cert_buffer = (uint8_t *)data1;
    2537            1 :     cert_buffer_size = data_size1;
    2538            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2539              :                      cert_buffer_hash);
    2540              :     /* transcript.message_a size is 0*/
    2541            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2542              :     /* session_transcript.message_k is 0*/
    2543            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
    2544              :                                   sizeof(spdm_finish_request_t));
    2545            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2546            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2547              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2548            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2549              :                      request_finished_key, hash_size, ptr);
    2550            1 :     m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
    2551            1 :     response_size = sizeof(response);
    2552            1 :     status = libspdm_get_response_finish(spdm_context,
    2553              :                                          m_libspdm_finish_request6_size,
    2554              :                                          &m_libspdm_finish_request6,
    2555              :                                          &response_size, response);
    2556            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2557            1 :     spdm_response = (void *)response;
    2558            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2559              :                      SPDM_FINISH_RSP);
    2560            1 :     assert_int_equal(response_size,
    2561              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2562            1 :     free(data1);
    2563            1 : }
    2564              : 
    2565              : /**
    2566              :  * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
    2567              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
    2568              :  * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
    2569              :  * Expected behavior: the responder accepts the request and produces a valid
    2570              :  * FINISH_RSP response message.
    2571              :  **/
    2572            1 : void rsp_finish_rsp_case22(void **state)
    2573              : {
    2574              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2575              :     libspdm_return_t status;
    2576              :     libspdm_test_context_t *spdm_test_context;
    2577              :     libspdm_context_t *spdm_context;
    2578              :     size_t response_size;
    2579              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2580              :     spdm_finish_response_t *spdm_response;
    2581              :     void *data1;
    2582              :     size_t data_size1;
    2583              :     void *data2;
    2584              :     size_t data_size2;
    2585              :     uint8_t *ptr;
    2586              :     uint8_t *cert_buffer;
    2587              :     size_t cert_buffer_size;
    2588              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2589              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2590              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2591              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2592              :     libspdm_session_info_t *session_info;
    2593              :     uint32_t session_id;
    2594              :     uint32_t hash_size;
    2595              :     uint32_t hmac_size;
    2596              :     size_t req_asym_signature_size;
    2597              : 
    2598            1 :     spdm_test_context = *state;
    2599            1 :     spdm_context = spdm_test_context->spdm_context;
    2600            1 :     spdm_test_context->case_id = 0x16;
    2601            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2602              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2603            1 :     spdm_context->connection_info.connection_state =
    2604              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2605            1 :     spdm_context->connection_info.capability.flags |=
    2606              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2607            1 :     spdm_context->local_context.capability.flags |=
    2608              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2609            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2610              :         m_libspdm_use_hash_algo;
    2611            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2612              :         m_libspdm_use_asym_algo;
    2613            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2614              :         m_libspdm_use_req_asym_algo;
    2615            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2616              :         m_libspdm_use_measurement_spec;
    2617            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2618              :         m_libspdm_use_measurement_hash_algo;
    2619            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2620              :         m_libspdm_use_dhe_algo;
    2621            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2622              :         m_libspdm_use_aead_algo;
    2623            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2624              :                                                     m_libspdm_use_asym_algo, &data1,
    2625              :                                                     &data_size1, NULL, NULL);
    2626            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2627            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2628              :         data_size1;
    2629            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2630            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2631              :         data_size1;
    2632              : 
    2633            1 :     libspdm_reset_message_a(spdm_context);
    2634            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2635            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2636              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2637              :                                                     &data_size2, NULL, NULL);
    2638              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2639              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2640              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2641              :                      data2, data_size2);
    2642              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2643              :         data_size2;
    2644              : #else
    2645            1 :     libspdm_hash_all(
    2646              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2647              :         data2, data_size2,
    2648            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2649            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2650            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2651            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2652              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2653            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2654              :         data2,
    2655              :         data_size2,
    2656              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2657              : #endif
    2658            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2659              : 
    2660            1 :     session_id = 0xFFFFFFFF;
    2661            1 :     spdm_context->latest_session_id = session_id;
    2662            1 :     session_info = &spdm_context->session_info[0];
    2663            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2664              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2665            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2666            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2667            1 :     libspdm_secured_message_set_request_finished_key(
    2668              :         session_info->secured_message_context, m_dummy_buffer,
    2669              :         hash_size);
    2670            1 :     libspdm_secured_message_set_session_state(
    2671              :         session_info->secured_message_context,
    2672              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2673            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2674              : 
    2675            1 :     spdm_context->connection_info.capability.flags |=
    2676              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2677            1 :     spdm_context->local_context.capability.flags |=
    2678              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2679            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2680            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2681            1 :     req_asym_signature_size =
    2682            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2683            1 :     ptr = m_libspdm_finish_request7.signature;
    2684            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2685            1 :     cert_buffer = (uint8_t *)data1;
    2686            1 :     cert_buffer_size = data_size1;
    2687            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2688              :                      cert_buffer_hash);
    2689            1 :     cert_buffer = (uint8_t *)data2;
    2690            1 :     cert_buffer_size = data_size2;
    2691            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2692              :                      req_cert_buffer_hash);
    2693              :     /* transcript.message_a size is 0*/
    2694            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2695              :     /* session_transcript.message_k is 0*/
    2696            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2697            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
    2698              :                                   sizeof(spdm_finish_request_t));
    2699              : 
    2700            1 :     libspdm_requester_data_sign(
    2701              :         spdm_context,
    2702            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    2703              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2704            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2705              :             libspdm_get_managed_buffer_size(&th_curr),
    2706              :             ptr, &req_asym_signature_size);
    2707              : 
    2708            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2709            1 :     ptr += req_asym_signature_size;
    2710            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2711            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2712              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2713            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2714              :                      request_finished_key, hash_size, ptr);
    2715            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2716            1 :                                      req_asym_signature_size + hmac_size;
    2717            1 :     response_size = sizeof(response);
    2718            1 :     status = libspdm_get_response_finish(spdm_context,
    2719              :                                          m_libspdm_finish_request7_size,
    2720              :                                          &m_libspdm_finish_request7,
    2721              :                                          &response_size, response);
    2722            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2723            1 :     spdm_response = (void *)response;
    2724            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2725              :                      SPDM_FINISH_RSP);
    2726            1 :     assert_int_equal(response_size,
    2727              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2728            1 :     free(data1);
    2729            1 :     free(data2);
    2730              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    2731            1 : }
    2732              : 
    2733              : /**
    2734              :  * Test 23: Same as test case 22 but test signature endianness.
    2735              :  * Big-Endian Sign. Little-Endian Verify.
    2736              :  * Expecting signature to fail.
    2737              :  **/
    2738            1 : void rsp_finish_rsp_case23(void** state)
    2739              : {
    2740              :     libspdm_return_t status;
    2741              :     libspdm_test_context_t* spdm_test_context;
    2742              :     libspdm_context_t* spdm_context;
    2743              :     size_t response_size;
    2744              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2745              :     spdm_finish_response_t* spdm_response;
    2746              :     void* data1;
    2747              :     size_t data_size1;
    2748              :     void* data2;
    2749              :     size_t data_size2;
    2750              :     uint8_t* ptr;
    2751              :     uint8_t* cert_buffer;
    2752              :     size_t cert_buffer_size;
    2753              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2754              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2755              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2756              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2757              :     libspdm_session_info_t* session_info;
    2758              :     uint32_t session_id;
    2759              :     uint32_t hash_size;
    2760              :     uint32_t hmac_size;
    2761              :     size_t req_asym_signature_size;
    2762              : 
    2763            1 :     spdm_test_context = *state;
    2764            1 :     spdm_context = spdm_test_context->spdm_context;
    2765            1 :     spdm_test_context->case_id = 23;
    2766            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2767              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2768            1 :     spdm_context->connection_info.connection_state =
    2769              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2770            1 :     spdm_context->connection_info.capability.flags |=
    2771              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2772            1 :     spdm_context->local_context.capability.flags |=
    2773              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2774            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2775              :         m_libspdm_use_hash_algo;
    2776            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2777              :         m_libspdm_use_asym_algo;
    2778            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2779              :         m_libspdm_use_req_asym_algo;
    2780            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2781              :         m_libspdm_use_measurement_spec;
    2782            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2783              :         m_libspdm_use_measurement_hash_algo;
    2784            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2785              :         m_libspdm_use_dhe_algo;
    2786            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2787              :         m_libspdm_use_aead_algo;
    2788            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2789              :                                                     m_libspdm_use_asym_algo, &data1,
    2790              :                                                     &data_size1, NULL, NULL);
    2791            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2792            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2793              :         data_size1;
    2794            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2795            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2796              :         data_size1;
    2797            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    2798              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    2799              : 
    2800            1 :     libspdm_reset_message_a(spdm_context);
    2801            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2802            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2803              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2804              :                                                     &data_size2, NULL, NULL);
    2805              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2806              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2807              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2808              :                      data2, data_size2);
    2809              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2810              :         data_size2;
    2811              : #else
    2812            1 :     libspdm_hash_all(
    2813              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2814              :         data2, data_size2,
    2815            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2816            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2817            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2818            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2819              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2820            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2821              :         data2,
    2822              :         data_size2,
    2823              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2824              : #endif
    2825            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2826              : 
    2827            1 :     session_id = 0xFFFFFFFF;
    2828            1 :     spdm_context->latest_session_id = session_id;
    2829            1 :     session_info = &spdm_context->session_info[0];
    2830            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2831              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2832            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2833            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2834            1 :     libspdm_secured_message_set_request_finished_key(
    2835              :         session_info->secured_message_context, m_dummy_buffer,
    2836              :         hash_size);
    2837            1 :     libspdm_secured_message_set_session_state(
    2838              :         session_info->secured_message_context,
    2839              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2840            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2841              : 
    2842            1 :     spdm_context->connection_info.capability.flags |=
    2843              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2844            1 :     spdm_context->local_context.capability.flags |=
    2845              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2846            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2847            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2848            1 :     req_asym_signature_size =
    2849            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2850            1 :     ptr = m_libspdm_finish_request7.signature;
    2851            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2852            1 :     cert_buffer = (uint8_t*)data1;
    2853            1 :     cert_buffer_size = data_size1;
    2854            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2855              :                      cert_buffer_hash);
    2856            1 :     cert_buffer = (uint8_t*)data2;
    2857            1 :     cert_buffer_size = data_size2;
    2858            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2859              :                      req_cert_buffer_hash);
    2860              :     /* transcript.message_a size is 0*/
    2861            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2862              :     /* session_transcript.message_k is 0*/
    2863            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2864            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    2865              :                                   sizeof(spdm_finish_request_t));
    2866              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2867            1 :     libspdm_requester_data_sign(
    2868              :         spdm_context,
    2869            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    2870              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2871            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2872              :             libspdm_get_managed_buffer_size(&th_curr),
    2873              :             ptr, &req_asym_signature_size);
    2874              : #endif
    2875            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2876            1 :     ptr += req_asym_signature_size;
    2877            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2878            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2879              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2880            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2881              :                      request_finished_key, hash_size, ptr);
    2882            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2883            1 :                                      req_asym_signature_size + hmac_size;
    2884            1 :     response_size = sizeof(response);
    2885            1 :     status = libspdm_get_response_finish(spdm_context,
    2886              :                                          m_libspdm_finish_request7_size,
    2887              :                                          &m_libspdm_finish_request7,
    2888              :                                          &response_size, response);
    2889            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2890            1 :     spdm_response = (void*)response;
    2891              : 
    2892              :     /* Expecting failure on little-endian signature */
    2893            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
    2894            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2895            1 :     free(data1);
    2896            1 :     free(data2);
    2897            1 : }
    2898              : 
    2899              : /**
    2900              :  * Test 24: Same as test case 22 but test signature endianness.
    2901              :  * Big-Endian Sign. Big-Endian Verify.
    2902              :  * Expecting signature to PASS.
    2903              :  **/
    2904            1 : void rsp_finish_rsp_case24(void** state)
    2905              : {
    2906              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2907              :     libspdm_return_t status;
    2908              :     libspdm_test_context_t* spdm_test_context;
    2909              :     libspdm_context_t* spdm_context;
    2910              :     size_t response_size;
    2911              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2912              :     spdm_finish_response_t* spdm_response;
    2913              :     void* data1;
    2914              :     size_t data_size1;
    2915              :     void* data2;
    2916              :     size_t data_size2;
    2917              :     uint8_t* ptr;
    2918              :     uint8_t* cert_buffer;
    2919              :     size_t cert_buffer_size;
    2920              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2921              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2922              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2923              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2924              :     libspdm_session_info_t* session_info;
    2925              :     uint32_t session_id;
    2926              :     uint32_t hash_size;
    2927              :     uint32_t hmac_size;
    2928              :     size_t req_asym_signature_size;
    2929              : 
    2930            1 :     spdm_test_context = *state;
    2931            1 :     spdm_context = spdm_test_context->spdm_context;
    2932            1 :     spdm_test_context->case_id = 24;
    2933            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2934              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2935            1 :     spdm_context->connection_info.connection_state =
    2936              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2937            1 :     spdm_context->connection_info.capability.flags |=
    2938              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2939            1 :     spdm_context->local_context.capability.flags |=
    2940              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2941            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2942              :         m_libspdm_use_hash_algo;
    2943            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2944              :         m_libspdm_use_asym_algo;
    2945            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2946              :         m_libspdm_use_req_asym_algo;
    2947            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2948              :         m_libspdm_use_measurement_spec;
    2949            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2950              :         m_libspdm_use_measurement_hash_algo;
    2951            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2952              :         m_libspdm_use_dhe_algo;
    2953            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2954              :         m_libspdm_use_aead_algo;
    2955            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2956              :                                                     m_libspdm_use_asym_algo, &data1,
    2957              :                                                     &data_size1, NULL, NULL);
    2958            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2959            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2960              :         data_size1;
    2961            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2962            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2963              :         data_size1;
    2964            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    2965              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
    2966              : 
    2967            1 :     libspdm_reset_message_a(spdm_context);
    2968            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2969            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2970              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2971              :                                                     &data_size2, NULL, NULL);
    2972              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2973              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2974              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2975              :                      data2, data_size2);
    2976              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2977              :         data_size2;
    2978              : #else
    2979            1 :     libspdm_hash_all(
    2980              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2981              :         data2, data_size2,
    2982            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2983            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2984            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2985            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2986              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2987            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2988              :         data2,
    2989              :         data_size2,
    2990              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2991              : #endif
    2992            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2993              : 
    2994            1 :     session_id = 0xFFFFFFFF;
    2995            1 :     spdm_context->latest_session_id = session_id;
    2996            1 :     session_info = &spdm_context->session_info[0];
    2997            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2998              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2999            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3000            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3001            1 :     libspdm_secured_message_set_request_finished_key(
    3002              :         session_info->secured_message_context, m_dummy_buffer,
    3003              :         hash_size);
    3004            1 :     libspdm_secured_message_set_session_state(
    3005              :         session_info->secured_message_context,
    3006              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3007            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3008              : 
    3009            1 :     spdm_context->connection_info.capability.flags |=
    3010              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3011            1 :     spdm_context->local_context.capability.flags |=
    3012              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3013            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3014            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3015            1 :     req_asym_signature_size =
    3016            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3017            1 :     ptr = m_libspdm_finish_request7.signature;
    3018            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3019            1 :     cert_buffer = (uint8_t*)data1;
    3020            1 :     cert_buffer_size = data_size1;
    3021            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3022              :                      cert_buffer_hash);
    3023            1 :     cert_buffer = (uint8_t*)data2;
    3024            1 :     cert_buffer_size = data_size2;
    3025            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3026              :                      req_cert_buffer_hash);
    3027              :     /* transcript.message_a size is 0*/
    3028            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3029              :     /* session_transcript.message_k is 0*/
    3030            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3031            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3032              :                                   sizeof(spdm_finish_request_t));
    3033              : 
    3034            1 :     libspdm_requester_data_sign(
    3035              :         spdm_context,
    3036            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    3037              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3038            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3039              :             libspdm_get_managed_buffer_size(&th_curr),
    3040              :             ptr, &req_asym_signature_size);
    3041              : 
    3042            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3043            1 :     ptr += req_asym_signature_size;
    3044            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3045            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3046              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3047            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3048              :                      request_finished_key, hash_size, ptr);
    3049            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3050            1 :                                      req_asym_signature_size + hmac_size;
    3051            1 :     response_size = sizeof(response);
    3052            1 :     status = libspdm_get_response_finish(spdm_context,
    3053              :                                          m_libspdm_finish_request7_size,
    3054              :                                          &m_libspdm_finish_request7,
    3055              :                                          &response_size, response);
    3056            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3057            1 :     spdm_response = (void*)response;
    3058              : 
    3059              :     /* Expecting pass on big-endian signature */
    3060            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3061            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3062            1 :     free(data1);
    3063            1 :     free(data2);
    3064              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3065            1 : }
    3066              : 
    3067              : /**
    3068              :  * Test 25: Same as test case 22, but test signature endianness.
    3069              :  * Big Endian Sign. Big or Little Endian Verify.
    3070              :  * Expecting signature to PASS.
    3071              :  **/
    3072            1 : void rsp_finish_rsp_case25(void** state)
    3073              : {
    3074              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3075              :     libspdm_return_t status;
    3076              :     libspdm_test_context_t* spdm_test_context;
    3077              :     libspdm_context_t* spdm_context;
    3078              :     size_t response_size;
    3079              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3080              :     spdm_finish_response_t* spdm_response;
    3081              :     void* data1;
    3082              :     size_t data_size1;
    3083              :     void* data2;
    3084              :     size_t data_size2;
    3085              :     uint8_t* ptr;
    3086              :     uint8_t* cert_buffer;
    3087              :     size_t cert_buffer_size;
    3088              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3089              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3090              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3091              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3092              :     libspdm_session_info_t* session_info;
    3093              :     uint32_t session_id;
    3094              :     uint32_t hash_size;
    3095              :     uint32_t hmac_size;
    3096              :     size_t req_asym_signature_size;
    3097              : 
    3098            1 :     spdm_test_context = *state;
    3099            1 :     spdm_context = spdm_test_context->spdm_context;
    3100            1 :     spdm_test_context->case_id = 25;
    3101            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3102              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3103            1 :     spdm_context->connection_info.connection_state =
    3104              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3105            1 :     spdm_context->connection_info.capability.flags |=
    3106              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3107            1 :     spdm_context->local_context.capability.flags |=
    3108              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3109            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3110              :         m_libspdm_use_hash_algo;
    3111            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3112              :         m_libspdm_use_asym_algo;
    3113            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3114              :         m_libspdm_use_req_asym_algo;
    3115            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3116              :         m_libspdm_use_measurement_spec;
    3117            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3118              :         m_libspdm_use_measurement_hash_algo;
    3119            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3120              :         m_libspdm_use_dhe_algo;
    3121            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3122              :         m_libspdm_use_aead_algo;
    3123            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3124              :                                                     m_libspdm_use_asym_algo, &data1,
    3125              :                                                     &data_size1, NULL, NULL);
    3126            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3127            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3128              :         data_size1;
    3129            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3130            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3131              :         data_size1;
    3132            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3133              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
    3134              : 
    3135            1 :     libspdm_reset_message_a(spdm_context);
    3136            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3137            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3138              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3139              :                                                     &data_size2, NULL, NULL);
    3140              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3141              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3142              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3143              :                      data2, data_size2);
    3144              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3145              :         data_size2;
    3146              : #else
    3147            1 :     libspdm_hash_all(
    3148              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3149              :         data2, data_size2,
    3150            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3151            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3152            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3153            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3154              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3155            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3156              :         data2,
    3157              :         data_size2,
    3158              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3159              : #endif
    3160            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3161              : 
    3162            1 :     session_id = 0xFFFFFFFF;
    3163            1 :     spdm_context->latest_session_id = session_id;
    3164            1 :     session_info = &spdm_context->session_info[0];
    3165            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3166              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3167            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3168            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3169            1 :     libspdm_secured_message_set_request_finished_key(
    3170              :         session_info->secured_message_context, m_dummy_buffer,
    3171              :         hash_size);
    3172            1 :     libspdm_secured_message_set_session_state(
    3173              :         session_info->secured_message_context,
    3174              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3175            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3176              : 
    3177            1 :     spdm_context->connection_info.capability.flags |=
    3178              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3179            1 :     spdm_context->local_context.capability.flags |=
    3180              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3181            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3182            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3183            1 :     req_asym_signature_size =
    3184            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3185            1 :     ptr = m_libspdm_finish_request7.signature;
    3186            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3187            1 :     cert_buffer = (uint8_t*)data1;
    3188            1 :     cert_buffer_size = data_size1;
    3189            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3190              :                      cert_buffer_hash);
    3191            1 :     cert_buffer = (uint8_t*)data2;
    3192            1 :     cert_buffer_size = data_size2;
    3193            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3194              :                      req_cert_buffer_hash);
    3195              :     /* transcript.message_a size is 0*/
    3196            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3197              :     /* session_transcript.message_k is 0*/
    3198            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3199            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3200              :                                   sizeof(spdm_finish_request_t));
    3201              : 
    3202            1 :     libspdm_requester_data_sign(
    3203              :         spdm_context,
    3204            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    3205              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3206            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3207              :             libspdm_get_managed_buffer_size(&th_curr),
    3208              :             ptr, &req_asym_signature_size);
    3209              : 
    3210            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3211            1 :     ptr += req_asym_signature_size;
    3212            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3213            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3214              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3215            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3216              :                      request_finished_key, hash_size, ptr);
    3217            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3218            1 :                                      req_asym_signature_size + hmac_size;
    3219            1 :     response_size = sizeof(response);
    3220            1 :     status = libspdm_get_response_finish(spdm_context,
    3221              :                                          m_libspdm_finish_request7_size,
    3222              :                                          &m_libspdm_finish_request7,
    3223              :                                          &response_size, response);
    3224            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3225            1 :     spdm_response = (void*)response;
    3226            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3227            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3228            1 :     free(data1);
    3229            1 :     free(data2);
    3230              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3231            1 : }
    3232              : 
    3233              : /**
    3234              :  * Test 26: Same as test case 22, but test endian verification.
    3235              :  * Sign as Little Endian, Verify as Little.
    3236              :  * Expecting signature to PASS.
    3237              :  **/
    3238            1 : void rsp_finish_rsp_case26(void** state)
    3239              : {
    3240              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3241              :     libspdm_return_t status;
    3242              :     libspdm_test_context_t* spdm_test_context;
    3243              :     libspdm_context_t* spdm_context;
    3244              :     size_t response_size;
    3245              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3246              :     spdm_finish_response_t* spdm_response;
    3247              :     void* data1;
    3248              :     size_t data_size1;
    3249              :     void* data2;
    3250              :     size_t data_size2;
    3251              :     uint8_t* ptr;
    3252              :     uint8_t* cert_buffer;
    3253              :     size_t cert_buffer_size;
    3254              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3255              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3256              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3257              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3258              :     libspdm_session_info_t* session_info;
    3259              :     uint32_t session_id;
    3260              :     uint32_t hash_size;
    3261              :     uint32_t hmac_size;
    3262              :     size_t req_asym_signature_size;
    3263              : 
    3264            1 :     spdm_test_context = *state;
    3265            1 :     spdm_context = spdm_test_context->spdm_context;
    3266            1 :     spdm_test_context->case_id = 26;
    3267            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3268              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3269            1 :     spdm_context->connection_info.connection_state =
    3270              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3271            1 :     spdm_context->connection_info.capability.flags |=
    3272              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3273            1 :     spdm_context->local_context.capability.flags |=
    3274              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3275            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3276              :         m_libspdm_use_hash_algo;
    3277            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3278              :         m_libspdm_use_asym_algo;
    3279            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3280              :         m_libspdm_use_req_asym_algo;
    3281            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3282              :         m_libspdm_use_measurement_spec;
    3283            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3284              :         m_libspdm_use_measurement_hash_algo;
    3285            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3286              :         m_libspdm_use_dhe_algo;
    3287            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3288              :         m_libspdm_use_aead_algo;
    3289            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3290              :                                                     m_libspdm_use_asym_algo, &data1,
    3291              :                                                     &data_size1, NULL, NULL);
    3292            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3293            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3294              :         data_size1;
    3295            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3296            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3297              :         data_size1;
    3298            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3299              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    3300              : 
    3301            1 :     libspdm_reset_message_a(spdm_context);
    3302            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3303            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3304              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3305              :                                                     &data_size2, NULL, NULL);
    3306              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3307              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3308              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3309              :                      data2, data_size2);
    3310              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3311              :         data_size2;
    3312              : #else
    3313            1 :     libspdm_hash_all(
    3314              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3315              :         data2, data_size2,
    3316            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3317            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3318            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3319            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3320              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3321            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3322              :         data2,
    3323              :         data_size2,
    3324              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3325              : #endif
    3326            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3327              : 
    3328            1 :     session_id = 0xFFFFFFFF;
    3329            1 :     spdm_context->latest_session_id = session_id;
    3330            1 :     session_info = &spdm_context->session_info[0];
    3331            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3332              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3333            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3334            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3335            1 :     libspdm_secured_message_set_request_finished_key(
    3336              :         session_info->secured_message_context, m_dummy_buffer,
    3337              :         hash_size);
    3338            1 :     libspdm_secured_message_set_session_state(
    3339              :         session_info->secured_message_context,
    3340              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3341            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3342              : 
    3343            1 :     spdm_context->connection_info.capability.flags |=
    3344              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3345            1 :     spdm_context->local_context.capability.flags |=
    3346              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3347            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3348            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3349            1 :     req_asym_signature_size =
    3350            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3351            1 :     ptr = m_libspdm_finish_request7.signature;
    3352            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3353            1 :     cert_buffer = (uint8_t*)data1;
    3354            1 :     cert_buffer_size = data_size1;
    3355            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3356              :                      cert_buffer_hash);
    3357            1 :     cert_buffer = (uint8_t*)data2;
    3358            1 :     cert_buffer_size = data_size2;
    3359            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3360              :                      req_cert_buffer_hash);
    3361              :     /* transcript.message_a size is 0*/
    3362            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3363              :     /* session_transcript.message_k is 0*/
    3364            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3365            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3366              :                                   sizeof(spdm_finish_request_t));
    3367              : 
    3368            1 :     libspdm_requester_data_sign(
    3369              :         spdm_context,
    3370            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    3371              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3372            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3373              :             libspdm_get_managed_buffer_size(&th_curr),
    3374              :             ptr, &req_asym_signature_size);
    3375              : 
    3376              :     /* Switch signature to little endian */
    3377            1 :     libspdm_copy_signature_swap_endian(
    3378              :         m_libspdm_use_req_asym_algo,
    3379              :         ptr, req_asym_signature_size,
    3380              :         ptr, req_asym_signature_size);
    3381              : 
    3382            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3383            1 :     ptr += req_asym_signature_size;
    3384            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3385            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3386              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3387            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3388              :                      request_finished_key, hash_size, ptr);
    3389            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3390            1 :                                      req_asym_signature_size + hmac_size;
    3391            1 :     response_size = sizeof(response);
    3392            1 :     status = libspdm_get_response_finish(spdm_context,
    3393              :                                          m_libspdm_finish_request7_size,
    3394              :                                          &m_libspdm_finish_request7,
    3395              :                                          &response_size, response);
    3396            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3397            1 :     spdm_response = (void*)response;
    3398            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3399            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3400            1 :     free(data1);
    3401            1 :     free(data2);
    3402              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3403            1 : }
    3404              : 
    3405              : /**
    3406              :  * Test 27: Same as test case 22, but test endian verification.
    3407              :  * Sign as Little Endian, Verify as Big.
    3408              :  * Expecting signature to FAIL.
    3409              :  **/
    3410            1 : void rsp_finish_rsp_case27(void** state)
    3411              : {
    3412              :     libspdm_return_t status;
    3413              :     libspdm_test_context_t* spdm_test_context;
    3414              :     libspdm_context_t* spdm_context;
    3415              :     size_t response_size;
    3416              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3417              :     spdm_finish_response_t* spdm_response;
    3418              :     void* data1;
    3419              :     size_t data_size1;
    3420              :     void* data2;
    3421              :     size_t data_size2;
    3422              :     uint8_t* ptr;
    3423              :     uint8_t* cert_buffer;
    3424              :     size_t cert_buffer_size;
    3425              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3426              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3427              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3428              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3429              :     libspdm_session_info_t* session_info;
    3430              :     uint32_t session_id;
    3431              :     uint32_t hash_size;
    3432              :     uint32_t hmac_size;
    3433              :     size_t req_asym_signature_size;
    3434              : 
    3435            1 :     spdm_test_context = *state;
    3436            1 :     spdm_context = spdm_test_context->spdm_context;
    3437            1 :     spdm_test_context->case_id = 27;
    3438            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3439              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3440            1 :     spdm_context->connection_info.connection_state =
    3441              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3442            1 :     spdm_context->connection_info.capability.flags |=
    3443              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3444            1 :     spdm_context->local_context.capability.flags |=
    3445              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3446            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3447              :         m_libspdm_use_hash_algo;
    3448            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3449              :         m_libspdm_use_asym_algo;
    3450            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3451              :         m_libspdm_use_req_asym_algo;
    3452            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3453              :         m_libspdm_use_measurement_spec;
    3454            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3455              :         m_libspdm_use_measurement_hash_algo;
    3456            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3457              :         m_libspdm_use_dhe_algo;
    3458            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3459              :         m_libspdm_use_aead_algo;
    3460            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3461              :                                                     m_libspdm_use_asym_algo, &data1,
    3462              :                                                     &data_size1, NULL, NULL);
    3463            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3464            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3465              :         data_size1;
    3466            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3467            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3468              :         data_size1;
    3469            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3470              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
    3471              : 
    3472            1 :     libspdm_reset_message_a(spdm_context);
    3473            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3474            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3475              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3476              :                                                     &data_size2, NULL, NULL);
    3477              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3478              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3479              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3480              :                      data2, data_size2);
    3481              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3482              :         data_size2;
    3483              : #else
    3484            1 :     libspdm_hash_all(
    3485              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3486              :         data2, data_size2,
    3487            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3488            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3489            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3490            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3491              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3492            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3493              :         data2,
    3494              :         data_size2,
    3495              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3496              : #endif
    3497            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3498              : 
    3499            1 :     session_id = 0xFFFFFFFF;
    3500            1 :     spdm_context->latest_session_id = session_id;
    3501            1 :     session_info = &spdm_context->session_info[0];
    3502            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3503              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3504            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3505            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3506            1 :     libspdm_secured_message_set_request_finished_key(
    3507              :         session_info->secured_message_context, m_dummy_buffer,
    3508              :         hash_size);
    3509            1 :     libspdm_secured_message_set_session_state(
    3510              :         session_info->secured_message_context,
    3511              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3512            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3513              : 
    3514            1 :     spdm_context->connection_info.capability.flags |=
    3515              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3516            1 :     spdm_context->local_context.capability.flags |=
    3517              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3518            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3519            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3520            1 :     req_asym_signature_size =
    3521            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3522            1 :     ptr = m_libspdm_finish_request7.signature;
    3523            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3524            1 :     cert_buffer = (uint8_t*)data1;
    3525            1 :     cert_buffer_size = data_size1;
    3526            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3527              :                      cert_buffer_hash);
    3528            1 :     cert_buffer = (uint8_t*)data2;
    3529            1 :     cert_buffer_size = data_size2;
    3530            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3531              :                      req_cert_buffer_hash);
    3532              :     /* transcript.message_a size is 0*/
    3533            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3534              :     /* session_transcript.message_k is 0*/
    3535            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3536            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3537              :                                   sizeof(spdm_finish_request_t));
    3538              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3539            1 :     libspdm_requester_data_sign(
    3540              :         spdm_context,
    3541            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    3542              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3543            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3544              :             libspdm_get_managed_buffer_size(&th_curr),
    3545              :             ptr, &req_asym_signature_size);
    3546              : 
    3547              :     /* Switch signature to little endian */
    3548            1 :     libspdm_copy_signature_swap_endian(
    3549              :         m_libspdm_use_req_asym_algo,
    3550              :         ptr, req_asym_signature_size,
    3551              :         ptr, req_asym_signature_size);
    3552              : #endif
    3553            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3554            1 :     ptr += req_asym_signature_size;
    3555            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3556            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3557              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3558            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3559              :                      request_finished_key, hash_size, ptr);
    3560            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3561            1 :                                      req_asym_signature_size + hmac_size;
    3562            1 :     response_size = sizeof(response);
    3563            1 :     status = libspdm_get_response_finish(spdm_context,
    3564              :                                          m_libspdm_finish_request7_size,
    3565              :                                          &m_libspdm_finish_request7,
    3566              :                                          &response_size, response);
    3567            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3568            1 :     spdm_response = (void*)response;
    3569            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
    3570            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    3571            1 :     free(data1);
    3572            1 :     free(data2);
    3573            1 : }
    3574              : 
    3575              : /**
    3576              :  * Test 28: Same as test case 22, but test endian verification.
    3577              :  * Sign as Little Endian, Verify as Big Or Little.
    3578              :  * Expecting signature to PASS.
    3579              :  **/
    3580            1 : void rsp_finish_rsp_case28(void** state)
    3581              : {
    3582              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3583              :     libspdm_return_t status;
    3584              :     libspdm_test_context_t* spdm_test_context;
    3585              :     libspdm_context_t* spdm_context;
    3586              :     size_t response_size;
    3587              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3588              :     spdm_finish_response_t* spdm_response;
    3589              :     void* data1;
    3590              :     size_t data_size1;
    3591              :     void* data2;
    3592              :     size_t data_size2;
    3593              :     uint8_t* ptr;
    3594              :     uint8_t* cert_buffer;
    3595              :     size_t cert_buffer_size;
    3596              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3597              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3598              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3599              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3600              :     libspdm_session_info_t* session_info;
    3601              :     uint32_t session_id;
    3602              :     uint32_t hash_size;
    3603              :     uint32_t hmac_size;
    3604              :     size_t req_asym_signature_size;
    3605              : 
    3606            1 :     spdm_test_context = *state;
    3607            1 :     spdm_context = spdm_test_context->spdm_context;
    3608            1 :     spdm_test_context->case_id = 28;
    3609            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3610              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3611            1 :     spdm_context->connection_info.connection_state =
    3612              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3613            1 :     spdm_context->connection_info.capability.flags |=
    3614              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3615            1 :     spdm_context->local_context.capability.flags |=
    3616              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3617            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3618              :         m_libspdm_use_hash_algo;
    3619            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3620              :         m_libspdm_use_asym_algo;
    3621            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3622              :         m_libspdm_use_req_asym_algo;
    3623            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3624              :         m_libspdm_use_measurement_spec;
    3625            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3626              :         m_libspdm_use_measurement_hash_algo;
    3627            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3628              :         m_libspdm_use_dhe_algo;
    3629            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3630              :         m_libspdm_use_aead_algo;
    3631            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3632              :                                                     m_libspdm_use_asym_algo, &data1,
    3633              :                                                     &data_size1, NULL, NULL);
    3634            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3635            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3636              :         data_size1;
    3637            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3638            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3639              :         data_size1;
    3640            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3641              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    3642              : 
    3643            1 :     libspdm_reset_message_a(spdm_context);
    3644            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3645            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3646              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3647              :                                                     &data_size2, NULL, NULL);
    3648              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3649              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3650              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3651              :                      data2, data_size2);
    3652              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3653              :         data_size2;
    3654              : #else
    3655            1 :     libspdm_hash_all(
    3656              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3657              :         data2, data_size2,
    3658            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3659            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3660            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3661            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3662              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3663            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3664              :         data2,
    3665              :         data_size2,
    3666              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3667              : #endif
    3668            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3669              : 
    3670            1 :     session_id = 0xFFFFFFFF;
    3671            1 :     spdm_context->latest_session_id = session_id;
    3672            1 :     session_info = &spdm_context->session_info[0];
    3673            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3674              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3675            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3676            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3677            1 :     libspdm_secured_message_set_request_finished_key(
    3678              :         session_info->secured_message_context, m_dummy_buffer,
    3679              :         hash_size);
    3680            1 :     libspdm_secured_message_set_session_state(
    3681              :         session_info->secured_message_context,
    3682              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3683            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3684              : 
    3685            1 :     spdm_context->connection_info.capability.flags |=
    3686              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3687            1 :     spdm_context->local_context.capability.flags |=
    3688              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3689            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3690            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3691            1 :     req_asym_signature_size =
    3692            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3693            1 :     ptr = m_libspdm_finish_request7.signature;
    3694            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3695            1 :     cert_buffer = (uint8_t*)data1;
    3696            1 :     cert_buffer_size = data_size1;
    3697            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3698              :                      cert_buffer_hash);
    3699            1 :     cert_buffer = (uint8_t*)data2;
    3700            1 :     cert_buffer_size = data_size2;
    3701            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3702              :                      req_cert_buffer_hash);
    3703              :     /* transcript.message_a size is 0*/
    3704            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3705              :     /* session_transcript.message_k is 0*/
    3706            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3707            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3708              :                                   sizeof(spdm_finish_request_t));
    3709              : 
    3710            1 :     libspdm_requester_data_sign(
    3711              :         spdm_context,
    3712            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
    3713              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3714            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3715              :             libspdm_get_managed_buffer_size(&th_curr),
    3716              :             ptr, &req_asym_signature_size);
    3717              : 
    3718              :     /* Switch signature to little endian */
    3719            1 :     libspdm_copy_signature_swap_endian(
    3720              :         m_libspdm_use_req_asym_algo,
    3721              :         ptr, req_asym_signature_size,
    3722              :         ptr, req_asym_signature_size);
    3723              : 
    3724            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3725            1 :     ptr += req_asym_signature_size;
    3726            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3727            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3728              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3729            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3730              :                      request_finished_key, hash_size, ptr);
    3731            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3732            1 :                                      req_asym_signature_size + hmac_size;
    3733            1 :     response_size = sizeof(response);
    3734            1 :     status = libspdm_get_response_finish(spdm_context,
    3735              :                                          m_libspdm_finish_request7_size,
    3736              :                                          &m_libspdm_finish_request7,
    3737              :                                          &response_size, response);
    3738            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3739            1 :     spdm_response = (void*)response;
    3740            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3741            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3742            1 :     free(data1);
    3743            1 :     free(data2);
    3744              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3745            1 : }
    3746              : 
    3747              : /**
    3748              :  * Test 29: Receive the correct FINISH from the requester, and
    3749              :  * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
    3750              :  * Expected behavior: the responder accepts the request and produces a valid
    3751              :  * FINISH_RSP response message, and The ResponderVerifyData field is absent.
    3752              :  **/
    3753            1 : void rsp_finish_rsp_case29(void **state)
    3754              : {
    3755              :     libspdm_return_t status;
    3756              :     libspdm_test_context_t *spdm_test_context;
    3757              :     libspdm_context_t *spdm_context;
    3758              :     size_t response_size;
    3759              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3760              :     spdm_finish_response_t *spdm_response;
    3761              :     void *data1;
    3762              :     size_t data_size1;
    3763              :     uint8_t *ptr;
    3764              :     uint8_t *cert_buffer;
    3765              :     size_t cert_buffer_size;
    3766              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3767              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3768              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3769              :     libspdm_session_info_t *session_info;
    3770              :     uint32_t session_id;
    3771              :     uint32_t hash_size;
    3772              :     uint32_t hmac_size;
    3773              : 
    3774            1 :     spdm_test_context = *state;
    3775            1 :     spdm_context = spdm_test_context->spdm_context;
    3776            1 :     spdm_test_context->case_id = 29;
    3777            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3778              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3779            1 :     spdm_context->connection_info.connection_state =
    3780              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3781            1 :     spdm_context->connection_info.capability.flags |=
    3782              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3783            1 :     spdm_context->local_context.capability.flags |=
    3784              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3785              : 
    3786            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3787              :         m_libspdm_use_hash_algo;
    3788            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3789              :         m_libspdm_use_asym_algo;
    3790            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3791              :         m_libspdm_use_measurement_spec;
    3792            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3793              :         m_libspdm_use_measurement_hash_algo;
    3794            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3795              :         m_libspdm_use_dhe_algo;
    3796            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3797              :         m_libspdm_use_aead_algo;
    3798            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3799              :                                                     m_libspdm_use_asym_algo, &data1,
    3800              :                                                     &data_size1, NULL, NULL);
    3801            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3802            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3803              :         data_size1;
    3804            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3805            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3806              :         data_size1;
    3807              : 
    3808            1 :     libspdm_reset_message_a(spdm_context);
    3809            1 :     spdm_context->local_context.mut_auth_requested = 0;
    3810              : 
    3811              :     /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    3812            1 :     spdm_context->connection_info.capability.flags &=
    3813              :         ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3814            1 :     spdm_context->local_context.capability.flags &=
    3815              :         ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3816              : 
    3817            1 :     session_id = 0xFFFFFFFF;
    3818            1 :     spdm_context->latest_session_id = session_id;
    3819            1 :     spdm_context->last_spdm_request_session_id_valid = true;
    3820            1 :     spdm_context->last_spdm_request_session_id = session_id;
    3821            1 :     session_info = &spdm_context->session_info[0];
    3822            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3823              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3824              : 
    3825            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3826            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3827              : 
    3828            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3829            1 :     libspdm_secured_message_set_request_finished_key(
    3830              :         session_info->secured_message_context, m_dummy_buffer,
    3831              :         hash_size);
    3832            1 :     libspdm_secured_message_set_session_state(
    3833              :         session_info->secured_message_context,
    3834              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3835              : 
    3836            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3837            1 :     ptr = m_libspdm_finish_request1.signature;
    3838            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3839            1 :     cert_buffer = (uint8_t *)data1;
    3840            1 :     cert_buffer_size = data_size1;
    3841            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3842              :                      cert_buffer_hash);
    3843              :     /* transcript.message_a size is 0*/
    3844            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3845              :     /* session_transcript.message_k is 0*/
    3846            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    3847              :                                   sizeof(spdm_finish_request_t));
    3848            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3849            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3850              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3851            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3852              :                      request_finished_key, hash_size, ptr);
    3853            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    3854            1 :     response_size = sizeof(response);
    3855            1 :     status = libspdm_get_response_finish(spdm_context,
    3856              :                                          m_libspdm_finish_request1_size,
    3857              :                                          &m_libspdm_finish_request1,
    3858              :                                          &response_size, response);
    3859            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3860              :     /* The ResponderVerifyData field shall be absent.*/
    3861            1 :     assert_int_equal(response_size,
    3862              :                      sizeof(spdm_finish_response_t));
    3863            1 :     spdm_response = (void *)response;
    3864            1 :     assert_int_equal(spdm_response->header.request_response_code,
    3865              :                      SPDM_FINISH_RSP);
    3866            1 :     free(data1);
    3867            1 : }
    3868              : 
    3869              : /**
    3870              :  * Test 30: SPDM version 1.4, with OpaqueData.
    3871              :  * Expected behavior: the responder accepts the request and produces a valid
    3872              :  * FINISH_RSP response message.
    3873              :  **/
    3874            1 : void rsp_finish_rsp_case30(void **state)
    3875              : {
    3876              :     libspdm_return_t status;
    3877              :     libspdm_test_context_t *spdm_test_context;
    3878              :     libspdm_context_t *spdm_context;
    3879              :     size_t response_size;
    3880              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3881              :     spdm_finish_response_t *spdm_response;
    3882              :     void *data1;
    3883              :     size_t data_size1;
    3884              :     uint8_t *ptr;
    3885              :     uint8_t *cert_buffer;
    3886              :     size_t cert_buffer_size;
    3887              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3888              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3889              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3890              :     libspdm_session_info_t *session_info;
    3891              :     uint32_t session_id;
    3892              :     uint32_t hash_size;
    3893              :     uint32_t hmac_size;
    3894              : 
    3895            1 :     spdm_test_context = *state;
    3896            1 :     spdm_context = spdm_test_context->spdm_context;
    3897            1 :     spdm_test_context->case_id = 30;
    3898            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
    3899              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3900            1 :     spdm_context->connection_info.connection_state =
    3901              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3902            1 :     spdm_context->connection_info.capability.flags |=
    3903              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3904            1 :     spdm_context->local_context.capability.flags |=
    3905              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3906              : 
    3907            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3908              :         m_libspdm_use_hash_algo;
    3909            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3910              :         m_libspdm_use_asym_algo;
    3911            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3912              :         m_libspdm_use_measurement_spec;
    3913            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3914              :         m_libspdm_use_measurement_hash_algo;
    3915            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3916              :         m_libspdm_use_dhe_algo;
    3917            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3918              :         m_libspdm_use_aead_algo;
    3919            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3920              :                                                     m_libspdm_use_asym_algo, &data1,
    3921              :                                                     &data_size1, NULL, NULL);
    3922            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3923            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3924              :         data_size1;
    3925            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3926            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3927              :         data_size1;
    3928              : 
    3929            1 :     libspdm_reset_message_a(spdm_context);
    3930            1 :     spdm_context->local_context.mut_auth_requested = 0;
    3931              : 
    3932              :     /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    3933            1 :     spdm_context->connection_info.capability.flags &=
    3934              :         ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3935            1 :     spdm_context->local_context.capability.flags &=
    3936              :         ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3937              : 
    3938            1 :     session_id = 0xFFFFFFFF;
    3939            1 :     spdm_context->latest_session_id = session_id;
    3940            1 :     spdm_context->last_spdm_request_session_id_valid = true;
    3941            1 :     spdm_context->last_spdm_request_session_id = session_id;
    3942            1 :     session_info = &spdm_context->session_info[0];
    3943            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3944              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3945              : 
    3946            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3947            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3948              : 
    3949            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3950            1 :     libspdm_secured_message_set_request_finished_key(
    3951              :         session_info->secured_message_context, m_dummy_buffer,
    3952              :         hash_size);
    3953            1 :     libspdm_secured_message_set_session_state(
    3954              :         session_info->secured_message_context,
    3955              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3956              : 
    3957            1 :     m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
    3958              : 
    3959            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3960            1 :     ptr = m_libspdm_finish_request8.signature;
    3961            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3962            1 :     cert_buffer = (uint8_t *)data1;
    3963            1 :     cert_buffer_size = data_size1;
    3964            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3965              :                      cert_buffer_hash);
    3966              :     /* transcript.message_a size is 0*/
    3967            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3968              :     /* session_transcript.message_k is 0*/
    3969            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
    3970              :                                   sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
    3971            1 :                                   m_libspdm_finish_request8.opaque_data_size);
    3972            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3973            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3974              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3975            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3976              :                      request_finished_key, hash_size, ptr);
    3977            1 :     m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
    3978            1 :                                      sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
    3979            1 :     response_size = sizeof(response);
    3980            1 :     status = libspdm_get_response_finish(spdm_context,
    3981              :                                          m_libspdm_finish_request8_size,
    3982              :                                          &m_libspdm_finish_request8,
    3983              :                                          &response_size, response);
    3984            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3985              :     /* The ResponderVerifyData field shall be absent.*/
    3986            1 :     ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
    3987            1 :     assert_int_equal(response_size,
    3988              :                      sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
    3989              :                      libspdm_read_uint16(ptr));
    3990            1 :     spdm_response = (void *)response;
    3991            1 :     assert_int_equal(spdm_response->header.request_response_code,
    3992              :                      SPDM_FINISH_RSP);
    3993            1 :     free(data1);
    3994            1 : }
    3995              : 
    3996            1 : int libspdm_rsp_finish_test(void)
    3997              : {
    3998            1 :     const struct CMUnitTest test_cases[] = {
    3999              :         /* Success Case*/
    4000              :         cmocka_unit_test(rsp_finish_rsp_case1),
    4001              :         /* Can be populated with new test.*/
    4002              :         cmocka_unit_test(rsp_finish_rsp_case2),
    4003              :         /* response_state: SPDM_RESPONSE_STATE_BUSY*/
    4004              :         cmocka_unit_test(rsp_finish_rsp_case3),
    4005              :         /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
    4006              :         cmocka_unit_test(rsp_finish_rsp_case4),
    4007              :         #if LIBSPDM_RESPOND_IF_READY_SUPPORT
    4008              :         /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
    4009              :         cmocka_unit_test(rsp_finish_rsp_case5),
    4010              :         #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
    4011              :         /* connection_state Check*/
    4012              :         cmocka_unit_test(rsp_finish_rsp_case6),
    4013              :         /* Buffer reset*/
    4014              :         cmocka_unit_test(rsp_finish_rsp_case7),
    4015              :         /* Success Case*/
    4016              :         cmocka_unit_test(rsp_finish_rsp_case8),
    4017              :         /* Unsupported KEY_EX capabilities*/
    4018              :         cmocka_unit_test(rsp_finish_rsp_case9),
    4019              :         /* Uninitialized session*/
    4020              :         cmocka_unit_test(rsp_finish_rsp_case10),
    4021              :         /* Incorrect MAC*/
    4022              :         cmocka_unit_test(rsp_finish_rsp_case11),
    4023              :         cmocka_unit_test(rsp_finish_rsp_case12),
    4024              :         /* Can be populated with new test.*/
    4025              :         cmocka_unit_test(rsp_finish_rsp_case13),
    4026              :         cmocka_unit_test(rsp_finish_rsp_case14),
    4027              :         /* Incorrect signature*/
    4028              :         cmocka_unit_test(rsp_finish_rsp_case15),
    4029              :         cmocka_unit_test(rsp_finish_rsp_case16),
    4030              :         /* Buffer verification*/
    4031              :         cmocka_unit_test(rsp_finish_rsp_case17),
    4032              :         /* Success Case, enable mutual authentication and use slot_id 0xFF */
    4033              :         cmocka_unit_test(rsp_finish_rsp_case18),
    4034              :         /* Invalid SlotID in FINISH request message when mutual authentication */
    4035              :         cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
    4036              :         cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
    4037              :         /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
    4038              :         cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
    4039              :         /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
    4040              :         cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
    4041              :         /* Big Endian Sign - Little Endian Verify */
    4042              :         cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
    4043              :         /* Big Endian Sign - Big Endian Verify */
    4044              :         cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
    4045              :         /* Big Endian Sign - Big or Little Endian Verify */
    4046              :         cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
    4047              :         /* Little Endian Sign - Little Endian Verify*/
    4048              :         cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
    4049              :         /* Little Endian Sign - Big Endian Verify */
    4050              :         cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
    4051              :         /* Little Endian Sign - Big or Little Endian Verify */
    4052              :         cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
    4053              :         /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    4054              :         cmocka_unit_test(rsp_finish_rsp_case29),
    4055              :         /* SPDM 1.4 with OpaqueData */
    4056              :         cmocka_unit_test(rsp_finish_rsp_case30),
    4057              :     };
    4058              : 
    4059            1 :     libspdm_test_context_t test_context = {
    4060              :         LIBSPDM_TEST_CONTEXT_VERSION,
    4061              :         false,
    4062              :     };
    4063              : 
    4064            1 :     libspdm_setup_test_context(&test_context);
    4065              : 
    4066            1 :     return cmocka_run_group_tests(test_cases,
    4067              :                                   libspdm_unit_test_group_setup,
    4068              :                                   libspdm_unit_test_group_teardown);
    4069              : }
    4070              : 
    4071              : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
        

Generated by: LCOV version 2.0-1