LCOV - coverage.info - unit_test/test_spdm_responder/finish

LCOV - code coverage report

Current view:	top level - unit_test/test_spdm_responder - finish_rsp.c (source / functions)		Coverage	Total	Hit
Test:	coverage.info	Lines:	100.0 %	1792	1792
Test Date:	2025-11-02 08:10:32	Functions:	100.0 %	32	32

            Line data    Source code

       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "spdm_unit_test.h"
       8              : #include "internal/libspdm_responder_lib.h"
       9              : #include "internal/libspdm_secured_message_lib.h"
      10              : 
      11              : #pragma pack(1)
      12              : 
      13              : typedef struct {
      14              :     spdm_message_header_t header;
      15              :     uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
      16              :     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
      17              : } libspdm_finish_request_mine_t;
      18              : 
      19              : typedef struct {
      20              :     spdm_message_header_t header;
      21              :     uint16_t opaque_data_size;
      22              :     uint8_t opaque_data[8];
      23              :     uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
      24              :     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
      25              : } libspdm_finish_request_mine_14_t;
      26              : 
      27              : #pragma pack()
      28              : 
      29              : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
      30              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
      31              : };
      32              : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
      33              : 
      34              : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
      35              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
      36              : };
      37              : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
      38              : 
      39              : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
      40              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
      41              : };
      42              : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
      43              : 
      44              : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
      45              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
      46              : };
      47              : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
      48              : 
      49              : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
      50              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
      51              : };
      52              : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
      53              : 
      54              : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
      55              :     { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
      56              : };
      57              : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
      58              : 
      59              : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
      60              :     { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
      61              : };
      62              : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
      63              : 
      64              : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
      65              : 
      66              : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
      67              : 
      68              : static libspdm_th_managed_buffer_t th_curr;
      69              : 
      70           28 : void libspdm_secured_message_set_request_finished_key(
      71              :     void *spdm_secured_message_context, const void *key, size_t key_size)
      72              : {
      73              :     libspdm_secured_message_context_t *secured_message_context;
      74              : 
      75           28 :     secured_message_context = spdm_secured_message_context;
      76           28 :     LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
      77           28 :     libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
      78              :                      sizeof(secured_message_context->handshake_secret.request_finished_key),
      79              :                      key, secured_message_context->hash_size);
      80           28 : }
      81              : 
      82              : /**
      83              :  * Test 1: receiving a correct FINISH message from the requester with a
      84              :  * correct MAC, no signature (no mutual authentication), and 'handshake in
      85              :  * the clear'.
      86              :  * Expected behavior: the responder accepts the request and produces a valid
      87              :  * FINISH_RSP response message.
      88              :  **/
      89            1 : void rsp_finish_rsp_case1(void **state)
      90              : {
      91              :     libspdm_return_t status;
      92              :     libspdm_test_context_t *spdm_test_context;
      93              :     libspdm_context_t *spdm_context;
      94              :     size_t response_size;
      95              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
      96              :     spdm_finish_response_t *spdm_response;
      97              :     void *data1;
      98              :     size_t data_size1;
      99              :     uint8_t *ptr;
     100              :     uint8_t *cert_buffer;
     101              :     size_t cert_buffer_size;
     102              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     103              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     104              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     105              :     libspdm_session_info_t *session_info;
     106              :     uint32_t session_id;
     107              :     uint32_t hash_size;
     108              :     uint32_t hmac_size;
     109              : 
     110            1 :     spdm_test_context = *state;
     111            1 :     spdm_context = spdm_test_context->spdm_context;
     112            1 :     spdm_test_context->case_id = 0x1;
     113            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     114              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     115            1 :     spdm_context->connection_info.connection_state =
     116              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     117            1 :     spdm_context->connection_info.capability.flags |=
     118              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     119            1 :     spdm_context->local_context.capability.flags |=
     120              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     121            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     122              :         m_libspdm_use_hash_algo;
     123            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     124              :         m_libspdm_use_asym_algo;
     125            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     126              :         m_libspdm_use_measurement_spec;
     127            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     128              :         m_libspdm_use_measurement_hash_algo;
     129            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     130              :         m_libspdm_use_dhe_algo;
     131            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     132              :         m_libspdm_use_aead_algo;
     133            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     134              :                                                     m_libspdm_use_asym_algo, &data1,
     135              :                                                     &data_size1, NULL, NULL);
     136            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     137            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     138              :         data_size1;
     139            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     140            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     141              :         data_size1;
     142              : 
     143            1 :     libspdm_reset_message_a(spdm_context);
     144            1 :     spdm_context->local_context.mut_auth_requested = 0;
     145              : 
     146            1 :     session_id = 0xFFFFFFFF;
     147            1 :     spdm_context->latest_session_id = session_id;
     148            1 :     session_info = &spdm_context->session_info[0];
     149            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     150              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     151            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     152            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     153            1 :     libspdm_secured_message_set_request_finished_key(
     154              :         session_info->secured_message_context, m_dummy_buffer,
     155              :         hash_size);
     156            1 :     libspdm_secured_message_set_session_state(
     157              :         session_info->secured_message_context,
     158              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     159              : 
     160            1 :     spdm_context->connection_info.capability.flags |=
     161              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     162            1 :     spdm_context->local_context.capability.flags |=
     163              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     164            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     165            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     166            1 :     ptr = m_libspdm_finish_request1.signature;
     167            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     168            1 :     cert_buffer = (uint8_t *)data1;
     169            1 :     cert_buffer_size = data_size1;
     170            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     171              :                      cert_buffer_hash);
     172              :     /* transcript.message_a size is 0*/
     173            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     174              :     /* session_transcript.message_k is 0*/
     175            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     176              :                                   sizeof(spdm_finish_request_t));
     177            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     178            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     179              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     180            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     181              :                      request_finished_key, hash_size, ptr);
     182            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     183            1 :     response_size = sizeof(response);
     184            1 :     status = libspdm_get_response_finish(spdm_context,
     185              :                                          m_libspdm_finish_request1_size,
     186              :                                          &m_libspdm_finish_request1,
     187              :                                          &response_size, response);
     188            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     189            1 :     assert_int_equal(response_size,
     190              :                      sizeof(spdm_finish_response_t) + hmac_size);
     191            1 :     spdm_response = (void *)response;
     192            1 :     assert_int_equal(spdm_response->header.request_response_code,
     193              :                      SPDM_FINISH_RSP);
     194            1 :     free(data1);
     195            1 : }
     196              : 
     197              : /**
     198              :  * Test 2:
     199              :  * Expected behavior:
     200              :  **/
     201            1 : void rsp_finish_rsp_case2(void **state)
     202              : {
     203            1 : }
     204              : 
     205              : /**
     206              :  * Test 3: receiving a correct FINISH from the requester, but the
     207              :  * responder is in a Busy state.
     208              :  * Expected behavior: the responder accepts the request, but produces an
     209              :  * ERROR message indicating the Busy state.
     210              :  **/
     211            1 : void rsp_finish_rsp_case3(void **state)
     212              : {
     213              :     libspdm_return_t status;
     214              :     libspdm_test_context_t *spdm_test_context;
     215              :     libspdm_context_t *spdm_context;
     216              :     size_t response_size;
     217              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     218              :     spdm_finish_response_t *spdm_response;
     219              :     void *data1;
     220              :     size_t data_size1;
     221              :     uint8_t *ptr;
     222              :     uint8_t *cert_buffer;
     223              :     size_t cert_buffer_size;
     224              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     225              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     226              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     227              :     libspdm_session_info_t *session_info;
     228              :     uint32_t session_id;
     229              :     uint32_t hash_size;
     230              :     uint32_t hmac_size;
     231              : 
     232            1 :     spdm_test_context = *state;
     233            1 :     spdm_context = spdm_test_context->spdm_context;
     234            1 :     spdm_test_context->case_id = 0x3;
     235            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     236              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     237            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
     238            1 :     spdm_context->connection_info.connection_state =
     239              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     240            1 :     spdm_context->connection_info.capability.flags |=
     241              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     242            1 :     spdm_context->local_context.capability.flags |=
     243              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     244            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     245              :         m_libspdm_use_hash_algo;
     246            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     247              :         m_libspdm_use_asym_algo;
     248            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     249              :         m_libspdm_use_measurement_spec;
     250            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     251              :         m_libspdm_use_measurement_hash_algo;
     252            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     253              :         m_libspdm_use_dhe_algo;
     254            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     255              :         m_libspdm_use_aead_algo;
     256            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     257              :                                                     m_libspdm_use_asym_algo, &data1,
     258              :                                                     &data_size1, NULL, NULL);
     259            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     260            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     261              :         data_size1;
     262            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     263            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     264              :         data_size1;
     265              : 
     266            1 :     libspdm_reset_message_a(spdm_context);
     267            1 :     spdm_context->local_context.mut_auth_requested = 0;
     268              : 
     269            1 :     session_id = 0xFFFFFFFF;
     270            1 :     spdm_context->latest_session_id = session_id;
     271            1 :     session_info = &spdm_context->session_info[0];
     272            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     273              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     274            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     275            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     276            1 :     libspdm_secured_message_set_request_finished_key(
     277              :         session_info->secured_message_context, m_dummy_buffer,
     278              :         hash_size);
     279            1 :     libspdm_secured_message_set_session_state(
     280              :         session_info->secured_message_context,
     281              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     282              : 
     283            1 :     spdm_context->connection_info.capability.flags |=
     284              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     285            1 :     spdm_context->local_context.capability.flags |=
     286              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     287            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     288            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     289            1 :     ptr = m_libspdm_finish_request1.signature;
     290            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     291            1 :     cert_buffer = (uint8_t *)data1;
     292            1 :     cert_buffer_size = data_size1;
     293            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     294              :                      cert_buffer_hash);
     295              :     /* transcript.message_a size is 0*/
     296            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     297              :     /* session_transcript.message_k is 0*/
     298            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     299              :                                   sizeof(spdm_finish_request_t));
     300            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     301            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     302              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     303            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     304              :                      request_finished_key, hash_size, ptr);
     305            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     306            1 :     response_size = sizeof(response);
     307            1 :     status = libspdm_get_response_finish(spdm_context,
     308              :                                          m_libspdm_finish_request1_size,
     309              :                                          &m_libspdm_finish_request1,
     310              :                                          &response_size, response);
     311            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     312            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     313            1 :     spdm_response = (void *)response;
     314            1 :     assert_int_equal(spdm_response->header.request_response_code,
     315              :                      SPDM_ERROR);
     316            1 :     assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
     317            1 :     assert_int_equal(spdm_response->header.param2, 0);
     318            1 :     assert_int_equal(spdm_context->response_state,
     319              :                      LIBSPDM_RESPONSE_STATE_BUSY);
     320            1 :     free(data1);
     321            1 : }
     322              : 
     323              : /**
     324              :  * Test 4: receiving a correct FINISH from the requester, but the responder
     325              :  * requires resynchronization with the requester.
     326              :  * Expected behavior: the responder accepts the request, but produces an
     327              :  * ERROR message indicating the NeedResynch state.
     328              :  **/
     329            1 : void rsp_finish_rsp_case4(void **state)
     330              : {
     331              :     libspdm_return_t status;
     332              :     libspdm_test_context_t *spdm_test_context;
     333              :     libspdm_context_t *spdm_context;
     334              :     size_t response_size;
     335              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     336              :     spdm_finish_response_t *spdm_response;
     337              :     void *data1;
     338              :     size_t data_size1;
     339              :     uint8_t *ptr;
     340              :     uint8_t *cert_buffer;
     341              :     size_t cert_buffer_size;
     342              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     343              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     344              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     345              :     libspdm_session_info_t *session_info;
     346              :     uint32_t session_id;
     347              :     uint32_t hash_size;
     348              :     uint32_t hmac_size;
     349              : 
     350            1 :     spdm_test_context = *state;
     351            1 :     spdm_context = spdm_test_context->spdm_context;
     352            1 :     spdm_test_context->case_id = 0x4;
     353            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     354              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     355            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
     356            1 :     spdm_context->connection_info.connection_state =
     357              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     358            1 :     spdm_context->connection_info.capability.flags |=
     359              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     360            1 :     spdm_context->local_context.capability.flags |=
     361              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     362            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     363              :         m_libspdm_use_hash_algo;
     364            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     365              :         m_libspdm_use_asym_algo;
     366            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     367              :         m_libspdm_use_measurement_spec;
     368            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     369              :         m_libspdm_use_measurement_hash_algo;
     370            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     371              :         m_libspdm_use_dhe_algo;
     372            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     373              :         m_libspdm_use_aead_algo;
     374            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     375              :                                                     m_libspdm_use_asym_algo, &data1,
     376              :                                                     &data_size1, NULL, NULL);
     377            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     378            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     379              :         data_size1;
     380            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     381            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     382              :         data_size1;
     383              : 
     384            1 :     libspdm_reset_message_a(spdm_context);
     385            1 :     spdm_context->local_context.mut_auth_requested = 0;
     386              : 
     387            1 :     session_id = 0xFFFFFFFF;
     388            1 :     spdm_context->latest_session_id = session_id;
     389            1 :     session_info = &spdm_context->session_info[0];
     390            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     391              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     392            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     393            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     394            1 :     libspdm_secured_message_set_request_finished_key(
     395              :         session_info->secured_message_context, m_dummy_buffer,
     396              :         hash_size);
     397            1 :     libspdm_secured_message_set_session_state(
     398              :         session_info->secured_message_context,
     399              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     400              : 
     401            1 :     spdm_context->connection_info.capability.flags |=
     402              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     403            1 :     spdm_context->local_context.capability.flags |=
     404              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     405            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     406            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     407            1 :     ptr = m_libspdm_finish_request1.signature;
     408            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     409            1 :     cert_buffer = (uint8_t *)data1;
     410            1 :     cert_buffer_size = data_size1;
     411            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     412              :                      cert_buffer_hash);
     413              :     /* transcript.message_a size is 0*/
     414            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     415              :     /* session_transcript.message_k is 0*/
     416            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     417              :                                   sizeof(spdm_finish_request_t));
     418            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     419            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     420              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     421            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     422              :                      request_finished_key, hash_size, ptr);
     423            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     424            1 :     response_size = sizeof(response);
     425            1 :     status = libspdm_get_response_finish(spdm_context,
     426              :                                          m_libspdm_finish_request1_size,
     427              :                                          &m_libspdm_finish_request1,
     428              :                                          &response_size, response);
     429            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     430            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     431            1 :     spdm_response = (void *)response;
     432            1 :     assert_int_equal(spdm_response->header.request_response_code,
     433              :                      SPDM_ERROR);
     434            1 :     assert_int_equal(spdm_response->header.param1,
     435              :                      SPDM_ERROR_CODE_REQUEST_RESYNCH);
     436            1 :     assert_int_equal(spdm_response->header.param2, 0);
     437            1 :     assert_int_equal(spdm_context->response_state,
     438              :                      LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
     439            1 :     free(data1);
     440            1 : }
     441              : 
     442              : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
     443              : /**
     444              :  * Test 5: receiving a correct FINISH from the requester, but the responder
     445              :  * could not produce the response in time.
     446              :  * Expected behavior: the responder accepts the request, but produces an
     447              :  * ERROR message indicating the ResponseNotReady state.
     448              :  **/
     449            1 : void rsp_finish_rsp_case5(void **state)
     450              : {
     451              :     libspdm_return_t status;
     452              :     libspdm_test_context_t *spdm_test_context;
     453              :     libspdm_context_t *spdm_context;
     454              :     size_t response_size;
     455              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     456              :     spdm_finish_response_t *spdm_response;
     457              :     void *data1;
     458              :     size_t data_size1;
     459              :     uint8_t *ptr;
     460              :     uint8_t *cert_buffer;
     461              :     size_t cert_buffer_size;
     462              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     463              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     464              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     465              :     libspdm_session_info_t *session_info;
     466              :     uint32_t session_id;
     467              :     uint32_t hash_size;
     468              :     uint32_t hmac_size;
     469              :     spdm_error_data_response_not_ready_t *error_data;
     470              : 
     471            1 :     spdm_test_context = *state;
     472            1 :     spdm_context = spdm_test_context->spdm_context;
     473            1 :     spdm_test_context->case_id = 0x5;
     474            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     475              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     476            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
     477            1 :     spdm_context->connection_info.connection_state =
     478              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     479            1 :     spdm_context->connection_info.capability.flags |=
     480              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     481            1 :     spdm_context->local_context.capability.flags |=
     482              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     483            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     484              :         m_libspdm_use_hash_algo;
     485            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     486              :         m_libspdm_use_asym_algo;
     487            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     488              :         m_libspdm_use_measurement_spec;
     489            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     490              :         m_libspdm_use_measurement_hash_algo;
     491            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     492              :         m_libspdm_use_dhe_algo;
     493            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     494              :         m_libspdm_use_aead_algo;
     495            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     496              :                                                     m_libspdm_use_asym_algo, &data1,
     497              :                                                     &data_size1, NULL, NULL);
     498            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     499            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     500              :         data_size1;
     501            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     502            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     503              :         data_size1;
     504              : 
     505            1 :     libspdm_reset_message_a(spdm_context);
     506            1 :     spdm_context->local_context.mut_auth_requested = 0;
     507              : 
     508            1 :     session_id = 0xFFFFFFFF;
     509            1 :     spdm_context->latest_session_id = session_id;
     510            1 :     session_info = &spdm_context->session_info[0];
     511            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     512              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     513            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     514            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     515            1 :     libspdm_secured_message_set_request_finished_key(
     516              :         session_info->secured_message_context, m_dummy_buffer,
     517              :         hash_size);
     518            1 :     libspdm_secured_message_set_session_state(
     519              :         session_info->secured_message_context,
     520              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     521              : 
     522            1 :     spdm_context->connection_info.capability.flags |=
     523              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     524            1 :     spdm_context->local_context.capability.flags |=
     525              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     526            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     527            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     528            1 :     ptr = m_libspdm_finish_request1.signature;
     529            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     530            1 :     cert_buffer = (uint8_t *)data1;
     531            1 :     cert_buffer_size = data_size1;
     532            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     533              :                      cert_buffer_hash);
     534              :     /* transcript.message_a size is 0*/
     535            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     536              :     /* session_transcript.message_k is 0*/
     537            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     538              :                                   sizeof(spdm_finish_request_t));
     539            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     540            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     541              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     542            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     543              :                      request_finished_key, hash_size, ptr);
     544            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     545            1 :     response_size = sizeof(response);
     546            1 :     status = libspdm_get_response_finish(spdm_context,
     547              :                                          m_libspdm_finish_request1_size,
     548              :                                          &m_libspdm_finish_request1,
     549              :                                          &response_size, response);
     550            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     551            1 :     assert_int_equal(response_size,
     552              :                      sizeof(spdm_error_response_t) +
     553              :                      sizeof(spdm_error_data_response_not_ready_t));
     554            1 :     spdm_response = (void *)response;
     555            1 :     error_data =
     556              :         (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
     557            1 :     assert_int_equal(spdm_response->header.request_response_code,
     558              :                      SPDM_ERROR);
     559            1 :     assert_int_equal(spdm_response->header.param1,
     560              :                      SPDM_ERROR_CODE_RESPONSE_NOT_READY);
     561            1 :     assert_int_equal(spdm_response->header.param2, 0);
     562            1 :     assert_int_equal(spdm_context->response_state,
     563              :                      LIBSPDM_RESPONSE_STATE_NOT_READY);
     564            1 :     assert_int_equal(error_data->request_code, SPDM_FINISH);
     565            1 :     free(data1);
     566            1 : }
     567              : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
     568              : 
     569              : /**
     570              :  * Test 6: receiving a correct FINISH from the requester, but the responder
     571              :  * is not set no receive a FINISH message because previous messages (namely,
     572              :  * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
     573              :  * received.
     574              :  * Expected behavior: the responder rejects the request, and produces an
     575              :  * ERROR message indicating the UnexpectedRequest.
     576              :  **/
     577            1 : void rsp_finish_rsp_case6(void **state)
     578              : {
     579              :     libspdm_return_t status;
     580              :     libspdm_test_context_t *spdm_test_context;
     581              :     libspdm_context_t *spdm_context;
     582              :     size_t response_size;
     583              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     584              :     spdm_finish_response_t *spdm_response;
     585              :     void *data1;
     586              :     size_t data_size1;
     587              :     uint8_t *ptr;
     588              :     uint8_t *cert_buffer;
     589              :     size_t cert_buffer_size;
     590              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     591              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     592              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     593              :     libspdm_session_info_t *session_info;
     594              :     uint32_t session_id;
     595              :     uint32_t hash_size;
     596              :     uint32_t hmac_size;
     597              : 
     598            1 :     spdm_test_context = *state;
     599            1 :     spdm_context = spdm_test_context->spdm_context;
     600            1 :     spdm_test_context->case_id = 0x6;
     601            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     602              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     603            1 :     spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
     604            1 :     spdm_context->connection_info.connection_state =
     605              :         LIBSPDM_CONNECTION_STATE_NOT_STARTED;
     606            1 :     spdm_context->connection_info.capability.flags |=
     607              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     608            1 :     spdm_context->local_context.capability.flags |=
     609              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     610            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     611              :         m_libspdm_use_hash_algo;
     612            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     613              :         m_libspdm_use_asym_algo;
     614            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     615              :         m_libspdm_use_measurement_spec;
     616            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     617              :         m_libspdm_use_measurement_hash_algo;
     618            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     619              :         m_libspdm_use_dhe_algo;
     620            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     621              :         m_libspdm_use_aead_algo;
     622            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     623              :                                                     m_libspdm_use_asym_algo, &data1,
     624              :                                                     &data_size1, NULL, NULL);
     625            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     626            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     627              :         data_size1;
     628            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     629            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     630              :         data_size1;
     631              : 
     632            1 :     libspdm_reset_message_a(spdm_context);
     633            1 :     spdm_context->local_context.mut_auth_requested = 0;
     634              : 
     635            1 :     session_id = 0xFFFFFFFF;
     636            1 :     spdm_context->latest_session_id = session_id;
     637            1 :     session_info = &spdm_context->session_info[0];
     638            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     639              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     640            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     641            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     642            1 :     libspdm_secured_message_set_request_finished_key(
     643              :         session_info->secured_message_context, m_dummy_buffer,
     644              :         hash_size);
     645            1 :     libspdm_secured_message_set_session_state(
     646              :         session_info->secured_message_context,
     647              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     648              : 
     649            1 :     spdm_context->connection_info.capability.flags |=
     650              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     651            1 :     spdm_context->local_context.capability.flags |=
     652              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     653            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     654            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     655            1 :     ptr = m_libspdm_finish_request1.signature;
     656            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     657            1 :     cert_buffer = (uint8_t *)data1;
     658            1 :     cert_buffer_size = data_size1;
     659            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     660              :                      cert_buffer_hash);
     661              :     /* transcript.message_a size is 0*/
     662            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     663              :     /* session_transcript.message_k is 0*/
     664            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     665              :                                   sizeof(spdm_finish_request_t));
     666            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     667            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     668              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     669            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     670              :                      request_finished_key, hash_size, ptr);
     671            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     672            1 :     response_size = sizeof(response);
     673            1 :     status = libspdm_get_response_finish(spdm_context,
     674              :                                          m_libspdm_finish_request1_size,
     675              :                                          &m_libspdm_finish_request1,
     676              :                                          &response_size, response);
     677            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     678            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
     679            1 :     spdm_response = (void *)response;
     680            1 :     assert_int_equal(spdm_response->header.request_response_code,
     681              :                      SPDM_ERROR);
     682            1 :     assert_int_equal(spdm_response->header.param1,
     683              :                      SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
     684            1 :     assert_int_equal(spdm_response->header.param2, 0);
     685            1 :     free(data1);
     686            1 : }
     687              : 
     688            1 : void rsp_finish_rsp_case7(void **state)
     689              : {
     690              :     libspdm_return_t status;
     691              :     libspdm_test_context_t *spdm_test_context;
     692              :     libspdm_context_t *spdm_context;
     693              :     size_t response_size;
     694              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     695              :     spdm_finish_response_t *spdm_response;
     696              :     void *data1;
     697              :     size_t data_size1;
     698              :     uint8_t *ptr;
     699              :     uint8_t *cert_buffer;
     700              :     size_t cert_buffer_size;
     701              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     702              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     703              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     704              :     libspdm_session_info_t *session_info;
     705              :     uint32_t session_id;
     706              :     uint32_t hash_size;
     707              :     uint32_t hmac_size;
     708              : 
     709            1 :     spdm_test_context = *state;
     710            1 :     spdm_context = spdm_test_context->spdm_context;
     711            1 :     spdm_test_context->case_id = 0x7;
     712            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     713              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     714            1 :     spdm_context->connection_info.connection_state =
     715              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     716            1 :     spdm_context->connection_info.capability.flags |=
     717              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     718            1 :     spdm_context->local_context.capability.flags |=
     719              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     720            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     721              :         m_libspdm_use_hash_algo;
     722            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     723              :         m_libspdm_use_asym_algo;
     724            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     725              :         m_libspdm_use_measurement_spec;
     726            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     727              :         m_libspdm_use_measurement_hash_algo;
     728            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     729              :         m_libspdm_use_dhe_algo;
     730            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     731              :         m_libspdm_use_aead_algo;
     732            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     733              :                                                     m_libspdm_use_asym_algo, &data1,
     734              :                                                     &data_size1, NULL, NULL);
     735            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     736            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     737              :         data_size1;
     738            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     739            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     740              :         data_size1;
     741              : 
     742            1 :     libspdm_reset_message_a(spdm_context);
     743            1 :     spdm_context->local_context.mut_auth_requested = 0;
     744              : 
     745            1 :     session_id = 0xFFFFFFFF;
     746            1 :     spdm_context->latest_session_id = session_id;
     747            1 :     session_info = &spdm_context->session_info[0];
     748            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     749              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     750            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     751            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     752            1 :     libspdm_secured_message_set_request_finished_key(
     753              :         session_info->secured_message_context, m_dummy_buffer,
     754              :         hash_size);
     755            1 :     libspdm_secured_message_set_session_state(
     756              :         session_info->secured_message_context,
     757              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     758              : 
     759            1 :     spdm_context->connection_info.capability.flags |=
     760              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     761            1 :     spdm_context->local_context.capability.flags |=
     762              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     763            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     764            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     765            1 :     ptr = m_libspdm_finish_request1.signature;
     766            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     767            1 :     cert_buffer = (uint8_t *)data1;
     768            1 :     cert_buffer_size = data_size1;
     769              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     770              :     session_info->session_transcript.message_m.buffer_size =
     771              :         session_info->session_transcript.message_m.max_buffer_size;
     772              :     spdm_context->transcript.message_b.buffer_size =
     773              :         spdm_context->transcript.message_b.max_buffer_size;
     774              :     spdm_context->transcript.message_c.buffer_size =
     775              :         spdm_context->transcript.message_c.max_buffer_size;
     776              :     spdm_context->transcript.message_mut_b.buffer_size =
     777              :         spdm_context->transcript.message_mut_b.max_buffer_size;
     778              :     spdm_context->transcript.message_mut_c.buffer_size =
     779              :         spdm_context->transcript.message_mut_c.max_buffer_size;
     780              : #endif
     781              : 
     782            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     783              :                      cert_buffer_hash);
     784              :     /* transcript.message_a size is 0*/
     785            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     786              :     /* session_transcript.message_k is 0*/
     787            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
     788              :                                   sizeof(spdm_finish_request_t));
     789            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     790            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     791              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     792            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     793              :                      request_finished_key, hash_size, ptr);
     794            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
     795            1 :     response_size = sizeof(response);
     796            1 :     status = libspdm_get_response_finish(spdm_context,
     797              :                                          m_libspdm_finish_request1_size,
     798              :                                          &m_libspdm_finish_request1,
     799              :                                          &response_size, response);
     800            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     801            1 :     assert_int_equal(response_size,
     802              :                      sizeof(spdm_finish_response_t) + hmac_size);
     803            1 :     spdm_response = (void *)response;
     804            1 :     assert_int_equal(spdm_response->header.request_response_code,
     805              :                      SPDM_FINISH_RSP);
     806              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     807              :     assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
     808              :     assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
     809              :     assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
     810              :     assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
     811              :     assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
     812              : #endif
     813              : 
     814            1 :     free(data1);
     815            1 : }
     816              : 
     817              : 
     818              : /**
     819              :  * Test 8: receiving a correct FINISH message from the requester with
     820              :  * correct MAC and signature (with mutual authentication), and 'handshake in
     821              :  * the clear'.
     822              :  * Expected behavior: the responder accepts the request and produces a valid
     823              :  * FINISH_RSP response message.
     824              :  **/
     825            1 : void rsp_finish_rsp_case8(void **state)
     826              : {
     827              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
     828              :     libspdm_return_t status;
     829              :     libspdm_test_context_t *spdm_test_context;
     830              :     libspdm_context_t *spdm_context;
     831              :     size_t response_size;
     832              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     833              :     spdm_finish_response_t *spdm_response;
     834              :     void *data1;
     835              :     size_t data_size1;
     836              :     void *data2;
     837              :     size_t data_size2;
     838              :     uint8_t *ptr;
     839              :     uint8_t *cert_buffer;
     840              :     size_t cert_buffer_size;
     841              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     842              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
     843              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
     844              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
     845              :     libspdm_session_info_t *session_info;
     846              :     uint32_t session_id;
     847              :     uint32_t hash_size;
     848              :     uint32_t hmac_size;
     849              :     size_t req_asym_signature_size;
     850              : 
     851            1 :     spdm_test_context = *state;
     852            1 :     spdm_context = spdm_test_context->spdm_context;
     853            1 :     spdm_test_context->case_id = 0x8;
     854            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
     855              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
     856            1 :     spdm_context->connection_info.connection_state =
     857              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     858            1 :     spdm_context->connection_info.capability.flags |=
     859              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
     860            1 :     spdm_context->local_context.capability.flags |=
     861              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
     862            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
     863              :         m_libspdm_use_hash_algo;
     864            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
     865              :         m_libspdm_use_asym_algo;
     866            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
     867              :         m_libspdm_use_req_asym_algo;
     868            1 :     spdm_context->connection_info.algorithm.measurement_spec =
     869              :         m_libspdm_use_measurement_spec;
     870            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
     871              :         m_libspdm_use_measurement_hash_algo;
     872            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
     873              :         m_libspdm_use_dhe_algo;
     874            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
     875              :         m_libspdm_use_aead_algo;
     876            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
     877              :                                                     m_libspdm_use_asym_algo, &data1,
     878              :                                                     &data_size1, NULL, NULL);
     879            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
     880            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
     881              :         data_size1;
     882            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
     883            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
     884              :         data_size1;
     885              : 
     886            1 :     libspdm_reset_message_a(spdm_context);
     887            1 :     spdm_context->local_context.mut_auth_requested = 1;
     888            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
     889              :                                                     m_libspdm_use_req_asym_algo, &data2,
     890              :                                                     &data_size2, NULL, NULL);
     891              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     892              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
     893              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
     894              :                      data2, data_size2);
     895              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
     896              :         data_size2;
     897              : #else
     898            1 :     libspdm_hash_all(
     899              :         spdm_context->connection_info.algorithm.base_hash_algo,
     900              :         data2, data_size2,
     901            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
     902            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
     903            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
     904            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
     905              :         spdm_context->connection_info.algorithm.base_hash_algo,
     906            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
     907              :         data2,
     908              :         data_size2,
     909              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
     910              : #endif
     911            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
     912              : 
     913            1 :     session_id = 0xFFFFFFFF;
     914            1 :     spdm_context->latest_session_id = session_id;
     915            1 :     session_info = &spdm_context->session_info[0];
     916            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
     917              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
     918            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     919            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
     920            1 :     libspdm_secured_message_set_request_finished_key(
     921              :         session_info->secured_message_context, m_dummy_buffer,
     922              :         hash_size);
     923            1 :     libspdm_secured_message_set_session_state(
     924              :         session_info->secured_message_context,
     925              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
     926            1 :     session_info->mut_auth_requested = 1;
     927              : 
     928            1 :     spdm_context->connection_info.capability.flags |=
     929              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     930            1 :     spdm_context->local_context.capability.flags |=
     931              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
     932            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     933            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
     934            1 :     req_asym_signature_size =
     935            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
     936            1 :     ptr = m_libspdm_finish_request3.signature;
     937            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
     938            1 :     cert_buffer = (uint8_t *)data1;
     939            1 :     cert_buffer_size = data_size1;
     940            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     941              :                      cert_buffer_hash);
     942            1 :     cert_buffer = (uint8_t *)data2;
     943            1 :     cert_buffer_size = data_size2;
     944            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
     945              :                      req_cert_buffer_hash);
     946              :     /* transcript.message_a size is 0*/
     947            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
     948              :     /* session_transcript.message_k is 0*/
     949            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
     950            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
     951              :                                   sizeof(spdm_finish_request_t));
     952              : 
     953            1 :     libspdm_requester_data_sign(
     954              :         spdm_context,
     955            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
     956              :             0, SPDM_FINISH,
     957              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
     958            1 :             false, libspdm_get_managed_buffer(&th_curr),
     959              :             libspdm_get_managed_buffer_size(&th_curr),
     960              :             ptr, &req_asym_signature_size);
     961            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
     962            1 :     ptr += req_asym_signature_size;
     963            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
     964            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
     965              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
     966            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
     967              :                      request_finished_key, hash_size, ptr);
     968            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
     969            1 :                                      req_asym_signature_size + hmac_size;
     970            1 :     response_size = sizeof(response);
     971            1 :     status = libspdm_get_response_finish(spdm_context,
     972              :                                          m_libspdm_finish_request3_size,
     973              :                                          &m_libspdm_finish_request3,
     974              :                                          &response_size, response);
     975            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     976            1 :     assert_int_equal(response_size,
     977              :                      sizeof(spdm_finish_response_t) + hmac_size);
     978            1 :     spdm_response = (void *)response;
     979            1 :     assert_int_equal(spdm_response->header.request_response_code,
     980              :                      SPDM_FINISH_RSP);
     981            1 :     free(data1);
     982            1 :     free(data2);
     983              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
     984            1 : }
     985              : 
     986              : /**
     987              :  * Test 9: receiving a correct FINISH message from the requester, but the
     988              :  * responder has no capabilities for key exchange.
     989              :  * Expected behavior: the responder refuses the FINISH message and produces
     990              :  * an ERROR message indicating the UnsupportedRequest.
     991              :  **/
     992            1 : void rsp_finish_rsp_case9(void **state)
     993              : {
     994              :     libspdm_return_t status;
     995              :     libspdm_test_context_t *spdm_test_context;
     996              :     libspdm_context_t *spdm_context;
     997              :     size_t response_size;
     998              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
     999              :     spdm_finish_response_t *spdm_response;
    1000              :     void *data1;
    1001              :     size_t data_size1;
    1002              :     uint8_t *ptr;
    1003              :     uint8_t *cert_buffer;
    1004              :     size_t cert_buffer_size;
    1005              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1006              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1007              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1008              :     libspdm_session_info_t *session_info;
    1009              :     uint32_t session_id;
    1010              :     uint32_t hash_size;
    1011              :     uint32_t hmac_size;
    1012              : 
    1013            1 :     spdm_test_context = *state;
    1014            1 :     spdm_context = spdm_test_context->spdm_context;
    1015            1 :     spdm_test_context->case_id = 0x9;
    1016            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1017              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1018            1 :     spdm_context->connection_info.connection_state =
    1019              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1020            1 :     spdm_context->connection_info.capability.flags = 0;
    1021            1 :     spdm_context->local_context.capability.flags = 0;
    1022            1 :     spdm_context->connection_info.capability.flags |=
    1023              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1024              :     /* no key exchange capabilities (responder)*/
    1025            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1026              :         m_libspdm_use_hash_algo;
    1027            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1028              :         m_libspdm_use_asym_algo;
    1029            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1030              :         m_libspdm_use_measurement_spec;
    1031            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1032              :         m_libspdm_use_measurement_hash_algo;
    1033            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1034              :         m_libspdm_use_dhe_algo;
    1035            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1036              :         m_libspdm_use_aead_algo;
    1037            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1038              :                                                     m_libspdm_use_asym_algo, &data1,
    1039              :                                                     &data_size1, NULL, NULL);
    1040            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1041            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1042              :         data_size1;
    1043            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1044            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1045              :         data_size1;
    1046              : 
    1047            1 :     libspdm_reset_message_a(spdm_context);
    1048            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1049              : 
    1050            1 :     session_id = 0xFFFFFFFF;
    1051            1 :     spdm_context->latest_session_id = session_id;
    1052            1 :     session_info = &spdm_context->session_info[0];
    1053            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1054              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1055            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1056            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1057            1 :     libspdm_secured_message_set_request_finished_key(
    1058              :         session_info->secured_message_context, m_dummy_buffer,
    1059              :         hash_size);
    1060            1 :     libspdm_secured_message_set_session_state(
    1061              :         session_info->secured_message_context,
    1062              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1063              : 
    1064            1 :     spdm_context->connection_info.capability.flags |=
    1065              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1066            1 :     spdm_context->local_context.capability.flags |=
    1067              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1068            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1069            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1070            1 :     ptr = m_libspdm_finish_request1.signature;
    1071            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1072            1 :     cert_buffer = (uint8_t *)data1;
    1073            1 :     cert_buffer_size = data_size1;
    1074            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1075              :                      cert_buffer_hash);
    1076              :     /* transcript.message_a size is 0*/
    1077            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1078              :     /* session_transcript.message_k is 0*/
    1079            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1080              :                                   sizeof(spdm_finish_request_t));
    1081            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1082            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1083              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1084            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1085              :                      request_finished_key, hash_size, ptr);
    1086            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1087            1 :     response_size = sizeof(response);
    1088            1 :     status = libspdm_get_response_finish(spdm_context,
    1089              :                                          m_libspdm_finish_request1_size,
    1090              :                                          &m_libspdm_finish_request1,
    1091              :                                          &response_size, response);
    1092            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1093            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1094            1 :     spdm_response = (void *)response;
    1095            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1096              :                      SPDM_ERROR);
    1097            1 :     assert_int_equal(spdm_response->header.param1,
    1098              :                      SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
    1099            1 :     assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
    1100            1 :     free(data1);
    1101            1 : }
    1102              : 
    1103              : /**
    1104              :  * Test 10: receiving a correct FINISH message from the requester, but the
    1105              :  * responder is not correctly setup by not initializing a session during
    1106              :  * KEY_EXCHANGE.
    1107              :  * Expected behavior: the responder refuses the FINISH message and produces
    1108              :  * an ERROR message indicating the UnsupportedRequest.
    1109              :  **/
    1110            1 : void rsp_finish_rsp_case10(void **state)
    1111              : {
    1112              :     libspdm_return_t status;
    1113              :     libspdm_test_context_t *spdm_test_context;
    1114              :     libspdm_context_t *spdm_context;
    1115              :     size_t response_size;
    1116              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1117              :     spdm_finish_response_t *spdm_response;
    1118              :     void *data1;
    1119              :     size_t data_size1;
    1120              :     uint8_t *ptr;
    1121              :     uint8_t *cert_buffer;
    1122              :     size_t cert_buffer_size;
    1123              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1124              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1125              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1126              :     libspdm_session_info_t *session_info;
    1127              :     uint32_t session_id;
    1128              :     uint32_t hash_size;
    1129              :     uint32_t hmac_size;
    1130              : 
    1131            1 :     spdm_test_context = *state;
    1132            1 :     spdm_context = spdm_test_context->spdm_context;
    1133            1 :     spdm_test_context->case_id = 0xA;
    1134            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1135              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1136            1 :     spdm_context->connection_info.connection_state =
    1137              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1138            1 :     spdm_context->connection_info.capability.flags |=
    1139              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1140            1 :     spdm_context->local_context.capability.flags |=
    1141              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1142            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1143              :         m_libspdm_use_hash_algo;
    1144            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1145              :         m_libspdm_use_asym_algo;
    1146            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1147              :         m_libspdm_use_measurement_spec;
    1148            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1149              :         m_libspdm_use_measurement_hash_algo;
    1150            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1151              :         m_libspdm_use_dhe_algo;
    1152            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1153              :         m_libspdm_use_aead_algo;
    1154            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1155              :                                                     m_libspdm_use_asym_algo, &data1,
    1156              :                                                     &data_size1, NULL, NULL);
    1157            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1158            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1159              :         data_size1;
    1160            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1161            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1162              :         data_size1;
    1163              : 
    1164            1 :     libspdm_reset_message_a(spdm_context);
    1165            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1166              : 
    1167            1 :     session_id = 0xFFFFFFFF;
    1168            1 :     spdm_context->latest_session_id = session_id;
    1169            1 :     session_info = &spdm_context->session_info[0];
    1170            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1171              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1172            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1173            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1174            1 :     libspdm_secured_message_set_request_finished_key(
    1175              :         session_info->secured_message_context, m_dummy_buffer,
    1176              :         hash_size);
    1177            1 :     libspdm_secured_message_set_session_state(
    1178              :         session_info->secured_message_context,
    1179              :         LIBSPDM_SESSION_STATE_NOT_STARTED);
    1180              : 
    1181            1 :     spdm_context->connection_info.capability.flags |=
    1182              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1183            1 :     spdm_context->local_context.capability.flags |=
    1184              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1185            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1186            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1187            1 :     ptr = m_libspdm_finish_request1.signature;
    1188            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1189            1 :     cert_buffer = (uint8_t *)data1;
    1190            1 :     cert_buffer_size = data_size1;
    1191            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1192              :                      cert_buffer_hash);
    1193              :     /* transcript.message_a size is 0*/
    1194            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1195              :     /* session_transcript.message_k is 0*/
    1196            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1197              :                                   sizeof(spdm_finish_request_t));
    1198            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1199            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1200              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1201            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1202              :                      request_finished_key, hash_size, ptr);
    1203            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1204            1 :     response_size = sizeof(response);
    1205            1 :     status = libspdm_get_response_finish(spdm_context,
    1206              :                                          m_libspdm_finish_request1_size,
    1207              :                                          &m_libspdm_finish_request1,
    1208              :                                          &response_size, response);
    1209            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1210            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1211            1 :     spdm_response = (void *)response;
    1212            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1213              :                      SPDM_ERROR);
    1214            1 :     assert_int_equal(spdm_response->header.param1,
    1215              :                      SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
    1216            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1217            1 :     free(data1);
    1218            1 : }
    1219              : 
    1220              : /**
    1221              :  * Test 11: receiving a FINISH message from the requester with an incorrect
    1222              :  * MAC (all-zero).
    1223              :  * Expected behavior: the responder refuses the FINISH message and produces
    1224              :  * an ERROR message indicating the DecryptError.
    1225              :  **/
    1226            1 : void rsp_finish_rsp_case11(void **state)
    1227              : {
    1228              :     libspdm_return_t status;
    1229              :     libspdm_test_context_t *spdm_test_context;
    1230              :     libspdm_context_t *spdm_context;
    1231              :     size_t response_size;
    1232              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1233              :     spdm_finish_response_t *spdm_response;
    1234              :     void *data1;
    1235              :     size_t data_size1;
    1236              :     uint8_t *ptr;
    1237              :     libspdm_session_info_t *session_info;
    1238              :     uint32_t session_id;
    1239              :     uint32_t hash_size;
    1240              :     uint32_t hmac_size;
    1241              : 
    1242            1 :     spdm_test_context = *state;
    1243            1 :     spdm_context = spdm_test_context->spdm_context;
    1244            1 :     spdm_test_context->case_id = 0xB;
    1245            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1246              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1247            1 :     spdm_context->connection_info.connection_state =
    1248              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1249            1 :     spdm_context->connection_info.capability.flags |=
    1250              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1251            1 :     spdm_context->local_context.capability.flags |=
    1252              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1253            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1254              :         m_libspdm_use_hash_algo;
    1255            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1256              :         m_libspdm_use_asym_algo;
    1257            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1258              :         m_libspdm_use_measurement_spec;
    1259            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1260              :         m_libspdm_use_measurement_hash_algo;
    1261            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1262              :         m_libspdm_use_dhe_algo;
    1263            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1264              :         m_libspdm_use_aead_algo;
    1265            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1266              :                                                     m_libspdm_use_asym_algo, &data1,
    1267              :                                                     &data_size1, NULL, NULL);
    1268            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1269            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1270              :         data_size1;
    1271            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1272            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1273              :         data_size1;
    1274              : 
    1275            1 :     libspdm_reset_message_a(spdm_context);
    1276            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1277              : 
    1278            1 :     session_id = 0xFFFFFFFF;
    1279            1 :     spdm_context->latest_session_id = session_id;
    1280            1 :     session_info = &spdm_context->session_info[0];
    1281            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1282              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1283            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1284            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1285            1 :     libspdm_secured_message_set_request_finished_key(
    1286              :         session_info->secured_message_context, m_dummy_buffer,
    1287              :         hash_size);
    1288            1 :     libspdm_secured_message_set_session_state(
    1289              :         session_info->secured_message_context,
    1290              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1291              : 
    1292            1 :     spdm_context->connection_info.capability.flags |=
    1293              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1294            1 :     spdm_context->local_context.capability.flags |=
    1295              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1296            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1297            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1298            1 :     ptr = m_libspdm_finish_request1.signature;
    1299            1 :     libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
    1300            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1301            1 :     response_size = sizeof(response);
    1302            1 :     status = libspdm_get_response_finish(spdm_context,
    1303              :                                          m_libspdm_finish_request1_size,
    1304              :                                          &m_libspdm_finish_request1,
    1305              :                                          &response_size, response);
    1306            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1307            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1308            1 :     spdm_response = (void *)response;
    1309            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1310              :                      SPDM_ERROR);
    1311            1 :     assert_int_equal(spdm_response->header.param1,
    1312              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1313            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1314            1 :     free(data1);
    1315            1 : }
    1316              : 
    1317              : /**
    1318              :  * Test 12: receiving a FINISH message from the requester with an incorrect
    1319              :  * MAC (arbitrary).
    1320              :  * Expected behavior: the responder refuses the FINISH message and produces
    1321              :  * an ERROR message indicating the DecryptError.
    1322              :  **/
    1323            1 : void rsp_finish_rsp_case12(void **state)
    1324              : {
    1325              :     libspdm_return_t status;
    1326              :     libspdm_test_context_t *spdm_test_context;
    1327              :     libspdm_context_t *spdm_context;
    1328              :     size_t response_size;
    1329              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1330              :     spdm_finish_response_t *spdm_response;
    1331              :     void *data1;
    1332              :     size_t data_size1;
    1333              :     uint8_t *ptr;
    1334              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1335              :     uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
    1336              :     libspdm_session_info_t *session_info;
    1337              :     uint32_t session_id;
    1338              :     uint32_t hash_size;
    1339              :     uint32_t hmac_size;
    1340              : 
    1341            1 :     spdm_test_context = *state;
    1342            1 :     spdm_context = spdm_test_context->spdm_context;
    1343            1 :     spdm_test_context->case_id = 0xC;
    1344            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1345              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1346            1 :     spdm_context->connection_info.connection_state =
    1347              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1348            1 :     spdm_context->connection_info.capability.flags |=
    1349              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1350            1 :     spdm_context->local_context.capability.flags |=
    1351              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1352            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1353              :         m_libspdm_use_hash_algo;
    1354            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1355              :         m_libspdm_use_asym_algo;
    1356            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1357              :         m_libspdm_use_measurement_spec;
    1358            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1359              :         m_libspdm_use_measurement_hash_algo;
    1360            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1361              :         m_libspdm_use_dhe_algo;
    1362            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1363              :         m_libspdm_use_aead_algo;
    1364            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1365              :                                                     m_libspdm_use_asym_algo, &data1,
    1366              :                                                     &data_size1, NULL, NULL);
    1367            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1368            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1369              :         data_size1;
    1370            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1371            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1372              :         data_size1;
    1373              : 
    1374            1 :     libspdm_reset_message_a(spdm_context);
    1375            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1376              : 
    1377            1 :     session_id = 0xFFFFFFFF;
    1378            1 :     spdm_context->latest_session_id = session_id;
    1379            1 :     session_info = &spdm_context->session_info[0];
    1380            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1381              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1382            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1383            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1384            1 :     libspdm_secured_message_set_request_finished_key(
    1385              :         session_info->secured_message_context, m_dummy_buffer,
    1386              :         hash_size);
    1387            1 :     libspdm_secured_message_set_session_state(
    1388              :         session_info->secured_message_context,
    1389              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1390              : 
    1391            1 :     spdm_context->connection_info.capability.flags |=
    1392              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1393            1 :     spdm_context->local_context.capability.flags |=
    1394              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1395            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1396            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1397            1 :     ptr = m_libspdm_finish_request1.signature;
    1398              :     /*arbitrary MAC*/
    1399            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1400            1 :     libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
    1401            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
    1402              :                      request_finished_key, hash_size, ptr);
    1403            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1404            1 :     response_size = sizeof(response);
    1405            1 :     status = libspdm_get_response_finish(spdm_context,
    1406              :                                          m_libspdm_finish_request1_size,
    1407              :                                          &m_libspdm_finish_request1,
    1408              :                                          &response_size, response);
    1409            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1410            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1411            1 :     spdm_response = (void *)response;
    1412            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1413              :                      SPDM_ERROR);
    1414            1 :     assert_int_equal(spdm_response->header.param1,
    1415              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1416            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1417            1 :     free(data1);
    1418            1 : }
    1419              : 
    1420              : /**
    1421              :  * Test 13:
    1422              :  * Expected behavior:
    1423              :  **/
    1424            1 : void rsp_finish_rsp_case13(void **state)
    1425              : {
    1426            1 : }
    1427              : 
    1428              : /**
    1429              :  * Test 14: receiving a FINISH message from the requester with an incorrect
    1430              :  * MAC size (only the correct first half of the MAC).
    1431              :  * Expected behavior: the responder refuses the FINISH message and produces
    1432              :  * an ERROR message indicating the InvalidRequest.
    1433              :  **/
    1434            1 : void rsp_finish_rsp_case14(void **state)
    1435              : {
    1436              :     libspdm_return_t status;
    1437              :     libspdm_test_context_t *spdm_test_context;
    1438              :     libspdm_context_t *spdm_context;
    1439              :     size_t response_size;
    1440              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1441              :     spdm_finish_response_t *spdm_response;
    1442              :     void *data1;
    1443              :     size_t data_size1;
    1444              :     uint8_t *ptr;
    1445              :     uint8_t *cert_buffer;
    1446              :     size_t cert_buffer_size;
    1447              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1448              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1449              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1450              :     libspdm_session_info_t *session_info;
    1451              :     uint32_t session_id;
    1452              :     uint32_t hash_size;
    1453              :     uint32_t hmac_size;
    1454              : 
    1455            1 :     spdm_test_context = *state;
    1456            1 :     spdm_context = spdm_test_context->spdm_context;
    1457            1 :     spdm_test_context->case_id = 0xE;
    1458            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1459              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1460            1 :     spdm_context->connection_info.connection_state =
    1461              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1462            1 :     spdm_context->connection_info.capability.flags |=
    1463              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1464            1 :     spdm_context->local_context.capability.flags |=
    1465              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1466            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1467              :         m_libspdm_use_hash_algo;
    1468            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1469              :         m_libspdm_use_asym_algo;
    1470            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1471              :         m_libspdm_use_measurement_spec;
    1472            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1473              :         m_libspdm_use_measurement_hash_algo;
    1474            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1475              :         m_libspdm_use_dhe_algo;
    1476            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1477              :         m_libspdm_use_aead_algo;
    1478            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1479              :                                                     m_libspdm_use_asym_algo, &data1,
    1480              :                                                     &data_size1, NULL, NULL);
    1481            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1482            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1483              :         data_size1;
    1484            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1485            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1486              :         data_size1;
    1487              : 
    1488            1 :     libspdm_reset_message_a(spdm_context);
    1489            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1490              : 
    1491            1 :     session_id = 0xFFFFFFFF;
    1492            1 :     spdm_context->latest_session_id = session_id;
    1493            1 :     session_info = &spdm_context->session_info[0];
    1494            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1495              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1496            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1497            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1498            1 :     libspdm_secured_message_set_request_finished_key(
    1499              :         session_info->secured_message_context, m_dummy_buffer,
    1500              :         hash_size);
    1501            1 :     libspdm_secured_message_set_session_state(
    1502              :         session_info->secured_message_context,
    1503              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1504              : 
    1505            1 :     spdm_context->connection_info.capability.flags |=
    1506              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1507            1 :     spdm_context->local_context.capability.flags |=
    1508              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1509            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1510            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1511            1 :     ptr = m_libspdm_finish_request1.signature;
    1512            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1513            1 :     cert_buffer = (uint8_t *)data1;
    1514            1 :     cert_buffer_size = data_size1;
    1515            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1516              :                      cert_buffer_hash);
    1517              :     /* transcript.message_a size is 0*/
    1518            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1519              :     /* session_transcript.message_k is 0*/
    1520            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1521              :                                   sizeof(spdm_finish_request_t));
    1522            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1523            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1524              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1525            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1526              :                      request_finished_key, hash_size, ptr);
    1527            1 :     libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
    1528            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
    1529            1 :     response_size = sizeof(response);
    1530            1 :     status = libspdm_get_response_finish(spdm_context,
    1531              :                                          m_libspdm_finish_request1_size,
    1532              :                                          &m_libspdm_finish_request1,
    1533              :                                          &response_size, response);
    1534            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1535            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1536            1 :     spdm_response = (void *)response;
    1537            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1538              :                      SPDM_ERROR);
    1539            1 :     assert_int_equal(spdm_response->header.param1,
    1540              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    1541            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1542            1 :     free(data1);
    1543            1 : }
    1544              : 
    1545              : /**
    1546              :  * Test 15: receiving a FINISH message from the requester with an incorrect
    1547              :  * signature (all-zero), but a correct MAC.
    1548              :  * Expected behavior: the responder refuses the FINISH message and produces
    1549              :  * an ERROR message indicating the DecryptError.
    1550              :  **/
    1551            1 : void rsp_finish_rsp_case15(void **state)
    1552              : {
    1553              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1554              :     libspdm_return_t status;
    1555              :     libspdm_test_context_t *spdm_test_context;
    1556              :     libspdm_context_t *spdm_context;
    1557              :     size_t response_size;
    1558              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1559              :     spdm_finish_response_t *spdm_response;
    1560              :     void *data1;
    1561              :     size_t data_size1;
    1562              :     void *data2;
    1563              :     size_t data_size2;
    1564              :     uint8_t *ptr;
    1565              :     uint8_t *cert_buffer;
    1566              :     size_t cert_buffer_size;
    1567              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1568              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1569              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1570              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1571              :     libspdm_session_info_t *session_info;
    1572              :     uint32_t session_id;
    1573              :     uint32_t hash_size;
    1574              :     uint32_t hmac_size;
    1575              :     size_t req_asym_signature_size;
    1576              : 
    1577            1 :     spdm_test_context = *state;
    1578            1 :     spdm_context = spdm_test_context->spdm_context;
    1579            1 :     spdm_test_context->case_id = 0xF;
    1580            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1581              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1582            1 :     spdm_context->connection_info.connection_state =
    1583              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1584            1 :     spdm_context->connection_info.capability.flags |=
    1585              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1586            1 :     spdm_context->local_context.capability.flags |=
    1587              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1588            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1589              :         m_libspdm_use_hash_algo;
    1590            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1591              :         m_libspdm_use_asym_algo;
    1592            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    1593              :         m_libspdm_use_req_asym_algo;
    1594            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1595              :         m_libspdm_use_measurement_spec;
    1596            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1597              :         m_libspdm_use_measurement_hash_algo;
    1598            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1599              :         m_libspdm_use_dhe_algo;
    1600            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1601              :         m_libspdm_use_aead_algo;
    1602            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1603              :                                                     m_libspdm_use_asym_algo, &data1,
    1604              :                                                     &data_size1, NULL, NULL);
    1605            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1606            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1607              :         data_size1;
    1608            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1609            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1610              :         data_size1;
    1611              : 
    1612            1 :     libspdm_reset_message_a(spdm_context);
    1613            1 :     spdm_context->local_context.mut_auth_requested = 1;
    1614            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    1615              :                                                     m_libspdm_use_req_asym_algo, &data2,
    1616              :                                                     &data_size2, NULL, NULL);
    1617              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1618              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    1619              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    1620              :                      data2, data_size2);
    1621              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    1622              :         data_size2;
    1623              : #endif
    1624              : 
    1625            1 :     session_id = 0xFFFFFFFF;
    1626            1 :     spdm_context->latest_session_id = session_id;
    1627            1 :     session_info = &spdm_context->session_info[0];
    1628            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1629              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1630            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1631            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1632            1 :     libspdm_secured_message_set_request_finished_key(
    1633              :         session_info->secured_message_context, m_dummy_buffer,
    1634              :         hash_size);
    1635            1 :     libspdm_secured_message_set_session_state(
    1636              :         session_info->secured_message_context,
    1637              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1638            1 :     session_info->mut_auth_requested = 1;
    1639              : 
    1640            1 :     spdm_context->connection_info.capability.flags |=
    1641              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1642            1 :     spdm_context->local_context.capability.flags |=
    1643              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1644            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1645            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1646            1 :     req_asym_signature_size =
    1647            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    1648            1 :     ptr = m_libspdm_finish_request3.signature;
    1649            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1650            1 :     cert_buffer = (uint8_t *)data1;
    1651            1 :     cert_buffer_size = data_size1;
    1652            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1653              :                      cert_buffer_hash);
    1654            1 :     cert_buffer = (uint8_t *)data2;
    1655            1 :     cert_buffer_size = data_size2;
    1656            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1657              :                      req_cert_buffer_hash);
    1658              :     /* transcript.message_a size is 0*/
    1659            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1660              :     /* session_transcript.message_k is 0*/
    1661            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    1662            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
    1663              :                                   sizeof(spdm_finish_request_t));
    1664              : 
    1665            1 :     libspdm_requester_data_sign(
    1666              :         spdm_context,
    1667            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    1668              :             0, SPDM_FINISH,
    1669              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    1670            1 :             false, libspdm_get_managed_buffer(&th_curr),
    1671              :             libspdm_get_managed_buffer_size(&th_curr),
    1672              :             ptr, &req_asym_signature_size);
    1673              : 
    1674            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    1675            1 :     ptr += req_asym_signature_size;
    1676            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1677            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1678              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1679            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1680              :                      request_finished_key, hash_size, ptr);
    1681            1 :     libspdm_set_mem(m_libspdm_finish_request3.signature,
    1682              :                     req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
    1683            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
    1684            1 :                                      req_asym_signature_size + hmac_size;
    1685            1 :     response_size = sizeof(response);
    1686            1 :     status = libspdm_get_response_finish(spdm_context,
    1687              :                                          m_libspdm_finish_request3_size,
    1688              :                                          &m_libspdm_finish_request3,
    1689              :                                          &response_size, response);
    1690            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1691            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1692            1 :     spdm_response = (void *)response;
    1693            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1694              :                      SPDM_ERROR);
    1695            1 :     assert_int_equal(spdm_response->header.param1,
    1696              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1697            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1698            1 :     free(data1);
    1699            1 :     free(data2);
    1700              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    1701            1 : }
    1702              : 
    1703              : /**
    1704              :  * Test 16: receiving a FINISH message from the requester with an incorrect
    1705              :  * signature (arbitrary), but a correct MAC.
    1706              :  * Expected behavior: the responder refuses the FINISH message and produces
    1707              :  * an ERROR message indicating the DecryptError.
    1708              :  **/
    1709            1 : void rsp_finish_rsp_case16(void **state)
    1710              : {
    1711              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1712              :     libspdm_return_t status;
    1713              :     libspdm_test_context_t *spdm_test_context;
    1714              :     libspdm_context_t *spdm_context;
    1715              :     size_t response_size;
    1716              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1717              :     spdm_finish_response_t *spdm_response;
    1718              :     void *data1;
    1719              :     size_t data_size1;
    1720              :     void *data2;
    1721              :     size_t data_size2;
    1722              :     uint8_t *ptr;
    1723              :     uint8_t *cert_buffer;
    1724              :     size_t cert_buffer_size;
    1725              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1726              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1727              :     uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
    1728              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1729              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1730              :     libspdm_session_info_t *session_info;
    1731              :     uint32_t session_id;
    1732              :     uint32_t hash_size;
    1733              :     uint32_t hmac_size;
    1734              :     size_t req_asym_signature_size;
    1735              : 
    1736            1 :     spdm_test_context = *state;
    1737            1 :     spdm_context = spdm_test_context->spdm_context;
    1738            1 :     spdm_test_context->case_id = 0x10;
    1739            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    1740              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    1741            1 :     spdm_context->connection_info.connection_state =
    1742              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1743            1 :     spdm_context->connection_info.capability.flags |=
    1744              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1745            1 :     spdm_context->local_context.capability.flags |=
    1746              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1747            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    1748              :         m_libspdm_use_hash_algo;
    1749            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    1750              :         m_libspdm_use_asym_algo;
    1751            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    1752              :         m_libspdm_use_req_asym_algo;
    1753            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    1754              :         m_libspdm_use_measurement_spec;
    1755            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1756              :         m_libspdm_use_measurement_hash_algo;
    1757            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    1758              :         m_libspdm_use_dhe_algo;
    1759            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    1760              :         m_libspdm_use_aead_algo;
    1761            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1762              :                                                     m_libspdm_use_asym_algo, &data1,
    1763              :                                                     &data_size1, NULL, NULL);
    1764            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1765            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    1766              :         data_size1;
    1767            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1768            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    1769              :         data_size1;
    1770              : 
    1771            1 :     libspdm_reset_message_a(spdm_context);
    1772            1 :     spdm_context->local_context.mut_auth_requested = 1;
    1773            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    1774              :                                                     m_libspdm_use_req_asym_algo, &data2,
    1775              :                                                     &data_size2, NULL, NULL);
    1776              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1777              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    1778              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    1779              :                      data2, data_size2);
    1780              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    1781              :         data_size2;
    1782              : #endif
    1783              : 
    1784            1 :     session_id = 0xFFFFFFFF;
    1785            1 :     spdm_context->latest_session_id = session_id;
    1786            1 :     session_info = &spdm_context->session_info[0];
    1787            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1788              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1789            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1790            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1791            1 :     libspdm_secured_message_set_request_finished_key(
    1792              :         session_info->secured_message_context, m_dummy_buffer,
    1793              :         hash_size);
    1794            1 :     libspdm_secured_message_set_session_state(
    1795              :         session_info->secured_message_context,
    1796              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    1797            1 :     session_info->mut_auth_requested = 1;
    1798              : 
    1799            1 :     spdm_context->connection_info.capability.flags |=
    1800              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1801            1 :     spdm_context->local_context.capability.flags |=
    1802              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1803            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1804            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1805            1 :     req_asym_signature_size =
    1806            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    1807            1 :     ptr = m_libspdm_finish_request3.signature;
    1808            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1809            1 :     cert_buffer = (uint8_t *)data1;
    1810            1 :     cert_buffer_size = data_size1;
    1811            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1812              :                      cert_buffer_hash);
    1813            1 :     cert_buffer = (uint8_t *)data2;
    1814            1 :     cert_buffer_size = data_size2;
    1815            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    1816              :                      req_cert_buffer_hash);
    1817              :     /* transcript.message_a size is 0*/
    1818            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1819              :     /* session_transcript.message_k is 0*/
    1820            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    1821            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
    1822              :                                   sizeof(spdm_finish_request_t));
    1823              :     /*randomize signature*/
    1824            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1825              :                      libspdm_get_managed_buffer_size(&th_curr), random_buffer);
    1826              : 
    1827            1 :     libspdm_requester_data_sign(
    1828              :         spdm_context,
    1829            1 :         m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    1830              :             0, SPDM_FINISH,
    1831              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    1832              :             false, random_buffer, hash_size, ptr, &req_asym_signature_size);
    1833              : 
    1834            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    1835            1 :     ptr += req_asym_signature_size;
    1836            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1837            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1838              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1839            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1840              :                      request_finished_key, hash_size, ptr);
    1841            1 :     m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
    1842            1 :                                      req_asym_signature_size + hmac_size;
    1843            1 :     response_size = sizeof(response);
    1844            1 :     status = libspdm_get_response_finish(spdm_context,
    1845              :                                          m_libspdm_finish_request3_size,
    1846              :                                          &m_libspdm_finish_request3,
    1847              :                                          &response_size, response);
    1848            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1849            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    1850            1 :     spdm_response = (void *)response;
    1851            1 :     assert_int_equal(spdm_response->header.request_response_code,
    1852              :                      SPDM_ERROR);
    1853            1 :     assert_int_equal(spdm_response->header.param1,
    1854              :                      SPDM_ERROR_CODE_DECRYPT_ERROR);
    1855            1 :     assert_int_equal(spdm_response->header.param2, 0);
    1856            1 :     free(data1);
    1857            1 :     free(data2);
    1858              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    1859            1 : }
    1860              : 
    1861              : /**
    1862              :  * Test 17: receiving a correct FINISH from the requester.
    1863              :  * Expected behavior: the responder accepts the request and produces a valid FINISH
    1864              :  * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
    1865              :  **/
    1866            1 : void rsp_finish_rsp_case17(void **state)
    1867              : {
    1868              :     libspdm_return_t status;
    1869              :     libspdm_test_context_t *spdm_test_context;
    1870              :     libspdm_context_t *spdm_context;
    1871              :     size_t response_size;
    1872              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1873              :     spdm_finish_response_t *spdm_response;
    1874              :     void *data1;
    1875              :     size_t data_size1;
    1876              :     uint8_t *ptr;
    1877              :     uint8_t *cert_buffer;
    1878              :     size_t cert_buffer_size;
    1879              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1880              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1881              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1882              :     libspdm_session_info_t *session_info;
    1883              :     uint32_t session_id;
    1884              :     uint32_t hash_size;
    1885              :     uint32_t hmac_size;
    1886              : 
    1887            1 :     spdm_test_context = *state;
    1888            1 :     spdm_context = spdm_test_context->spdm_context;
    1889            1 :     spdm_test_context->case_id = 0x11;
    1890            1 :     spdm_context->connection_info.connection_state =
    1891              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    1892            1 :     spdm_context->connection_info.capability.flags |=
    1893              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    1894            1 :     spdm_context->local_context.capability.flags |=
    1895              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    1896            1 :     spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
    1897            1 :     spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
    1898            1 :     spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
    1899            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    1900              :         m_libspdm_use_measurement_hash_algo;
    1901            1 :     spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
    1902            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
    1903            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    1904              :                                                     m_libspdm_use_asym_algo, &data1,
    1905              :                                                     &data_size1, NULL, NULL);
    1906            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    1907            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
    1908            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    1909            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
    1910              : 
    1911            1 :     libspdm_reset_message_a(spdm_context);
    1912            1 :     spdm_context->local_context.mut_auth_requested = 0;
    1913              : 
    1914            1 :     session_id = 0xFFFFFFFF;
    1915            1 :     spdm_context->latest_session_id = session_id;
    1916            1 :     session_info = &spdm_context->session_info[0];
    1917            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    1918              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    1919            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1920            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    1921            1 :     libspdm_secured_message_set_request_finished_key(
    1922              :         session_info->secured_message_context, m_dummy_buffer, hash_size);
    1923            1 :     libspdm_secured_message_set_session_state(
    1924              :         session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
    1925              : 
    1926            1 :     spdm_context->connection_info.capability.flags |=
    1927              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1928            1 :     spdm_context->local_context.capability.flags |=
    1929              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    1930            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1931            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    1932            1 :     ptr = m_libspdm_finish_request1.signature;
    1933            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    1934            1 :     cert_buffer = (uint8_t *)data1;
    1935            1 :     cert_buffer_size = data_size1;
    1936            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
    1937              :     /* transcript.message_a size is 0*/
    1938            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    1939              :     /* session_transcript.message_k is 0*/
    1940            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    1941              :                                   sizeof(spdm_finish_request_t));
    1942            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    1943            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    1944              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    1945            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    1946              :                      request_finished_key, hash_size, ptr);
    1947            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    1948            1 :     response_size = sizeof(response);
    1949            1 :     status = libspdm_get_response_finish(
    1950              :         spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
    1951              :         &response_size, response);
    1952            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    1953            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    1954            1 :     spdm_response = (void *)response;
    1955            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    1956              : 
    1957              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    1958              :     assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
    1959              :                      m_libspdm_finish_request1_size + response_size);
    1960              :     assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
    1961              :                         &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
    1962              :     assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
    1963              :                         m_libspdm_finish_request1_size,
    1964              :                         response, response_size);
    1965              : #endif
    1966              : 
    1967            1 :     free(data1);
    1968            1 : }
    1969              : 
    1970              : /**
    1971              :  * Test 18: receiving a correct FINISH message from the requester with
    1972              :  * correct MAC and signature (with mutual authentication), and 'handshake in
    1973              :  * the clear'. The slot_id for requester mutual authentication is 0xFF.
    1974              :  * Expected behavior: the responder accepts the request and produces a valid
    1975              :  * FINISH_RSP response message.
    1976              :  **/
    1977            1 : void rsp_finish_rsp_case18(void **state)
    1978              : {
    1979              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    1980              :     libspdm_return_t status;
    1981              :     libspdm_test_context_t *spdm_test_context;
    1982              :     libspdm_context_t *spdm_context;
    1983              :     size_t response_size;
    1984              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    1985              :     spdm_finish_response_t *spdm_response;
    1986              :     void *data1;
    1987              :     size_t data_size1;
    1988              :     void *data2;
    1989              :     size_t data_size2;
    1990              :     uint8_t *ptr;
    1991              :     uint8_t *cert_buffer;
    1992              :     size_t cert_buffer_size;
    1993              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1994              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    1995              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    1996              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    1997              :     libspdm_session_info_t *session_info;
    1998              :     uint32_t session_id;
    1999              :     uint32_t hash_size;
    2000              :     uint32_t hmac_size;
    2001              :     size_t req_asym_signature_size;
    2002              : 
    2003            1 :     spdm_test_context = *state;
    2004            1 :     spdm_context = spdm_test_context->spdm_context;
    2005            1 :     spdm_test_context->case_id = 0x12;
    2006            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2007              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2008            1 :     spdm_context->connection_info.connection_state =
    2009              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2010            1 :     spdm_context->connection_info.capability.flags |=
    2011              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2012            1 :     spdm_context->local_context.capability.flags |=
    2013              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2014            1 :     spdm_context->connection_info.capability.flags |=
    2015              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
    2016            1 :     spdm_context->local_context.capability.flags |=
    2017              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
    2018            1 :     spdm_context->connection_info.capability.flags |=
    2019              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2020            1 :     spdm_context->local_context.capability.flags |=
    2021              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2022            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2023              :         m_libspdm_use_hash_algo;
    2024            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2025              :         m_libspdm_use_asym_algo;
    2026            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2027              :         m_libspdm_use_req_asym_algo;
    2028            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2029              :         m_libspdm_use_dhe_algo;
    2030            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2031              :         m_libspdm_use_aead_algo;
    2032            1 :     libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
    2033            1 :     spdm_context->local_context.local_public_key_provision = data1;
    2034            1 :     spdm_context->local_context.local_public_key_provision_size = data_size1;
    2035            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2036            1 :     libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
    2037            1 :     spdm_context->local_context.peer_public_key_provision = data2;
    2038            1 :     spdm_context->local_context.peer_public_key_provision_size = data_size2;
    2039              : 
    2040            1 :     spdm_context->encap_context.req_slot_id = 0xFF;
    2041            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
    2042            1 :     spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
    2043              : 
    2044            1 :     libspdm_reset_message_a(spdm_context);
    2045              : 
    2046            1 :     session_id = 0xFFFFFFFF;
    2047            1 :     spdm_context->latest_session_id = session_id;
    2048            1 :     session_info = &spdm_context->session_info[0];
    2049            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2050              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2051            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2052            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2053            1 :     libspdm_secured_message_set_request_finished_key(
    2054              :         session_info->secured_message_context, m_dummy_buffer,
    2055              :         hash_size);
    2056            1 :     libspdm_secured_message_set_session_state(
    2057              :         session_info->secured_message_context,
    2058              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2059            1 :     session_info->mut_auth_requested = 1;
    2060              : 
    2061            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2062            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2063            1 :     req_asym_signature_size =
    2064            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2065            1 :     ptr = m_libspdm_finish_request4.signature;
    2066            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2067            1 :     cert_buffer = (uint8_t *)data1;
    2068            1 :     cert_buffer_size = data_size1;
    2069            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2070              :                      cert_buffer_hash);
    2071            1 :     cert_buffer = (uint8_t *)data2;
    2072            1 :     cert_buffer_size = data_size2;
    2073            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2074              :                      req_cert_buffer_hash);
    2075              :     /* transcript.message_a size is 0*/
    2076            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2077              :     /* session_transcript.message_k is 0*/
    2078            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2079            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
    2080              :                                   sizeof(spdm_finish_request_t));
    2081              : 
    2082            1 :     libspdm_requester_data_sign(
    2083              :         spdm_context,
    2084            1 :         m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2085              :             0, SPDM_FINISH,
    2086              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2087            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2088              :             libspdm_get_managed_buffer_size(&th_curr),
    2089              :             ptr, &req_asym_signature_size);
    2090              : 
    2091            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2092            1 :     ptr += req_asym_signature_size;
    2093              : 
    2094            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2095            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2096              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2097            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2098              :                      request_finished_key, hash_size, ptr);
    2099            1 :     m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
    2100            1 :                                      req_asym_signature_size + hmac_size;
    2101            1 :     response_size = sizeof(response);
    2102            1 :     status = libspdm_get_response_finish(spdm_context,
    2103              :                                          m_libspdm_finish_request4_size,
    2104              :                                          &m_libspdm_finish_request4,
    2105              :                                          &response_size, response);
    2106            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2107            1 :     assert_int_equal(response_size,
    2108              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2109            1 :     spdm_response = (void *)response;
    2110            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2111              :                      SPDM_FINISH_RSP);
    2112            1 :     free(data1);
    2113            1 :     free(data2);
    2114              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    2115            1 : }
    2116              : 
    2117              : /**
    2118              :  * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
    2119              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
    2120              :  * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
    2121              :  * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
    2122              :  **/
    2123            1 : void rsp_finish_rsp_case19(void **state)
    2124              : {
    2125              :     libspdm_return_t status;
    2126              :     libspdm_test_context_t *spdm_test_context;
    2127              :     libspdm_context_t *spdm_context;
    2128              :     size_t response_size;
    2129              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2130              :     spdm_finish_response_t *spdm_response;
    2131              :     void *data1;
    2132              :     size_t data_size1;
    2133              :     void *data2;
    2134              :     size_t data_size2;
    2135              :     uint8_t *ptr;
    2136              :     uint8_t *cert_buffer;
    2137              :     size_t cert_buffer_size;
    2138              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2139              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2140              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2141              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2142              :     libspdm_session_info_t *session_info;
    2143              :     uint32_t session_id;
    2144              :     uint32_t hash_size;
    2145              :     uint32_t hmac_size;
    2146              :     size_t req_asym_signature_size;
    2147              : 
    2148            1 :     spdm_test_context = *state;
    2149            1 :     spdm_context = spdm_test_context->spdm_context;
    2150            1 :     spdm_test_context->case_id = 0x13;
    2151            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2152              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2153            1 :     spdm_context->connection_info.connection_state =
    2154              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2155            1 :     spdm_context->connection_info.capability.flags |=
    2156              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2157            1 :     spdm_context->local_context.capability.flags |=
    2158              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2159            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2160              :         m_libspdm_use_hash_algo;
    2161            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2162              :         m_libspdm_use_asym_algo;
    2163            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2164              :         m_libspdm_use_req_asym_algo;
    2165            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2166              :         m_libspdm_use_measurement_spec;
    2167            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2168              :         m_libspdm_use_measurement_hash_algo;
    2169            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2170              :         m_libspdm_use_dhe_algo;
    2171            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2172              :         m_libspdm_use_aead_algo;
    2173            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2174              :                                                     m_libspdm_use_asym_algo, &data1,
    2175              :                                                     &data_size1, NULL, NULL);
    2176            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2177            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2178              :         data_size1;
    2179            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2180            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2181              :         data_size1;
    2182              : 
    2183            1 :     libspdm_reset_message_a(spdm_context);
    2184            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2185            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2186              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2187              :                                                     &data_size2, NULL, NULL);
    2188              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2189              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2190              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2191              :                      data2, data_size2);
    2192              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2193              :         data_size2;
    2194              : #else
    2195            1 :     libspdm_hash_all(
    2196              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2197              :         data2, data_size2,
    2198            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2199            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2200            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2201            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2202              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2203            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2204              :         data2,
    2205              :         data_size2,
    2206              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2207              : #endif
    2208            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2209              : 
    2210            1 :     session_id = 0xFFFFFFFF;
    2211            1 :     spdm_context->latest_session_id = session_id;
    2212            1 :     session_info = &spdm_context->session_info[0];
    2213            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2214              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2215            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2216            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2217            1 :     libspdm_secured_message_set_request_finished_key(
    2218              :         session_info->secured_message_context, m_dummy_buffer,
    2219              :         hash_size);
    2220            1 :     libspdm_secured_message_set_session_state(
    2221              :         session_info->secured_message_context,
    2222              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2223            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2224              : 
    2225            1 :     spdm_context->connection_info.capability.flags |=
    2226              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2227            1 :     spdm_context->local_context.capability.flags |=
    2228              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2229            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2230            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2231            1 :     req_asym_signature_size =
    2232            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2233            1 :     ptr = m_libspdm_finish_request5.signature;
    2234            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2235            1 :     cert_buffer = (uint8_t *)data1;
    2236            1 :     cert_buffer_size = data_size1;
    2237            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2238              :                      cert_buffer_hash);
    2239            1 :     cert_buffer = (uint8_t *)data2;
    2240            1 :     cert_buffer_size = data_size2;
    2241            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2242              :                      req_cert_buffer_hash);
    2243              :     /* transcript.message_a size is 0*/
    2244            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2245              :     /* session_transcript.message_k is 0*/
    2246            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2247            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
    2248              :                                   sizeof(spdm_finish_request_t));
    2249              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2250            1 :     libspdm_requester_data_sign(
    2251              :         spdm_context,
    2252            1 :         m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2253              :             0, SPDM_FINISH,
    2254              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2255            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2256              :             libspdm_get_managed_buffer_size(&th_curr),
    2257              :             ptr, &req_asym_signature_size);
    2258              : #endif
    2259            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2260            1 :     ptr += req_asym_signature_size;
    2261            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2262            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2263              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2264            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2265              :                      request_finished_key, hash_size, ptr);
    2266            1 :     m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
    2267            1 :                                      req_asym_signature_size + hmac_size;
    2268            1 :     response_size = sizeof(response);
    2269            1 :     status = libspdm_get_response_finish(spdm_context,
    2270              :                                          m_libspdm_finish_request5_size,
    2271              :                                          &m_libspdm_finish_request5,
    2272              :                                          &response_size, response);
    2273            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2274            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2275            1 :     spdm_response = (void *)response;
    2276            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2277              :                      SPDM_ERROR);
    2278            1 :     assert_int_equal(spdm_response->header.param1,
    2279              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    2280            1 :     assert_int_equal(spdm_response->header.param2, 0);
    2281            1 :     free(data1);
    2282            1 :     free(data2);
    2283            1 : }
    2284              : 
    2285              : /**
    2286              :  * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
    2287              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
    2288              :  * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
    2289              :  * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
    2290              :  **/
    2291            1 : void rsp_finish_rsp_case20(void **state)
    2292              : {
    2293              :     libspdm_return_t status;
    2294              :     libspdm_test_context_t *spdm_test_context;
    2295              :     libspdm_context_t *spdm_context;
    2296              :     size_t response_size;
    2297              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2298              :     spdm_finish_response_t *spdm_response;
    2299              :     void *data1;
    2300              :     size_t data_size1;
    2301              :     void *data2;
    2302              :     size_t data_size2;
    2303              :     uint8_t *ptr;
    2304              :     uint8_t *cert_buffer;
    2305              :     size_t cert_buffer_size;
    2306              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2307              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2308              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2309              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2310              :     libspdm_session_info_t *session_info;
    2311              :     uint32_t session_id;
    2312              :     uint32_t hash_size;
    2313              :     uint32_t hmac_size;
    2314              :     size_t req_asym_signature_size;
    2315              : 
    2316            1 :     spdm_test_context = *state;
    2317            1 :     spdm_context = spdm_test_context->spdm_context;
    2318            1 :     spdm_test_context->case_id = 0x14;
    2319            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2320              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2321            1 :     spdm_context->connection_info.connection_state =
    2322              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2323            1 :     spdm_context->connection_info.capability.flags |=
    2324              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2325            1 :     spdm_context->local_context.capability.flags |=
    2326              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2327            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2328              :         m_libspdm_use_hash_algo;
    2329            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2330              :         m_libspdm_use_asym_algo;
    2331            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2332              :         m_libspdm_use_req_asym_algo;
    2333            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2334              :         m_libspdm_use_measurement_spec;
    2335            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2336              :         m_libspdm_use_measurement_hash_algo;
    2337            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2338              :         m_libspdm_use_dhe_algo;
    2339            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2340              :         m_libspdm_use_aead_algo;
    2341            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2342              :                                                     m_libspdm_use_asym_algo, &data1,
    2343              :                                                     &data_size1, NULL, NULL);
    2344            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2345            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2346              :         data_size1;
    2347            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2348            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2349              :         data_size1;
    2350              : 
    2351            1 :     libspdm_reset_message_a(spdm_context);
    2352            1 :     spdm_context->local_context.mut_auth_requested =
    2353              :         SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
    2354            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2355              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2356              :                                                     &data_size2, NULL, NULL);
    2357              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2358              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2359              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2360              :                      data2, data_size2);
    2361              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2362              :         data_size2;
    2363              : #else
    2364            1 :     libspdm_hash_all(
    2365              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2366              :         data2, data_size2,
    2367            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2368            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2369            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2370            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2371              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2372            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2373              :         data2,
    2374              :         data_size2,
    2375              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2376              : #endif
    2377            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2378              : 
    2379            1 :     session_id = 0xFFFFFFFF;
    2380            1 :     spdm_context->latest_session_id = session_id;
    2381            1 :     session_info = &spdm_context->session_info[0];
    2382            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2383              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2384            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2385            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2386            1 :     libspdm_secured_message_set_request_finished_key(
    2387              :         session_info->secured_message_context, m_dummy_buffer,
    2388              :         hash_size);
    2389            1 :     libspdm_secured_message_set_session_state(
    2390              :         session_info->secured_message_context,
    2391              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2392            1 :     session_info->mut_auth_requested =
    2393              :         SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
    2394              : 
    2395            1 :     spdm_context->connection_info.capability.flags |=
    2396              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2397            1 :     spdm_context->local_context.capability.flags |=
    2398              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2399            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2400            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2401            1 :     req_asym_signature_size =
    2402            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2403            1 :     ptr = m_libspdm_finish_request7.signature;
    2404            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2405            1 :     cert_buffer = (uint8_t *)data1;
    2406            1 :     cert_buffer_size = data_size1;
    2407            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2408              :                      cert_buffer_hash);
    2409            1 :     cert_buffer = (uint8_t *)data2;
    2410            1 :     cert_buffer_size = data_size2;
    2411            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2412              :                      req_cert_buffer_hash);
    2413              :     /* transcript.message_a size is 0*/
    2414            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2415              :     /* session_transcript.message_k is 0*/
    2416            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2417            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
    2418              :                                   sizeof(spdm_finish_request_t));
    2419              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2420            1 :     libspdm_requester_data_sign(
    2421              :         spdm_context,
    2422            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2423              :             0, SPDM_FINISH,
    2424              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2425            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2426              :             libspdm_get_managed_buffer_size(&th_curr),
    2427              :             ptr, &req_asym_signature_size);
    2428              : #endif
    2429            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2430            1 :     ptr += req_asym_signature_size;
    2431            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2432            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2433              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2434            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2435              :                      request_finished_key, hash_size, ptr);
    2436            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2437            1 :                                      req_asym_signature_size + hmac_size;
    2438            1 :     response_size = sizeof(response);
    2439            1 :     status = libspdm_get_response_finish(spdm_context,
    2440              :                                          m_libspdm_finish_request7_size,
    2441              :                                          &m_libspdm_finish_request7,
    2442              :                                          &response_size, response);
    2443            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2444            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2445            1 :     spdm_response = (void *)response;
    2446            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2447              :                      SPDM_ERROR);
    2448            1 :     assert_int_equal(spdm_response->header.param1,
    2449              :                      SPDM_ERROR_CODE_INVALID_REQUEST);
    2450            1 :     assert_int_equal(spdm_response->header.param2, 0);
    2451            1 :     free(data1);
    2452            1 :     free(data2);
    2453            1 : }
    2454              : 
    2455              : /**
    2456              :  * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
    2457              :  * although SlotID in FINISH request message is 10, it shall be ignored when read.
    2458              :  * Expected behavior: the responder accepts the request and produces a valid
    2459              :  * FINISH_RSP response message.
    2460              :  **/
    2461            1 : void rsp_finish_rsp_case21(void **state)
    2462              : {
    2463              :     libspdm_return_t status;
    2464              :     libspdm_test_context_t *spdm_test_context;
    2465              :     libspdm_context_t *spdm_context;
    2466              :     size_t response_size;
    2467              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2468              :     spdm_finish_response_t *spdm_response;
    2469              :     void *data1;
    2470              :     size_t data_size1;
    2471              :     uint8_t *ptr;
    2472              :     uint8_t *cert_buffer;
    2473              :     size_t cert_buffer_size;
    2474              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2475              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2476              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2477              :     libspdm_session_info_t *session_info;
    2478              :     uint32_t session_id;
    2479              :     uint32_t hash_size;
    2480              :     uint32_t hmac_size;
    2481              : 
    2482            1 :     spdm_test_context = *state;
    2483            1 :     spdm_context = spdm_test_context->spdm_context;
    2484            1 :     spdm_test_context->case_id = 0x15;
    2485            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2486              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2487            1 :     spdm_context->connection_info.connection_state =
    2488              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2489            1 :     spdm_context->connection_info.capability.flags |=
    2490              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2491            1 :     spdm_context->local_context.capability.flags |=
    2492              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2493            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2494              :         m_libspdm_use_hash_algo;
    2495            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2496              :         m_libspdm_use_asym_algo;
    2497            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2498              :         m_libspdm_use_measurement_spec;
    2499            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2500              :         m_libspdm_use_measurement_hash_algo;
    2501            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2502              :         m_libspdm_use_dhe_algo;
    2503            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2504              :         m_libspdm_use_aead_algo;
    2505            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2506              :                                                     m_libspdm_use_asym_algo, &data1,
    2507              :                                                     &data_size1, NULL, NULL);
    2508            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2509            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2510              :         data_size1;
    2511            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2512            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2513              :         data_size1;
    2514              : 
    2515            1 :     libspdm_reset_message_a(spdm_context);
    2516            1 :     spdm_context->local_context.mut_auth_requested = 0;
    2517              : 
    2518            1 :     session_id = 0xFFFFFFFF;
    2519            1 :     spdm_context->latest_session_id = session_id;
    2520            1 :     session_info = &spdm_context->session_info[0];
    2521            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2522              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2523            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2524            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2525            1 :     libspdm_secured_message_set_request_finished_key(
    2526              :         session_info->secured_message_context, m_dummy_buffer,
    2527              :         hash_size);
    2528            1 :     libspdm_secured_message_set_session_state(
    2529              :         session_info->secured_message_context,
    2530              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2531            1 :     session_info->mut_auth_requested = 0;
    2532              : 
    2533            1 :     spdm_context->connection_info.capability.flags |=
    2534              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2535            1 :     spdm_context->local_context.capability.flags |=
    2536              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2537            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2538            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2539            1 :     ptr = m_libspdm_finish_request6.signature;
    2540            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2541            1 :     cert_buffer = (uint8_t *)data1;
    2542            1 :     cert_buffer_size = data_size1;
    2543            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2544              :                      cert_buffer_hash);
    2545              :     /* transcript.message_a size is 0*/
    2546            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2547              :     /* session_transcript.message_k is 0*/
    2548            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
    2549              :                                   sizeof(spdm_finish_request_t));
    2550            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2551            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2552              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2553            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2554              :                      request_finished_key, hash_size, ptr);
    2555            1 :     m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
    2556            1 :     response_size = sizeof(response);
    2557            1 :     status = libspdm_get_response_finish(spdm_context,
    2558              :                                          m_libspdm_finish_request6_size,
    2559              :                                          &m_libspdm_finish_request6,
    2560              :                                          &response_size, response);
    2561            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2562            1 :     spdm_response = (void *)response;
    2563            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2564              :                      SPDM_FINISH_RSP);
    2565            1 :     assert_int_equal(response_size,
    2566              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2567            1 :     free(data1);
    2568            1 : }
    2569              : 
    2570              : /**
    2571              :  * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
    2572              :  * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
    2573              :  * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
    2574              :  * Expected behavior: the responder accepts the request and produces a valid
    2575              :  * FINISH_RSP response message.
    2576              :  **/
    2577            1 : void rsp_finish_rsp_case22(void **state)
    2578              : {
    2579              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2580              :     libspdm_return_t status;
    2581              :     libspdm_test_context_t *spdm_test_context;
    2582              :     libspdm_context_t *spdm_context;
    2583              :     size_t response_size;
    2584              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2585              :     spdm_finish_response_t *spdm_response;
    2586              :     void *data1;
    2587              :     size_t data_size1;
    2588              :     void *data2;
    2589              :     size_t data_size2;
    2590              :     uint8_t *ptr;
    2591              :     uint8_t *cert_buffer;
    2592              :     size_t cert_buffer_size;
    2593              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2594              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2595              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2596              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2597              :     libspdm_session_info_t *session_info;
    2598              :     uint32_t session_id;
    2599              :     uint32_t hash_size;
    2600              :     uint32_t hmac_size;
    2601              :     size_t req_asym_signature_size;
    2602              : 
    2603            1 :     spdm_test_context = *state;
    2604            1 :     spdm_context = spdm_test_context->spdm_context;
    2605            1 :     spdm_test_context->case_id = 0x16;
    2606            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2607              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2608            1 :     spdm_context->connection_info.connection_state =
    2609              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2610            1 :     spdm_context->connection_info.capability.flags |=
    2611              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2612            1 :     spdm_context->local_context.capability.flags |=
    2613              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2614            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2615              :         m_libspdm_use_hash_algo;
    2616            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2617              :         m_libspdm_use_asym_algo;
    2618            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2619              :         m_libspdm_use_req_asym_algo;
    2620            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2621              :         m_libspdm_use_measurement_spec;
    2622            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2623              :         m_libspdm_use_measurement_hash_algo;
    2624            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2625              :         m_libspdm_use_dhe_algo;
    2626            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2627              :         m_libspdm_use_aead_algo;
    2628            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2629              :                                                     m_libspdm_use_asym_algo, &data1,
    2630              :                                                     &data_size1, NULL, NULL);
    2631            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2632            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2633              :         data_size1;
    2634            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2635            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2636              :         data_size1;
    2637              : 
    2638            1 :     libspdm_reset_message_a(spdm_context);
    2639            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2640            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2641              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2642              :                                                     &data_size2, NULL, NULL);
    2643              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2644              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2645              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2646              :                      data2, data_size2);
    2647              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2648              :         data_size2;
    2649              : #else
    2650            1 :     libspdm_hash_all(
    2651              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2652              :         data2, data_size2,
    2653            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2654            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2655            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2656            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2657              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2658            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2659              :         data2,
    2660              :         data_size2,
    2661              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2662              : #endif
    2663            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2664              : 
    2665            1 :     session_id = 0xFFFFFFFF;
    2666            1 :     spdm_context->latest_session_id = session_id;
    2667            1 :     session_info = &spdm_context->session_info[0];
    2668            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2669              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2670            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2671            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2672            1 :     libspdm_secured_message_set_request_finished_key(
    2673              :         session_info->secured_message_context, m_dummy_buffer,
    2674              :         hash_size);
    2675            1 :     libspdm_secured_message_set_session_state(
    2676              :         session_info->secured_message_context,
    2677              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2678            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2679              : 
    2680            1 :     spdm_context->connection_info.capability.flags |=
    2681              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2682            1 :     spdm_context->local_context.capability.flags |=
    2683              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2684            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2685            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2686            1 :     req_asym_signature_size =
    2687            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2688            1 :     ptr = m_libspdm_finish_request7.signature;
    2689            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2690            1 :     cert_buffer = (uint8_t *)data1;
    2691            1 :     cert_buffer_size = data_size1;
    2692            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2693              :                      cert_buffer_hash);
    2694            1 :     cert_buffer = (uint8_t *)data2;
    2695            1 :     cert_buffer_size = data_size2;
    2696            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2697              :                      req_cert_buffer_hash);
    2698              :     /* transcript.message_a size is 0*/
    2699            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2700              :     /* session_transcript.message_k is 0*/
    2701            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2702            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
    2703              :                                   sizeof(spdm_finish_request_t));
    2704              : 
    2705            1 :     libspdm_requester_data_sign(
    2706              :         spdm_context,
    2707            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2708              :             0, SPDM_FINISH,
    2709              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2710            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2711              :             libspdm_get_managed_buffer_size(&th_curr),
    2712              :             ptr, &req_asym_signature_size);
    2713              : 
    2714            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2715            1 :     ptr += req_asym_signature_size;
    2716            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2717            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2718              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2719            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2720              :                      request_finished_key, hash_size, ptr);
    2721            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2722            1 :                                      req_asym_signature_size + hmac_size;
    2723            1 :     response_size = sizeof(response);
    2724            1 :     status = libspdm_get_response_finish(spdm_context,
    2725              :                                          m_libspdm_finish_request7_size,
    2726              :                                          &m_libspdm_finish_request7,
    2727              :                                          &response_size, response);
    2728            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2729            1 :     spdm_response = (void *)response;
    2730            1 :     assert_int_equal(spdm_response->header.request_response_code,
    2731              :                      SPDM_FINISH_RSP);
    2732            1 :     assert_int_equal(response_size,
    2733              :                      sizeof(spdm_finish_response_t) + hmac_size);
    2734            1 :     free(data1);
    2735            1 :     free(data2);
    2736              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    2737            1 : }
    2738              : 
    2739              : /**
    2740              :  * Test 23: Same as test case 22 but test signature endianness.
    2741              :  * Big-Endian Sign. Little-Endian Verify.
    2742              :  * Expecting signature to fail.
    2743              :  **/
    2744            1 : void rsp_finish_rsp_case23(void** state)
    2745              : {
    2746              :     libspdm_return_t status;
    2747              :     libspdm_test_context_t* spdm_test_context;
    2748              :     libspdm_context_t* spdm_context;
    2749              :     size_t response_size;
    2750              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2751              :     spdm_finish_response_t* spdm_response;
    2752              :     void* data1;
    2753              :     size_t data_size1;
    2754              :     void* data2;
    2755              :     size_t data_size2;
    2756              :     uint8_t* ptr;
    2757              :     uint8_t* cert_buffer;
    2758              :     size_t cert_buffer_size;
    2759              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2760              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2761              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2762              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2763              :     libspdm_session_info_t* session_info;
    2764              :     uint32_t session_id;
    2765              :     uint32_t hash_size;
    2766              :     uint32_t hmac_size;
    2767              :     size_t req_asym_signature_size;
    2768              : 
    2769            1 :     spdm_test_context = *state;
    2770            1 :     spdm_context = spdm_test_context->spdm_context;
    2771            1 :     spdm_test_context->case_id = 23;
    2772            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2773              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2774            1 :     spdm_context->connection_info.connection_state =
    2775              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2776            1 :     spdm_context->connection_info.capability.flags |=
    2777              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2778            1 :     spdm_context->local_context.capability.flags |=
    2779              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2780            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2781              :         m_libspdm_use_hash_algo;
    2782            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2783              :         m_libspdm_use_asym_algo;
    2784            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2785              :         m_libspdm_use_req_asym_algo;
    2786            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2787              :         m_libspdm_use_measurement_spec;
    2788            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2789              :         m_libspdm_use_measurement_hash_algo;
    2790            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2791              :         m_libspdm_use_dhe_algo;
    2792            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2793              :         m_libspdm_use_aead_algo;
    2794            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2795              :                                                     m_libspdm_use_asym_algo, &data1,
    2796              :                                                     &data_size1, NULL, NULL);
    2797            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2798            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2799              :         data_size1;
    2800            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2801            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2802              :         data_size1;
    2803            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    2804              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    2805              : 
    2806            1 :     libspdm_reset_message_a(spdm_context);
    2807            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2808            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2809              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2810              :                                                     &data_size2, NULL, NULL);
    2811              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2812              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2813              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2814              :                      data2, data_size2);
    2815              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2816              :         data_size2;
    2817              : #else
    2818            1 :     libspdm_hash_all(
    2819              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2820              :         data2, data_size2,
    2821            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2822            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2823            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2824            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2825              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2826            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2827              :         data2,
    2828              :         data_size2,
    2829              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2830              : #endif
    2831            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    2832              : 
    2833            1 :     session_id = 0xFFFFFFFF;
    2834            1 :     spdm_context->latest_session_id = session_id;
    2835            1 :     session_info = &spdm_context->session_info[0];
    2836            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    2837              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    2838            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2839            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    2840            1 :     libspdm_secured_message_set_request_finished_key(
    2841              :         session_info->secured_message_context, m_dummy_buffer,
    2842              :         hash_size);
    2843            1 :     libspdm_secured_message_set_session_state(
    2844              :         session_info->secured_message_context,
    2845              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    2846            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2847              : 
    2848            1 :     spdm_context->connection_info.capability.flags |=
    2849              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2850            1 :     spdm_context->local_context.capability.flags |=
    2851              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    2852            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2853            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    2854            1 :     req_asym_signature_size =
    2855            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    2856            1 :     ptr = m_libspdm_finish_request7.signature;
    2857            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    2858            1 :     cert_buffer = (uint8_t*)data1;
    2859            1 :     cert_buffer_size = data_size1;
    2860            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2861              :                      cert_buffer_hash);
    2862            1 :     cert_buffer = (uint8_t*)data2;
    2863            1 :     cert_buffer_size = data_size2;
    2864            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    2865              :                      req_cert_buffer_hash);
    2866              :     /* transcript.message_a size is 0*/
    2867            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    2868              :     /* session_transcript.message_k is 0*/
    2869            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    2870            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    2871              :                                   sizeof(spdm_finish_request_t));
    2872              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2873            1 :     libspdm_requester_data_sign(
    2874              :         spdm_context,
    2875            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    2876              :             0, SPDM_FINISH,
    2877              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    2878            1 :             false, libspdm_get_managed_buffer(&th_curr),
    2879              :             libspdm_get_managed_buffer_size(&th_curr),
    2880              :             ptr, &req_asym_signature_size);
    2881              : #endif
    2882            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    2883            1 :     ptr += req_asym_signature_size;
    2884            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    2885            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    2886              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    2887            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    2888              :                      request_finished_key, hash_size, ptr);
    2889            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    2890            1 :                                      req_asym_signature_size + hmac_size;
    2891            1 :     response_size = sizeof(response);
    2892            1 :     status = libspdm_get_response_finish(spdm_context,
    2893              :                                          m_libspdm_finish_request7_size,
    2894              :                                          &m_libspdm_finish_request7,
    2895              :                                          &response_size, response);
    2896            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    2897            1 :     spdm_response = (void*)response;
    2898              : 
    2899              :     /* Expecting failure on little-endian signature */
    2900            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
    2901            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    2902            1 :     free(data1);
    2903            1 :     free(data2);
    2904            1 : }
    2905              : 
    2906              : /**
    2907              :  * Test 24: Same as test case 22 but test signature endianness.
    2908              :  * Big-Endian Sign. Big-Endian Verify.
    2909              :  * Expecting signature to PASS.
    2910              :  **/
    2911            1 : void rsp_finish_rsp_case24(void** state)
    2912              : {
    2913              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    2914              :     libspdm_return_t status;
    2915              :     libspdm_test_context_t* spdm_test_context;
    2916              :     libspdm_context_t* spdm_context;
    2917              :     size_t response_size;
    2918              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    2919              :     spdm_finish_response_t* spdm_response;
    2920              :     void* data1;
    2921              :     size_t data_size1;
    2922              :     void* data2;
    2923              :     size_t data_size2;
    2924              :     uint8_t* ptr;
    2925              :     uint8_t* cert_buffer;
    2926              :     size_t cert_buffer_size;
    2927              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2928              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    2929              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    2930              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    2931              :     libspdm_session_info_t* session_info;
    2932              :     uint32_t session_id;
    2933              :     uint32_t hash_size;
    2934              :     uint32_t hmac_size;
    2935              :     size_t req_asym_signature_size;
    2936              : 
    2937            1 :     spdm_test_context = *state;
    2938            1 :     spdm_context = spdm_test_context->spdm_context;
    2939            1 :     spdm_test_context->case_id = 24;
    2940            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    2941              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    2942            1 :     spdm_context->connection_info.connection_state =
    2943              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    2944            1 :     spdm_context->connection_info.capability.flags |=
    2945              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    2946            1 :     spdm_context->local_context.capability.flags |=
    2947              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    2948            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    2949              :         m_libspdm_use_hash_algo;
    2950            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    2951              :         m_libspdm_use_asym_algo;
    2952            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    2953              :         m_libspdm_use_req_asym_algo;
    2954            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    2955              :         m_libspdm_use_measurement_spec;
    2956            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    2957              :         m_libspdm_use_measurement_hash_algo;
    2958            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    2959              :         m_libspdm_use_dhe_algo;
    2960            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    2961              :         m_libspdm_use_aead_algo;
    2962            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    2963              :                                                     m_libspdm_use_asym_algo, &data1,
    2964              :                                                     &data_size1, NULL, NULL);
    2965            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    2966            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    2967              :         data_size1;
    2968            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    2969            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    2970              :         data_size1;
    2971            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    2972              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
    2973              : 
    2974            1 :     libspdm_reset_message_a(spdm_context);
    2975            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    2976            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    2977              :                                                     m_libspdm_use_req_asym_algo, &data2,
    2978              :                                                     &data_size2, NULL, NULL);
    2979              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    2980              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    2981              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    2982              :                      data2, data_size2);
    2983              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    2984              :         data_size2;
    2985              : #else
    2986            1 :     libspdm_hash_all(
    2987              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2988              :         data2, data_size2,
    2989            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    2990            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    2991            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    2992            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    2993              :         spdm_context->connection_info.algorithm.base_hash_algo,
    2994            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    2995              :         data2,
    2996              :         data_size2,
    2997              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    2998              : #endif
    2999            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3000              : 
    3001            1 :     session_id = 0xFFFFFFFF;
    3002            1 :     spdm_context->latest_session_id = session_id;
    3003            1 :     session_info = &spdm_context->session_info[0];
    3004            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3005              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3006            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3007            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3008            1 :     libspdm_secured_message_set_request_finished_key(
    3009              :         session_info->secured_message_context, m_dummy_buffer,
    3010              :         hash_size);
    3011            1 :     libspdm_secured_message_set_session_state(
    3012              :         session_info->secured_message_context,
    3013              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3014            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3015              : 
    3016            1 :     spdm_context->connection_info.capability.flags |=
    3017              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3018            1 :     spdm_context->local_context.capability.flags |=
    3019              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3020            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3021            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3022            1 :     req_asym_signature_size =
    3023            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3024            1 :     ptr = m_libspdm_finish_request7.signature;
    3025            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3026            1 :     cert_buffer = (uint8_t*)data1;
    3027            1 :     cert_buffer_size = data_size1;
    3028            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3029              :                      cert_buffer_hash);
    3030            1 :     cert_buffer = (uint8_t*)data2;
    3031            1 :     cert_buffer_size = data_size2;
    3032            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3033              :                      req_cert_buffer_hash);
    3034              :     /* transcript.message_a size is 0*/
    3035            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3036              :     /* session_transcript.message_k is 0*/
    3037            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3038            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3039              :                                   sizeof(spdm_finish_request_t));
    3040              : 
    3041            1 :     libspdm_requester_data_sign(
    3042              :         spdm_context,
    3043            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    3044              :             0, SPDM_FINISH,
    3045              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3046            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3047              :             libspdm_get_managed_buffer_size(&th_curr),
    3048              :             ptr, &req_asym_signature_size);
    3049              : 
    3050            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3051            1 :     ptr += req_asym_signature_size;
    3052            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3053            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3054              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3055            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3056              :                      request_finished_key, hash_size, ptr);
    3057            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3058            1 :                                      req_asym_signature_size + hmac_size;
    3059            1 :     response_size = sizeof(response);
    3060            1 :     status = libspdm_get_response_finish(spdm_context,
    3061              :                                          m_libspdm_finish_request7_size,
    3062              :                                          &m_libspdm_finish_request7,
    3063              :                                          &response_size, response);
    3064            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3065            1 :     spdm_response = (void*)response;
    3066              : 
    3067              :     /* Expecting pass on big-endian signature */
    3068            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3069            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3070            1 :     free(data1);
    3071            1 :     free(data2);
    3072              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3073            1 : }
    3074              : 
    3075              : /**
    3076              :  * Test 25: Same as test case 22, but test signature endianness.
    3077              :  * Big Endian Sign. Big or Little Endian Verify.
    3078              :  * Expecting signature to PASS.
    3079              :  **/
    3080            1 : void rsp_finish_rsp_case25(void** state)
    3081              : {
    3082              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3083              :     libspdm_return_t status;
    3084              :     libspdm_test_context_t* spdm_test_context;
    3085              :     libspdm_context_t* spdm_context;
    3086              :     size_t response_size;
    3087              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3088              :     spdm_finish_response_t* spdm_response;
    3089              :     void* data1;
    3090              :     size_t data_size1;
    3091              :     void* data2;
    3092              :     size_t data_size2;
    3093              :     uint8_t* ptr;
    3094              :     uint8_t* cert_buffer;
    3095              :     size_t cert_buffer_size;
    3096              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3097              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3098              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3099              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3100              :     libspdm_session_info_t* session_info;
    3101              :     uint32_t session_id;
    3102              :     uint32_t hash_size;
    3103              :     uint32_t hmac_size;
    3104              :     size_t req_asym_signature_size;
    3105              : 
    3106            1 :     spdm_test_context = *state;
    3107            1 :     spdm_context = spdm_test_context->spdm_context;
    3108            1 :     spdm_test_context->case_id = 25;
    3109            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3110              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3111            1 :     spdm_context->connection_info.connection_state =
    3112              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3113            1 :     spdm_context->connection_info.capability.flags |=
    3114              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3115            1 :     spdm_context->local_context.capability.flags |=
    3116              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3117            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3118              :         m_libspdm_use_hash_algo;
    3119            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3120              :         m_libspdm_use_asym_algo;
    3121            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3122              :         m_libspdm_use_req_asym_algo;
    3123            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3124              :         m_libspdm_use_measurement_spec;
    3125            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3126              :         m_libspdm_use_measurement_hash_algo;
    3127            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3128              :         m_libspdm_use_dhe_algo;
    3129            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3130              :         m_libspdm_use_aead_algo;
    3131            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3132              :                                                     m_libspdm_use_asym_algo, &data1,
    3133              :                                                     &data_size1, NULL, NULL);
    3134            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3135            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3136              :         data_size1;
    3137            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3138            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3139              :         data_size1;
    3140            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3141              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
    3142              : 
    3143            1 :     libspdm_reset_message_a(spdm_context);
    3144            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3145            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3146              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3147              :                                                     &data_size2, NULL, NULL);
    3148              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3149              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3150              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3151              :                      data2, data_size2);
    3152              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3153              :         data_size2;
    3154              : #else
    3155            1 :     libspdm_hash_all(
    3156              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3157              :         data2, data_size2,
    3158            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3159            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3160            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3161            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3162              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3163            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3164              :         data2,
    3165              :         data_size2,
    3166              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3167              : #endif
    3168            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3169              : 
    3170            1 :     session_id = 0xFFFFFFFF;
    3171            1 :     spdm_context->latest_session_id = session_id;
    3172            1 :     session_info = &spdm_context->session_info[0];
    3173            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3174              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3175            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3176            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3177            1 :     libspdm_secured_message_set_request_finished_key(
    3178              :         session_info->secured_message_context, m_dummy_buffer,
    3179              :         hash_size);
    3180            1 :     libspdm_secured_message_set_session_state(
    3181              :         session_info->secured_message_context,
    3182              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3183            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3184              : 
    3185            1 :     spdm_context->connection_info.capability.flags |=
    3186              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3187            1 :     spdm_context->local_context.capability.flags |=
    3188              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3189            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3190            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3191            1 :     req_asym_signature_size =
    3192            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3193            1 :     ptr = m_libspdm_finish_request7.signature;
    3194            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3195            1 :     cert_buffer = (uint8_t*)data1;
    3196            1 :     cert_buffer_size = data_size1;
    3197            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3198              :                      cert_buffer_hash);
    3199            1 :     cert_buffer = (uint8_t*)data2;
    3200            1 :     cert_buffer_size = data_size2;
    3201            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3202              :                      req_cert_buffer_hash);
    3203              :     /* transcript.message_a size is 0*/
    3204            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3205              :     /* session_transcript.message_k is 0*/
    3206            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3207            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3208              :                                   sizeof(spdm_finish_request_t));
    3209              : 
    3210            1 :     libspdm_requester_data_sign(
    3211              :         spdm_context,
    3212            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    3213              :             0, SPDM_FINISH,
    3214              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3215            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3216              :             libspdm_get_managed_buffer_size(&th_curr),
    3217              :             ptr, &req_asym_signature_size);
    3218              : 
    3219            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3220            1 :     ptr += req_asym_signature_size;
    3221            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3222            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3223              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3224            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3225              :                      request_finished_key, hash_size, ptr);
    3226            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3227            1 :                                      req_asym_signature_size + hmac_size;
    3228            1 :     response_size = sizeof(response);
    3229            1 :     status = libspdm_get_response_finish(spdm_context,
    3230              :                                          m_libspdm_finish_request7_size,
    3231              :                                          &m_libspdm_finish_request7,
    3232              :                                          &response_size, response);
    3233            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3234            1 :     spdm_response = (void*)response;
    3235            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3236            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3237            1 :     free(data1);
    3238            1 :     free(data2);
    3239              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3240            1 : }
    3241              : 
    3242              : /**
    3243              :  * Test 26: Same as test case 22, but test endian verification.
    3244              :  * Sign as Little Endian, Verify as Little.
    3245              :  * Expecting signature to PASS.
    3246              :  **/
    3247            1 : void rsp_finish_rsp_case26(void** state)
    3248              : {
    3249              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3250              :     libspdm_return_t status;
    3251              :     libspdm_test_context_t* spdm_test_context;
    3252              :     libspdm_context_t* spdm_context;
    3253              :     size_t response_size;
    3254              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3255              :     spdm_finish_response_t* spdm_response;
    3256              :     void* data1;
    3257              :     size_t data_size1;
    3258              :     void* data2;
    3259              :     size_t data_size2;
    3260              :     uint8_t* ptr;
    3261              :     uint8_t* cert_buffer;
    3262              :     size_t cert_buffer_size;
    3263              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3264              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3265              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3266              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3267              :     libspdm_session_info_t* session_info;
    3268              :     uint32_t session_id;
    3269              :     uint32_t hash_size;
    3270              :     uint32_t hmac_size;
    3271              :     size_t req_asym_signature_size;
    3272              : 
    3273            1 :     spdm_test_context = *state;
    3274            1 :     spdm_context = spdm_test_context->spdm_context;
    3275            1 :     spdm_test_context->case_id = 26;
    3276            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3277              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3278            1 :     spdm_context->connection_info.connection_state =
    3279              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3280            1 :     spdm_context->connection_info.capability.flags |=
    3281              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3282            1 :     spdm_context->local_context.capability.flags |=
    3283              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3284            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3285              :         m_libspdm_use_hash_algo;
    3286            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3287              :         m_libspdm_use_asym_algo;
    3288            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3289              :         m_libspdm_use_req_asym_algo;
    3290            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3291              :         m_libspdm_use_measurement_spec;
    3292            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3293              :         m_libspdm_use_measurement_hash_algo;
    3294            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3295              :         m_libspdm_use_dhe_algo;
    3296            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3297              :         m_libspdm_use_aead_algo;
    3298            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3299              :                                                     m_libspdm_use_asym_algo, &data1,
    3300              :                                                     &data_size1, NULL, NULL);
    3301            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3302            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3303              :         data_size1;
    3304            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3305            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3306              :         data_size1;
    3307            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3308              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    3309              : 
    3310            1 :     libspdm_reset_message_a(spdm_context);
    3311            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3312            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3313              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3314              :                                                     &data_size2, NULL, NULL);
    3315              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3316              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3317              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3318              :                      data2, data_size2);
    3319              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3320              :         data_size2;
    3321              : #else
    3322            1 :     libspdm_hash_all(
    3323              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3324              :         data2, data_size2,
    3325            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3326            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3327            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3328            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3329              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3330            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3331              :         data2,
    3332              :         data_size2,
    3333              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3334              : #endif
    3335            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3336              : 
    3337            1 :     session_id = 0xFFFFFFFF;
    3338            1 :     spdm_context->latest_session_id = session_id;
    3339            1 :     session_info = &spdm_context->session_info[0];
    3340            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3341              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3342            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3343            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3344            1 :     libspdm_secured_message_set_request_finished_key(
    3345              :         session_info->secured_message_context, m_dummy_buffer,
    3346              :         hash_size);
    3347            1 :     libspdm_secured_message_set_session_state(
    3348              :         session_info->secured_message_context,
    3349              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3350            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3351              : 
    3352            1 :     spdm_context->connection_info.capability.flags |=
    3353              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3354            1 :     spdm_context->local_context.capability.flags |=
    3355              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3356            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3357            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3358            1 :     req_asym_signature_size =
    3359            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3360            1 :     ptr = m_libspdm_finish_request7.signature;
    3361            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3362            1 :     cert_buffer = (uint8_t*)data1;
    3363            1 :     cert_buffer_size = data_size1;
    3364            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3365              :                      cert_buffer_hash);
    3366            1 :     cert_buffer = (uint8_t*)data2;
    3367            1 :     cert_buffer_size = data_size2;
    3368            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3369              :                      req_cert_buffer_hash);
    3370              :     /* transcript.message_a size is 0*/
    3371            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3372              :     /* session_transcript.message_k is 0*/
    3373            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3374            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3375              :                                   sizeof(spdm_finish_request_t));
    3376              : 
    3377            1 :     libspdm_requester_data_sign(
    3378              :         spdm_context,
    3379            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    3380              :             0, SPDM_FINISH,
    3381              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3382            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3383              :             libspdm_get_managed_buffer_size(&th_curr),
    3384              :             ptr, &req_asym_signature_size);
    3385              : 
    3386              :     /* Switch signature to little endian */
    3387            1 :     libspdm_copy_signature_swap_endian(
    3388              :         m_libspdm_use_req_asym_algo,
    3389              :         ptr, req_asym_signature_size,
    3390              :         ptr, req_asym_signature_size);
    3391              : 
    3392            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3393            1 :     ptr += req_asym_signature_size;
    3394            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3395            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3396              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3397            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3398              :                      request_finished_key, hash_size, ptr);
    3399            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3400            1 :                                      req_asym_signature_size + hmac_size;
    3401            1 :     response_size = sizeof(response);
    3402            1 :     status = libspdm_get_response_finish(spdm_context,
    3403              :                                          m_libspdm_finish_request7_size,
    3404              :                                          &m_libspdm_finish_request7,
    3405              :                                          &response_size, response);
    3406            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3407            1 :     spdm_response = (void*)response;
    3408            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3409            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3410            1 :     free(data1);
    3411            1 :     free(data2);
    3412              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3413            1 : }
    3414              : 
    3415              : /**
    3416              :  * Test 27: Same as test case 22, but test endian verification.
    3417              :  * Sign as Little Endian, Verify as Big.
    3418              :  * Expecting signature to FAIL.
    3419              :  **/
    3420            1 : void rsp_finish_rsp_case27(void** state)
    3421              : {
    3422              :     libspdm_return_t status;
    3423              :     libspdm_test_context_t* spdm_test_context;
    3424              :     libspdm_context_t* spdm_context;
    3425              :     size_t response_size;
    3426              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3427              :     spdm_finish_response_t* spdm_response;
    3428              :     void* data1;
    3429              :     size_t data_size1;
    3430              :     void* data2;
    3431              :     size_t data_size2;
    3432              :     uint8_t* ptr;
    3433              :     uint8_t* cert_buffer;
    3434              :     size_t cert_buffer_size;
    3435              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3436              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3437              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3438              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3439              :     libspdm_session_info_t* session_info;
    3440              :     uint32_t session_id;
    3441              :     uint32_t hash_size;
    3442              :     uint32_t hmac_size;
    3443              :     size_t req_asym_signature_size;
    3444              : 
    3445            1 :     spdm_test_context = *state;
    3446            1 :     spdm_context = spdm_test_context->spdm_context;
    3447            1 :     spdm_test_context->case_id = 27;
    3448            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3449              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3450            1 :     spdm_context->connection_info.connection_state =
    3451              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3452            1 :     spdm_context->connection_info.capability.flags |=
    3453              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3454            1 :     spdm_context->local_context.capability.flags |=
    3455              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3456            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3457              :         m_libspdm_use_hash_algo;
    3458            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3459              :         m_libspdm_use_asym_algo;
    3460            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3461              :         m_libspdm_use_req_asym_algo;
    3462            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3463              :         m_libspdm_use_measurement_spec;
    3464            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3465              :         m_libspdm_use_measurement_hash_algo;
    3466            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3467              :         m_libspdm_use_dhe_algo;
    3468            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3469              :         m_libspdm_use_aead_algo;
    3470            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3471              :                                                     m_libspdm_use_asym_algo, &data1,
    3472              :                                                     &data_size1, NULL, NULL);
    3473            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3474            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3475              :         data_size1;
    3476            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3477            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3478              :         data_size1;
    3479            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3480              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
    3481              : 
    3482            1 :     libspdm_reset_message_a(spdm_context);
    3483            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3484            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3485              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3486              :                                                     &data_size2, NULL, NULL);
    3487              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3488              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3489              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3490              :                      data2, data_size2);
    3491              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3492              :         data_size2;
    3493              : #else
    3494            1 :     libspdm_hash_all(
    3495              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3496              :         data2, data_size2,
    3497            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3498            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3499            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3500            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3501              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3502            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3503              :         data2,
    3504              :         data_size2,
    3505              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3506              : #endif
    3507            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3508              : 
    3509            1 :     session_id = 0xFFFFFFFF;
    3510            1 :     spdm_context->latest_session_id = session_id;
    3511            1 :     session_info = &spdm_context->session_info[0];
    3512            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3513              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3514            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3515            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3516            1 :     libspdm_secured_message_set_request_finished_key(
    3517              :         session_info->secured_message_context, m_dummy_buffer,
    3518              :         hash_size);
    3519            1 :     libspdm_secured_message_set_session_state(
    3520              :         session_info->secured_message_context,
    3521              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3522            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3523              : 
    3524            1 :     spdm_context->connection_info.capability.flags |=
    3525              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3526            1 :     spdm_context->local_context.capability.flags |=
    3527              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3528            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3529            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3530            1 :     req_asym_signature_size =
    3531            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3532            1 :     ptr = m_libspdm_finish_request7.signature;
    3533            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3534            1 :     cert_buffer = (uint8_t*)data1;
    3535            1 :     cert_buffer_size = data_size1;
    3536            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3537              :                      cert_buffer_hash);
    3538            1 :     cert_buffer = (uint8_t*)data2;
    3539            1 :     cert_buffer_size = data_size2;
    3540            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3541              :                      req_cert_buffer_hash);
    3542              :     /* transcript.message_a size is 0*/
    3543            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3544              :     /* session_transcript.message_k is 0*/
    3545            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3546            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3547              :                                   sizeof(spdm_finish_request_t));
    3548              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3549            1 :     libspdm_requester_data_sign(
    3550              :         spdm_context,
    3551            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    3552              :             0, SPDM_FINISH,
    3553              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3554            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3555              :             libspdm_get_managed_buffer_size(&th_curr),
    3556              :             ptr, &req_asym_signature_size);
    3557              : 
    3558              :     /* Switch signature to little endian */
    3559            1 :     libspdm_copy_signature_swap_endian(
    3560              :         m_libspdm_use_req_asym_algo,
    3561              :         ptr, req_asym_signature_size,
    3562              :         ptr, req_asym_signature_size);
    3563              : #endif
    3564            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3565            1 :     ptr += req_asym_signature_size;
    3566            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3567            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3568              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3569            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3570              :                      request_finished_key, hash_size, ptr);
    3571            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3572            1 :                                      req_asym_signature_size + hmac_size;
    3573            1 :     response_size = sizeof(response);
    3574            1 :     status = libspdm_get_response_finish(spdm_context,
    3575              :                                          m_libspdm_finish_request7_size,
    3576              :                                          &m_libspdm_finish_request7,
    3577              :                                          &response_size, response);
    3578            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3579            1 :     spdm_response = (void*)response;
    3580            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
    3581            1 :     assert_int_equal(response_size, sizeof(spdm_error_response_t));
    3582            1 :     free(data1);
    3583            1 :     free(data2);
    3584            1 : }
    3585              : 
    3586              : /**
    3587              :  * Test 28: Same as test case 22, but test endian verification.
    3588              :  * Sign as Little Endian, Verify as Big Or Little.
    3589              :  * Expecting signature to PASS.
    3590              :  **/
    3591            1 : void rsp_finish_rsp_case28(void** state)
    3592              : {
    3593              : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
    3594              :     libspdm_return_t status;
    3595              :     libspdm_test_context_t* spdm_test_context;
    3596              :     libspdm_context_t* spdm_context;
    3597              :     size_t response_size;
    3598              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3599              :     spdm_finish_response_t* spdm_response;
    3600              :     void* data1;
    3601              :     size_t data_size1;
    3602              :     void* data2;
    3603              :     size_t data_size2;
    3604              :     uint8_t* ptr;
    3605              :     uint8_t* cert_buffer;
    3606              :     size_t cert_buffer_size;
    3607              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3608              :     uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3609              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3610              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3611              :     libspdm_session_info_t* session_info;
    3612              :     uint32_t session_id;
    3613              :     uint32_t hash_size;
    3614              :     uint32_t hmac_size;
    3615              :     size_t req_asym_signature_size;
    3616              : 
    3617            1 :     spdm_test_context = *state;
    3618            1 :     spdm_context = spdm_test_context->spdm_context;
    3619            1 :     spdm_test_context->case_id = 28;
    3620            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3621              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3622            1 :     spdm_context->connection_info.connection_state =
    3623              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3624            1 :     spdm_context->connection_info.capability.flags |=
    3625              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3626            1 :     spdm_context->local_context.capability.flags |=
    3627              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3628            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3629              :         m_libspdm_use_hash_algo;
    3630            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3631              :         m_libspdm_use_asym_algo;
    3632            1 :     spdm_context->connection_info.algorithm.req_base_asym_alg =
    3633              :         m_libspdm_use_req_asym_algo;
    3634            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3635              :         m_libspdm_use_measurement_spec;
    3636            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3637              :         m_libspdm_use_measurement_hash_algo;
    3638            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3639              :         m_libspdm_use_dhe_algo;
    3640            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3641              :         m_libspdm_use_aead_algo;
    3642            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3643              :                                                     m_libspdm_use_asym_algo, &data1,
    3644              :                                                     &data_size1, NULL, NULL);
    3645            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3646            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3647              :         data_size1;
    3648            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3649            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3650              :         data_size1;
    3651            1 :     spdm_context->spdm_10_11_verify_signature_endian =
    3652              :         LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
    3653              : 
    3654            1 :     libspdm_reset_message_a(spdm_context);
    3655            1 :     spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3656            1 :     libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
    3657              :                                                     m_libspdm_use_req_asym_algo, &data2,
    3658              :                                                     &data_size2, NULL, NULL);
    3659              : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
    3660              :     libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
    3661              :                      sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
    3662              :                      data2, data_size2);
    3663              :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
    3664              :         data_size2;
    3665              : #else
    3666            1 :     libspdm_hash_all(
    3667              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3668              :         data2, data_size2,
    3669            1 :         spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
    3670            1 :     spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
    3671            1 :         libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
    3672            1 :     libspdm_get_leaf_cert_public_key_from_cert_chain(
    3673              :         spdm_context->connection_info.algorithm.base_hash_algo,
    3674            1 :         spdm_context->connection_info.algorithm.req_base_asym_alg,
    3675              :         data2,
    3676              :         data_size2,
    3677              :         &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
    3678              : #endif
    3679            1 :     spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
    3680              : 
    3681            1 :     session_id = 0xFFFFFFFF;
    3682            1 :     spdm_context->latest_session_id = session_id;
    3683            1 :     session_info = &spdm_context->session_info[0];
    3684            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3685              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3686            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3687            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3688            1 :     libspdm_secured_message_set_request_finished_key(
    3689              :         session_info->secured_message_context, m_dummy_buffer,
    3690              :         hash_size);
    3691            1 :     libspdm_secured_message_set_session_state(
    3692              :         session_info->secured_message_context,
    3693              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3694            1 :     session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
    3695              : 
    3696            1 :     spdm_context->connection_info.capability.flags |=
    3697              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3698            1 :     spdm_context->local_context.capability.flags |=
    3699              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3700            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3701            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3702            1 :     req_asym_signature_size =
    3703            1 :         libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
    3704            1 :     ptr = m_libspdm_finish_request7.signature;
    3705            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3706            1 :     cert_buffer = (uint8_t*)data1;
    3707            1 :     cert_buffer_size = data_size1;
    3708            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3709              :                      cert_buffer_hash);
    3710            1 :     cert_buffer = (uint8_t*)data2;
    3711            1 :     cert_buffer_size = data_size2;
    3712            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3713              :                      req_cert_buffer_hash);
    3714              :     /* transcript.message_a size is 0*/
    3715            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3716              :     /* session_transcript.message_k is 0*/
    3717            1 :     libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
    3718            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
    3719              :                                   sizeof(spdm_finish_request_t));
    3720              : 
    3721            1 :     libspdm_requester_data_sign(
    3722              :         spdm_context,
    3723            1 :         m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
    3724              :             0, SPDM_FINISH,
    3725              :             m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
    3726            1 :             false, libspdm_get_managed_buffer(&th_curr),
    3727              :             libspdm_get_managed_buffer_size(&th_curr),
    3728              :             ptr, &req_asym_signature_size);
    3729              : 
    3730              :     /* Switch signature to little endian */
    3731            1 :     libspdm_copy_signature_swap_endian(
    3732              :         m_libspdm_use_req_asym_algo,
    3733              :         ptr, req_asym_signature_size,
    3734              :         ptr, req_asym_signature_size);
    3735              : 
    3736            1 :     libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
    3737            1 :     ptr += req_asym_signature_size;
    3738            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3739            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3740              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3741            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3742              :                      request_finished_key, hash_size, ptr);
    3743            1 :     m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
    3744            1 :                                      req_asym_signature_size + hmac_size;
    3745            1 :     response_size = sizeof(response);
    3746            1 :     status = libspdm_get_response_finish(spdm_context,
    3747              :                                          m_libspdm_finish_request7_size,
    3748              :                                          &m_libspdm_finish_request7,
    3749              :                                          &response_size, response);
    3750            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3751            1 :     spdm_response = (void*)response;
    3752            1 :     assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
    3753            1 :     assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
    3754            1 :     free(data1);
    3755            1 :     free(data2);
    3756              : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
    3757            1 : }
    3758              : 
    3759              : /**
    3760              :  * Test 29: Receive the correct FINISH from the requester, and
    3761              :  * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
    3762              :  * Expected behavior: the responder accepts the request and produces a valid
    3763              :  * FINISH_RSP response message, and The ResponderVerifyData field is absent.
    3764              :  **/
    3765            1 : void rsp_finish_rsp_case29(void **state)
    3766              : {
    3767              :     libspdm_return_t status;
    3768              :     libspdm_test_context_t *spdm_test_context;
    3769              :     libspdm_context_t *spdm_context;
    3770              :     size_t response_size;
    3771              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3772              :     spdm_finish_response_t *spdm_response;
    3773              :     void *data1;
    3774              :     size_t data_size1;
    3775              :     uint8_t *ptr;
    3776              :     uint8_t *cert_buffer;
    3777              :     size_t cert_buffer_size;
    3778              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3779              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3780              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3781              :     libspdm_session_info_t *session_info;
    3782              :     uint32_t session_id;
    3783              :     uint32_t hash_size;
    3784              :     uint32_t hmac_size;
    3785              : 
    3786            1 :     spdm_test_context = *state;
    3787            1 :     spdm_context = spdm_test_context->spdm_context;
    3788            1 :     spdm_test_context->case_id = 29;
    3789            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
    3790              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3791            1 :     spdm_context->connection_info.connection_state =
    3792              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3793            1 :     spdm_context->connection_info.capability.flags |=
    3794              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3795            1 :     spdm_context->local_context.capability.flags |=
    3796              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3797              : 
    3798            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3799              :         m_libspdm_use_hash_algo;
    3800            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3801              :         m_libspdm_use_asym_algo;
    3802            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3803              :         m_libspdm_use_measurement_spec;
    3804            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3805              :         m_libspdm_use_measurement_hash_algo;
    3806            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3807              :         m_libspdm_use_dhe_algo;
    3808            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3809              :         m_libspdm_use_aead_algo;
    3810            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3811              :                                                     m_libspdm_use_asym_algo, &data1,
    3812              :                                                     &data_size1, NULL, NULL);
    3813            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3814            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3815              :         data_size1;
    3816            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3817            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3818              :         data_size1;
    3819              : 
    3820            1 :     libspdm_reset_message_a(spdm_context);
    3821            1 :     spdm_context->local_context.mut_auth_requested = 0;
    3822              : 
    3823              :     /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    3824            1 :     spdm_context->connection_info.capability.flags &=
    3825              :         ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3826            1 :     spdm_context->local_context.capability.flags &=
    3827              :         ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3828              : 
    3829            1 :     session_id = 0xFFFFFFFF;
    3830            1 :     spdm_context->latest_session_id = session_id;
    3831            1 :     spdm_context->last_spdm_request_session_id_valid = true;
    3832            1 :     spdm_context->last_spdm_request_session_id = session_id;
    3833            1 :     session_info = &spdm_context->session_info[0];
    3834            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3835              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3836              : 
    3837            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3838            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3839              : 
    3840            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3841            1 :     libspdm_secured_message_set_request_finished_key(
    3842              :         session_info->secured_message_context, m_dummy_buffer,
    3843              :         hash_size);
    3844            1 :     libspdm_secured_message_set_session_state(
    3845              :         session_info->secured_message_context,
    3846              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3847              : 
    3848            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3849            1 :     ptr = m_libspdm_finish_request1.signature;
    3850            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3851            1 :     cert_buffer = (uint8_t *)data1;
    3852            1 :     cert_buffer_size = data_size1;
    3853            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3854              :                      cert_buffer_hash);
    3855              :     /* transcript.message_a size is 0*/
    3856            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3857              :     /* session_transcript.message_k is 0*/
    3858            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
    3859              :                                   sizeof(spdm_finish_request_t));
    3860            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3861            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3862              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3863            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3864              :                      request_finished_key, hash_size, ptr);
    3865            1 :     m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
    3866            1 :     response_size = sizeof(response);
    3867            1 :     status = libspdm_get_response_finish(spdm_context,
    3868              :                                          m_libspdm_finish_request1_size,
    3869              :                                          &m_libspdm_finish_request1,
    3870              :                                          &response_size, response);
    3871            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3872              :     /* The ResponderVerifyData field shall be absent.*/
    3873            1 :     assert_int_equal(response_size,
    3874              :                      sizeof(spdm_finish_response_t));
    3875            1 :     spdm_response = (void *)response;
    3876            1 :     assert_int_equal(spdm_response->header.request_response_code,
    3877              :                      SPDM_FINISH_RSP);
    3878            1 :     free(data1);
    3879            1 : }
    3880              : 
    3881              : /**
    3882              :  * Test 30: SPDM version 1.4, with OpaqueData.
    3883              :  * Expected behavior: the responder accepts the request and produces a valid
    3884              :  * FINISH_RSP response message.
    3885              :  **/
    3886            1 : void rsp_finish_rsp_case30(void **state)
    3887              : {
    3888              :     libspdm_return_t status;
    3889              :     libspdm_test_context_t *spdm_test_context;
    3890              :     libspdm_context_t *spdm_context;
    3891              :     size_t response_size;
    3892              :     uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
    3893              :     spdm_finish_response_t *spdm_response;
    3894              :     void *data1;
    3895              :     size_t data_size1;
    3896              :     uint8_t *ptr;
    3897              :     uint8_t *cert_buffer;
    3898              :     size_t cert_buffer_size;
    3899              :     uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
    3900              :     uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
    3901              :     uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
    3902              :     libspdm_session_info_t *session_info;
    3903              :     uint32_t session_id;
    3904              :     uint32_t hash_size;
    3905              :     uint32_t hmac_size;
    3906              : 
    3907            1 :     spdm_test_context = *state;
    3908            1 :     spdm_context = spdm_test_context->spdm_context;
    3909            1 :     spdm_test_context->case_id = 30;
    3910            1 :     spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
    3911              :                                             SPDM_VERSION_NUMBER_SHIFT_BIT;
    3912            1 :     spdm_context->connection_info.connection_state =
    3913              :         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
    3914            1 :     spdm_context->connection_info.capability.flags |=
    3915              :         SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
    3916            1 :     spdm_context->local_context.capability.flags |=
    3917              :         SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
    3918              : 
    3919            1 :     spdm_context->connection_info.algorithm.base_hash_algo =
    3920              :         m_libspdm_use_hash_algo;
    3921            1 :     spdm_context->connection_info.algorithm.base_asym_algo =
    3922              :         m_libspdm_use_asym_algo;
    3923            1 :     spdm_context->connection_info.algorithm.measurement_spec =
    3924              :         m_libspdm_use_measurement_spec;
    3925            1 :     spdm_context->connection_info.algorithm.measurement_hash_algo =
    3926              :         m_libspdm_use_measurement_hash_algo;
    3927            1 :     spdm_context->connection_info.algorithm.dhe_named_group =
    3928              :         m_libspdm_use_dhe_algo;
    3929            1 :     spdm_context->connection_info.algorithm.aead_cipher_suite =
    3930              :         m_libspdm_use_aead_algo;
    3931            1 :     libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
    3932              :                                                     m_libspdm_use_asym_algo, &data1,
    3933              :                                                     &data_size1, NULL, NULL);
    3934            1 :     spdm_context->local_context.local_cert_chain_provision[0] = data1;
    3935            1 :     spdm_context->local_context.local_cert_chain_provision_size[0] =
    3936              :         data_size1;
    3937            1 :     spdm_context->connection_info.local_used_cert_chain_buffer = data1;
    3938            1 :     spdm_context->connection_info.local_used_cert_chain_buffer_size =
    3939              :         data_size1;
    3940              : 
    3941            1 :     libspdm_reset_message_a(spdm_context);
    3942            1 :     spdm_context->local_context.mut_auth_requested = 0;
    3943              : 
    3944              :     /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    3945            1 :     spdm_context->connection_info.capability.flags &=
    3946              :         ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3947            1 :     spdm_context->local_context.capability.flags &=
    3948              :         ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
    3949              : 
    3950            1 :     session_id = 0xFFFFFFFF;
    3951            1 :     spdm_context->latest_session_id = session_id;
    3952            1 :     spdm_context->last_spdm_request_session_id_valid = true;
    3953            1 :     spdm_context->last_spdm_request_session_id = session_id;
    3954            1 :     session_info = &spdm_context->session_info[0];
    3955            1 :     libspdm_session_info_init(spdm_context, session_info, session_id,
    3956              :                               SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
    3957              : 
    3958            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3959            1 :     hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3960              : 
    3961            1 :     libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
    3962            1 :     libspdm_secured_message_set_request_finished_key(
    3963              :         session_info->secured_message_context, m_dummy_buffer,
    3964              :         hash_size);
    3965            1 :     libspdm_secured_message_set_session_state(
    3966              :         session_info->secured_message_context,
    3967              :         LIBSPDM_SESSION_STATE_HANDSHAKING);
    3968              : 
    3969            1 :     m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
    3970              : 
    3971            1 :     hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
    3972            1 :     ptr = m_libspdm_finish_request8.signature;
    3973            1 :     libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
    3974            1 :     cert_buffer = (uint8_t *)data1;
    3975            1 :     cert_buffer_size = data_size1;
    3976            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
    3977              :                      cert_buffer_hash);
    3978              :     /* transcript.message_a size is 0*/
    3979            1 :     libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
    3980              :     /* session_transcript.message_k is 0*/
    3981            1 :     libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
    3982              :                                   sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
    3983            1 :                                   m_libspdm_finish_request8.opaque_data_size);
    3984            1 :     libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
    3985            1 :     libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
    3986              :                      libspdm_get_managed_buffer_size(&th_curr), hash_data);
    3987            1 :     libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
    3988              :                      request_finished_key, hash_size, ptr);
    3989            1 :     m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
    3990            1 :                                      sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
    3991            1 :     response_size = sizeof(response);
    3992            1 :     status = libspdm_get_response_finish(spdm_context,
    3993              :                                          m_libspdm_finish_request8_size,
    3994              :                                          &m_libspdm_finish_request8,
    3995              :                                          &response_size, response);
    3996            1 :     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
    3997              :     /* The ResponderVerifyData field shall be absent.*/
    3998            1 :     ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
    3999            1 :     assert_int_equal(response_size,
    4000              :                      sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
    4001              :                      libspdm_read_uint16(ptr));
    4002            1 :     spdm_response = (void *)response;
    4003            1 :     assert_int_equal(spdm_response->header.request_response_code,
    4004              :                      SPDM_FINISH_RSP);
    4005            1 :     free(data1);
    4006            1 : }
    4007              : 
    4008            1 : int libspdm_rsp_finish_test(void)
    4009              : {
    4010            1 :     const struct CMUnitTest test_cases[] = {
    4011              :         /* Success Case*/
    4012              :         cmocka_unit_test(rsp_finish_rsp_case1),
    4013              :         /* Can be populated with new test.*/
    4014              :         cmocka_unit_test(rsp_finish_rsp_case2),
    4015              :         /* response_state: SPDM_RESPONSE_STATE_BUSY*/
    4016              :         cmocka_unit_test(rsp_finish_rsp_case3),
    4017              :         /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
    4018              :         cmocka_unit_test(rsp_finish_rsp_case4),
    4019              :         #if LIBSPDM_RESPOND_IF_READY_SUPPORT
    4020              :         /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
    4021              :         cmocka_unit_test(rsp_finish_rsp_case5),
    4022              :         #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
    4023              :         /* connection_state Check*/
    4024              :         cmocka_unit_test(rsp_finish_rsp_case6),
    4025              :         /* Buffer reset*/
    4026              :         cmocka_unit_test(rsp_finish_rsp_case7),
    4027              :         /* Success Case*/
    4028              :         cmocka_unit_test(rsp_finish_rsp_case8),
    4029              :         /* Unsupported KEY_EX capabilities*/
    4030              :         cmocka_unit_test(rsp_finish_rsp_case9),
    4031              :         /* Uninitialized session*/
    4032              :         cmocka_unit_test(rsp_finish_rsp_case10),
    4033              :         /* Incorrect MAC*/
    4034              :         cmocka_unit_test(rsp_finish_rsp_case11),
    4035              :         cmocka_unit_test(rsp_finish_rsp_case12),
    4036              :         /* Can be populated with new test.*/
    4037              :         cmocka_unit_test(rsp_finish_rsp_case13),
    4038              :         cmocka_unit_test(rsp_finish_rsp_case14),
    4039              :         /* Incorrect signature*/
    4040              :         cmocka_unit_test(rsp_finish_rsp_case15),
    4041              :         cmocka_unit_test(rsp_finish_rsp_case16),
    4042              :         /* Buffer verification*/
    4043              :         cmocka_unit_test(rsp_finish_rsp_case17),
    4044              :         /* Success Case, enable mutual authentication and use slot_id 0xFF */
    4045              :         cmocka_unit_test(rsp_finish_rsp_case18),
    4046              :         /* Invalid SlotID in FINISH request message when mutual authentication */
    4047              :         cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
    4048              :         cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
    4049              :         /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
    4050              :         cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
    4051              :         /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
    4052              :         cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
    4053              :         /* Big Endian Sign - Little Endian Verify */
    4054              :         cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
    4055              :         /* Big Endian Sign - Big Endian Verify */
    4056              :         cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
    4057              :         /* Big Endian Sign - Big or Little Endian Verify */
    4058              :         cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
    4059              :         /* Little Endian Sign - Little Endian Verify*/
    4060              :         cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
    4061              :         /* Little Endian Sign - Big Endian Verify */
    4062              :         cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
    4063              :         /* Little Endian Sign - Big or Little Endian Verify */
    4064              :         cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
    4065              :         /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
    4066              :         cmocka_unit_test(rsp_finish_rsp_case29),
    4067              :         /* SPDM 1.4 with OpaqueData */
    4068              :         cmocka_unit_test(rsp_finish_rsp_case30),
    4069              :     };
    4070              : 
    4071            1 :     libspdm_test_context_t test_context = {
    4072              :         LIBSPDM_TEST_CONTEXT_VERSION,
    4073              :         false,
    4074              :     };
    4075              : 
    4076            1 :     libspdm_setup_test_context(&test_context);
    4077              : 
    4078            1 :     return cmocka_run_group_tests(test_cases,
    4079              :                                   libspdm_unit_test_group_setup,
    4080              :                                   libspdm_unit_test_group_teardown);
    4081              : }
    4082              : 
    4083              : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/

Generated by: LCOV version 2.0-1