SPDM_V1_3

SPDM_SMBUS_V1_3_Test_001_001.py

Description: SPDM responder shall return valid VERSION, if it receives a GET_VERSION with version 1.0.

SPDM Version: 1.0+

TestSetup:

None

TestTeardown:

None

Steps:

1. Requester -> GET_VERSION {SPDMVersion=0x10, Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 1.1.1:

sizeof(SpdmMessage) >= offset(VERSION, VersionNumberEntry)

Assertion 1.1.2:

SpdmMessage.RequestResponseCode == VERSION

Assertion 1.1.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 1.1.4:

SpdmMessage.VersionNumberEntryCount > 0 && SpdmMessage.VersionNumberEntryCount <= (sizeof(SpdmMessage) - offset(VERSION, VersionNumberEntry)) / sizeof(uint16_t)

Assertion 1.1.5:

((SpdmMessage.VersionNumberEntry[i].MajorVersion << 4) + SpdmMessage.VersionNumberEntry[i].MinorVersion) is in {0x10, 0x11, 0x12, 0x13}.

SPDM_SMBUS_V1_3_Test_002_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}

4. LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 2.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.2.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 2.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 2.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}

4. SpdmMessage <- Responder

Assertion 2.2.*.

###

SPDM_SMBUS_V1_3_Test_002_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)

2. SpdmMessage <- Responder

Assertion 2.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 2.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)

4. SpdmMessage <- Responder

Assertion 2.4.*.

5. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)

6. SpdmMessage <- Responder

Assertion 2.4.*.

7. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+

8. SpdmMessage <- Responder

Assertion 2.4.*.

9. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+

10. SpdmMessage <- Responder

Assertion 2.4.*.

###

SPDM_SMBUS_V1_3_Test_002_006.py

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 2.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.6.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 2.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, …} – if NegotiatedVersion=1.1+

4. SpdmMessage <- Responder

Assertion 2.6.*.

5. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, …} – if NegotiatedVersion=1.2

6. SpdmMessage <- Responder

Assertion 2.6.*.

SPDM_SMBUS_V1_3_Test_002_007.py

Description: SPDM responder shall return valid CAPABILITIES(0x13), if it receives a GET_CAPABILITIES with negotiated version 1.3.

SPDM Version: 1.3 only

TestSetup: 1. Requester -> GET_VERSION {SPDMVersion=0x10} 2. VERSION <- Responder 3. If 1.3` is not in VERSION.VersionNumberEntry, then skip this case.

TestTeardown: None

Steps: 1. Requester -> GET_CAPABILITIES {SPDMVersion=0x13, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize} 2. SpdmMessage <- Responder

Assertion 2.7.1:

sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.3)

Assertion 2.7.2:

SpdmMessage.RequestResponseCode == CAPABILITIES

Assertion 2.7.3:

SpdmMessage.SPDMVersion == 0x13

Assertion 2.7.4:

Flags.MEAS_CAP != 3

Assertion 2.7.5:

if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.7.6:

if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.7.7:

if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.7.8:

Flags.PSK_CAP != 3

Assertion 2.7.9:

if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.7.10:

if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)

Assertion 2.7.11:

if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)

Assertion 2.7.12:

if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)

Assertion 2.7.13:

SpdmMessage.DataTransferSize >= MinDataTransferSize

Assertion 2.7.14:

SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize

Assertion 2.7.15:

if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)

SPDM_SMBUS_V1_3_Test_003_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a NEGOTIATE_ALGORITHMS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 3.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 3.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 3.2.*.

###

SPDM_SMBUS_V1_3_Test_003_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a NEGOTIATE_ALGORITHMS before GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 3.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.3.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 3.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_003_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a NEGOTIATE_ALGORITHMS with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length-1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 3.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 3.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length+1, …} – if NegotiatedVersion=1.0+

4. SpdmMessage <- Responder

Assertion 3.4.*.

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtAsymCount=21, …} – if NegotiatedVersion=1.0+

6. SpdmMessage <- Responder

Assertion 3.4.*.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtHashCount=21, …} – if NegotiatedVersion=1.0+

8. SpdmMessage <- Responder

Assertion 3.4.*.

9. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=1, …} – if NegotiatedVersion=1.1+

10. SpdmMessage <- Responder

Assertion 3.4.*.

11. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=3, …} – if NegotiatedVersion=1.1+

12. SpdmMessage <- Responder

Assertion 3.4.*.

13. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=2, ExtAlgCount=0xF, …} – if NegotiatedVersion=1.1+

14. SpdmMessage <- Responder

Assertion 3.4.*.

###

SPDM_SMBUS_V1_3_Test_003_007.py

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}

6. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 3.7.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.7.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.7.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.7.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.7.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, MeasurementSpecification=DMTF, BaseAsymAlgo=BaseAsymSel, BaseHashAlgo=BaseHashSel, …} – if NegotiatedVersion=1.0+

4. SpdmMessage <- Responder

Assertion 3.7.*.

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Dhe=DheSel, Aead=AeadSel, BaseReqAsymAlg=BaseReqAsymSel, …} – if NegotiatedVersion=1.1+

6. SpdmMessage <- Responder

Assertion 3.7.*.

SPDM_SMBUS_V1_3_Test_004_001.py

Description: SPDM responder shall return valid DIGESTS, if it receives a GET_DIGESTS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 4.1.1:

sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0])

Assertion 4.1.2:

SpdmMessage.RequestResponseCode == DIGESTS

Assertion 4.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.1.4:

SpdmMessage.Param2.SlotMask.bit_0 == 1

Assertion 4.1.5:

SlotCount = bit number of SpdmMessage.Param2.SlotMask sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0]) + HashSize * SlotCount

###

SPDM_SMBUS_V1_3_Test_004_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_DIGESTS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 4.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 4.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 4.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 4.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 4.2.*.

###

SPDM_SMBUS_V1_3_Test_004_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_DIGESTS before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 4.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 4.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 4.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 4.3.5:

SpdmMessage.Param2 == 0.

SPDM_SMBUS_V1_3_Test_005_001.py

Description: SPDM responder shall return valid CERTIFICATE, if it receives a GET_CERTIFICATE.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Digests[] = array of DIGESTS.Digest

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=0, Length=0x400}

2. SpdmMessage <- Responder

Assertion 5.1.1:

sizeof(SpdmMessage) >= sizeof(CERTIFICATE, CertChain)

Assertion 5.1.2:

SpdmMessage.RequestResponseCode == CERTIFICATE

Assertion 5.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.1.4:

SpdmMessage.PortionLength > 0 SpdmMessage.PortionLength <= GET_CERTIFICATE.Length

3. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=NextOffset, Length=0x400}, while SpdmMessage.RemainderLength != 0

4. SpdmMessage <- Responder

Assertion 5.1.*.

Assertion 5.1.5:

CertChain.Length == sizeof(CertChain)

Assertion 5.1.6:

Hash(CertChain) == Digests[i]

###

SPDM_SMBUS_V1_3_Test_005_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CERTIFICATE with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 5.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 5.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 5.2.*.

###

SPDM_SMBUS_V1_3_Test_005_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 5.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 5.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_005_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CERTIFICATE with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=0, Offset=0, Length=0x400}

2. SpdmMessage <- Responder

Assertion 5.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 5.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=0, Invalid_Offset=0xFFFF, Length=0x400}

4. SpdmMessage <- Responder

Assertion 5.4.*.

###

SPDM_SMBUS_V1_3_Test_006_004.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a CHALLENGE with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Digests[] = array of DIGESTS.Digest

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 6.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.4.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 6.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 6.4.*.

###

SPDM_SMBUS_V1_3_Test_006_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 6.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 6.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_006_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a CHALLENGE with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=NoMeasurement}

2. SpdmMessage <- Responder

Assertion 6.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 6.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(TcbMeasurements+1)}

4. SpdmMessage <- Responder

Assertion 6.6.*.

5. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(AllMeasurements-1)}

6. SpdmMessage <- Responder

Assertion 6.6.*.

###

SPDM_SMBUS_V1_3_Test_006_012.py

Description: SPDM responder shall return valid CHALLENGE_AUTH, if it receives a CHALLENGE with negotiated version 1.2 in (A2, B2, C1).

SPDM Version: 1.2 only

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Digests[] = array of DIGESTS.Digest

13. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

14. CERTIFICATE <- Responder

15. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, …}

16. SpdmMessage <- Responder

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, Nonce}

2. SpdmMessage <- Responder

Assertion 6.12.1:

sizeof(SpdmMessage) >= sizeof(CHALLENGE_AUTH) + SpdmMessage.OpaqueDataLength

Assertion 6.12.2:

SpdmMessage.RequestResponseCode == CHALLENGE_AUTH

Assertion 6.12.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.12.4:

(SpdmMessage.Param1.SlotID & 0xF) == SlotID

Assertion 6.12.5:

(SpdmMessage.Param2.SlotMask & bit_[SlotID]) != 0

Assertion 6.12.6:

SpdmMessage.CertChainHash == Hash(CertChain) SpdmMessage.CertChainHash == Digests[SlotID]

Assertion 6.12.7:

3. Repeat (1~2) and use CHALLENGE {Param2=TcbMeasurements}, if Flags.MEAS_CAP != 0.

Assertion 6.12.*.

4. Repeat (1~2) and use CHALLENGE {Param2=AllMeasurement}, if Flags.MEAS_CAP != 0.

Assertion 6.12.*.

###

SPDM_SMBUS_V1_3_Test_007_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_MEASUREMENTS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

12. CERTIFICATE <- Responder

13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

14. CHALLENGE_AUTH <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion+1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

2. SpdmMessage <- Responder

Assertion 7.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 7.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion-1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

4. SpdmMessage <- Responder

Assertion 7.2.*.

###

SPDM_SMBUS_V1_3_Test_007_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion+1, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

2. SpdmMessage <- Responder

Assertion 7.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_007_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_MEASUREMENTS with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

13. CERTIFICATE <- Responder

14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

15. CHALLENGE_AUTH <- Responder

16. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}

17. MEASUREMENTS <- Responder

18. ValidMeasurementIndex[] = array of index in valid MeasurementBlock

19. InvalidMeasurementIndex[] = array of index not in valid MeasurementBlock, excluding 0 and 0xff

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=InvalidMeasurementIndex[i]}

2. SpdmMessage <- Responder

Assertion 7.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 7.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=1, Param2=ValidMeasurementIndex[i], SlotID=InvalidSlotID[i]} – if NegotiatedVersion=1.1+ && MEAS_CAP == 2

4. SpdmMessage <- Responder

Assertion 7.4.*.

###

SPDM_SMBUS_V1_3_Test_007_005.py

Description: The SPDM Measurement Block from device shall follow SPDM specification.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

12. CERTIFICATE <- Responder

13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

14. CHALLENGE_AUTH <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}

2. SpdmMessage <- Responder

Assertion 7.5.1:

SpdmMeasurementBlock[i].MeasurementSpecification == DMTF

Assertion 7.5.2:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].MeasurementSize == 3 + HashSize)

Assertion 7.5.3:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueSize == HashSize)

Assertion 7.5.4:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_[6:0] == 0x5) && (SPDMVersion >= SPDM_MESSAGE_VERSION_12) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 == 1)

###

SPDM_SMBUS_V1_3_Test_007_008.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS in a DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 7.8.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.8.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.8.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.8.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.8.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_008_003.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_EXCHANGE with non negotiated version.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion+1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.3.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 8.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion-1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

4. SpdmMessage <- Responder

Assertion 8.3.*.

###

SPDM_SMBUS_V1_3_Test_008_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 8.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_008_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE in a session application.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 8.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 8.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_008_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_EXCHANGE with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}

13. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

14. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=InvalidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 8.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(TcbMeasurements+1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}

4. SpdmMessage <- Responder

Assertion 8.6.*.

5. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(AllMeasurements-1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}

6. SpdmMessage <- Responder

Assertion 8.6.*.

7. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueDataLength=0xFFFF}

8. SpdmMessage <- Responder

Assertion 8.6.*.

###

SPDM_SMBUS_V1_3_Test_009_003.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a FINISH with non negotiated version.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=(NegotiatedVersion+1), Param1=0, Param2=0, RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.3.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 9.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> FINISH {SPDMVersion=(NegotiatedVersion-1), Param1=0, Param2=0}

4. SpdmMessage <- Responder

Assertion 9.3.*.

###

SPDM_SMBUS_V1_3_Test_009_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData}

2. SpdmMessage <- Responder

Assertion 9.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 9.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_009_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH in a session application.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 9.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_009_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a FINISH with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

16. UnsupportedReqSlotID[] = {0x1 ~ 0x7}

17. InvalidReqSlotID[] = {0x8 ~ 0xF, 0xFF}

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=UnsupportedReqSlotID[i], RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 9.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=InvalidReqSlotID[i], RequesterVerifyData} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 9.6.*.

5. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, no RequesterVerifyData} in session-X

6. SpdmMessage <- Responder in session-X

Assertion 9.6.*.

###

SPDM_SMBUS_V1_3_Test_009_007.py

Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with invalid RequesterVerifyData.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.7.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.7.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.7.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.7.4:

SpdmMessage.Param1 == DecryptError.

###

SPDM_SMBUS_V1_3_Test_009_008.py

Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with HANDSHAKE_IN_THE_CLEAR_CAP and invalid RequesterVerifyData.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData}

2. SpdmMessage <- Responder

Assertion 9.8.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.8.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.8.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.8.4:

SpdmMessage.Param1 == DecryptError.

###

SPDM_SMBUS_V1_3_Test_012_001.py

Description: SPDM responder shall return valid HEARTBEAT_ACK, if it receives a HEARTBEAT in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

17. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

18. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.1.1:

sizeof(SpdmMessage) >= sizeof(HEARTBEAT_ACK)

Assertion 12.1.2:

SpdmMessage.RequestResponseCode == HEARTBEAT_ACK

Assertion 12.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

###

SPDM_SMBUS_V1_3_Test_012_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a HEARTBEAT with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

17. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

18. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 12.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 12.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 12.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 12.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 12.2.*.

###

SPDM_SMBUS_V1_3_Test_012_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a HEARTBEAT in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 12.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 12.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 12.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 12.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_013_001.py

Description: SPDM responder shall return valid KEY_UPDATE_ACK, if it receives a KEY_UPDATE in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag1} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.1.1:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.2:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.4:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.5:

SpdmMessage.Param2 == KEY_UPDATE.Param2

3. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag2} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.1.6:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.7:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.8:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.9:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.10:

SpdmMessage.Param2 == KEY_UPDATE.Param2

5. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateAllKeys, Param2=Tag3} in session-X

6. SpdmMessage <- Responder in session-X

Assertion 13.1.11:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.12:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.13:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.14:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.15:

SpdmMessage.Param2 == KEY_UPDATE.Param2

7. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag4} in session-X

8. SpdmMessage <- Responder in session-X

Assertion 13.1.16:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.17:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.18:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.19:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.20:

SpdmMessage.Param2 == KEY_UPDATE.Param2

###

SPDM_SMBUS_V1_3_Test_013_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_UPDATE with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 13.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.2.*.

###

SPDM_SMBUS_V1_3_Test_013_003.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_UPDATE with invalid field in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(UpdateKey-1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.3.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 13.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(VerifyNewKey+1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.3.*.

###

SPDM_SMBUS_V1_3_Test_013_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_UPDATE in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 13.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_SMBUS_V1_3_Test_016_001.py

Description: SPDM responder shall return valid END_SESSION_ACK, if it receives a END_SESSION in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.1.1:

sizeof(SpdmMessage) >= sizeof(END_SESSION_ACK)

Assertion 16.1.2:

SpdmMessage.RequestResponseCode == END_SESSION_ACK

Assertion 16.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

###

SPDM_SMBUS_V1_3_Test_016_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a END_SESSION with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 16.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 16.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 16.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 16.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 16.2.*.

###

SPDM_SMBUS_V1_3_Test_016_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a END_SESSION in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 16.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 16.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 16.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 16.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_001_001.py

Description: SPDM responder shall return valid VERSION, if it receives a GET_VERSION with version 1.0.

SPDM Version: 1.0+

TestSetup:

None

TestTeardown:

None

Steps:

1. Requester -> GET_VERSION {SPDMVersion=0x10, Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 1.1.1:

sizeof(SpdmMessage) >= offset(VERSION, VersionNumberEntry)

Assertion 1.1.2:

SpdmMessage.RequestResponseCode == VERSION

Assertion 1.1.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 1.1.4:

SpdmMessage.VersionNumberEntryCount > 0 && SpdmMessage.VersionNumberEntryCount <= (sizeof(SpdmMessage) - offset(VERSION, VersionNumberEntry)) / sizeof(uint16_t)

Assertion 1.1.5:

((SpdmMessage.VersionNumberEntry[i].MajorVersion << 4) + SpdmMessage.VersionNumberEntry[i].MinorVersion) is in {0x10, 0x11, 0x12, 0x13}.

SPDM_VDM_V1_3_Test_002_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}

4. LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 2.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.2.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 2.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 2.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}

4. SpdmMessage <- Responder

Assertion 2.2.*.

###

SPDM_VDM_V1_3_Test_002_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)

2. SpdmMessage <- Responder

Assertion 2.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 2.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)

4. SpdmMessage <- Responder

Assertion 2.4.*.

5. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)

6. SpdmMessage <- Responder

Assertion 2.4.*.

7. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+

8. SpdmMessage <- Responder

Assertion 2.4.*.

9. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+

10. SpdmMessage <- Responder

Assertion 2.4.*.

###

SPDM_VDM_V1_3_Test_002_006.py

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 2.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 2.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.6.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 2.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, …} – if NegotiatedVersion=1.1+

4. SpdmMessage <- Responder

Assertion 2.6.*.

5. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, …} – if NegotiatedVersion=1.2

6. SpdmMessage <- Responder

Assertion 2.6.*.

SPDM_VDM_V1_3_Test_002_007.py

Description: SPDM responder shall return valid CAPABILITIES(0x13), if it receives a GET_CAPABILITIES with negotiated version 1.3.

SPDM Version: 1.3 only

TestSetup: 1. Requester -> GET_VERSION {SPDMVersion=0x10} 2. VERSION <- Responder 3. If 1.3` is not in VERSION.VersionNumberEntry, then skip this case.

TestTeardown: None

Steps: 1. Requester -> GET_CAPABILITIES {SPDMVersion=0x13, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize} 2. SpdmMessage <- Responder

Assertion 2.7.1:

sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.3)

Assertion 2.7.2:

SpdmMessage.RequestResponseCode == CAPABILITIES

Assertion 2.7.3:

SpdmMessage.SPDMVersion == 0x13

Assertion 2.7.4:

Flags.MEAS_CAP != 3

Assertion 2.7.5:

if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.7.6:

if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.7.7:

if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.7.8:

Flags.PSK_CAP != 3

Assertion 2.7.9:

if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.7.10:

if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)

Assertion 2.7.11:

if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)

Assertion 2.7.12:

if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)

Assertion 2.7.13:

SpdmMessage.DataTransferSize >= MinDataTransferSize

Assertion 2.7.14:

SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize

Assertion 2.7.15:

if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)

SPDM_VDM_V1_3_Test_003_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a NEGOTIATE_ALGORITHMS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 3.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 3.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 3.2.*.

###

SPDM_VDM_V1_3_Test_003_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a NEGOTIATE_ALGORITHMS before GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 3.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.3.3:

SpdmMessage.SPDMVersion == 0x10

Assertion 3.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_003_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a NEGOTIATE_ALGORITHMS with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length-1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 3.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 3.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length+1, …} – if NegotiatedVersion=1.0+

4. SpdmMessage <- Responder

Assertion 3.4.*.

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtAsymCount=21, …} – if NegotiatedVersion=1.0+

6. SpdmMessage <- Responder

Assertion 3.4.*.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtHashCount=21, …} – if NegotiatedVersion=1.0+

8. SpdmMessage <- Responder

Assertion 3.4.*.

9. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=1, …} – if NegotiatedVersion=1.1+

10. SpdmMessage <- Responder

Assertion 3.4.*.

11. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=3, …} – if NegotiatedVersion=1.1+

12. SpdmMessage <- Responder

Assertion 3.4.*.

13. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=2, ExtAlgCount=0xF, …} – if NegotiatedVersion=1.1+

14. SpdmMessage <- Responder

Assertion 3.4.*.

###

SPDM_VDM_V1_3_Test_003_007.py

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}

6. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+

2. SpdmMessage <- Responder

Assertion 3.7.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.7.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 3.7.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.7.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.7.5:

SpdmMessage.Param2 == 0.

3. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, MeasurementSpecification=DMTF, BaseAsymAlgo=BaseAsymSel, BaseHashAlgo=BaseHashSel, …} – if NegotiatedVersion=1.0+

4. SpdmMessage <- Responder

Assertion 3.7.*.

5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Dhe=DheSel, Aead=AeadSel, BaseReqAsymAlg=BaseReqAsymSel, …} – if NegotiatedVersion=1.1+

6. SpdmMessage <- Responder

Assertion 3.7.*.

SPDM_VDM_V1_3_Test_004_001.py

Description: SPDM responder shall return valid DIGESTS, if it receives a GET_DIGESTS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0}

2. SpdmMessage <- Responder

Assertion 4.1.1:

sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0])

Assertion 4.1.2:

SpdmMessage.RequestResponseCode == DIGESTS

Assertion 4.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.1.4:

SpdmMessage.Param2.SlotMask.bit_0 == 1

Assertion 4.1.5:

SlotCount = bit number of SpdmMessage.Param2.SlotMask sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0]) + HashSize * SlotCount

###

SPDM_VDM_V1_3_Test_004_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_DIGESTS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 4.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 4.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 4.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 4.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 4.2.*.

###

SPDM_VDM_V1_3_Test_004_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_DIGESTS before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 4.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 4.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 4.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 4.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 4.3.5:

SpdmMessage.Param2 == 0.

SPDM_VDM_V1_3_Test_005_001.py

Description: SPDM responder shall return valid CERTIFICATE, if it receives a GET_CERTIFICATE.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Digests[] = array of DIGESTS.Digest

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=0, Length=0x400}

2. SpdmMessage <- Responder

Assertion 5.1.1:

sizeof(SpdmMessage) >= sizeof(CERTIFICATE, CertChain)

Assertion 5.1.2:

SpdmMessage.RequestResponseCode == CERTIFICATE

Assertion 5.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.1.4:

SpdmMessage.PortionLength > 0 SpdmMessage.PortionLength <= GET_CERTIFICATE.Length

3. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=NextOffset, Length=0x400}, while SpdmMessage.RemainderLength != 0

4. SpdmMessage <- Responder

Assertion 5.1.*.

Assertion 5.1.5:

CertChain.Length == sizeof(CertChain)

Assertion 5.1.6:

Hash(CertChain) == Digests[i]

###

SPDM_VDM_V1_3_Test_005_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CERTIFICATE with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 5.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 5.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 5.2.*.

###

SPDM_VDM_V1_3_Test_005_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 5.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 5.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_005_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CERTIFICATE with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}

TestTeardown:

None

Steps:

1. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=0, Offset=0, Length=0x400}

2. SpdmMessage <- Responder

Assertion 5.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 5.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 5.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 5.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 5.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=0, Invalid_Offset=0xFFFF, Length=0x400}

4. SpdmMessage <- Responder

Assertion 5.4.*.

###

SPDM_VDM_V1_3_Test_006_004.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a CHALLENGE with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Digests[] = array of DIGESTS.Digest

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion+1), …}

2. SpdmMessage <- Responder

Assertion 6.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.4.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 6.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion-1), …}

4. SpdmMessage <- Responder

Assertion 6.4.*.

###

SPDM_VDM_V1_3_Test_006_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, …}

2. SpdmMessage <- Responder

Assertion 6.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 6.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_006_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a CHALLENGE with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

9. DIGESTS <- Responder

10. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=NoMeasurement}

2. SpdmMessage <- Responder

Assertion 6.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 6.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 6.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 6.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(TcbMeasurements+1)}

4. SpdmMessage <- Responder

Assertion 6.6.*.

5. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(AllMeasurements-1)}

6. SpdmMessage <- Responder

Assertion 6.6.*.

###

SPDM_VDM_V1_3_Test_006_012.py

Description: SPDM responder shall return valid CHALLENGE_AUTH, if it receives a CHALLENGE with negotiated version 1.2 in (A2, B2, C1).

SPDM Version: 1.2 only

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Digests[] = array of DIGESTS.Digest

13. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

14. CERTIFICATE <- Responder

15. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, …}

16. SpdmMessage <- Responder

TestTeardown:

None

Steps:

1. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, Nonce}

2. SpdmMessage <- Responder

Assertion 6.12.1:

sizeof(SpdmMessage) >= sizeof(CHALLENGE_AUTH) + SpdmMessage.OpaqueDataLength

Assertion 6.12.2:

SpdmMessage.RequestResponseCode == CHALLENGE_AUTH

Assertion 6.12.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 6.12.4:

(SpdmMessage.Param1.SlotID & 0xF) == SlotID

Assertion 6.12.5:

(SpdmMessage.Param2.SlotMask & bit_[SlotID]) != 0

Assertion 6.12.6:

SpdmMessage.CertChainHash == Hash(CertChain) SpdmMessage.CertChainHash == Digests[SlotID]

Assertion 6.12.7:

3. Repeat (1~2) and use CHALLENGE {Param2=TcbMeasurements}, if Flags.MEAS_CAP != 0.

Assertion 6.12.*.

4. Repeat (1~2) and use CHALLENGE {Param2=AllMeasurement}, if Flags.MEAS_CAP != 0.

Assertion 6.12.*.

###

SPDM_VDM_V1_3_Test_007_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_MEASUREMENTS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

12. CERTIFICATE <- Responder

13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

14. CHALLENGE_AUTH <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion+1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

2. SpdmMessage <- Responder

Assertion 7.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 7.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion-1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

4. SpdmMessage <- Responder

Assertion 7.2.*.

###

SPDM_VDM_V1_3_Test_007_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion+1, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}

2. SpdmMessage <- Responder

Assertion 7.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_007_004.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_MEASUREMENTS with invalid field.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

13. CERTIFICATE <- Responder

14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

15. CHALLENGE_AUTH <- Responder

16. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}

17. MEASUREMENTS <- Responder

18. ValidMeasurementIndex[] = array of index in valid MeasurementBlock

19. InvalidMeasurementIndex[] = array of index not in valid MeasurementBlock, excluding 0 and 0xff

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=InvalidMeasurementIndex[i]}

2. SpdmMessage <- Responder

Assertion 7.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.4.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 7.4.5:

SpdmMessage.Param2 == 0.

3. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=1, Param2=ValidMeasurementIndex[i], SlotID=InvalidSlotID[i]} – if NegotiatedVersion=1.1+ && MEAS_CAP == 2

4. SpdmMessage <- Responder

Assertion 7.4.*.

###

SPDM_VDM_V1_3_Test_007_005.py

Description: The SPDM Measurement Block from device shall follow SPDM specification.

SPDM Version: 1.0+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

4. CAPABILITIES <- Responder

5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.

6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

7. ALGORITHMS <- Responder

8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

9. DIGESTS <- Responder

10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1

12. CERTIFICATE <- Responder

13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1

14. CHALLENGE_AUTH <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}

2. SpdmMessage <- Responder

Assertion 7.5.1:

SpdmMeasurementBlock[i].MeasurementSpecification == DMTF

Assertion 7.5.2:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].MeasurementSize == 3 + HashSize)

Assertion 7.5.3:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueSize == HashSize)

Assertion 7.5.4:

if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_[6:0] == 0x5) && (SPDMVersion >= SPDM_MESSAGE_VERSION_12) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 == 1)

###

SPDM_VDM_V1_3_Test_007_008.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS in a DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 7.8.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.8.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 7.8.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.8.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.8.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_008_003.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_EXCHANGE with non negotiated version.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion+1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.3.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 8.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion-1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

4. SpdmMessage <- Responder

Assertion 8.3.*.

###

SPDM_VDM_V1_3_Test_008_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 8.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_008_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE in a session application.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 8.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 8.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_008_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_EXCHANGE with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}

13. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

14. CERTIFICATE <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=InvalidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}

2. SpdmMessage <- Responder

Assertion 8.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 8.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 8.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 8.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 8.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(TcbMeasurements+1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}

4. SpdmMessage <- Responder

Assertion 8.6.*.

5. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(AllMeasurements-1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}

6. SpdmMessage <- Responder

Assertion 8.6.*.

7. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueDataLength=0xFFFF}

8. SpdmMessage <- Responder

Assertion 8.6.*.

###

SPDM_VDM_V1_3_Test_009_003.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a FINISH with non negotiated version.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=(NegotiatedVersion+1), Param1=0, Param2=0, RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.3.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 9.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> FINISH {SPDMVersion=(NegotiatedVersion-1), Param1=0, Param2=0}

4. SpdmMessage <- Responder

Assertion 9.3.*.

###

SPDM_VDM_V1_3_Test_009_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData}

2. SpdmMessage <- Responder

Assertion 9.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 9.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_009_005.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH in a session application.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.5.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.5.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.5.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.5.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 9.5.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_009_006.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a FINISH with invalid field.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

16. UnsupportedReqSlotID[] = {0x1 ~ 0x7}

17. InvalidReqSlotID[] = {0x8 ~ 0xF, 0xFF}

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=UnsupportedReqSlotID[i], RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.6.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.6.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.6.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.6.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 9.6.5:

SpdmMessage.Param2 == 0.

3. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=InvalidReqSlotID[i], RequesterVerifyData} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 9.6.*.

5. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, no RequesterVerifyData} in session-X

6. SpdmMessage <- Responder in session-X

Assertion 9.6.*.

###

SPDM_VDM_V1_3_Test_009_007.py

Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with invalid RequesterVerifyData.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 9.7.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.7.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.7.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.7.4:

SpdmMessage.Param1 == DecryptError.

###

SPDM_VDM_V1_3_Test_009_008.py

Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with HANDSHAKE_IN_THE_CLEAR_CAP and invalid RequesterVerifyData.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData}

2. SpdmMessage <- Responder

Assertion 9.8.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 9.8.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 9.8.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 9.8.4:

SpdmMessage.Param1 == DecryptError.

###

SPDM_VDM_V1_3_Test_012_001.py

Description: SPDM responder shall return valid HEARTBEAT_ACK, if it receives a HEARTBEAT in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

17. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

18. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.1.1:

sizeof(SpdmMessage) >= sizeof(HEARTBEAT_ACK)

Assertion 12.1.2:

SpdmMessage.RequestResponseCode == HEARTBEAT_ACK

Assertion 12.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

###

SPDM_VDM_V1_3_Test_012_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a HEARTBEAT with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

17. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

18. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 12.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 12.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 12.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 12.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 12.2.*.

###

SPDM_VDM_V1_3_Test_012_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a HEARTBEAT in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.

TestTeardown:

None

Steps:

1. Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 12.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 12.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 12.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 12.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 12.3.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_013_001.py

Description: SPDM responder shall return valid KEY_UPDATE_ACK, if it receives a KEY_UPDATE in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag1} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.1.1:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.2:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.4:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.5:

SpdmMessage.Param2 == KEY_UPDATE.Param2

3. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag2} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.1.6:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.7:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.8:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.9:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.10:

SpdmMessage.Param2 == KEY_UPDATE.Param2

5. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateAllKeys, Param2=Tag3} in session-X

6. SpdmMessage <- Responder in session-X

Assertion 13.1.11:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.12:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.13:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.14:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.15:

SpdmMessage.Param2 == KEY_UPDATE.Param2

7. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag4} in session-X

8. SpdmMessage <- Responder in session-X

Assertion 13.1.16:

sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.17:

SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.18:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.19:

SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.20:

SpdmMessage.Param2 == KEY_UPDATE.Param2

###

SPDM_VDM_V1_3_Test_013_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_UPDATE with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 13.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.2.*.

###

SPDM_VDM_V1_3_Test_013_003.py

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_UPDATE with invalid field in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(UpdateKey-1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.3.4:

SpdmMessage.Param1 == InvalidRequest.

Assertion 13.3.5:

SpdmMessage.Param2 == 0.

3. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(VerifyNewKey+1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 13.3.*.

###

SPDM_VDM_V1_3_Test_013_004.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_UPDATE in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 13.4.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.4.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 13.4.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.4.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 13.4.5:

SpdmMessage.Param2 == 0.

###

SPDM_VDM_V1_3_Test_016_001.py

Description: SPDM responder shall return valid END_SESSION_ACK, if it receives a END_SESSION in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.1.1:

sizeof(SpdmMessage) >= sizeof(END_SESSION_ACK)

Assertion 16.1.2:

SpdmMessage.RequestResponseCode == END_SESSION_ACK

Assertion 16.1.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

###

SPDM_VDM_V1_3_Test_016_002.py

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a END_SESSION with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X

17. FINISH_RSP <- Responder in session-X

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion+1), …} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.2.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 16.2.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 16.2.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 16.2.4:

SpdmMessage.Param1 == VersionMismatch.

Assertion 16.2.5:

SpdmMessage.Param2 == 0.

3. Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion-1), …} in session-X

4. SpdmMessage <- Responder in session-X

Assertion 16.2.*.

###

SPDM_VDM_V1_3_Test_016_003.py

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a END_SESSION in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

1. Requester -> GET_VERSION {SPDMVersion=0x10}

2. VERSION <- Responder

3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.

4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}

5. CAPABILITIES <- Responder

6. If Flags.KEY_EX_CAP == 0, then skip this case.

7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}

8. ALGORITHMS <- Responder

9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}

10. DIGESTS <- Responder

11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask

12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}

13. CERTIFICATE <- Responder

14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}

15. KEY_EXCHANGE_RSP <- Responder

TestTeardown:

None

Steps:

1. Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X

2. SpdmMessage <- Responder in session-X

Assertion 16.3.1:

sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 16.3.2:

SpdmMessage.RequestResponseCode == ERROR

Assertion 16.3.3:

SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 16.3.4:

SpdmMessage.Param1 == UnexpectedRequest.

Assertion 16.3.5:

SpdmMessage.Param2 == 0.

###