SPDM_V1_3
SPDM_SMBUS_V1_3_Test_001_001.py
Description: SPDM responder shall return valid VERSION, if it receives a GET_VERSION with version 1.0.
SPDM Version: 1.0+
- TestSetup:
None
- TestTeardown:
None
- Steps:
Requester -> GET_VERSION {SPDMVersion=0x10, Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 1.1.1:
sizeof(SpdmMessage) >= offset(VERSION, VersionNumberEntry)
- Assertion 1.1.2:
SpdmMessage.RequestResponseCode == VERSION
- Assertion 1.1.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 1.1.4:
SpdmMessage.VersionNumberEntryCount > 0 && SpdmMessage.VersionNumberEntryCount <= (sizeof(SpdmMessage) - offset(VERSION, VersionNumberEntry)) / sizeof(uint16_t)
- Assertion 1.1.5:
((SpdmMessage.VersionNumberEntry[i].MajorVersion << 4) + SpdmMessage.VersionNumberEntry[i].MinorVersion) is in {0x10, 0x11, 0x12, 0x13}.
SPDM_SMBUS_V1_3_Test_002_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}
LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 2.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.2.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 2.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 2.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}
SpdmMessage <- Responder
Assertion 2.2.*.
###
SPDM_SMBUS_V1_3_Test_002_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)
SpdmMessage <- Responder
- Assertion 2.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 2.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 2.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+
SpdmMessage <- Responder
Assertion 2.4.*.
###
SPDM_SMBUS_V1_3_Test_002_006.py
Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 2.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 2.6.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 2.6.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 2.6.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, …} – if NegotiatedVersion=1.2
SpdmMessage <- Responder
Assertion 2.6.*.
SPDM_SMBUS_V1_3_Test_002_007.py
Description: SPDM responder shall return valid CAPABILITIES(0x13), if it receives a GET_CAPABILITIES with negotiated version 1.3.
SPDM Version: 1.3 only
TestSetup: 1. Requester -> GET_VERSION {SPDMVersion=0x10} 2. VERSION <- Responder 3. If 1.3` is not in VERSION.VersionNumberEntry, then skip this case.
TestTeardown: None
Steps: 1. Requester -> GET_CAPABILITIES {SPDMVersion=0x13, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize} 2. SpdmMessage <- Responder
- Assertion 2.7.1:
sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.3)
- Assertion 2.7.2:
SpdmMessage.RequestResponseCode == CAPABILITIES
- Assertion 2.7.3:
SpdmMessage.SPDMVersion == 0x13
- Assertion 2.7.4:
Flags.MEAS_CAP != 3
- Assertion 2.7.5:
if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
- Assertion 2.7.6:
if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
- Assertion 2.7.7:
if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
- Assertion 2.7.8:
Flags.PSK_CAP != 3
- Assertion 2.7.9:
if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
- Assertion 2.7.10:
if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)
- Assertion 2.7.11:
if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)
- Assertion 2.7.12:
if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)
- Assertion 2.7.13:
SpdmMessage.DataTransferSize >= MinDataTransferSize
- Assertion 2.7.14:
SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize
- Assertion 2.7.15:
if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)
SPDM_SMBUS_V1_3_Test_003_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a NEGOTIATE_ALGORITHMS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 3.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 3.2.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 3.2.*.
###
SPDM_SMBUS_V1_3_Test_003_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a NEGOTIATE_ALGORITHMS before GET_CAPABILITIES.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 3.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.3.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 3.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 3.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_003_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a NEGOTIATE_ALGORITHMS with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length-1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 3.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 3.4.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length+1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtAsymCount=21, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtHashCount=21, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=1, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=3, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=2, ExtAlgCount=0xF, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
###
SPDM_SMBUS_V1_3_Test_003_007.py
Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 3.7.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.7.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.7.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.7.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 3.7.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, MeasurementSpecification=DMTF, BaseAsymAlgo=BaseAsymSel, BaseHashAlgo=BaseHashSel, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.7.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Dhe=DheSel, Aead=AeadSel, BaseReqAsymAlg=BaseReqAsymSel, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.7.*.
SPDM_SMBUS_V1_3_Test_004_001.py
Description: SPDM responder shall return valid DIGESTS, if it receives a GET_DIGESTS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 4.1.1:
sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0])
- Assertion 4.1.2:
SpdmMessage.RequestResponseCode == DIGESTS
- Assertion 4.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.1.4:
SpdmMessage.Param2.SlotMask.bit_0 == 1
- Assertion 4.1.5:
SlotCount = bit number of SpdmMessage.Param2.SlotMask sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0]) + HashSize * SlotCount
###
SPDM_SMBUS_V1_3_Test_004_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_DIGESTS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 4.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 4.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 4.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 4.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 4.2.*.
###
SPDM_SMBUS_V1_3_Test_004_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_DIGESTS before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 4.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 4.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 4.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 4.3.5:
SpdmMessage.Param2 == 0.
SPDM_SMBUS_V1_3_Test_005_001.py
Description: SPDM responder shall return valid CERTIFICATE, if it receives a GET_CERTIFICATE.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=0, Length=0x400}
SpdmMessage <- Responder
- Assertion 5.1.1:
sizeof(SpdmMessage) >= sizeof(CERTIFICATE, CertChain)
- Assertion 5.1.2:
SpdmMessage.RequestResponseCode == CERTIFICATE
- Assertion 5.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.1.4:
SpdmMessage.PortionLength > 0 SpdmMessage.PortionLength <= GET_CERTIFICATE.Length
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=NextOffset, Length=0x400}, while SpdmMessage.RemainderLength != 0
SpdmMessage <- Responder
Assertion 5.1.*.
- Assertion 5.1.5:
CertChain.Length == sizeof(CertChain)
- Assertion 5.1.6:
Hash(CertChain) == Digests[i]
###
SPDM_SMBUS_V1_3_Test_005_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CERTIFICATE with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 5.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 5.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 5.2.*.
###
SPDM_SMBUS_V1_3_Test_005_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 5.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 5.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_005_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CERTIFICATE with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=0, Offset=0, Length=0x400}
SpdmMessage <- Responder
- Assertion 5.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 5.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=0, Invalid_Offset=0xFFFF, Length=0x400}
SpdmMessage <- Responder
Assertion 5.4.*.
###
SPDM_SMBUS_V1_3_Test_006_004.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a CHALLENGE with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 6.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.4.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 6.4.5:
SpdmMessage.Param2 == 0.
Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 6.4.*.
###
SPDM_SMBUS_V1_3_Test_006_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 6.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 6.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_006_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a CHALLENGE with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=NoMeasurement}
SpdmMessage <- Responder
- Assertion 6.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 6.6.5:
SpdmMessage.Param2 == 0.
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(TcbMeasurements+1)}
SpdmMessage <- Responder
Assertion 6.6.*.
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(AllMeasurements-1)}
SpdmMessage <- Responder
Assertion 6.6.*.
###
SPDM_SMBUS_V1_3_Test_006_012.py
Description: SPDM responder shall return valid CHALLENGE_AUTH, if it receives a CHALLENGE with negotiated version 1.2 in (A2, B2, C1).
SPDM Version: 1.2 only
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, …}
SpdmMessage <- Responder
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, Nonce}
SpdmMessage <- Responder
- Assertion 6.12.1:
sizeof(SpdmMessage) >= sizeof(CHALLENGE_AUTH) + SpdmMessage.OpaqueDataLength
- Assertion 6.12.2:
SpdmMessage.RequestResponseCode == CHALLENGE_AUTH
- Assertion 6.12.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.12.4:
(SpdmMessage.Param1.SlotID & 0xF) == SlotID
- Assertion 6.12.5:
(SpdmMessage.Param2.SlotMask & bit_[SlotID]) != 0
- Assertion 6.12.6:
SpdmMessage.CertChainHash == Hash(CertChain) SpdmMessage.CertChainHash == Digests[SlotID]
Assertion 6.12.7:
Repeat (1~2) and use CHALLENGE {Param2=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 6.12.*.
Repeat (1~2) and use CHALLENGE {Param2=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 6.12.*.
###
SPDM_SMBUS_V1_3_Test_007_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_MEASUREMENTS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion+1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
- Assertion 7.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 7.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion-1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
Assertion 7.2.*.
###
SPDM_SMBUS_V1_3_Test_007_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion+1, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
- Assertion 7.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 7.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_007_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_MEASUREMENTS with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
MEASUREMENTS <- Responder
ValidMeasurementIndex[] = array of index in valid MeasurementBlock
InvalidMeasurementIndex[] = array of index not in valid MeasurementBlock, excluding 0 and 0xff
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=InvalidMeasurementIndex[i]}
SpdmMessage <- Responder
- Assertion 7.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 7.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=1, Param2=ValidMeasurementIndex[i], SlotID=InvalidSlotID[i]} – if NegotiatedVersion=1.1+ && MEAS_CAP == 2
SpdmMessage <- Responder
Assertion 7.4.*.
###
SPDM_SMBUS_V1_3_Test_007_005.py
Description: The SPDM Measurement Block from device shall follow SPDM specification.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
SpdmMessage <- Responder
- Assertion 7.5.1:
SpdmMeasurementBlock[i].MeasurementSpecification == DMTF
- Assertion 7.5.2:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].MeasurementSize == 3 + HashSize)
- Assertion 7.5.3:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueSize == HashSize)
- Assertion 7.5.4:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_[6:0] == 0x5) && (SPDMVersion >= SPDM_MESSAGE_VERSION_12) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 == 1)
###
SPDM_SMBUS_V1_3_Test_007_008.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS in a DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X
SpdmMessage <- Responder in session-X
- Assertion 7.8.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.8.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.8.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.8.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 7.8.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_008_003.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_EXCHANGE with non negotiated version.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion+1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.3.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 8.3.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion-1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.3.*.
###
SPDM_SMBUS_V1_3_Test_008_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 8.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_008_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE in a session application.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 8.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 8.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_008_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_EXCHANGE with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=InvalidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 8.6.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(TcbMeasurements+1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.6.*.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(AllMeasurements-1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.6.*.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueDataLength=0xFFFF}
SpdmMessage <- Responder
Assertion 8.6.*.
###
SPDM_SMBUS_V1_3_Test_009_003.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a FINISH with non negotiated version.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=(NegotiatedVersion+1), Param1=0, Param2=0, RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.3.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 9.3.5:
SpdmMessage.Param2 == 0.
Requester -> FINISH {SPDMVersion=(NegotiatedVersion-1), Param1=0, Param2=0}
SpdmMessage <- Responder
Assertion 9.3.*.
###
SPDM_SMBUS_V1_3_Test_009_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData}
SpdmMessage <- Responder
- Assertion 9.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 9.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_009_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH in a session application.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 9.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_009_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a FINISH with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
UnsupportedReqSlotID[] = {0x1 ~ 0x7}
InvalidReqSlotID[] = {0x8 ~ 0xF, 0xFF}
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=UnsupportedReqSlotID[i], RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 9.6.5:
SpdmMessage.Param2 == 0.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=InvalidReqSlotID[i], RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
Assertion 9.6.*.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, no RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
Assertion 9.6.*.
###
SPDM_SMBUS_V1_3_Test_009_007.py
Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with invalid RequesterVerifyData.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.7.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.7.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.7.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.7.4:
SpdmMessage.Param1 == DecryptError.
###
SPDM_SMBUS_V1_3_Test_009_008.py
Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with HANDSHAKE_IN_THE_CLEAR_CAP and invalid RequesterVerifyData.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData}
SpdmMessage <- Responder
- Assertion 9.8.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.8.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.8.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.8.4:
SpdmMessage.Param1 == DecryptError.
###
SPDM_SMBUS_V1_3_Test_012_001.py
Description: SPDM responder shall return valid HEARTBEAT_ACK, if it receives a HEARTBEAT in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.1.1:
sizeof(SpdmMessage) >= sizeof(HEARTBEAT_ACK)
- Assertion 12.1.2:
SpdmMessage.RequestResponseCode == HEARTBEAT_ACK
- Assertion 12.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
###
SPDM_SMBUS_V1_3_Test_012_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a HEARTBEAT with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 12.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 12.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 12.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 12.2.5:
SpdmMessage.Param2 == 0.
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 12.2.*.
###
SPDM_SMBUS_V1_3_Test_012_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a HEARTBEAT in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 12.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 12.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 12.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 12.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_013_001.py
Description: SPDM responder shall return valid KEY_UPDATE_ACK, if it receives a KEY_UPDATE in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag1} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.1:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.2:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.4:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.5:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag2} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.6:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.7:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.8:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.9:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.10:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateAllKeys, Param2=Tag3} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.11:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.12:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.13:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.14:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.15:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag4} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.16:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.17:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.18:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.19:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.20:
SpdmMessage.Param2 == KEY_UPDATE.Param2
###
SPDM_SMBUS_V1_3_Test_013_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_UPDATE with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 13.2.5:
SpdmMessage.Param2 == 0.
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 13.2.*.
###
SPDM_SMBUS_V1_3_Test_013_003.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_UPDATE with invalid field in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(UpdateKey-1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.3.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 13.3.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(VerifyNewKey+1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 13.3.*.
###
SPDM_SMBUS_V1_3_Test_013_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_UPDATE in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 13.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_SMBUS_V1_3_Test_016_001.py
Description: SPDM responder shall return valid END_SESSION_ACK, if it receives a END_SESSION in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.1.1:
sizeof(SpdmMessage) >= sizeof(END_SESSION_ACK)
- Assertion 16.1.2:
SpdmMessage.RequestResponseCode == END_SESSION_ACK
- Assertion 16.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
###
SPDM_SMBUS_V1_3_Test_016_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a END_SESSION with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 16.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 16.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 16.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 16.2.5:
SpdmMessage.Param2 == 0.
Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 16.2.*.
###
SPDM_SMBUS_V1_3_Test_016_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a END_SESSION in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 16.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 16.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 16.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 16.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_001_001.py
Description: SPDM responder shall return valid VERSION, if it receives a GET_VERSION with version 1.0.
SPDM Version: 1.0+
- TestSetup:
None
- TestTeardown:
None
- Steps:
Requester -> GET_VERSION {SPDMVersion=0x10, Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 1.1.1:
sizeof(SpdmMessage) >= offset(VERSION, VersionNumberEntry)
- Assertion 1.1.2:
SpdmMessage.RequestResponseCode == VERSION
- Assertion 1.1.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 1.1.4:
SpdmMessage.VersionNumberEntryCount > 0 && SpdmMessage.VersionNumberEntryCount <= (sizeof(SpdmMessage) - offset(VERSION, VersionNumberEntry)) / sizeof(uint16_t)
- Assertion 1.1.5:
((SpdmMessage.VersionNumberEntry[i].MajorVersion << 4) + SpdmMessage.VersionNumberEntry[i].MinorVersion) is in {0x10, 0x11, 0x12, 0x13}.
SPDM_VDM_V1_3_Test_002_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}
LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 2.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.2.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 2.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 2.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}
SpdmMessage <- Responder
Assertion 2.2.*.
###
SPDM_VDM_V1_3_Test_002_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)
SpdmMessage <- Responder
- Assertion 2.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 2.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 2.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} – if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+
SpdmMessage <- Responder
Assertion 2.4.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} – if NegotiatedVersion=1.2+
SpdmMessage <- Responder
Assertion 2.4.*.
###
SPDM_VDM_V1_3_Test_002_006.py
Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 2.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 2.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 2.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 2.6.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 2.6.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 2.6.*.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, …} – if NegotiatedVersion=1.2
SpdmMessage <- Responder
Assertion 2.6.*.
SPDM_VDM_V1_3_Test_002_007.py
Description: SPDM responder shall return valid CAPABILITIES(0x13), if it receives a GET_CAPABILITIES with negotiated version 1.3.
SPDM Version: 1.3 only
TestSetup: 1. Requester -> GET_VERSION {SPDMVersion=0x10} 2. VERSION <- Responder 3. If 1.3` is not in VERSION.VersionNumberEntry, then skip this case.
TestTeardown: None
Steps: 1. Requester -> GET_CAPABILITIES {SPDMVersion=0x13, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize} 2. SpdmMessage <- Responder
- Assertion 2.7.1:
sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.3)
- Assertion 2.7.2:
SpdmMessage.RequestResponseCode == CAPABILITIES
- Assertion 2.7.3:
SpdmMessage.SPDMVersion == 0x13
- Assertion 2.7.4:
Flags.MEAS_CAP != 3
- Assertion 2.7.5:
if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
- Assertion 2.7.6:
if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
- Assertion 2.7.7:
if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
- Assertion 2.7.8:
Flags.PSK_CAP != 3
- Assertion 2.7.9:
if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
- Assertion 2.7.10:
if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)
- Assertion 2.7.11:
if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)
- Assertion 2.7.12:
if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)
- Assertion 2.7.13:
SpdmMessage.DataTransferSize >= MinDataTransferSize
- Assertion 2.7.14:
SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize
- Assertion 2.7.15:
if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)
SPDM_VDM_V1_3_Test_003_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a NEGOTIATE_ALGORITHMS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 3.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 3.2.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 3.2.*.
###
SPDM_VDM_V1_3_Test_003_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a NEGOTIATE_ALGORITHMS before GET_CAPABILITIES.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 3.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.3.3:
SpdmMessage.SPDMVersion == 0x10
- Assertion 3.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 3.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_003_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a NEGOTIATE_ALGORITHMS with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length-1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 3.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 3.4.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length+1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtAsymCount=21, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtHashCount=21, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=1, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=3, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=2, ExtAlgCount=0xF, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.4.*.
###
SPDM_VDM_V1_3_Test_003_007.py
Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
- Assertion 3.7.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 3.7.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 3.7.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 3.7.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 3.7.5:
SpdmMessage.Param2 == 0.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, MeasurementSpecification=DMTF, BaseAsymAlgo=BaseAsymSel, BaseHashAlgo=BaseHashSel, …} – if NegotiatedVersion=1.0+
SpdmMessage <- Responder
Assertion 3.7.*.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Dhe=DheSel, Aead=AeadSel, BaseReqAsymAlg=BaseReqAsymSel, …} – if NegotiatedVersion=1.1+
SpdmMessage <- Responder
Assertion 3.7.*.
SPDM_VDM_V1_3_Test_004_001.py
Description: SPDM responder shall return valid DIGESTS, if it receives a GET_DIGESTS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0}
SpdmMessage <- Responder
- Assertion 4.1.1:
sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0])
- Assertion 4.1.2:
SpdmMessage.RequestResponseCode == DIGESTS
- Assertion 4.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.1.4:
SpdmMessage.Param2.SlotMask.bit_0 == 1
- Assertion 4.1.5:
SlotCount = bit number of SpdmMessage.Param2.SlotMask sizeof(SpdmMessage) >= offset(DIGESTS, Digest[0]) + HashSize * SlotCount
###
SPDM_VDM_V1_3_Test_004_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_DIGESTS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 4.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 4.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 4.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 4.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_DIGESTS {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 4.2.*.
###
SPDM_VDM_V1_3_Test_004_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_DIGESTS before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 4.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 4.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 4.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 4.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 4.3.5:
SpdmMessage.Param2 == 0.
SPDM_VDM_V1_3_Test_005_001.py
Description: SPDM responder shall return valid CERTIFICATE, if it receives a GET_CERTIFICATE.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=0, Length=0x400}
SpdmMessage <- Responder
- Assertion 5.1.1:
sizeof(SpdmMessage) >= sizeof(CERTIFICATE, CertChain)
- Assertion 5.1.2:
SpdmMessage.RequestResponseCode == CERTIFICATE
- Assertion 5.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.1.4:
SpdmMessage.PortionLength > 0 SpdmMessage.PortionLength <= GET_CERTIFICATE.Length
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=0, Offset=NextOffset, Length=0x400}, while SpdmMessage.RemainderLength != 0
SpdmMessage <- Responder
Assertion 5.1.*.
- Assertion 5.1.5:
CertChain.Length == sizeof(CertChain)
- Assertion 5.1.6:
Hash(CertChain) == Digests[i]
###
SPDM_VDM_V1_3_Test_005_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CERTIFICATE with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 5.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 5.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CERTIFICATE {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 5.2.*.
###
SPDM_VDM_V1_3_Test_005_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 5.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 5.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_005_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CERTIFICATE with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}
- TestTeardown:
None
- Steps:
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=0, Offset=0, Length=0x400}
SpdmMessage <- Responder
- Assertion 5.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 5.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 5.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 5.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 5.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=0, Invalid_Offset=0xFFFF, Length=0x400}
SpdmMessage <- Responder
Assertion 5.4.*.
###
SPDM_VDM_V1_3_Test_006_004.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a CHALLENGE with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion+1), …}
SpdmMessage <- Responder
- Assertion 6.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.4.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 6.4.5:
SpdmMessage.Param2 == 0.
Requester -> CHALLENGE {SPDMVersion=(NegotiatedVersion-1), …}
SpdmMessage <- Responder
Assertion 6.4.*.
###
SPDM_VDM_V1_3_Test_006_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_CERTIFICATE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, …}
SpdmMessage <- Responder
- Assertion 6.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 6.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_006_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a CHALLENGE with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=InvalidSlotID[i], Param2=NoMeasurement}
SpdmMessage <- Responder
- Assertion 6.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 6.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 6.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 6.6.5:
SpdmMessage.Param2 == 0.
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(TcbMeasurements+1)}
SpdmMessage <- Responder
Assertion 6.6.*.
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=0, Param2=(AllMeasurements-1)}
SpdmMessage <- Responder
Assertion 6.6.*.
###
SPDM_VDM_V1_3_Test_006_012.py
Description: SPDM responder shall return valid CHALLENGE_AUTH, if it receives a CHALLENGE with negotiated version 1.2 in (A2, B2, C1).
SPDM Version: 1.2 only
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0 || Flags.CHAL_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Digests[] = array of DIGESTS.Digest
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, …}
SpdmMessage <- Responder
- TestTeardown:
None
- Steps:
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=NoMeasurement, Nonce}
SpdmMessage <- Responder
- Assertion 6.12.1:
sizeof(SpdmMessage) >= sizeof(CHALLENGE_AUTH) + SpdmMessage.OpaqueDataLength
- Assertion 6.12.2:
SpdmMessage.RequestResponseCode == CHALLENGE_AUTH
- Assertion 6.12.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 6.12.4:
(SpdmMessage.Param1.SlotID & 0xF) == SlotID
- Assertion 6.12.5:
(SpdmMessage.Param2.SlotMask & bit_[SlotID]) != 0
- Assertion 6.12.6:
SpdmMessage.CertChainHash == Hash(CertChain) SpdmMessage.CertChainHash == Digests[SlotID]
Assertion 6.12.7:
Repeat (1~2) and use CHALLENGE {Param2=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 6.12.*.
Repeat (1~2) and use CHALLENGE {Param2=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 6.12.*.
###
SPDM_VDM_V1_3_Test_007_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_MEASUREMENTS with non negotiated version.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion+1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
- Assertion 7.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 7.2.5:
SpdmMessage.Param2 == 0.
Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion-1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
Assertion 7.2.*.
###
SPDM_VDM_V1_3_Test_007_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.CERT_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion+1, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
SpdmMessage <- Responder
- Assertion 7.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 7.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_007_004.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_MEASUREMENTS with invalid field.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
MEASUREMENTS <- Responder
ValidMeasurementIndex[] = array of index in valid MeasurementBlock
InvalidMeasurementIndex[] = array of index not in valid MeasurementBlock, excluding 0 and 0xff
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=InvalidMeasurementIndex[i]}
SpdmMessage <- Responder
- Assertion 7.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.4.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 7.4.5:
SpdmMessage.Param2 == 0.
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=1, Param2=ValidMeasurementIndex[i], SlotID=InvalidSlotID[i]} – if NegotiatedVersion=1.1+ && MEAS_CAP == 2
SpdmMessage <- Responder
Assertion 7.4.*.
###
SPDM_VDM_V1_3_Test_007_005.py
Description: The SPDM Measurement Block from device shall follow SPDM specification.
SPDM Version: 1.0+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
CERTIFICATE <- Responder
Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, …}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
CHALLENGE_AUTH <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
SpdmMessage <- Responder
- Assertion 7.5.1:
SpdmMeasurementBlock[i].MeasurementSpecification == DMTF
- Assertion 7.5.2:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].MeasurementSize == 3 + HashSize)
- Assertion 7.5.3:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueSize == HashSize)
- Assertion 7.5.4:
if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_[6:0] == 0x5) && (SPDMVersion >= SPDM_MESSAGE_VERSION_12) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 == 1)
###
SPDM_VDM_V1_3_Test_007_008.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS in a DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X
SpdmMessage <- Responder in session-X
- Assertion 7.8.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 7.8.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 7.8.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 7.8.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 7.8.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_008_003.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_EXCHANGE with non negotiated version.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion+1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.3.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 8.3.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion-1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.3.*.
###
SPDM_VDM_V1_3_Test_008_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 8.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_008_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE in a session application.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 8.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 8.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_008_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_EXCHANGE with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=InvalidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
- Assertion 8.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 8.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 8.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 8.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 8.6.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(TcbMeasurements+1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.6.*.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(AllMeasurements-1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
SpdmMessage <- Responder
Assertion 8.6.*.
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueDataLength=0xFFFF}
SpdmMessage <- Responder
Assertion 8.6.*.
###
SPDM_VDM_V1_3_Test_009_003.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a FINISH with non negotiated version.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=(NegotiatedVersion+1), Param1=0, Param2=0, RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.3.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 9.3.5:
SpdmMessage.Param2 == 0.
Requester -> FINISH {SPDMVersion=(NegotiatedVersion-1), Param1=0, Param2=0}
SpdmMessage <- Responder
Assertion 9.3.*.
###
SPDM_VDM_V1_3_Test_009_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData}
SpdmMessage <- Responder
- Assertion 9.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 9.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_009_005.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a FINISH in a session application.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.5.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.5.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.5.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.5.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 9.5.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_009_006.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a FINISH with invalid field.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
UnsupportedReqSlotID[] = {0x1 ~ 0x7}
InvalidReqSlotID[] = {0x8 ~ 0xF, 0xFF}
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=UnsupportedReqSlotID[i], RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.6.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.6.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.6.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.6.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 9.6.5:
SpdmMessage.Param2 == 0.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=1, Param2.ReqSlotID=InvalidReqSlotID[i], RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
Assertion 9.6.*.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, no RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
Assertion 9.6.*.
###
SPDM_VDM_V1_3_Test_009_007.py
Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with invalid RequesterVerifyData.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData} in session-X
SpdmMessage <- Responder in session-X
- Assertion 9.7.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.7.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.7.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.7.4:
SpdmMessage.Param1 == DecryptError.
###
SPDM_VDM_V1_3_Test_009_008.py
Description: SPDM responder shall return ERROR(DecryptError), if it receives a FINISH with HANDSHAKE_IN_THE_CLEAR_CAP and invalid RequesterVerifyData.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> FINISH {SPDMVersion=NegotiatedVersion, Param1.Sig=0, Param2.ReqSlotID=0, !RequesterVerifyData}
SpdmMessage <- Responder
- Assertion 9.8.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 9.8.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 9.8.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 9.8.4:
SpdmMessage.Param1 == DecryptError.
###
SPDM_VDM_V1_3_Test_012_001.py
Description: SPDM responder shall return valid HEARTBEAT_ACK, if it receives a HEARTBEAT in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.1.1:
sizeof(SpdmMessage) >= sizeof(HEARTBEAT_ACK)
- Assertion 12.1.2:
SpdmMessage.RequestResponseCode == HEARTBEAT_ACK
- Assertion 12.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
###
SPDM_VDM_V1_3_Test_012_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a HEARTBEAT with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 12.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 12.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 12.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 12.2.5:
SpdmMessage.Param2 == 0.
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 12.2.*.
###
SPDM_VDM_V1_3_Test_012_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a HEARTBEAT in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.HBEAT_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
If KEY_EXCHANGE_RSP.Param1.HeartbeatPeriod == 0, then skip this case.
- TestTeardown:
None
- Steps:
Requester -> HEARTBEAT {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 12.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 12.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 12.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 12.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 12.3.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_013_001.py
Description: SPDM responder shall return valid KEY_UPDATE_ACK, if it receives a KEY_UPDATE in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag1} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.1:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.2:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.4:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.5:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag2} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.6:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.7:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.8:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.9:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.10:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateAllKeys, Param2=Tag3} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.11:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.12:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.13:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.14:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.15:
SpdmMessage.Param2 == KEY_UPDATE.Param2
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag4} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.1.16:
sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)
- Assertion 13.1.17:
SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK
- Assertion 13.1.18:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.1.19:
SpdmMessage.Param1 == KEY_UPDATE.Param1
- Assertion 13.1.20:
SpdmMessage.Param2 == KEY_UPDATE.Param2
###
SPDM_VDM_V1_3_Test_013_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_UPDATE with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 13.2.5:
SpdmMessage.Param2 == 0.
Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 13.2.*.
###
SPDM_VDM_V1_3_Test_013_003.py
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_UPDATE with invalid field in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(UpdateKey-1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.3.4:
SpdmMessage.Param1 == InvalidRequest.
- Assertion 13.3.5:
SpdmMessage.Param2 == 0.
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(VerifyNewKey+1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 13.3.*.
###
SPDM_VDM_V1_3_Test_013_004.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_UPDATE in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag} in session-X
SpdmMessage <- Responder in session-X
- Assertion 13.4.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 13.4.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 13.4.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 13.4.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 13.4.5:
SpdmMessage.Param2 == 0.
###
SPDM_VDM_V1_3_Test_016_001.py
Description: SPDM responder shall return valid END_SESSION_ACK, if it receives a END_SESSION in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.1.1:
sizeof(SpdmMessage) >= sizeof(END_SESSION_ACK)
- Assertion 16.1.2:
SpdmMessage.RequestResponseCode == END_SESSION_ACK
- Assertion 16.1.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
###
SPDM_VDM_V1_3_Test_016_002.py
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a END_SESSION with non negotiated version in DHE session.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
Requester -> FINISH {SPDMVersion=NegotiatedVersion, …} in session-X
FINISH_RSP <- Responder in session-X
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion+1), …} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.2.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 16.2.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 16.2.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 16.2.4:
SpdmMessage.Param1 == VersionMismatch.
- Assertion 16.2.5:
SpdmMessage.Param2 == 0.
Requester -> END_SESSION {SPDMVersion=(NegotiatedVersion-1), …} in session-X
SpdmMessage <- Responder in session-X
Assertion 16.2.*.
###
SPDM_VDM_V1_3_Test_016_003.py
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a END_SESSION in DHE session handshake.
SPDM Version: 1.1+
- TestSetup:
Requester -> GET_VERSION {SPDMVersion=0x10}
VERSION <- Responder
If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, …}
CAPABILITIES <- Responder
If Flags.KEY_EX_CAP == 0, then skip this case.
Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, …}
ALGORITHMS <- Responder
Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, …}
DIGESTS <- Responder
ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], …}
CERTIFICATE <- Responder
Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, …}
KEY_EXCHANGE_RSP <- Responder
- TestTeardown:
None
- Steps:
Requester -> END_SESSION {SPDMVersion=NegotiatedVersion, Param1.StatePreservation=0, Param2=0} in session-X
SpdmMessage <- Responder in session-X
- Assertion 16.3.1:
sizeof(SpdmMessage) >= sizeof(ERROR)
- Assertion 16.3.2:
SpdmMessage.RequestResponseCode == ERROR
- Assertion 16.3.3:
SpdmMessage.SPDMVersion == NegotiatedVersion
- Assertion 16.3.4:
SpdmMessage.Param1 == UnexpectedRequest.
- Assertion 16.3.5:
SpdmMessage.Param2 == 0.
###