Description: SPDM responder shall return valid CAPABILITIES(0x10), if it receives a GET_CAPABILITIES with negotiated version 1.0.
SPDM Version: 1.0 only
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.0 is not in VERSION.VersionNumberEntry, then skip this case.
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=0x10, Param1=0, Param2=0}
- SpdmMessage <- Responder
Assertion 2.1.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.0)
Assertion 2.1.2: SpdmMessage.RequestResponseCode == CAPABILITIES
Assertion 2.1.3: SpdmMessage.SPDMVersion == 0x10
Assertion 2.1.4: Flags.MEAS_CAP != 3
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.
SPDM Version: 1.0+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}
- LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}
- SpdmMessage <- Responder
Assertion 2.2.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 2.2.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 2.2.3: SpdmMessage.SPDMVersion == 0x10
Assertion 2.2.4: SpdmMessage.Param1 == VersionMismatch.
Assertion 2.2.5: SpdmMessage.Param2 == 0.
- Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}
- SpdmMessage <- Responder
Assertion 2.2.*.
Description: SPDM responder shall return valid CAPABILITIES(0x11), if it receives a GET_CAPABILITIES with negotiated version 1.1.
SPDM Version: 1.1 only
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=0x11, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP}
- SpdmMessage <- Responder
Assertion 2.3.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.1)
Assertion 2.3.2: SpdmMessage.RequestResponseCode == CAPABILITIES
Assertion 2.3.3: SpdmMessage.SPDMVersion == 0x11
Assertion 2.3.4: Flags.MEAS_CAP != 3
Assertion 2.3.5: if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
Assertion 2.3.6: if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
Assertion 2.3.7: if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
Assertion 2.3.8: Flags.PSK_CAP != 3
Assertion 2.3.9: if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
Assertion 2.3.10: if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)
Assertion 2.3.11: if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)
Assertion 2.3.12: if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)
Assertion 2.3.13: if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.
SPDM Version: 1.1+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)
- SpdmMessage <- Responder
Assertion 2.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 2.4.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 2.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 2.4.4: SpdmMessage.Param1 == InvalidRequest.
Assertion 2.4.5: SpdmMessage.Param2 == 0.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)
- SpdmMessage <- Responder
Assertion 2.4.*.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)
- SpdmMessage <- Responder
Assertion 2.4.*.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} -- if NegotiatedVersion=1.2+
- SpdmMessage <- Responder
Assertion 2.4.*.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} -- if NegotiatedVersion=1.2+
- SpdmMessage <- Responder
Assertion 2.4.*.
Description: SPDM responder shall return valid CAPABILITIES(0x12), if it receives a GET_CAPABILITIES with negotiated version 1.2.
SPDM Version: 1.2 only
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=0x12, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize}
- SpdmMessage <- Responder
Assertion 2.5.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.2)
Assertion 2.5.2: SpdmMessage.RequestResponseCode == CAPABILITIES
Assertion 2.5.3: SpdmMessage.SPDMVersion == 0x12
Assertion 2.5.4: Flags.MEAS_CAP != 3
Assertion 2.5.5: if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
Assertion 2.5.6: if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)
Assertion 2.5.7: if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
Assertion 2.5.8: Flags.PSK_CAP != 3
Assertion 2.5.9: if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)
Assertion 2.5.10: if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)
Assertion 2.5.11: if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)
Assertion 2.5.12: if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)
Assertion 2.5.13: SpdmMessage.DataTransferSize >= MinDataTransferSize
Assertion 2.5.14: SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize
Assertion 2.5.15: if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)
Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.
SPDM Version: 1.0+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, ...}
- CAPABILITIES <- Responder
TestTeardown: None
Steps:
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, ...} -- if NegotiatedVersion=1.0+
- SpdmMessage <- Responder
Assertion 2.6.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 2.6.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 2.6.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 2.6.4: SpdmMessage.Param1 == UnexpectedRequest.
Assertion 2.6.5: SpdmMessage.Param2 == 0.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, ...} -- if NegotiatedVersion=1.1+
- SpdmMessage <- Responder
Assertion 2.6.*.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, ...} -- if NegotiatedVersion=1.2
- SpdmMessage <- Responder
Assertion 2.6.*.