Skip to content

Latest commit

 

History

History
280 lines (183 loc) · 8.37 KB

2.Capabilities.md

File metadata and controls

280 lines (183 loc) · 8.37 KB

2. Test Case for CAPABILITIES

Case 2.1

Description: SPDM responder shall return valid CAPABILITIES(0x10), if it receives a GET_CAPABILITIES with negotiated version 1.0.

SPDM Version: 1.0 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.0 is not in VERSION.VersionNumberEntry, then skip this case.

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=0x10, Param1=0, Param2=0}
  2. SpdmMessage <- Responder

Assertion 2.1.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.0)

Assertion 2.1.2: SpdmMessage.RequestResponseCode == CAPABILITIES

Assertion 2.1.3: SpdmMessage.SPDMVersion == 0x10

Assertion 2.1.4: Flags.MEAS_CAP != 3

Case 2.2

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_CAPABILITIES with non negotiated version.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. HighestVersion = Max{SpdmMessage.VersionNumberEntry[0..(n-1)]}
  4. LowestVersion = Min{SpdmMessage.VersionNumberEntry[0..(n-1)]}

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=(HighestVersion+1), Param1=0, Param2=0}
  2. SpdmMessage <- Responder

Assertion 2.2.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.2.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 2.2.3: SpdmMessage.SPDMVersion == 0x10

Assertion 2.2.4: SpdmMessage.Param1 == VersionMismatch.

Assertion 2.2.5: SpdmMessage.Param2 == 0.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=(LowestVersion-1), Param1=0, Param2=0}
  2. SpdmMessage <- Responder

Assertion 2.2.*.

Case 2.3

Description: SPDM responder shall return valid CAPABILITIES(0x11), if it receives a GET_CAPABILITIES with negotiated version 1.1.

SPDM Version: 1.1 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=0x11, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP}
  2. SpdmMessage <- Responder

Assertion 2.3.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.1)

Assertion 2.3.2: SpdmMessage.RequestResponseCode == CAPABILITIES

Assertion 2.3.3: SpdmMessage.SPDMVersion == 0x11

Assertion 2.3.4: Flags.MEAS_CAP != 3

Assertion 2.3.5: if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.3.6: if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.3.7: if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.3.8: Flags.PSK_CAP != 3

Assertion 2.3.9: if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.3.10: if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)

Assertion 2.3.11: if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)

Assertion 2.3.12: if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)

Assertion 2.3.13: if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)

Case 2.4

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_CAPABILITIES with invalid field.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1+ (It is invalid because ENCRYPT_CAP and MAC_CAP are clear, when KEY_EX_CAP or PSK_CAP is set.)
  2. SpdmMessage <- Responder

Assertion 2.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.4.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 2.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.4.4: SpdmMessage.Param1 == InvalidRequest.

Assertion 2.4.5: SpdmMessage.Param2 == 0.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1+ (It is invalid because KEY_EX_CAP and PSK_CAP are clear, when ENCRYPT_CAP or MAC_CAP is set.)
  2. SpdmMessage <- Responder

Assertion 2.4.*.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|HBEAT_CAP|KEY_UPD_CAP} -- if NegotiatedVersion=1.1 only (It is invalid because ENCAP_CAP is clear, when MUT_AUTH_CAP is set.)
  2. SpdmMessage <- Responder

Assertion 2.4.*.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=41, MaxSPDMmsgSize} -- if NegotiatedVersion=1.2+
  2. SpdmMessage <- Responder

Assertion 2.4.*.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize=MaxSPDMmsgSize+1, MaxSPDMmsgSize} -- if NegotiatedVersion=1.2+
  2. SpdmMessage <- Responder

Assertion 2.4.*.

Case 2.5

Description: SPDM responder shall return valid CAPABILITIES(0x12), if it receives a GET_CAPABILITIES with negotiated version 1.2.

SPDM Version: 1.2 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=0x12, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize}
  2. SpdmMessage <- Responder

Assertion 2.5.1: sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.2)

Assertion 2.5.2: SpdmMessage.RequestResponseCode == CAPABILITIES

Assertion 2.5.3: SpdmMessage.SPDMVersion == 0x12

Assertion 2.5.4: Flags.MEAS_CAP != 3

Assertion 2.5.5: if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.5.6: if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2)

Assertion 2.5.7: if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.5.8: Flags.PSK_CAP != 3

Assertion 2.5.9: if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1)

Assertion 2.5.10: if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1)

Assertion 2.5.11: if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1)

Assertion 2.5.12: if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0)

Assertion 2.5.13: SpdmMessage.DataTransferSize >= MinDataTransferSize

Assertion 2.5.14: SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize

Assertion 2.5.15: if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1)

Case 2.6

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, ...}
  4. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 2.6.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 2.6.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 2.6.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 2.6.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 2.6.5: SpdmMessage.Param2 == 0.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, CTExponent+1, Flags-HBEAT_CAP, ...} -- if NegotiatedVersion=1.1+
  2. SpdmMessage <- Responder

Assertion 2.6.*.

  1. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, DataTransferSize+1, MaxSPDMmsgSize+1, ...} -- if NegotiatedVersion=1.2
  2. SpdmMessage <- Responder

Assertion 2.6.*.