Description: SPDM responder shall return valid KEY_EXCHANGE_RSP, if it receives a KEY_EXCHANGE with negotiated version 1.1.
SPDM Version: 1.1
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.1.1: sizeof(SpdmMessage) >= sizeof(KEY_EXCHANGE_RSP) + SpdmMessage.OpaqueDataLength
Assertion 8.1.2: SpdmMessage.RequestResponseCode == KEY_EXCHANGE_RSP
Assertion 8.1.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.1.4: SpdmMessage.MutAuthRequested == 0 && SpdmMessage.SlotIDParam == 0
Assertion 8.1.5: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, TH.SIG.KEY_EXCHANGE_RSP) version 1.1 success
Assertion 8.1.6: HMACVerify (finished_key, SpdmMessage.ResponderVerifyData, TH.HMAC.KEY_EXCHANGE_RSP) version 1.1 success
- Repeat (1~2) and use KEY_EXCHANGE {Param1=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 8.1.*.
- Repeat (1~2) and use KEY_EXCHANGE {Param1=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 8.1.*.
Description: SPDM responder shall return valid KEY_EXCHANGE_RSP with HANDSHAKE_IN_THE_CLEAR, if it receives a KEY_EXCHANGE with HANDSHAKE_IN_THE_CLEAR_CAP and negotiated version 1.1.
SPDM Version: 1.1
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.2.1: sizeof(SpdmMessage) >= sizeof(KEY_EXCHANGE_RSP) + SpdmMessage.OpaqueDataLength - HMAC size
Assertion 8.2.2: SpdmMessage.RequestResponseCode == KEY_EXCHANGE_RSP
Assertion 8.2.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.2.4: SpdmMessage.MutAuthRequested == 0 && SpdmMessage.SlotIDParam == 0
Assertion 8.2.5: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, TH.SIG.KEY_EXCHANGE_RSP) version 1.1 success
- Repeat (1~2) and use KEY_EXCHANGE {Param1=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 8.2.*.
- Repeat (1~2) and use KEY_EXCHANGE {Param1=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 8.2.*.
Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_EXCHANGE with non negotiated version.
SPDM Version: 1.1+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion+1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.3.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 8.3.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 8.3.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.3.4: SpdmMessage.Param1 == VersionMismatch.
Assertion 8.3.5: SpdmMessage.Param2 == 0.
- Requester -> KEY_EXCHANGE {SPDMVersion=(NegotiatedVersion-1), Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.3.*.
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE before NEGOTIATE_ALGORITHMS.
SPDM Version: 1.1+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0, then skip this case.
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 8.4.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 8.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.4.4: SpdmMessage.Param1 == UnexpectedRequest.
Assertion 8.4.5: SpdmMessage.Param2 == 0.
Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_EXCHANGE in a session application.
SPDM Version: 1.1+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, ...}
- KEY_EXCHANGE_RSP <- Responder
- Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
- FINISH_RSP <- Responder in session-X
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData} in session-X
- SpdmMessage <- Responder in session-X
Assertion 8.5.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 8.5.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 8.5.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.5.4: SpdmMessage.Param1 == UnexpectedRequest.
Assertion 8.5.5: SpdmMessage.Param2 == 0.
Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_EXCHANGE with invalid field.
SPDM Version: 1.1+
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xF, 0xFF}
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=InvalidSlotID[i], ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.6.1: sizeof(SpdmMessage) >= sizeof(ERROR)
Assertion 8.6.2: SpdmMessage.RequestResponseCode == ERROR
Assertion 8.6.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.6.4: SpdmMessage.Param1 == InvalidRequest.
Assertion 8.6.5: SpdmMessage.Param2 == 0.
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(TcbMeasurements+1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.6.*.
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=(AllMeasurements-1), Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.6.*.
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=0, ReqSessionID, RandomData, ExchangeData, OpaqueDataLength=0xFFFF}
- SpdmMessage <- Responder
Assertion 8.6.*.
Description: SPDM responder shall return valid KEY_EXCHANGE_RSP, if it receives a KEY_EXCHANGE with negotiated version 1.2.
SPDM Version: 1.2
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=0, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, SessionPolicy.TerminationPolicy=1, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.7.1: sizeof(SpdmMessage) >= sizeof(KEY_EXCHANGE_RSP) + SpdmMessage.OpaqueDataLength
Assertion 8.7.2: SpdmMessage.RequestResponseCode == KEY_EXCHANGE_RSP
Assertion 8.7.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.7.4: SpdmMessage.MutAuthRequested == 0 && SpdmMessage.SlotIDParam == 0
Assertion 8.7.5: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, TH.SIG.KEY_EXCHANGE_RSP) version 1.2 success
Assertion 8.7.6: HMACVerify (finished_key, SpdmMessage.ResponderVerifyData, TH.HMAC.KEY_EXCHANGE_RSP) version 1.2 success
- Repeat (1~2) and use KEY_EXCHANGE {Param1=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 8.7.*.
- Repeat (1~2) and use KEY_EXCHANGE {Param1=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 8.7.*.
Description: SPDM responder shall return valid KEY_EXCHANGE_RSP with HANDSHAKE_IN_THE_CLEAR, if it receives a KEY_EXCHANGE with HANDSHAKE_IN_THE_CLEAR_CAP and negotiated version 1.2.
SPDM Version: 1.2
TestSetup:
- Requester -> GET_VERSION {SPDMVersion=0x10}
- VERSION <- Responder
- If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
- Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, Flags.MUT_AUTH_CAP=0, Flags.HANDSHAKE_IN_THE_CLEAR_CAP=1, ...}
- CAPABILITIES <- Responder
- If Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0 || Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 0, then skip this case.
- Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
- ALGORITHMS <- Responder
- Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
- DIGESTS <- Responder
- ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
- Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
- CERTIFICATE <- Responder
TestTeardown: None
Steps:
- Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=NoMeasurement, Param2.SlotID=ValidSlotID[i], ReqSessionID, SessionPolicy.TerminationPolicy=1, RandomData, ExchangeData, OpaqueData}
- SpdmMessage <- Responder
Assertion 8.8.1: sizeof(SpdmMessage) >= sizeof(KEY_EXCHANGE_RSP) + SpdmMessage.OpaqueDataLength - HMAC size
Assertion 8.8.2: SpdmMessage.RequestResponseCode == KEY_EXCHANGE_RSP
Assertion 8.8.3: SpdmMessage.SPDMVersion == NegotiatedVersion
Assertion 8.8.4: SpdmMessage.MutAuthRequested == 0 && SpdmMessage.SlotIDParam == 0
Assertion 8.8.5: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, TH.SIG.KEY_EXCHANGE_RSP) version 1.2 success
- Repeat (1~2) and use KEY_EXCHANGE {Param1=TcbMeasurements}, if Flags.MEAS_CAP != 0.
Assertion 8.8.*.
- Repeat (1~2) and use KEY_EXCHANGE {Param1=AllMeasurement}, if Flags.MEAS_CAP != 0.
Assertion 8.8.*.