Skip to content

Latest commit

 

History

History
407 lines (284 loc) · 18.4 KB

3.Algorithms.md

File metadata and controls

407 lines (284 loc) · 18.4 KB
Raw

3. Test Case for ALGORITHMS

Case 3.1

Description: SPDM responder shall return valid ALGORITHMS(0x10), if it receives a GET_ALGORITHMS with negotiated version 1.0.

SPDM Version: 1.0 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.0 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=0x10, ...}
  5. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=0x10, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}
  2. SpdmMessage <- Responder

Assertion 3.1.1: sizeof(SpdmMessage) >= sizeof(ALGORITHMS_1.0)

Assertion 3.1.2: SpdmMessage.RequestResponseCode == ALGORITHMS

Assertion 3.1.3: SpdmMessage.SPDMVersion == 0x10

Assertion 3.1.4: SpdmMessage.Length <= sizeof(SpdmMessage) SpdmMessage.Length == offset(ALGORITHMS_1.0, ExtAsymSel) + 4 * SpdmMessage.ExtAsymSelCount + 4 * SpdmMessage.ExtHashSelCount

Assertion 3.1.5: SpdmMessage.ExtAsymSelCount == 0

Assertion 3.1.6: SpdmMessage.ExtHashSelCount == 0

Assertion 3.1.7: SpdmMessage.MeasurementSpecificationSel only has one bit at most. MeasurementSpecificationSel == DMTF || MeasurementSpecificationSel == 0

Assertion 3.1.8: SpdmMessage.MeasurementHashAlgo only has one bit at most. if (MEAS_CAP != 0) then (MeasurementHashAlgo == one of {Raw Bit Stream Only, TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512}) if (MEAS_CAP == 0) then (MeasurementHashAlgo == 0)

Assertion 3.1.9: SpdmMessage.BaseAsymSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2) then (BaseAsymSel == one of {TPM_ALG_RSASSA_2048, TPM_ALG_RSAPSS_2048, TPM_ALG_RSASSA_3072, TPM_ALG_RSAPSS_3072, TPM_ALG_ECDSA_ECC_NIST_P256, TPM_ALG_RSASSA_4096, TPM_ALG_RSAPSS_4096, TPM_ALG_ECDSA_ECC_NIST_P384, TPM_ALG_ECDSA_ECC_NIST_P521}) if (CHAL_CAP == 0 && MEAS_CAP != 2) then (BaseAsymSel == 0)

Assertion 3.1.10: SpdmMessage.BaseHashSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2) then (BaseHashSel == one of {TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512}) if (CHAL_CAP == 0 && MEAS_CAP != 2) then (BaseHashSel == 0)

Case 3.2

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a NEGOTIATE_ALGORITHMS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion+1), ...}
  2. SpdmMessage <- Responder

Assertion 3.2.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.2.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 3.2.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.2.4: SpdmMessage.Param1 == VersionMismatch.

Assertion 3.2.5: SpdmMessage.Param2 == 0.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=(NegotiatedVersion-1), ...}
  2. SpdmMessage <- Responder

Assertion 3.2.*.

Case 3.3

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a NEGOTIATE_ALGORITHMS before GET_CAPABILITIES.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  2. SpdmMessage <- Responder

Assertion 3.3.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.3.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 3.3.3: SpdmMessage.SPDMVersion == 0x10

Assertion 3.3.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.3.5: SpdmMessage.Param2 == 0.

Case 3.4

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a NEGOTIATE_ALGORITHMS with invalid field.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length-1, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.4.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 3.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.4.4: SpdmMessage.Param1 == InvalidRequest.

Assertion 3.4.5: SpdmMessage.Param2 == 0.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Length+1, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtAsymCount=21, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ExtHashCount=21, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=1, ...} -- if NegotiatedVersion=1.1+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=3, ...} -- if NegotiatedVersion=1.1+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, FixedAlgCount=2, ExtAlgCount=0xF, ...} -- if NegotiatedVersion=1.1+
  2. SpdmMessage <- Responder

Assertion 3.4.*.

Case 3.5

Description: SPDM responder shall return valid ALGORITHMS(0x11), if it receives a GET_ALGORITHMS with negotiated version 1.1.

SPDM Version: 1.1 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=0x11, ...}
  5. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=0x11, Param1.NumOfAlgoStruct=4, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0, ReqAlgStruct[0]{AlgType=DHE, AlgSupported=ffdhe2048|ffdhe3072|ffdhe4096|secp256r1|secp384r1|secp521r1}, ReqAlgStruct[1]{AlgType=AEAD, AlgSupported=AES-128-GCM|AES-256-GCM|CHACHA20_POLY1305}, ReqAlgStruct[2]{AlgType=ReqBaseAsymAlg, AlgSupported=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521}, ReqAlgStruct[3]{AlgType=KeySchedule, AlgSupported=SPDM} }
  2. SpdmMessage <- Responder

Assertion 3.5.1: sizeof(SpdmMessage) >= sizeof(ALGORITHMS_1.1)

Assertion 3.5.2: SpdmMessage.RequestResponseCode == ALGORITHMS

Assertion 3.5.3: SpdmMessage.SPDMVersion == 0x11

Assertion 3.5.4: SpdmMessage.Length <= sizeof(SpdmMessage) SpdmMessage.Length == offset(ALGORITHMS_1.1, ExtAsymSel) + 4 * SpdmMessage.ExtAsymSelCount + 4 * SpdmMessage.ExtHashSelCount + SpdmMessage.Param1 * sizeof(AlgStructSize)

Assertion 3.5.5: SpdmMessage.ExtAsymSelCount == 0

Assertion 3.5.6: SpdmMessage.ExtHashSelCount == 0

Assertion 3.5.7: SpdmMessage.MeasurementSpecificationSel only has one bit at most. MeasurementSpecificationSel == DMTF || MeasurementSpecificationSel == 0

Assertion 3.5.8: SpdmMessage.MeasurementHashAlgo only has one bit at most. if (MEAS_CAP != 0) then (MeasurementHashAlgo == one of {Raw Bit Stream Only, TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512}) if (MEAS_CAP == 0) then (MeasurementHashAlgo == 0)

Assertion 3.5.9: SpdmMessage.BaseAsymSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (BaseAsymSel == one of {TPM_ALG_RSASSA_2048, TPM_ALG_RSAPSS_2048, TPM_ALG_RSASSA_3072, TPM_ALG_RSAPSS_3072, TPM_ALG_ECDSA_ECC_NIST_P256, TPM_ALG_RSASSA_4096, TPM_ALG_RSAPSS_4096, TPM_ALG_ECDSA_ECC_NIST_P384, TPM_ALG_ECDSA_ECC_NIST_P521}) if (CHAL_CAP == 0 && MEAS_CAP != 2 && KEY_EX_CAP == 0) then (BaseAsymSel == 0)

Assertion 3.5.10: SpdmMessage.BaseHashSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1 || PSK_EX_CAP != 0) then (BaseHashSel == one of {TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512}) if (CHAL_CAP == 0 && MEAS_CAP != 2 && KEY_EX_CAP == 0 && PSK_EX_CAP == 0) then (BaseHashSel == 0)

Assertion 3.5.11: SpdmMessage.Param1 <= 4 SpdmMessage.AlgStructure[i].AlgType is in {DHE, AEAD, ReqBaseAsymAlg, KeySchedule} and no duplication.

Assertion 3.5.12: SpdmMessage.AlgStructure[i].AlgCount == 0x20

Assertion 3.5.13: DHE only has one bit at most. if (KEY_EX_CAP == 1) then SpdmMessage.AlgStructure[DHE_index].AlgSupported == one of {ffdhe2048, ffdhe3072, ffdhe4096, secp256r1, secp384r1, secp521r1} if (KEY_EX_CAP == 0) then SpdmMessage.AlgStructure[DHE_index].AlgSupported == 0, or it is absent

Assertion 3.5.14: AEAD only has one bit at most. if (KEY_EX_CAP == 1 || PSK_CAP != 0) then SpdmMessage.AlgStructure[AEAD_index].AlgSupported == one of {AES-128-GCM, AES-256-GCM, CHACHA20_POLY1305} if (KEY_EX_CAP == 0 && PSK_CAP == 0) then SpdmMessage.AlgStructure[AEAD_index].AlgSupported == 0, or it is absent

Assertion 3.5.15: ReqBaseAsymAlg only has one bit at most. if (MUT_AUTH_CAP == 1) then SpdmMessage.AlgStructure[ReqBaseAsymAlg_index].AlgSupported == one of {TPM_ALG_RSASSA_2048, TPM_ALG_RSAPSS_2048, TPM_ALG_RSASSA_3072, TPM_ALG_RSAPSS_3072, TPM_ALG_ECDSA_ECC_NIST_P256, TPM_ALG_RSASSA_4096, TPM_ALG_RSAPSS_4096, TPM_ALG_ECDSA_ECC_NIST_P384, TPM_ALG_ECDSA_ECC_NIST_P521} if (MUT_AUTH_CAP == 0) then SpdmMessage.AlgStructure[ReqBaseAsymAlg_index].AlgSupported == 0, or it is absent

Assertion 3.5.16: KeySchedule only has one bit at most. if (KEY_EX_CAP == 1 || PSK_CAP != 0) then SpdmMessage.AlgStructure[KeySchedule_index].AlgSupported == SPDM if (KEY_EX_CAP == 0 && PSK_CAP == 0) then SpdmMessage.AlgStructure[KeySchedule_index].AlgSupported == 0, or it is absent

Case 3.6

Description: SPDM responder shall return valid ALGORITHMS(0x12), if it receives a GET_ALGORITHMS with negotiated version 1.2.

SPDM Version: 1.2 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=0x12, ...}
  5. CAPABILITIES <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=0x12, Param1.NumOfAlgoStruct=4, Param2=0, MeasurementSpecification=DMTF, OtherParamsSupport=OpaqueDataFmt1, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521|TPM_ALG_SM2_ECC_SM2_P256|EdDSA_ed25519|EdDSA_ed448, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512|TPM_ALG_SM3_256, ExtAsymCount=0, ExtHashCount=0, ReqAlgStruct[0]{AlgType=DHE, AlgSupported=ffdhe2048|ffdhe3072|ffdhe4096|secp256r1|secp384r1|secp521r1|SM2_P256}, ReqAlgStruct[1]{AlgType=AEAD, AlgSupported=AES-128-GCM|AES-256-GCM|CHACHA20_POLY1305|AEAD_SM4_GCM}, ReqAlgStruct[2]{AlgType=ReqBaseAsymAlg, AlgSupported=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521|TPM_ALG_SM2_ECC_SM2_P256|EdDSA_ed25519|EdDSA_ed448}, ReqAlgStruct[3]{AlgType=KeySchedule, AlgSupported=SPDM} }
  2. SpdmMessage <- Responder

Assertion 3.6.1: sizeof(SpdmMessage) >= sizeof(ALGORITHMS_1.2)

Assertion 3.6.2: SpdmMessage.RequestResponseCode == ALGORITHMS

Assertion 3.6.3: SpdmMessage.SPDMVersion == 0x12

Assertion 3.6.4: SpdmMessage.Length <= sizeof(SpdmMessage) SpdmMessage.Length == offset(ALGORITHMS_1.1, ExtAsymSel) + 4 * SpdmMessage.ExtAsymSelCount + 4 * SpdmMessage.ExtHashSelCount + SpdmMessage.Param1 * sizeof(AlgStructSize)

Assertion 3.6.5: SpdmMessage.ExtAsymSelCount == 0

Assertion 3.6.6: SpdmMessage.ExtHashSelCount == 0

Assertion 3.6.7: SpdmMessage.MeasurementSpecificationSel only has one bit at most. MeasurementSpecificationSel == DMTF || MeasurementSpecificationSel == 0

Assertion 3.6.8: SpdmMessage.MeasurementHashAlgo only has one bit at most. if (MEAS_CAP != 0) then (MeasurementHashAlgo == one of {Raw Bit Stream Only, TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512, TPM_ALG_SM3_256}) if (MEAS_CAP == 0) then (MeasurementHashAlgo == 0)

Assertion 3.6.9: SpdmMessage.BaseAsymSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (BaseAsymSel == one of {TPM_ALG_RSASSA_2048, TPM_ALG_RSAPSS_2048, TPM_ALG_RSASSA_3072, TPM_ALG_RSAPSS_3072, TPM_ALG_ECDSA_ECC_NIST_P256, TPM_ALG_RSASSA_4096, TPM_ALG_RSAPSS_4096, TPM_ALG_ECDSA_ECC_NIST_P384, TPM_ALG_ECDSA_ECC_NIST_P521, TPM_ALG_SM2_ECC_SM2_P256, EdDSA_ed25519, EdDSA_ed448}) if (CHAL_CAP == 0 && MEAS_CAP != 2 && KEY_EX_CAP == 0) then (BaseAsymSel == 0)

Assertion 3.6.10: SpdmMessage.BaseHashSel only has one bit at most. if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1 || PSK_EX_CAP != 0) then (BaseHashSel == one of {TPM_ALG_SHA_256, TPM_ALG_SHA_384, TPM_ALG_SHA_512, TPM_ALG_SHA3_256, TPM_ALG_SHA3_384, TPM_ALG_SHA3_512, TPM_ALG_SM3_256}) if (CHAL_CAP == 0 && MEAS_CAP != 2 && KEY_EX_CAP == 0 && PSK_EX_CAP == 0) then (BaseHashSel == 0)

Assertion 3.6.11: SpdmMessage.Param1 <= 4 SpdmMessage.AlgStructure[i].AlgType is in {DHE, AEAD, ReqBaseAsymAlg, KeySchedule} and no duplication.

Assertion 3.6.12: SpdmMessage.AlgStructure[i].AlgCount == 0x20

Assertion 3.6.13: SpdmMessage.AlgStructure[DHE_index] only has one bit at most. if (KEY_EX_CAP == 1) then SpdmMessage.AlgStructure[DHE_index].AlgSupported == one of {ffdhe2048, ffdhe3072, ffdhe4096, secp256r1, secp384r1, secp521r1, SM2_P256} if (KEY_EX_CAP == 0) then SpdmMessage.AlgStructure[DHE_index].AlgSupported == 0, or it is absent

Assertion 3.6.14: SpdmMessage.AlgStructure[AEAD_index] only has one bit at most. if (KEY_EX_CAP == 1 || PSK_CAP != 0) then SpdmMessage.AlgStructure[AEAD_index].AlgSupported == one of {AES-128-GCM, AES-256-GCM, CHACHA20_POLY1305, AEAD_SM4_GCM} if (KEY_EX_CAP == 0 && PSK_CAP == 0) then SpdmMessage.AlgStructure[AEAD_index].AlgSupported == 0, or it is absent

Assertion 3.6.15: SpdmMessage.AlgStructure[ReqBaseAsymAlg_index] only has one bit at most. if (MUT_AUTH_CAP == 1) then SpdmMessage.AlgStructure[ReqBaseAsymAlg_index].AlgSupported == one of {TPM_ALG_RSASSA_2048, TPM_ALG_RSAPSS_2048, TPM_ALG_RSASSA_3072, TPM_ALG_RSAPSS_3072, TPM_ALG_ECDSA_ECC_NIST_P256, TPM_ALG_RSASSA_4096, TPM_ALG_RSAPSS_4096, TPM_ALG_ECDSA_ECC_NIST_P384, TPM_ALG_ECDSA_ECC_NIST_P521, TPM_ALG_SM2_ECC_SM2_P256, EdDSA_ed25519, EdDSA_ed448} if (MUT_AUTH_CAP == 0) then SpdmMessage.AlgStructure[ReqBaseAsymAlg_index].AlgSupported == 0, or it is absent

Assertion 3.6.16: SpdmMessage.AlgStructure[KeySchedule_index] only has one bit at most. if (KEY_EX_CAP == 1 || PSK_CAP != 0) then SpdmMessage.AlgStructure[KeySchedule_index].AlgSupported == SPDM if (KEY_EX_CAP == 0 && PSK_CAP == 0) then SpdmMessage.AlgStructure[KeySchedule_index].AlgSupported == 0, or it is absent

Assertion 3.6.17: SpdmMessage.OpaqueDataFmt only has one bit at most. if (KEY_EX_CAP == 1 || PSK_CAP != 0) then OtherParamsSupport.OpaqueDataFmt == OpaqueDataFmt1

Case 3.7

Description: SPDM responder shall return ERROR(UnexpectedRequest) or silent drop, if it receives two non-identical NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder
  5. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=0, MeasurementSpecification=DMTF, BaseAsymAlgo=TPM_ALG_RSASSA_2048|TPM_ALG_RSAPSS_2048|TPM_ALG_RSASSA_3072|TPM_ALG_RSAPSS_3072|TPM_ALG_ECDSA_ECC_NIST_P256|TPM_ALG_RSASSA_4096|TPM_ALG_RSAPSS_4096|TPM_ALG_ECDSA_ECC_NIST_P384|TPM_ALG_ECDSA_ECC_NIST_P521, BaseHashAlgo=TPM_ALG_SHA_256|TPM_ALG_SHA_384|TPM_ALG_SHA_512|TPM_ALG_SHA3_256|TPM_ALG_SHA3_384|TPM_ALG_SHA3_512, ExtAsymCount=0, ExtHashCount=0}
  6. ALGORITHMS <- Responder

TestTeardown: None

Steps:

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=1, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.7.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 3.7.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 3.7.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 3.7.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 3.7.5: SpdmMessage.Param2 == 0.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, MeasurementSpecification=DMTF, BaseAsymAlgo=BaseAsymSel, BaseHashAlgo=BaseHashSel, ...} -- if NegotiatedVersion=1.0+
  2. SpdmMessage <- Responder

Assertion 3.7.*.

  1. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, Dhe=DheSel, Aead=AeadSel, BaseReqAsymAlg=BaseReqAsymSel, ...} -- if NegotiatedVersion=1.1+
  2. SpdmMessage <- Responder

Assertion 3.7.*.