Skip to content

Latest commit

 

History

History
765 lines (557 loc) · 30.7 KB

7.Measurements.md

File metadata and controls

765 lines (557 loc) · 30.7 KB

7. Test Case for MEASUREMENTS

Case 7.1

Description: SPDM responder shall return valid MEASUREMENTS, if it receives a GET_MEASUREMENTS with negotiated version 1.0.

SPDM Version: 1.0 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.0 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  13. CERTIFICATE <- Responder
  14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  15. CHALLENGE_AUTH <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.1.1: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.1.2: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.1.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.1.4: SpdmMessage.Param1.NumberOfMeasurements > 0

Assertion 7.1.5: SpdmMessage.NumberOfBlocks == 0

Assertion 7.1.6: SpdmMessage.MeasurementRecordLength == 0

Assertion 7.1.7: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.0 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.1.8: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.1.9: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.1.10: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.1.11: SpdmMessage.NumberOfBlocks == NumberOfMeasurements && number of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.NumberOfBlocks (ValidMeasurementIndex[] = array of index of valid MeasurementBlock) (MeasurementBlock[] = array of valid MeasurementBlock)

Assertion 7.1.12: SpdmMessage.MeasurementRecordLength > 0 && Sum(size of each MeasurementBlock in SpdmMessage.MeasurementRecord) == SpdmMessage.MeasurementRecordLength

Assertion 7.1.14: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.0 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=ValidMeasurementIndex[i]}, if i < NumberOfMeasurements - 1
  2. SpdmMessage <- Responder

Assertion 7.1.15: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.1.16: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.1.17: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.1.18: SpdmMessage.NumberOfBlocks == 1

Assertion 7.1.19: SpdmMessage.MeasurementRecordLength > 0 && size of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.MeasurementRecordLength

Assertion 7.1.20: SpdmMessage.MeasurementRecord == MeasurementBlock[i]

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=ValidMeasurementIndex[NumberOfMeasurements - 1]}
  2. SpdmMessage <- Responder

Assertion 7.1.{15~20}

Assertion 7.1.21: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.0 success, if Flags.MEAS_CAP == 2

Case 7.2

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a GET_MEASUREMENTS with non negotiated version.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder
  5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  7. ALGORITHMS <- Responder
  8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  9. DIGESTS <- Responder
  10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  12. CERTIFICATE <- Responder
  13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  14. CHALLENGE_AUTH <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion+1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.2.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.2.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 7.2.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.2.4: SpdmMessage.Param1 == VersionMismatch.

Assertion 7.2.5: SpdmMessage.Param2 == 0.

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=(NegotiatedVersion-1), Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.2.*.

Case 7.3

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS before NEGOTIATE_ALGORITHMS.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder
  5. If Flags.CERT_CAP == 0, then skip this case.

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion+1, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.3.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.3.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 7.3.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.3.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.3.5: SpdmMessage.Param2 == 0.

Case 7.4

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a GET_MEASUREMENTS with invalid field.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder
  5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  7. ALGORITHMS <- Responder
  8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  9. DIGESTS <- Responder
  10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  11. InvalidSlotID[] = array of bit-index that SlotMask[bit-index]=0 from DIGEST.Param2.SlotMask + {0x8 ~ 0xE, 0xF}
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  13. CERTIFICATE <- Responder
  14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  15. CHALLENGE_AUTH <- Responder
  16. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
  17. MEASUREMENTS <- Responder
  18. ValidMeasurementIndex[] = array of index in valid MeasurementBlock
  19. InvalidMeasurementIndex[] = array of index not in valid MeasurementBlock, excluding 0 and 0xff

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=InvalidMeasurementIndex[i]}
  2. SpdmMessage <- Responder

Assertion 7.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.4.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 7.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.4.4: SpdmMessage.Param1 == InvalidRequest.

Assertion 7.4.5: SpdmMessage.Param2 == 0.

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=1, Param2=ValidMeasurementIndex[i], SlotID=InvalidSlotID[i]} -- if NegotiatedVersion=1.1+ && MEAS_CAP == 2
  2. SpdmMessage <- Responder

Assertion 7.4.*.

Case 7.5

Description: The SPDM Measurement Block from device shall follow SPDM specification.

SPDM Version: 1.0+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  4. CAPABILITIES <- Responder
  5. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  6. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  7. ALGORITHMS <- Responder
  8. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  9. DIGESTS <- Responder
  10. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  11. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  12. CERTIFICATE <- Responder
  13. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  14. CHALLENGE_AUTH <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements}
  2. SpdmMessage <- Responder

Assertion 7.5.1: SpdmMeasurementBlock[i].MeasurementSpecification == DMTF

Assertion 7.5.2: if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].MeasurementSize == 3 + HashSize)

Assertion 7.5.3: if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 = 0) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueSize == HashSize)

Assertion 7.5.4: if (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_[6:0] == 0x5) && (SPDMVersion >= SPDM_MESSAGE_VERSION_12) then (SpdmMeasurementBlock[i].Measurement.DMTFSpecMeasurementValueType.bit_7 == 1)

Case 7.6

Description: SPDM responder shall return valid MEASUREMENTS, if it receives a GET_MEASUREMENTS with negotiated version 1.1.

SPDM Version: 1.1 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  13. CERTIFICATE <- Responder
  14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  15. CHALLENGE_AUTH <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.6.1: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.6.2: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.6.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.6.4: SpdmMessage.Param1.NumberOfMeasurements > 0

Assertion 7.6.5: SpdmMessage.NumberOfBlocks == 0

Assertion 7.6.6: SpdmMessage.MeasurementRecordLength == 0

Assertion 7.6.7: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements, SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.6.8: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.6.9: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.6.10: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.6.11: SpdmMessage.NumberOfBlocks == NumberOfMeasurements && number of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.NumberOfBlocks (ValidMeasurementIndex[] = array of index of valid MeasurementBlock) (MeasurementBlock[] = array of valid MeasurementBlock)

Assertion 7.6.12: SpdmMessage.MeasurementRecordLength > 0 && Sum(size of each MeasurementBlock in SpdmMessage.MeasurementRecord) == SpdmMessage.MeasurementRecordLength

Assertion 7.6.14: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=ValidMeasurementIndex[i], SlotID=ValidSlotID[i]}, if i < NumberOfMeasurements - 1
  2. SpdmMessage <- Responder

Assertion 7.6.15: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.6.16: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.6.17: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.6.18: SpdmMessage.NumberOfBlocks == 1

Assertion 7.6.19: SpdmMessage.MeasurementRecordLength > 0 && size of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.MeasurementRecordLength

Assertion 7.6.20: SpdmMessage.MeasurementRecord == MeasurementBlock[i]

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=ValidMeasurementIndex[NumberOfMeasurements - 1], SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.6.{15~20}

Assertion 7.6.21: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

Case 7.7

Description: SPDM responder shall return valid MEASUREMENTS, if it receives a GET_MEASUREMENTS in a DHE session with negotiated version 1.1.

SPDM Version: 1.1 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], ...}
  15. KEY_EXCHANGE_RSP <- Responder
  16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
  17. FINISH_RSP <- Responder in session-X

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.7.1: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.7.2: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.7.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.7.4: SpdmMessage.Param1.NumberOfMeasurements > 0

Assertion 7.7.5: SpdmMessage.NumberOfBlocks == 0

Assertion 7.7.6: SpdmMessage.MeasurementRecordLength == 0

Assertion 7.7.7: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements, SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.7.8: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.7.9: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.7.10: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.7.11: SpdmMessage.NumberOfBlocks == NumberOfMeasurements && number of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.NumberOfBlocks (ValidMeasurementIndex[] = array of index of valid MeasurementBlock) (MeasurementBlock[] = array of valid MeasurementBlock)

Assertion 7.7.12: SpdmMessage.MeasurementRecordLength > 0 && Sum(size of each MeasurementBlock in SpdmMessage.MeasurementRecord) == SpdmMessage.MeasurementRecordLength

Assertion 7.7.14: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=ValidMeasurementIndex[i], SlotID=ValidSlotID[i]} in session-X, if i < NumberOfMeasurements - 1
  2. SpdmMessage <- Responder in session-X

Assertion 7.7.15: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.7.16: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.7.17: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.7.18: SpdmMessage.NumberOfBlocks == 1

Assertion 7.7.19: SpdmMessage.MeasurementRecordLength > 0 && size of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.MeasurementRecordLength

Assertion 7.7.20: SpdmMessage.MeasurementRecord == MeasurementBlock[i]

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=ValidMeasurementIndex[NumberOfMeasurements - 1], SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.7.{15~20}

Assertion 7.7.21: SpdmMessage.Param2.SlotID == ValidSlotID[i], if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.1 success, if Flags.MEAS_CAP == 2

Case 7.8

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a GET_MEASUREMENTS in a DHE session handshake.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], ...}
  15. KEY_EXCHANGE_RSP <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.8.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 7.8.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 7.8.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.8.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 7.8.5: SpdmMessage.Param2 == 0.

Case 7.9

Description: SPDM responder shall return valid MEASUREMENTS, if it receives a GET_MEASUREMENTS with negotiated version 1.2.

SPDM Version: 1.2 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || (Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 0), then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}, if Flags.MEAS_CAP == 2 && Flags.CERT_CAP == 1
  13. CERTIFICATE <- Responder
  14. Requester -> CHALLENGE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], Param2=AllMeasurement, ...}, if Flags.MEAS_CAP == 2 && Flags.CHAL_CAP == 1
  15. CHALLENGE_AUTH <- Responder

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.9.1: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.9.2: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.9.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.9.4: SpdmMessage.Param1.NumberOfMeasurements > 0

Assertion 7.9.5: SpdmMessage.NumberOfBlocks == 0

Assertion 7.9.6: SpdmMessage.MeasurementRecordLength == 0

Assertion 7.9.7: SpdmMessage.Param2.SlotID == ValidSlotID[i] && (SpdmMessage.Param2.ContentChanged == NotSupported || SpdmMessage.Param2.ContentChanged == NoChange), if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements, SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.9.8: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.9.9: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.9.10: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.9.11: SpdmMessage.NumberOfBlocks == NumberOfMeasurements && number of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.NumberOfBlocks (ValidMeasurementIndex[] = array of index of valid MeasurementBlock) (MeasurementBlock[] = array of valid MeasurementBlock)

Assertion 7.9.12: SpdmMessage.MeasurementRecordLength > 0 && Sum(size of each MeasurementBlock in SpdmMessage.MeasurementRecord) == SpdmMessage.MeasurementRecordLength

Assertion 7.9.14: SpdmMessage.Param2.SlotID == ValidSlotID[i] && (SpdmMessage.Param2.ContentChanged == NotSupported || SpdmMessage.Param2.ContentChanged == NoChange), if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=ValidMeasurementIndex[i], SlotID=ValidSlotID[i]}, if i < NumberOfMeasurements - 1
  2. SpdmMessage <- Responder

Assertion 7.9.15: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.9.16: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.9.17: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.9.18: SpdmMessage.NumberOfBlocks == 1

Assertion 7.9.19: SpdmMessage.MeasurementRecordLength > 0 && size of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.MeasurementRecordLength

Assertion 7.9.20: SpdmMessage.MeasurementRecord == MeasurementBlock[i]

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=ValidMeasurementIndex[NumberOfMeasurements - 1], SlotID=ValidSlotID[i]}
  2. SpdmMessage <- Responder

Assertion 7.9.{15~20}

Assertion 7.9.21: SpdmMessage.Param2.SlotID == ValidSlotID[i] && (SpdmMessage.Param2.ContentChanged == NotSupported || SpdmMessage.Param2.ContentChanged == NoChange), if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2

Case 7.10

Description: SPDM responder shall return valid MEASUREMENTS, if it receives a GET_MEASUREMENTS in a DHE session with negotiated version 1.2.

SPDM Version: 1.2 only

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.MEAS_CAP == 0 || Flags.KEY_EX_CAP == 0 || Flags.CERT_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, Param1=AllMeasurement, Param2.SlotID=ValidSlotID[i], ...}
  15. KEY_EXCHANGE_RSP <- Responder
  16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
  17. FINISH_RSP <- Responder in session-X

TestTeardown: None

Steps:

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=NumberOfMeasurements, SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.10.1: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.10.2: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.10.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.10.4: SpdmMessage.Param1.NumberOfMeasurements > 0

Assertion 7.10.5: SpdmMessage.NumberOfBlocks == 0

Assertion 7.10.6: SpdmMessage.MeasurementRecordLength == 0

Assertion 7.10.7: SpdmMessage.Param2.SlotID == ValidSlotID[i] && (SpdmMessage.Param2.ContentChanged == NotSupported || SpdmMessage.Param2.ContentChanged == NoChange), if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=AllMeasurements, SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.10.8: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.10.9: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.10.10: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.10.11: SpdmMessage.NumberOfBlocks == NumberOfMeasurements && number of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.NumberOfBlocks (ValidMeasurementIndex[] = array of index of valid MeasurementBlock) (MeasurementBlock[] = array of valid MeasurementBlock)

Assertion 7.10.12: SpdmMessage.MeasurementRecordLength > 0 && Sum(size of each MeasurementBlock in SpdmMessage.MeasurementRecord) == SpdmMessage.MeasurementRecordLength

Assertion 7.10.14: SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1=0, Param2=ValidMeasurementIndex[i], SlotID=ValidSlotID[i]} in session-X, if i < NumberOfMeasurements - 1
  2. SpdmMessage <- Responder in session-X

Assertion 7.10.15: sizeof(SpdmMessage) >= sizeof(MEASUREMENTS) + SpdmMessage.OpaqueDataLength + SpdmMessage.MeasurementRecordLength

Assertion 7.10.16: SpdmMessage.RequestResponseCode == MEASUREMENTS

Assertion 7.10.17: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 7.10.18: SpdmMessage.NumberOfBlocks == 1

Assertion 7.10.19: SpdmMessage.MeasurementRecordLength > 0 && size of MeasurementBlock in SpdmMessage.MeasurementRecord == SpdmMessage.MeasurementRecordLength

Assertion 7.10.20: SpdmMessage.MeasurementRecord == MeasurementBlock[i]

  1. Requester -> GET_MEASUREMENTS {SPDMVersion=NegotiatedVersion, Param1.Sig=(MEAS_CAP == 2), Param2=ValidMeasurementIndex[NumberOfMeasurements - 1], SlotID=ValidSlotID[i]} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 7.10.{15~20}

Assertion 7.10.21: SpdmMessage.Param2.SlotID == ValidSlotID[i] && (SpdmMessage.Param2.ContentChanged == NotSupported || SpdmMessage.Param2.ContentChanged == NoChange), if MEAS_CAP == 2 SPDMsignatureVerify (PubKey, SpdmMessage.Signature, L1/L2) version 1.2 success, if Flags.MEAS_CAP == 2