Skip to content

Latest commit

 

History

History
281 lines (205 loc) · 9.1 KB

13.KeyUpdateAck.md

File metadata and controls

281 lines (205 loc) · 9.1 KB
Raw

13. Test Case for KEY_UPDATE_ACK

Case 13.1

Description: SPDM responder shall return valid KEY_UPDATE_ACK, if it receives a KEY_UPDATE in DHE session.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, ...}
  15. KEY_EXCHANGE_RSP <- Responder
  16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
  17. FINISH_RSP <- Responder in session-X

TestTeardown: None

Steps:

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag1} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.1.1: sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.2: SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.4: SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.5: SpdmMessage.Param2 == KEY_UPDATE.Param2

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag2} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.1.6: sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.7: SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.8: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.9: SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.10: SpdmMessage.Param2 == KEY_UPDATE.Param2

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateAllKeys, Param2=Tag3} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.1.11: sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.12: SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.13: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.14: SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.15: SpdmMessage.Param2 == KEY_UPDATE.Param2

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=VerifyNewKey, Param2=Tag4} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.1.16: sizeof(SpdmMessage) >= sizeof(KEY_UPDATE_ACK)

Assertion 13.1.17: SpdmMessage.RequestResponseCode == KEY_UPDATE_ACK

Assertion 13.1.18: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.1.19: SpdmMessage.Param1 == KEY_UPDATE.Param1

Assertion 13.1.20: SpdmMessage.Param2 == KEY_UPDATE.Param2

Case 13.2

Description: SPDM responder shall return ERROR(VersionMismatch), if it receives a KEY_UPDATE with non negotiated version in DHE session.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, ...}
  15. KEY_EXCHANGE_RSP <- Responder
  16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
  17. FINISH_RSP <- Responder in session-X

TestTeardown: None

Steps:

  1. Requester -> KEY_UPDATE {SPDMVersion=(NegotiatedVersion+1), ...} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.2.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.2.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 13.2.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.2.4: SpdmMessage.Param1 == VersionMismatch.

Assertion 13.2.5: SpdmMessage.Param2 == 0.

  1. Requester -> HEARTBEAT {SPDMVersion=(NegotiatedVersion-1), ...} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.2.*.

Case 13.3

Description: SPDM responder shall return ERROR(InvalidRequest), if it receives a KEY_UPDATE with invalid field in DHE session.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, ...}
  15. KEY_EXCHANGE_RSP <- Responder
  16. Requester -> FINISH {SPDMVersion=NegotiatedVersion, ...} in session-X
  17. FINISH_RSP <- Responder in session-X

TestTeardown: None

Steps:

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(UpdateKey-1), ...} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.3.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.3.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 13.3.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.3.4: SpdmMessage.Param1 == InvalidRequest.

Assertion 13.3.5: SpdmMessage.Param2 == 0.

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=(VerifyNewKey+1), ...} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.3.*.

Case 13.4

Description: SPDM responder shall return ERROR(UnexpectedRequest), if it receives a KEY_UPDATE in DHE session handshake.

SPDM Version: 1.1+

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.1 or above is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.KEY_UPD_CAP == 0 || Flags.KEY_EX_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder
  9. Requester -> GET_DIGESTS {SPDMVersion=NegotiatedVersion, ...}
  10. DIGESTS <- Responder
  11. ValidSlotID[] = array of bit-index that SlotMask[bit-index]=1 from DIGEST.Param2.SlotMask
  12. Requester -> GET_CERTIFICATE {SPDMVersion=NegotiatedVersion, Param1.SlotID=ValidSlotID[i], ...}
  13. CERTIFICATE <- Responder
  14. Requester -> KEY_EXCHANGE {SPDMVersion=NegotiatedVersion, ...}
  15. KEY_EXCHANGE_RSP <- Responder

TestTeardown: None

Steps:

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag} in session-X
  2. SpdmMessage <- Responder in session-X

Assertion 13.4.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.4.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 13.4.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.4.4: SpdmMessage.Param1 == UnexpectedRequest.

Assertion 13.4.5: SpdmMessage.Param2 == 0.

Case 13.5

Description: SPDM responder shall return ERROR(SessionRequired), if it receives a KEY_UPDATE in non-session.

SPDM Version: 1.2

TestSetup:

  1. Requester -> GET_VERSION {SPDMVersion=0x10}
  2. VERSION <- Responder
  3. If 1.2 is not in VERSION.VersionNumberEntry, then skip this case.
  4. Requester -> GET_CAPABILITIES {SPDMVersion=NegotiatedVersion, ...}
  5. CAPABILITIES <- Responder
  6. If Flags.HBEAT_CAP == 0, then skip this case.
  7. Requester -> NEGOTIATE_ALGORITHMS {SPDMVersion=NegotiatedVersion, ...}
  8. ALGORITHMS <- Responder

TestTeardown: None

Steps:

  1. Requester -> KEY_UPDATE {SPDMVersion=NegotiatedVersion, Param1=UpdateKey, Param2=Tag}
  2. SpdmMessage <- Responder

Assertion 13.5.1: sizeof(SpdmMessage) >= sizeof(ERROR)

Assertion 13.5.2: SpdmMessage.RequestResponseCode == ERROR

Assertion 13.5.3: SpdmMessage.SPDMVersion == NegotiatedVersion

Assertion 13.5.4: SpdmMessage.Param1 == SessionRequired.