From a5af14d55ba49fb681bd2451ed4ccdb68b4a0052 Mon Sep 17 00:00:00 2001 From: Will Marone Date: Mon, 13 Jan 2025 10:33:42 -0800 Subject: [PATCH] Update test case 2 (Capabilities) to support SPDM 1.3 This updates test case 2 to check for and confirm report of SPDM 1.3 in GET_CAPABILITIES. All tests are the same at this time, and the test body for 1.2 has been made common with checks to toggle support for 1.3. This does not validate any new capabilities, such as the supported algorithms block, added in SPDM 1.3. Signed-off-by: Will Marone --- doc/2.Capabilities.md | 62 ++++++++++++ .../spdm_responder_conformance_test_lib.h | 1 + .../spdm_responder_test.h | 1 + .../spdm_responder_test_2_capabilities.c | 99 ++++++++++++++----- 4 files changed, 137 insertions(+), 26 deletions(-) diff --git a/doc/2.Capabilities.md b/doc/2.Capabilities.md index 2cbb770..3a0527c 100644 --- a/doc/2.Capabilities.md +++ b/doc/2.Capabilities.md @@ -278,3 +278,65 @@ Assertion 2.6.*. 6. SpdmMessage <- Responder Assertion 2.6.*. + +### Case 2.7 + +Description: SPDM responder shall return valid CAPABILITIES(0x13), if it receives a GET_CAPABILITIES with negotiated version 1.3. + +SPDM Version: 1.3 only + +TestSetup: +1. Requester -> GET_VERSION {SPDMVersion=0x10} +2. VERSION <- Responder +3. If 1.3` is not in VERSION.VersionNumberEntry, then skip this case. + +TestTeardown: None + +Steps: +1. Requester -> GET_CAPABILITIES {SPDMVersion=0x13, Param1=0, Param2=0, CTExponent, Flags=CERT_CAP|CHAL_CAP|ENCRYPT_CAP|MAC_CAP|MUT_AUTH_CAP|KEY_EX_CAP|PSK_CAP=1|ENCAP_CAP|HBEAT_CAP|KEY_UPD_CAP|CHUNK_CAP, DataTransferSize, MaxSPDMmsgSize} +2. SpdmMessage <- Responder + +Assertion 2.7.1: + sizeof(SpdmMessage) >= sizeof(CAPABILITIES_1.3) + +Assertion 2.7.2: + SpdmMessage.RequestResponseCode == CAPABILITIES + +Assertion 2.7.3: + SpdmMessage.SPDMVersion == 0x13 + +Assertion 2.7.4: + Flags.MEAS_CAP != 3 + +Assertion 2.7.5: + if (Flags.ENCRYPT_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2) + +Assertion 2.7.6: + if (Flags.MAC_CAP == 1), then (Flags.KEY_EX_CAP == 1 || Flags.PSK_CAP == 1 || Flags.PSK_CAP == 2) + +Assertion 2.7.7: + if (Flags.KEY_EX_CAP == 1), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1) + +Assertion 2.7.8: + Flags.PSK_CAP != 3 + +Assertion 2.7.9: + if (Flags.PSK_CAP != 0), then (Flags.ENCRYPT_CAP == 1 || Flags.MAC_CAP == 1) + +Assertion 2.7.10: + if (Flags.MUT_AUTH_CAP == 1), then (Flags.ENCAP_CAP == 1) + +Assertion 2.7.11: + if (Flags.HANDSHAKE_IN_THE_CLEAR_CAP == 1), then (Flags.KEY_EX_CAP == 1) + +Assertion 2.7.12: + if (Flags.PUB_KEY_ID_CAP == 1), then (Flags.CERT_CAP == 0) + +Assertion 2.7.13: + SpdmMessage.DataTransferSize >= MinDataTransferSize + +Assertion 2.7.14: + SpdmMessage.MaxSPDMmsgSize >= SpdmMessage.DataTransferSize + +Assertion 2.7.15: + if (CHAL_CAP == 1 || MEAS_CAP == 2 || KEY_EX_CAP == 1) then (CERT_CAP == 1 || PUB_KEY_ID_CAP == 1) diff --git a/include/library/spdm_responder_conformance_test_lib.h b/include/library/spdm_responder_conformance_test_lib.h index ce60609..8d3d18d 100644 --- a/include/library/spdm_responder_conformance_test_lib.h +++ b/include/library/spdm_responder_conformance_test_lib.h @@ -25,6 +25,7 @@ void spdm_responder_conformance_test (void *spdm_context, #define SPDM_RESPONDER_TEST_CASE_CAPABILITIES_INVALID_REQUEST 4 #define SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12 5 #define SPDM_RESPONDER_TEST_CASE_CAPABILITIES_UNEXPECTED_REQUEST_NON_IDENTICAL 6 +#define SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_13 7 #define SPDM_RESPONDER_TEST_GROUP_ALGORITHMS 3 #define SPDM_RESPONDER_TEST_CASE_ALGORITHMS_SUCCESS_10 1 diff --git a/library/spdm_responder_conformance_test_lib/spdm_responder_test.h b/library/spdm_responder_conformance_test_lib/spdm_responder_test.h index 5e39ba9..f426f7e 100644 --- a/library/spdm_responder_conformance_test_lib/spdm_responder_test.h +++ b/library/spdm_responder_conformance_test_lib/spdm_responder_test.h @@ -20,6 +20,7 @@ #define SPDM_TEST_VERSION_MASK_V10 0x00000001 #define SPDM_TEST_VERSION_MASK_V11 0x00000002 #define SPDM_TEST_VERSION_MASK_V12 0x00000004 +#define SPDM_TEST_VERSION_MASK_V13 0x00000008 #define SPDM_TEST_SCRATCH_BUFFER_SIZE 0x1000 diff --git a/library/spdm_responder_conformance_test_lib/spdm_responder_test_2_capabilities.c b/library/spdm_responder_conformance_test_lib/spdm_responder_test_2_capabilities.c index a6dae58..f76d8cc 100644 --- a/library/spdm_responder_conformance_test_lib/spdm_responder_test_2_capabilities.c +++ b/library/spdm_responder_conformance_test_lib/spdm_responder_test_2_capabilities.c @@ -100,12 +100,21 @@ bool spdm_test_case_capabilities_setup_version_all (void *test_context) test_buffer->support_version_bitmask = 0; for (index = 0; index < test_buffer->version_number_entry_count; index++) { version = test_buffer->version_number_entry[index] >> SPDM_VERSION_NUMBER_SHIFT_BIT; - if (version == SPDM_MESSAGE_VERSION_10) { - test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V10; - } else if (version == SPDM_MESSAGE_VERSION_11) { - test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V11; - } else if (version == SPDM_MESSAGE_VERSION_12) { - test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V12; + switch (version) { + case SPDM_MESSAGE_VERSION_10: + test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V10; + break; + case SPDM_MESSAGE_VERSION_11: + test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V11; + break; + case SPDM_MESSAGE_VERSION_12: + test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V12; + break; + case SPDM_MESSAGE_VERSION_13: + test_buffer->support_version_bitmask |= SPDM_TEST_VERSION_MASK_V13; + break; + default: + return false; } } @@ -138,6 +147,13 @@ bool spdm_test_case_capabilities_setup_version_12 (void *test_context) SPDM_VERSION_NUMBER_SHIFT_BIT); } +bool spdm_test_case_capabilities_setup_version_13 (void *test_context) +{ + return spdm_test_case_capabilities_setup_version (test_context, + SPDM_MESSAGE_VERSION_13 << + SPDM_VERSION_NUMBER_SHIFT_BIT); +} + void spdm_test_case_capabilities_success_10 (void *test_context) { spdm_test_context_t *spdm_test_context; @@ -761,7 +777,7 @@ void spdm_test_case_capabilities_invalid_request (void *test_context) } } -void spdm_test_case_capabilities_success_12 (void *test_context) +void spdm_test_case_capabilities_success_12_13 (void *test_context, uint32_t spdm_version) { spdm_test_context_t *spdm_test_context; void *spdm_context; @@ -774,6 +790,19 @@ void spdm_test_case_capabilities_success_12 (void *test_context) common_test_result_t test_result; spdm_capabilities_test_buffer_t *test_buffer; uint32_t flags; + uint32_t test_version = 0; + uint32_t message_version = spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT; + + switch (message_version) { + case SPDM_MESSAGE_VERSION_12: + test_version = SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12; + break; + case SPDM_MESSAGE_VERSION_13: + test_version = SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_13; + break; + default: + return; + } spdm_test_context = test_context; spdm_context = spdm_test_context->spdm_context; @@ -781,7 +810,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) LIBSPDM_ASSERT (spdm_test_context->test_scratch_buffer_size == sizeof(uint32_t) * 2); libspdm_zero_mem(&spdm_request, sizeof(spdm_request)); - spdm_request.header.spdm_version = SPDM_MESSAGE_VERSION_12; + spdm_request.header.spdm_version = (message_version & 0xFF); spdm_request_size = sizeof(spdm_request); spdm_request.header.request_response_code = SPDM_GET_CAPABILITIES; spdm_request.header.param1 = 0; @@ -811,7 +840,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) if (LIBSPDM_STATUS_IS_ERROR(status)) { common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, COMMON_TEST_ID_END, + test_version, COMMON_TEST_ID_END, COMMON_TEST_RESULT_NOT_TESTED, "send/receive failure"); return; } @@ -822,7 +851,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 1, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 1, test_result, "response size - %d", spdm_response_size); if (test_result == COMMON_TEST_RESULT_FAIL) { return; @@ -834,19 +863,19 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 2, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 2, test_result, "response code - 0x%02x", spdm_response->header.request_response_code); if (test_result == COMMON_TEST_RESULT_FAIL) { return; } - if (spdm_response->header.spdm_version == SPDM_MESSAGE_VERSION_12) { + if (spdm_response->header.spdm_version == message_version) { test_result = COMMON_TEST_RESULT_PASS; } else { test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 3, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 3, test_result, "response version - 0x%02x", spdm_response->header.spdm_version); if (test_result == COMMON_TEST_RESULT_FAIL) { return; @@ -860,7 +889,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 4, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 4, test_result, "response flags - 0x%08x", spdm_response->flags); if ((flags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP) != 0) { @@ -872,7 +901,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 5, + test_version, 5, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -885,7 +914,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 6, + test_version, 6, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -898,7 +927,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 7, + test_version, 7, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -909,7 +938,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 8, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 8, test_result, "response flags - 0x%08x", spdm_response->flags); if ((flags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP) != 0) { @@ -921,7 +950,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 9, + test_version, 9, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -933,7 +962,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 10, + test_version, 10, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -945,7 +974,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 11, + test_version, 11, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -957,7 +986,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 12, + test_version, 12, test_result, "response flags - 0x%08x", spdm_response->flags); } @@ -967,7 +996,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 13, test_result, "response data_transfer_size - 0x%08x", spdm_response->data_transfer_size); @@ -977,7 +1006,7 @@ void spdm_test_case_capabilities_success_12 (void *test_context) test_result = COMMON_TEST_RESULT_FAIL; } common_test_record_test_assertion ( - SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, + SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, test_version, 14, test_result, "response max_spdm_msg_size - 0x%08x, data_transfer_size - 0x%08x", spdm_response->max_spdm_msg_size, spdm_response->data_transfer_size); @@ -993,10 +1022,15 @@ void spdm_test_case_capabilities_success_12 (void *test_context) } common_test_record_test_assertion ( SPDM_RESPONDER_TEST_GROUP_CAPABILITIES, - SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_12, 15, + test_version, 15, test_result, "response flags - 0x%08x", spdm_response->flags); } } +void spdm_test_case_capabilities_success_12 (void *test_context) +{ + spdm_test_case_capabilities_success_12_13(test_context, SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT); +} + void spdm_test_case_capabilities_unexpected_non_identical (void *test_context) { @@ -1021,7 +1055,10 @@ void spdm_test_case_capabilities_unexpected_non_identical (void *test_context) offsetof(spdm_capabilities_test_buffer_t, version_number_entry) + sizeof(spdm_version_number_t) * test_buffer->version_number_entry_count); - if ((test_buffer->support_version_bitmask & SPDM_TEST_VERSION_MASK_V12) != 0) { + if ((test_buffer->support_version_bitmask & SPDM_TEST_VERSION_MASK_V13) != 0) { + version = SPDM_MESSAGE_VERSION_13; + spdm_request_size = sizeof(spdm_request); + } else if ((test_buffer->support_version_bitmask & SPDM_TEST_VERSION_MASK_V12) != 0) { version = SPDM_MESSAGE_VERSION_12; spdm_request_size = sizeof(spdm_request); } else if ((test_buffer->support_version_bitmask & SPDM_TEST_VERSION_MASK_V11) != 0) { @@ -1184,6 +1221,11 @@ void spdm_test_case_capabilities_unexpected_non_identical (void *test_context) } } +void spdm_test_case_capabilities_success_13 (void *test_context) +{ + spdm_test_case_capabilities_success_12_13(test_context, SPDM_MESSAGE_VERSION_13 << SPDM_VERSION_NUMBER_SHIFT_BIT); +} + common_test_case_t m_spdm_test_group_capabilities[] = { {SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_10, "spdm_test_case_capabilities_success_10", @@ -1215,5 +1257,10 @@ common_test_case_t m_spdm_test_group_capabilities[] = { spdm_test_case_capabilities_unexpected_non_identical, spdm_test_case_capabilities_setup_version_all, spdm_test_case_common_teardown}, + {SPDM_RESPONDER_TEST_CASE_CAPABILITIES_SUCCESS_13, + "spdm_test_case_capabilities_success_13", + spdm_test_case_capabilities_success_13, + spdm_test_case_capabilities_setup_version_13, + spdm_test_case_common_teardown}, {COMMON_TEST_ID_END, NULL, NULL}, };