From 9a9915873d43074a070a5d605d3690758fac7364 Mon Sep 17 00:00:00 2001 From: Ross Date: Mon, 20 Apr 2026 06:56:36 -0400 Subject: [PATCH 1/2] SPDM docs --- src/spdm/sections/03-supported.adoc | 7 ++ src/spdm/sections/04-testtypes.adoc | 33 +++++++++ src/spdm/sections/05-capabilities.adoc | 15 +++++ .../05-spdm-keySchedule-capabilities.adoc | 67 +++++++++++++++++++ .../06-spdm-keySchedule-test-vectors.adoc | 64 ++++++++++++++++++ src/spdm/sections/06-test-vectors.adoc | 35 ++++++++++ src/spdm/sections/07-responses.adoc | 46 +++++++++++++ .../07-spdm-keySchedule-responses.adoc | 54 +++++++++++++++ src/spdm/sections/98-references.adoc | 35 ++++++++++ 9 files changed, 356 insertions(+) create mode 100644 src/spdm/sections/03-supported.adoc create mode 100644 src/spdm/sections/04-testtypes.adoc create mode 100644 src/spdm/sections/05-capabilities.adoc create mode 100644 src/spdm/sections/05-spdm-keySchedule-capabilities.adoc create mode 100644 src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc create mode 100644 src/spdm/sections/06-test-vectors.adoc create mode 100644 src/spdm/sections/07-responses.adoc create mode 100644 src/spdm/sections/07-spdm-keySchedule-responses.adoc create mode 100644 src/spdm/sections/98-references.adoc diff --git a/src/spdm/sections/03-supported.adoc b/src/spdm/sections/03-supported.adoc new file mode 100644 index 000000000..7cbf7dffd --- /dev/null +++ b/src/spdm/sections/03-supported.adoc @@ -0,0 +1,7 @@ + +[#supported] +== Supported SPDM Algorithms + +The following SPDM algorithms *MAY* be advertised by the ACVP compliant cryptographic module. The list is in the form "algorithm / mode / revision". + +* KDF / SPDM / 1.0 diff --git a/src/spdm/sections/04-testtypes.adoc b/src/spdm/sections/04-testtypes.adoc new file mode 100644 index 000000000..23a8773fb --- /dev/null +++ b/src/spdm/sections/04-testtypes.adoc @@ -0,0 +1,33 @@ + +[#testtypes] +== Test Types and Test Coverage + +[#ttypes] +=== Test Types + +The ACVP server performs a set of tests on the specified SPDM algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of SPDM capabilities. This section describes the design of the tests used to validate implementations of the SPDM algorithms. The number of tests *MAY* vary but the minimum number required by each test type *SHALL* be included by the server. The test type describes the format of the test rather than the intention of the test. Multiple tests of the same test type *MAY* cover different assurances regarding the implementation. + +==== SPDM Test Types + +* KDF / SPDM / * "AFT" - Algorithm Functional Test. + +For each test case provided the IUT *SHALL* perform the key schedule. The IUT *SHALL* use the provided key, th1, and th2 values. The IUT-computed requestHandshakeSecret, responseHandshakeSecret, requestDataSecret, responseDataSecret, and exportMasterSecret are communicated to the ACVP server and compared to the requestHandshakeSecret, responseHandshakeSecret, requestDataSecret, responseDataSecret, and exportMasterSecret. This tests the implementation of Section 12 `Key schedule` from <>. The server *SHALL* provide at least 20 tests for each combination of capabilities. + +[[test_coverage]] +=== Test Coverage + +The tests described in this document have the intention of ensuring an implementation is conformant to <> section 12. + +[[requirements_covered]] +==== Requirements Covered + +* The tests will support ensuring the conformity and correctness of an implementation of the algorithms supported. + +[[requirements_not_covered]] +==== Requirements Not Covered + +* DSP0274 Section 12.7. Encryption key and IV derivation. Requirements outlined in this section are not required for the derivation of key schedule secrets. +* DSP0274 Section 12.8. finished_key derivation. Requirements outlined in this section are not required for the derivation of key schedule secrets. +* DSP0274 Section 12.9. Deriving additional keys from the Export Master Secret. Requirements outlined in this section are not required for the derivation of key schedule secrets. +* DSP0274 Section 12.10. Major secrets update. Requirements outlined in this section are not required for the derivation of key schedule secrets. + diff --git a/src/spdm/sections/05-capabilities.adoc b/src/spdm/sections/05-capabilities.adoc new file mode 100644 index 000000000..380e46c6c --- /dev/null +++ b/src/spdm/sections/05-capabilities.adoc @@ -0,0 +1,15 @@ + +[[prereq_algs]] +=== Required Prerequisite Algorithms for SPDM Validations + +Each SPDM implementation relies on other cryptographic primitives. For example, SPDM Key Schedule uses an underlying SHA algorithm. Each of these underlying algorithm primitives must be validated, either separately or as part of the same submission. ACVP provides a mechanism for specifying the required prerequisites: + +[[rereqs_table]] +.Required SPDM Prerequisite Algorithms JSON Values +|=== +| JSON Value | Description | JSON Type | Valid Values + +| algorithm | a prerequisite algorithm | string | SHA +| valValue | algorithm validation number| string | Actual number or "same" +| prereqAlgVal | prerequisite algorithm validation | object with algorithm and valValue properties | See above +|=== diff --git a/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc b/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc new file mode 100644 index 000000000..cffe5184d --- /dev/null +++ b/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc @@ -0,0 +1,67 @@ + +[[SPDM_registration]] +=== SPDM Key Schedule Registration Properties + +Each SPDM Key Schedule algorithm capability advertised is a self-contained JSON object using the following values. + +[[SPDM_keySchedule_caps_table]] +.SPDM Key Schedule Algorithm Capabilities JSON Values +|=== +| JSON Value | Description | JSON Type | Valid Values + +| algorithm | The algorithm to be validated | string | "KDF" +| mode | The Ascon mode to be validated | string | "SPDM" +| revision | The algorithm testing revision to use | string | "1.0" +| keyLen | The supported ley lengths in bits | Domain | {"Min": 128, "Max": 4096, "Inc": 8} +| thLen | The supported th string lengths in bits | Domain | {"Min": 256, "Max": 512, "Inc": 128} +| spdmVersion | The version(s) of SPDM supported | array of strings | "spdm1.1", "spdm1.2", "spdm1.3" +| usesPSK | The support for a pre-shared key | array of booleans | true, false +| hashAlgs | The hashing algorithms supported | array of strings | "SHA2-256", "SHA2-384", "SHA2-512", "SHA3-256", "SHA3-384", "SHA3-512" +|=== + +[[SPDM_keySchedule_capabilities]] +==== SPDM Key Schedule Mode Capabilities Example + +Below is an example of the registration for KDF / SPDM / 1.0 + +[source, json] +---- +{ + "algorithm": "KDF", + "mode": "SPDM", + "revision": "1.0", + "isSample": false, + "keyLen": [ + { + "min": 128, + "max": 4096, + "increment": 8 + } + ], + "thLen": [ + { + "min": 256, + "max": 512, + "increment": 128 + } + ], + "spdmVersion": [ + "spdm1.1", + "spdm1.2", + "spdm1.3" + ], + "usesPSK": [ + true, + false + ], + "hashAlgs": [ + "SHA2-256", + "SHA2-384", + "SHA2-512", + "SHA3-256", + "SHA3-384", + "SHA3-512" + ] +} + +---- diff --git a/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc b/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc new file mode 100644 index 000000000..870b34eeb --- /dev/null +++ b/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc @@ -0,0 +1,64 @@ +[[SPDM_keySchedule_test_vectors]] +=== SPDM Key Schedule Test Vectors + +[[SPDM_keySchedule_tgjs]] +==== SPDM Key Schedule Test Groups JSON Schema + +The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the {algo-short-name} JSON elements of the Test Group JSON object. + +The test group for KDF / SPDM / 1.0 is as follows: + +[[SPDM_keySchedule_vs_tg_table]] +.SPDM Key Schedule Test Group JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | Numeric identifier for the test group, unique across the entire vector set | integer +| testType | The test operation performed | string +| hashFunction | The hash function being used | string +| version | The version of SPDM being used | string +| usesPSK | Boolean to indicate a pre-shared key was used | boolean +| tests | Array of individual test vector JSON objects, which are defined in <> | array +|=== + +[[SPDM_keySchedule_tvjs]] +==== SPDM Key Schedule Test Case JSON Schema + +Each test group contains an array of one or more test cases. Each test case is a JSON object that represents a single test vector to be processed by the ACVP client. The following table describes the JSON elements for each KDF / SPDM / 1.0 test vector. + +[[SPDM_keySchedule_vs_tc_table]] +.SPDM Key Schedule Test Case JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | Numeric identifier for the test case, unique across the entire vector set | integer +| key | Key value | hex +| th1 | th1 value | hex +| th2 | th2 value | hex +|=== + +The following is an example JSON object sent from the server to the client for KDF / SPDM / 1.0. + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "tgId": 1, + "testType": "AFT", + "hashFunction": "SHA2-256", + "version": "spdm1.1", + "usesPSK": true, + "tests": [ + { + "tcId": 1, + "key": "C12739BD0F96486D191A9FC600DAD916", + "th1": "69113EA14402509B67E702202A4A7F2DD86C23C47990F17F0A50A1C7235BF166", + "th2": "40690C9E7787F30A63A0FDEE3DE2BDDB4A54A10ED481D089746AA225A9E41EE3", + } + ] + } +] +---- diff --git a/src/spdm/sections/06-test-vectors.adoc b/src/spdm/sections/06-test-vectors.adoc new file mode 100644 index 000000000..68e40e963 --- /dev/null +++ b/src/spdm/sections/06-test-vectors.adoc @@ -0,0 +1,35 @@ +== Test Vectors + +The ACVP server provides test vectors to the ACVP client, which are then processed and returned to the ACVP server for validation. A typical ACVP validation test session would require multiple test vector sets to be downloaded and processed by the ACVP client. Each test vector set represents an individual cryptographic algorithm defined during the capability exchange. This section describes the JSON schema for a test vector set used with {spec-algorithm} algorithms. + +The test vector set JSON schema is a multi-level hierarchy that contains meta data for the entire vector set as well as individual test vectors to be processed by the ACVP client. The following table describes the JSON elements at the top level of the hierarchy. + +.Top Level Test Vector JSON Elements +|=== +| JSON Values | Description | JSON Type + +| acvVersion | Protocol version identifier | string +| vsId | Unique numeric vector set identifier | integer +| algorithm | Algorithm defined in the capability exchange | string +| mode | Mode defined in the capability exchange | string +| revision | Protocol test revision selected | string +| testGroups | Array of test group JSON objects. Depending on the algorithm, see <> | array +|=== + +An example of this would look like this + +[source,json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1, + "algorithm": "Alg1", + "mode": "Mode1", + "revision": "Revision1.0", + "testGroups": [ ... ] + } +] +---- diff --git a/src/spdm/sections/07-responses.adoc b/src/spdm/sections/07-responses.adoc new file mode 100644 index 000000000..242f2d892 --- /dev/null +++ b/src/spdm/sections/07-responses.adoc @@ -0,0 +1,46 @@ + +[#responses] +== Test Vector Responses + +After the ACVP client downloads and processes a vector set, it must send the response vectors back to the ACVP server. The following table describes the JSON object that represents a vector set response. + +[[response_table]] +.Response JSON Object +|=== +| JSON Property | Description | JSON Type + +| acvVersion | The ACVP version used | string +| vsId | The vector set identifier | integer +| testGroups | The test group objects in the response, see <> | array +|=== + +An example of this is the following + +[source, json] +---- +{ + "acvVersion": "version", + "vsId": 1, + "testGroups": [ ... ] +} +---- + +The 'testGroups' section is used to organize the ACVP client response in a similar manner to how it distributes vectors. + +[[response_group_table]] +.Response Group Objects +|=== +| JSON Property | Description | JSON Type + +| tgId | The test group identifier | integer +| tests | The test case objects in the response. Depends on the algorithm, see <> | array +|=== + +An example of this is the following + +---- +{ + "tgId": 1, + "tests": [ ... ] +} +---- diff --git a/src/spdm/sections/07-spdm-keySchedule-responses.adoc b/src/spdm/sections/07-spdm-keySchedule-responses.adoc new file mode 100644 index 000000000..54b208112 --- /dev/null +++ b/src/spdm/sections/07-spdm-keySchedule-responses.adoc @@ -0,0 +1,54 @@ +[[SPDM_keySchedule_vector_responses]] +=== SPDM Key Schedule Test Vector Responses + +Each test group contains an array of one or more test cases. Each test case is a JSON object that represents the results of an ACVP client processing a single test vector. The following table describes the JSON elements for each KDF / SPDM / 1.0 test vector. + +[[SPDM_keySchedule_vs_tr_table]] +.SPDM Key Schedule Test Case Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | The test case identifier | integer +| requestHandshakeSecret | requestHandshakeSecret value | hex +| responseHandshakeSecret | responseHandshakeSecret value | hex +| requestDataSecret | requestDataSecret value | hex +| responseDataSecret | responseDataSecret value | hex +| exportMasterSecret | exportMasterSecret value| hex +|=== + +The following is an example JSON test vector response object for Ascon / AEAD128 / SP800-232. + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 0, + "algorithm": "KDF", + "mode": "SPDM", + "revision": "1.0", + "isSample": false, + "testGroups": [ + { + "tgId": 1, + "testType": "AFT", + "hashFunction": "SHA2-256", + "version": "spdm1.1", + "usesPSK": true, + "tests": [ + { + "tcId": 1, + "requestHandshakeSecret": "91EC543847C46D5F49DBBA2D97B44702321BCE7CBA2F47A7E31A094804B5C0B6", + "responseHandshakeSecret": "7F79607B96752A924F1121E1616CB668597511C3B34A05465071CA8A03729D46", + "requestDataSecret": "3AC23CC538C7E3A6B62AAEF1AC91177928510A9E082E6F450FCBD1EB6D9188CD", + "responseDataSecret": "EDBFC7466F6BADD78306719AA041A300C164F65614D33C2F642C2ED8923DE6E9", + "exportMasterSecret": "05A487949D88F4CBA940EF740A0DE4583A6DD7D38E1B486FEAECD3F270BC09C6" + } + ] + } + ] + } +] +---- diff --git a/src/spdm/sections/98-references.adoc b/src/spdm/sections/98-references.adoc new file mode 100644 index 000000000..5ec4eeda2 --- /dev/null +++ b/src/spdm/sections/98-references.adoc @@ -0,0 +1,35 @@ + +[bibliography] +== Normative References + +* [[[RFC2119,RFC 2119]]] +* [[[RFC8174,RFC 8174]]] + +* [[[ DSP0274 1.4.0]]] + +[%bibitem] +=== Automatic Cryptographic Validation Protocol +id:: ACVP +docid:: + id::: ACVP +contributor:: +contributor.person.name.initial:: B. +contributor.person.name.surname:: Fussell +contributor.person.affiliation.organization.name:: Cisco +contributor:: +contributor.person.name.initial:: A. +contributor.person.name.surname:: Vassilev +contributor.person.affiliation.organization.name:: National Institute of Standards and Technology +contributor.person.affiliation.organization.abbreviation:: NIST +contributor:: +contributor.person.name.initial:: H. +contributor.person.name.surname:: Booth +contributor.person.affiliation.organization.name:: National Institute of Standards and Technology +contributor.person.affiliation.organization.abbreviation:: NIST +contributor:: +contributor.role:: publisher +contributor.organization.name:: National Institute of Standards and Technology +contributor.organization.abbreviation:: NIST +date:: +date.type:: published +date.value:: 2019-07-01 From 65a7b41b59c852938400bc4a088cb0b4bf4cd7d1 Mon Sep 17 00:00:00 2001 From: ctc Date: Wed, 27 May 2026 13:16:57 -0400 Subject: [PATCH 2/2] Slight changes to SPDM spec removing thLen registration property, adds SPDM to README and index.html, creates main adoc file --- README.md | 1 + index.html | 1 + src/draft-ross-acvp-kdf-spdm.adoc | 66 +++++++++++++++++++ src/spdm/sections/05-capabilities.adoc | 2 +- .../05-spdm-keySchedule-capabilities.adoc | 13 +--- .../06-spdm-keySchedule-test-vectors.adoc | 6 +- .../07-spdm-keySchedule-responses.adoc | 2 +- 7 files changed, 74 insertions(+), 17 deletions(-) create mode 100644 src/draft-ross-acvp-kdf-spdm.adoc diff --git a/README.md b/README.md index e96eeb230..8727874ee 100644 --- a/README.md +++ b/README.md @@ -344,6 +344,7 @@ Standalone KDA testing from SP800-56Cr1 or SP800-56Cr2. Can be used in conjuncti * [ANSX9.63 (Component)](https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ansi-x963.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ansi-x963.html) * [ANSX9.42 (Component)](https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ansi-x942.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ansi-x942.html) * [PBKDF](https://pages.nist.gov/ACVP/draft-celi-acvp-pbkdf.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-pbkdf.html) +* [SPDM](https://pages.nist.gov/ACVP/draft-ross-acvp-kdf-spdm.txt) - [HTML](https://pages.nist.gov/ACVP/draft-ross-acvp-kdf-spdm.html) ### Safe Primes * [SafePrimes KeyGen](https://pages.nist.gov/ACVP/draft-hammett-acvp-safe-primes.txt) - [HTML](https://pages.nist.gov/ACVP/draft-hammett-acvp-safe-primes.html) diff --git a/index.html b/index.html index 73c5d4cff..664784b3e 100644 --- a/index.html +++ b/index.html @@ -420,6 +420,7 @@

KDFs

  • ANSX9.63 (Component) - HTML
  • ANSX9.42 (Component) - HTML
  • PBKDF - HTML
    • +
  • SPDM -

    • Safe Primes

    diff --git a/src/draft-ross-acvp-kdf-spdm.adoc b/src/draft-ross-acvp-kdf-spdm.adoc new file mode 100644 index 000000000..949bd2cb8 --- /dev/null +++ b/src/draft-ross-acvp-kdf-spdm.adoc @@ -0,0 +1,66 @@ += ACVP KDF SPDM JSON Specification +:doctype: internet-draft +:docname: spdm +:docnumber: draft-ross-acvp-kdf-spdm-01 +:abbrev: ACVP KDF SPDM +:ipr: trust200902 +:submission-type: independent +:area: Internet +:intended-series: informational +:revdate: 2026-05-27 +:forename_initials: N.G. +:lastname: Ross +:fullname: Noah Ross +:organization: National Institute of Standards and Technology +:street: 100 Bureau Drive +:city: Gaithersburg +:code: 20899 +:country: United States of America +:email: noah.ross@nist.gov +:role: editor +:docfile: draft-ross-acvp-kdf-spdm-adoc +:mn-document-class: ietf +:mn-output-extensions: xml,rfc,txt,html +:area: General +:keyword: acvp, crypto + +// Singular name of the algorithm +:spec-algorithm: KDF SPDM +:algo-short-name: KDF SPDM + +include::common/common-sections/00-abstract.adoc[] + +include::common/common-sections/01-intro.adoc[] + +include::common/common-sections/02-conventions.adoc[] + +include::spdm/sections/03-supported.adoc[] + +include::spdm/sections/04-testtypes.adoc[] + +include::common/common-sections/05-capabilities-description.adoc[] + +include::common/common-sections/051-prerequisites.adoc[] + +include::spdm/sections/05-capabilities.adoc[] + +include::spdm/sections/05-spdm-keySchedule-capabilities.adoc[] + +include::common/common-sections/06-test-vector-intro.adoc[] + +include::spdm/sections/06-test-vectors.adoc[] + +include::spdm/sections/06-spdm-keySchedule-test-vectors.adoc[] + +include::spdm/sections/07-responses.adoc[] + +include::spdm/sections/07-spdm-keySchedule-responses.adoc[] + +include::common/common-sections/10-security.adoc[] + +include::common/common-sections/11-iana.adoc[] + +include::common/common-sections/99-acknowledgements.adoc[] + +// References must be given before appendixes +include::spdm/sections/98-references.adoc[] diff --git a/src/spdm/sections/05-capabilities.adoc b/src/spdm/sections/05-capabilities.adoc index 380e46c6c..64d4bba8d 100644 --- a/src/spdm/sections/05-capabilities.adoc +++ b/src/spdm/sections/05-capabilities.adoc @@ -2,7 +2,7 @@ [[prereq_algs]] === Required Prerequisite Algorithms for SPDM Validations -Each SPDM implementation relies on other cryptographic primitives. For example, SPDM Key Schedule uses an underlying SHA algorithm. Each of these underlying algorithm primitives must be validated, either separately or as part of the same submission. ACVP provides a mechanism for specifying the required prerequisites: +Each SPDM implementation relies on other cryptographic primitives. For example, SPDM Key Schedule (KDF) uses an underlying SHA algorithm. Each of these underlying algorithm primitives must be validated, either separately or as part of the same submission. ACVP provides a mechanism for specifying the required prerequisites: [[rereqs_table]] .Required SPDM Prerequisite Algorithms JSON Values diff --git a/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc b/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc index cffe5184d..ea34822b6 100644 --- a/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc +++ b/src/spdm/sections/05-spdm-keySchedule-capabilities.adoc @@ -1,8 +1,8 @@ [[SPDM_registration]] -=== SPDM Key Schedule Registration Properties +=== SPDM Key Schedule (KDF) Registration Properties -Each SPDM Key Schedule algorithm capability advertised is a self-contained JSON object using the following values. +Each SPDM Key Schedule (KDF) algorithm capability advertised is a self-contained JSON object using the following values. [[SPDM_keySchedule_caps_table]] .SPDM Key Schedule Algorithm Capabilities JSON Values @@ -13,7 +13,6 @@ Each SPDM Key Schedule algorithm capability advertised is a self-contained JSON | mode | The Ascon mode to be validated | string | "SPDM" | revision | The algorithm testing revision to use | string | "1.0" | keyLen | The supported ley lengths in bits | Domain | {"Min": 128, "Max": 4096, "Inc": 8} -| thLen | The supported th string lengths in bits | Domain | {"Min": 256, "Max": 512, "Inc": 128} | spdmVersion | The version(s) of SPDM supported | array of strings | "spdm1.1", "spdm1.2", "spdm1.3" | usesPSK | The support for a pre-shared key | array of booleans | true, false | hashAlgs | The hashing algorithms supported | array of strings | "SHA2-256", "SHA2-384", "SHA2-512", "SHA3-256", "SHA3-384", "SHA3-512" @@ -38,13 +37,6 @@ Below is an example of the registration for KDF / SPDM / 1.0 "increment": 8 } ], - "thLen": [ - { - "min": 256, - "max": 512, - "increment": 128 - } - ], "spdmVersion": [ "spdm1.1", "spdm1.2", @@ -63,5 +55,4 @@ Below is an example of the registration for KDF / SPDM / 1.0 "SHA3-512" ] } - ---- diff --git a/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc b/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc index 870b34eeb..9b66e9c17 100644 --- a/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc +++ b/src/spdm/sections/06-spdm-keySchedule-test-vectors.adoc @@ -1,8 +1,8 @@ [[SPDM_keySchedule_test_vectors]] -=== SPDM Key Schedule Test Vectors +=== SPDM Key Schedule (KDF) Test Vectors [[SPDM_keySchedule_tgjs]] -==== SPDM Key Schedule Test Groups JSON Schema +==== SPDM Key Schedule (KDF) Test Groups JSON Schema The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the {algo-short-name} JSON elements of the Test Group JSON object. @@ -12,7 +12,6 @@ The test group for KDF / SPDM / 1.0 is as follows: .SPDM Key Schedule Test Group JSON Object |=== | JSON Value | Description | JSON type - | tgId | Numeric identifier for the test group, unique across the entire vector set | integer | testType | The test operation performed | string | hashFunction | The hash function being used | string @@ -30,7 +29,6 @@ Each test group contains an array of one or more test cases. Each test case is a .SPDM Key Schedule Test Case JSON Object |=== | JSON Value | Description | JSON type - | tcId | Numeric identifier for the test case, unique across the entire vector set | integer | key | Key value | hex | th1 | th1 value | hex diff --git a/src/spdm/sections/07-spdm-keySchedule-responses.adoc b/src/spdm/sections/07-spdm-keySchedule-responses.adoc index 54b208112..7668c467e 100644 --- a/src/spdm/sections/07-spdm-keySchedule-responses.adoc +++ b/src/spdm/sections/07-spdm-keySchedule-responses.adoc @@ -1,5 +1,5 @@ [[SPDM_keySchedule_vector_responses]] -=== SPDM Key Schedule Test Vector Responses +=== SPDM Key Schedule (KDF) Test Vector Responses Each test group contains an array of one or more test cases. Each test case is a JSON object that represents the results of an ACVP client processing a single test vector. The following table describes the JSON elements for each KDF / SPDM / 1.0 test vector.