From 4dd280057d9c588fb1e35104e89d90e0f56f62be Mon Sep 17 00:00:00 2001 From: Steven Bellock Date: Mon, 23 Dec 2024 11:00:23 -0800 Subject: [PATCH] Add comment explaining MUT_AUTH_CAP check Signed-off-by: Steven Bellock --- library/spdm_requester_lib/libspdm_req_get_capabilities.c | 3 +++ library/spdm_responder_lib/libspdm_rsp_capabilities.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/library/spdm_requester_lib/libspdm_req_get_capabilities.c b/library/spdm_requester_lib/libspdm_req_get_capabilities.c index fd5728adde4..95e05cd14bc 100644 --- a/library/spdm_requester_lib/libspdm_req_get_capabilities.c +++ b/library/spdm_requester_lib/libspdm_req_get_capabilities.c @@ -120,6 +120,9 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve /* Checks that originate from mutual authentication capabilities. */ if (mut_auth_cap == 1) { + /* Mutual authentication with asymmetric keys can only occur through the basic mutual + * authentication flow (CHAL_CAP == 1) or the session-based mutual authentication flow + * (KEY_EX_CAP == 1). */ if ((key_ex_cap == 0) && (chal_cap == 0)) { return false; } diff --git a/library/spdm_responder_lib/libspdm_rsp_capabilities.c b/library/spdm_responder_lib/libspdm_rsp_capabilities.c index a54ef6b021a..3d7986d18a2 100644 --- a/library/spdm_responder_lib/libspdm_rsp_capabilities.c +++ b/library/spdm_responder_lib/libspdm_rsp_capabilities.c @@ -112,6 +112,9 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, /* Checks that originate from mutual authentication capabilities. */ if (mut_auth_cap == 1) { + /* Mutual authentication with asymmetric keys can only occur through the basic mutual + * authentication flow (CHAL_CAP == 1) or the session-based mutual authentication flow + * (KEY_EX_CAP == 1). */ if ((key_ex_cap == 0) && (chal_cap == 0)) { return false; }