Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix ENCAP_CAP checks to accommodate SPDM 1.2 #2960

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

steven-bellock
Copy link
Contributor

Fix #2959.

@steven-bellock steven-bellock added the bug Something isn't working label Jan 15, 2025
Fix DMTF#2959.

Signed-off-by: Steven Bellock <sbellock@nvidia.com>
@steven-bellock steven-bellock marked this pull request as ready for review January 15, 2025 16:13
@steven-bellock steven-bellock requested a review from jyao1 as a code owner January 15, 2025 16:13
@steven-bellock
Copy link
Contributor Author

@Miritq as well.

@steven-bellock
Copy link
Contributor Author

For reference libspdm_is_encap_supported is implemented as

bool libspdm_is_encap_supported(const libspdm_context_t *spdm_context)
{
if (libspdm_get_connection_version(spdm_context) == SPDM_MESSAGE_VERSION_10) {
return false;
} else if (libspdm_get_connection_version(spdm_context) == SPDM_MESSAGE_VERSION_12) {
/* ENCAP_CAP was erroneously deprecated in SPDM 1.2.0 and 1.2.1, and MUT_AUTH_CAP
* was used in its place. In SPDM 1.2.2 and later ENCAP_CAP is undeprecated. Since
* UpdateVersionNumber must be ignored when checking interoperability libspdm will check
* if ENCAP_CAP or MUT_AUTH_CAP is set. */
const bool is_req_encap_cap_supported = libspdm_is_capabilities_flag_supported(
spdm_context, spdm_context->local_context.is_requester,
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP, 0);
const bool is_req_mut_auth_cap_supported = libspdm_is_capabilities_flag_supported(
spdm_context, spdm_context->local_context.is_requester,
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP, 0);
const bool is_rsp_encap_cap_supported = libspdm_is_capabilities_flag_supported(
spdm_context, spdm_context->local_context.is_requester,
0, SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP);
const bool is_rsp_mut_auth_cap_supported = libspdm_is_capabilities_flag_supported(
spdm_context, spdm_context->local_context.is_requester,
0, SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP);
return ((is_req_encap_cap_supported || is_req_mut_auth_cap_supported) &&
(is_rsp_encap_cap_supported || is_rsp_mut_auth_cap_supported));
} else {
/* For SPDM 1.1 and 1.3 and later only check ENCAP_CAP. */
return libspdm_is_capabilities_flag_supported(
spdm_context, spdm_context->local_context.is_requester,
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP,
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP);
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Key exchange fails on 'encap_cap_both' check when running SPDM 1.2
1 participant