From 357c7cd258aa4ba61647129f8fd5b3ba3cdaff6d Mon Sep 17 00:00:00 2001 From: Cezary Zwolak Date: Mon, 11 May 2026 14:39:23 +0200 Subject: [PATCH] macro_check: enforce KEY_EX for KEM/DHE and capability gate for signature algorithms Drop SPDM 1.4 build-profile specific checks and keep focused macro validation updates: - require KEY_EX_CAP when KEM or DHE algorithms are enabled - require CERT_CAP/CHAL_CAP/KEY_EX_CAP when any signature algorithm is enabled - require KEY_EX_CAP when MUT_AUTH_CAP is enabled This addresses reviewer concerns around algorithm-to-capability consistency in libspdm_macro_check.h. Signed-off-by: Cezary Zwolak --- include/internal/libspdm_macro_check.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/include/internal/libspdm_macro_check.h b/include/internal/libspdm_macro_check.h index b18943d3208..41ca59df2ac 100644 --- a/include/internal/libspdm_macro_check.h +++ b/include/internal/libspdm_macro_check.h @@ -1,6 +1,6 @@ /** * Copyright Notice: - * Copyright 2021-2025 DMTF. All rights reserved. + * Copyright 2021-2026 DMTF. All rights reserved. * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ @@ -36,6 +36,17 @@ ((LIBSPDM_SHA2_SUPPORT) || (LIBSPDM_SHA3_SUPPORT)) #endif /*LIBSPDM_FIPS_MODE*/ +#if ((LIBSPDM_ML_KEM_SUPPORT) || (LIBSPDM_DHE_ALGO_SUPPORT)) && \ + !(LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) + #error KEM/DHE support requires KEY_EX_CAP capability. +#endif + +#if ((LIBSPDM_ASYM_ALGO_SUPPORT) || (LIBSPDM_ML_DSA_SUPPORT) || (LIBSPDM_SLH_DSA_SUPPORT)) && \ + !((LIBSPDM_ENABLE_CAPABILITY_CERT_CAP) || (LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP) || \ + (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP)) + #error Asymmetric signature support requires CERT_CAP, CHAL_CAP, or KEY_EX_CAP. +#endif + #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) && !LIBSPDM_ASYM_ALGO_SUPPORT #error If KEY_EX_CAP is enabled then at least one asymmetric algorithm must also be enabled. #endif