Update multikey flow for Responder

Signed-off-by: Steven Bellock <[email protected]>

Author: steven-bellock

doc/multikey.md

@@ -31,3 +31,17 @@ endpoint's multikey support is conditional (`MULTI_KEY_CAP == 2`).
 4. Use `libspdm_get_data` with `LIBSPDM_DATA_PEER_KEY_USAGE_BIT_MASK` to query the `KeyUsageMask`
    for each populated certificate slot. Use the `SPDM_KEY_USAGE_BIT_MASK_*` macros to determine the
    legal messages for that certificate slot and key.
+
+### Multikey Flow for libspdm Responder
+
+1. If `MULTI_KEY_CAP == 1` then skip to Step 2. If `MULTI_KEY_CAP == 2` then, after `VCA` has
+    completed and the connection status has transitioned to `LIBSPDM_CONNECTION_STATE_NEGOTIATED`,
+    call `libspdm_get_data` with `LIBSPDM_DATA_MULTI_KEY_CONN_RSP` to determine whether the
+    connection utilizes multikey (`true`) or not (`false`). If it is `true` then continue to Step 2.
+2. Call `libspdm_set_data` with `LIBSPDM_DATA_LOCAL_KEY_PAIR_ID` and
+   `LIBSPDM_DATA_LOCAL_KEY_USAGE_BIT_MASK` to map `KeyPairID`s with certificate slots for the
+    negotiated asymmetric cryptography algorithm and to specify the messages a key can be
+    associated with.
+        - If `MULTI_KEY_CAP == 1` and the Responder supports only one asymmetric cryptography
+          algorithm then this step can be performed before the connection is established.
+3. Calls to `libspdm_responder_data_sign` then specify the `KeyPairID`.