diff --git a/include/internal/libspdm_common_lib.h b/include/internal/libspdm_common_lib.h index 5250df15dd6..7fc61174a96 100644 --- a/include/internal/libspdm_common_lib.h +++ b/include/internal/libspdm_common_lib.h @@ -568,7 +568,7 @@ typedef struct { /* Endianness (BE/LE/Both) to use for signature verification on SPDM 1.0 and 1.1 * This field is ignored for other SPDM versions */ - uint32_t spdm_10_11_verify_signature_endian; + uint8_t spdm_10_11_verify_signature_endian; } libspdm_context_t; diff --git a/include/library/spdm_common_lib.h b/include/library/spdm_common_lib.h index a5d80726de4..a79f6143a98 100644 --- a/include/library/spdm_common_lib.h +++ b/include/library/spdm_common_lib.h @@ -212,6 +212,13 @@ typedef enum { LIBSPDM_RESPONSE_STATE_MAX } libspdm_response_state_t; +/* The Endian values apply only if the spdm version is 1.0/1.1. + * The default verification mode is big endian only. */ +#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY (0) +#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY (1) +#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE (2) + + /* * +--------------------------+------------------------------------------+---------+ * | GET_VERSION | 4 | 1 | diff --git a/include/library/spdm_crypt_lib.h b/include/library/spdm_crypt_lib.h index d6a6ded6320..c2e04e2f561 100644 --- a/include/library/spdm_crypt_lib.h +++ b/include/library/spdm_crypt_lib.h @@ -423,11 +423,6 @@ void libspdm_copy_signature_swap_endian( const uint8_t* src, size_t src_size); -/* The Endian values apply only if the spdm version is 1.0/1.1. - * The default verification mode is big endian only. */ -#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY (0x0) -#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY (0x1) -#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE (0x2) /** * Verifies the asymmetric signature, based upon negotiated asymmetric algorithm. @@ -458,7 +453,7 @@ bool libspdm_asym_verify_ex( void* context, const uint8_t* message, size_t message_size, const uint8_t* signature, size_t sig_size, - uint32_t *endian); + uint8_t *endian); /** * Verifies the asymmetric signature, based upon negotiated asymmetric algorithm. @@ -487,7 +482,7 @@ bool libspdm_asym_verify_hash_ex( uint32_t base_asym_algo, uint32_t base_hash_algo, void* context, const uint8_t* message_hash, size_t hash_size, const uint8_t* signature, size_t sig_size, - uint32_t *endian); + uint8_t *endian); /** * Carries out the signature generation. @@ -606,7 +601,7 @@ void libspdm_req_asym_free(uint16_t req_base_asym_alg, void *context); * @param message_size Size of the message in bytes. * @param signature Pointer to asymmetric signature to be verified. * @param sig_size Size of signature in bytes. - * @param endian Endian to be tried. If both endians is selected, + * @param endian Endian to be tried. If both endians are selected, * the one actually used successfully is returned. * * @retval true Valid asymmetric signature. @@ -624,7 +619,7 @@ bool libspdm_req_asym_verify_ex( uint16_t req_base_asym_alg, uint32_t base_hash_algo, void* context, const uint8_t* message, size_t message_size, - const uint8_t* signature, size_t sig_size, uint32_t *endian); + const uint8_t* signature, size_t sig_size, uint8_t *endian); /** * Verifies the asymmetric signature, based upon negotiated requester asymmetric algorithm. @@ -636,7 +631,7 @@ bool libspdm_req_asym_verify_ex( * @param hash_size Size of the hash in bytes. * @param signature Pointer to asymmetric signature to be verified. * @param sig_size Size of signature in bytes. - * @param endian Endian to be tried. If both endians is selected, + * @param endian Endian to be tried. If both endians are selected, * the one actually used successfully is returned. * * @retval true Valid asymmetric signature. @@ -654,7 +649,7 @@ bool libspdm_req_asym_verify_hash_ex( uint16_t req_base_asym_alg, uint32_t base_hash_algo, void* context, const uint8_t* message_hash, size_t hash_size, - const uint8_t* signature, size_t sig_size, uint32_t *endian); + const uint8_t* signature, size_t sig_size, uint8_t *endian); /** * Carries out the signature generation. diff --git a/library/spdm_common_lib/libspdm_com_context_data.c b/library/spdm_common_lib/libspdm_com_context_data.c index 31c07fc4d58..0a1ac8b00c9 100644 --- a/library/spdm_common_lib/libspdm_com_context_data.c +++ b/library/spdm_common_lib/libspdm_com_context_data.c @@ -689,16 +689,16 @@ libspdm_return_t libspdm_set_data(void *spdm_context, libspdm_data_type_t data_t } break; case LIBSPDM_DATA_SPDM_VERSION_10_11_VERIFY_SIGNATURE_ENDIAN: - if (data_size != sizeof(uint32_t)) { + if (data_size != sizeof(uint8_t)) { return LIBSPDM_STATUS_INVALID_PARAMETER; } - if (*(uint32_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY && - *(uint32_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY && - *(uint32_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE) + if (*(uint8_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY && + *(uint8_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY && + *(uint8_t*)data != LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE) { return LIBSPDM_STATUS_INVALID_PARAMETER; } - context->spdm_10_11_verify_signature_endian = *(uint32_t*)data; + context->spdm_10_11_verify_signature_endian = *(uint8_t*)data; break; default: return LIBSPDM_STATUS_UNSUPPORTED_CAP; @@ -983,7 +983,7 @@ libspdm_return_t libspdm_get_data(void *spdm_context, libspdm_data_type_t data_t target_data = context->transcript.message_a.buffer; break; case LIBSPDM_DATA_SPDM_VERSION_10_11_VERIFY_SIGNATURE_ENDIAN: - target_data_size = sizeof(uint32_t); + target_data_size = sizeof(uint8_t); target_data = &context->spdm_10_11_verify_signature_endian; break; default: diff --git a/library/spdm_crypt_lib/libspdm_crypt_asym.c b/library/spdm_crypt_lib/libspdm_crypt_asym.c index 8fc857bfe52..60549ee6caf 100644 --- a/library/spdm_crypt_lib/libspdm_crypt_asym.c +++ b/library/spdm_crypt_lib/libspdm_crypt_asym.c @@ -558,8 +558,7 @@ static void libspdm_copy_signature_swap_endian_rsa( dst[i] = dst[dst_size - i - 1]; dst[dst_size - i - 1] = byte; } - } - else { + } else { /* src and dst are different buffers. * Guard against overlap case with assert. * Overlap case is not an expected usage model. */ @@ -623,8 +622,7 @@ static void libspdm_copy_signature_swap_endian_ecdsa( y[i] = y[y_size - i - 1]; y[y_size - i - 1] = byte; } - } - else { + } else { /* src and dst are different buffers. * Guard against overlap case with assert. * Overlap case is not an expected usage model. */ @@ -682,11 +680,9 @@ void libspdm_copy_signature_swap_endian( if (base_asym_algo & spdm_10_11_rsa_algos) { libspdm_copy_signature_swap_endian_rsa(dst, dst_size, src, src_size); - } - else if (base_asym_algo & spdm_10_11_ecdsa_algos) { + } else if (base_asym_algo & spdm_10_11_ecdsa_algos) { libspdm_copy_signature_swap_endian_ecdsa(dst, dst_size, src, src_size); - } - else { + } else { /* Currently do not expect asymmetric algorithms other than RSA and ECDSA */ LIBSPDM_ASSERT(0); } @@ -864,7 +860,7 @@ bool libspdm_asym_verify_ex( void *context, const uint8_t *message, size_t message_size, const uint8_t *signature, size_t sig_size, - uint32_t *endian) + uint8_t *endian) { bool need_hash; uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE]; @@ -997,7 +993,7 @@ bool libspdm_asym_verify_hash_ex( uint32_t base_asym_algo, uint32_t base_hash_algo, void *context, const uint8_t *message_hash, size_t hash_size, const uint8_t *signature, - size_t sig_size, uint32_t *endian) + size_t sig_size, uint8_t *endian) { bool need_hash; uint8_t *message; @@ -1072,8 +1068,7 @@ bool libspdm_asym_verify_hash_ex( signature, sig_size); } /* SPDM 1.2 signing done. */ - } - else { + } else { try_big_endian = (*endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY || *endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE); @@ -1108,8 +1103,7 @@ bool libspdm_asym_verify_hash_ex( if (try_big_endian && try_little_endian && result) { if (little_endian_succeeded) { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY; - } - else { + } else { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY; } } @@ -1341,7 +1335,7 @@ bool libspdm_req_asym_verify_ex( uint16_t req_base_asym_alg, uint32_t base_hash_algo, void *context, const uint8_t *message, size_t message_size, - const uint8_t *signature, size_t sig_size, uint32_t *endian) + const uint8_t *signature, size_t sig_size, uint8_t *endian) { bool need_hash; uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE]; @@ -1461,8 +1455,7 @@ bool libspdm_req_asym_verify_ex( if (try_big_endian && try_little_endian && result) { if (little_endian_succeeded) { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY; - } - else { + } else { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY; } } @@ -1474,7 +1467,7 @@ bool libspdm_req_asym_verify_hash_ex( uint16_t req_base_asym_alg, uint32_t base_hash_algo, void *context, const uint8_t *message_hash, size_t hash_size, - const uint8_t *signature, size_t sig_size, uint32_t *endian) + const uint8_t *signature, size_t sig_size, uint8_t *endian) { bool need_hash; uint8_t *message; @@ -1582,8 +1575,7 @@ bool libspdm_req_asym_verify_hash_ex( if (try_big_endian && try_little_endian && result) { if (little_endian_succeeded) { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY; - } - else { + } else { *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY; } }