question on RSA/ECDSA signature endianness in SPDM 1.0/1.1

[jyao1]

Current signature endianness is clarified in SPDM 1.2.1.

But SPDM 1.0/1.1 does not include the clarification.

SPDM issue: https://github.com/DMTF/SPDM-WG/issues/2929

[steven-bellock]

Ideally there should be no byte-swapping, as that was the intent starting with 1.0.

[xiaoyuruan]

According to the SPDM WG, SPDM 1.0/1.1 allows big or little endian, chosen by implementation. As such, I propose that:

1. Provide compile-time option for libspdm Requester's signature generation, if negotiated VERSION == 1.0 or 1.1: choose one from: {big endian; little endian}.
2. Provide compile-time option for libspdm Responder's signature verification, if negotiated VERSION == 1.0 or 1.1: choose one from: {big endian; little endian; flexible - try both and accept signature if one passes}.

Understood this will not intercept libspdm3.0.0, but later.

Please assign Rich Kong to it. @richkong88

[jyao1]

I think we need define a set of MACRO to control the different behavior:

LIBSPDM_SPDM_10_RSA_LITTLE_ENDIAN
LIBSPDM_SPDM_10_ECDSA_LITTLE_ENDIAN
LIBSPDM_SPDM_10_RSA_DUAL_VERIFICATION
LIBSPDM_SPDM_10_ECDSA_DUAL_VERIFICATION
LIBSPDM_SPDM_11_RSA_LITTLE_ENDIAN
LIBSPDM_SPDM_11_ECDSA_LITTLE_ENDIAN
LIBSPDM_SPDM_11_RSA_DUAL_VERIFICATION
LIBSPDM_SPDM_11_ECDSA_DUAL_VERIFICATION

[richkong88]

I think we need define a set of MACRO to control the different behavior:

LIBSPDM_SPDM_10_RSA_LITTLE_ENDIAN
LIBSPDM_SPDM_10_ECDSA_LITTLE_ENDIAN
LIBSPDM_SPDM_10_RSA_DUAL_VERIFICATION
LIBSPDM_SPDM_10_ECDSA_DUAL_VERIFICATION
LIBSPDM_SPDM_11_RSA_LITTLE_ENDIAN
LIBSPDM_SPDM_11_ECDSA_LITTLE_ENDIAN
LIBSPDM_SPDM_11_RSA_DUAL_VERIFICATION
LIBSPDM_SPDM_11_ECDSA_DUAL_VERIFICATION

@jyao1 These would be defines in spdm_lib_config.h right?
Something like:

#ifndef LIBSPDM_SPDM_10_RSA_LITTLE_ENDIAN
#define LIBSPDM_SPDM_10_RSA_LITTLE_ENDIAN 1
#endif
...

[steven-bellock]

Requesters may want this to be runtime configurable. If signature verification fails with one endianness it may try with another endianness.

[richkong88]

Is a good place to put the logic changes in spdm_crypt_lib\libspdm_crypt_asm.c in the functions:

libspdm_asym_sign
libspdm_asym_sign_hash
libspdm_asym_verify
libspdm_asym_verify_hash

[jyao1]

@richkong88 , here is discussion result between @steven-bellock and me.

1. We use different way for signing and verification. The reason is: Signing is NOT controlled by libspdm, but in a customer spdm_device_secret_lib. While Verification is controlled by libspdm.

2. For signing, it is OK to use MACRO. We can put macro to spdm_device_secret_lib.

3. For verification, we use runtime switch. If there is any API change is needed, we need add the new API, and keep old API as is for compatibility. To avoid code duplication, the old API can call new API as default behavior.