Debug printing of secrets

[steven-bellock]

https://github.com/DMTF/libspdm/blob/main/library/spdm_secured_message_lib/libspdm_secmes_session.c contains prints such as

libspdm/library/spdm_secured_message_lib/libspdm_secmes_session.c

Lines 92 to 94 in bf90209

	LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length));
	LIBSPDM_INTERNAL_DUMP_DATA(key, key_length);
	LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));

Some folks that enable LIBSPDM_DEBUG_PRINT_ENABLE in production for diagnostic prints might be surprised to learn that session secrets could make their way to a log file. Two solutions to resolve this are

1. Remove the prints entirely.
2. Introduce a new macro such as LIBSPDM_DEBUG_PRINT_SECRET_ENABLE that is disabled by default.

[steven-bellock]

might be surprised to learn that session secrets could make their way to a log file.

@lordaule are you surprised?

[lordaule]

We have disabled LIBSPDM_DEBUG_PRINT_ENABLE in production. However we do log all MCTP raw bytes sent/received by the functions that we register with libspdm_register_device_io_func()

Are the session secrets extractable from the raw bytes?

[steven-bellock]

We have disabled LIBSPDM_DEBUG_PRINT_ENABLE in production.

Ah, so you rely entirely on libspdm error codes in production?

Are the session secrets extractable from the raw bytes?

No.

[steven-bellock]

NVIDIA has LIBSPDM_DEBUG_PRINT_ENABLE enabled https://github.com/NVIDIA/open-gpu-kernel-modules/blob/a5bfb10e75a4046c5d991c65f49b5d29151e68cf/src/nvidia/src/libraries/libspdm/nvidia/nvspdm_rmconfig.h#L49 but libspdm_debug_print doesn't do anything https://github.com/NVIDIA/open-gpu-kernel-modules/blob/a5bfb10e75a4046c5d991c65f49b5d29151e68cf/src/nvidia/src/libraries/libspdm/nvidia/nvspdm_debuglib.c#L60-L69.

[lordaule]

Ah, so you rely entirely on libspdm error codes in production?

The only class of error we've seen more than once are certificate chains that fail to validate. We aren't using error codes per-se, just pass/fail - and all fails have required a human to dive into the logs to figure out what isn't working.

[jyao1]

This secret dump is required for 1) debug purpose in case of failure, 2) input to spdm_dump tool.
I am open to use dedicated macro to enable them.