From 2168518e5845cdb640cc9ac4b3868b9c6e353306 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 22 Oct 2024 17:57:06 +0200 Subject: [PATCH] Fix broken selection of primary algorithm --- Makefile | 9 +++++---- include/image.h | 21 ++++++--------------- include/keystore.h | 2 +- options.mk | 2 ++ tools/keytools/keygen.c | 5 ++++- tools/keytools/sign.c | 36 +++++++++++++++++++++--------------- 6 files changed, 39 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index bf76eda00..67c8c0706 100644 --- a/Makefile +++ b/Makefile @@ -143,12 +143,11 @@ endif ifneq ($(SIGN_SECONDARY),) SECONDARY_PRIVATE_KEY=wolfboot_signing_second_private_key.der - MAIN_TARGET+=$(SECONDARY_PRIVATE_KEY) endif ASFLAGS:=$(CFLAGS) -all: $(MAIN_TARGET) +all: $(SECONDARY_PRIVATE_KEY) $(MAIN_TARGET) stage1: stage1/loader_stage1.bin stage1/loader_stage1.bin: wolfboot.elf @@ -208,12 +207,14 @@ $(PRIVATE_KEY): $(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" > src/keystore.c) || true $(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true -$(SECONDARY_PRIVATE_KEY): +$(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) $(Q)$(MAKE) keytools_check $(Q)rm -f src/keystore.c + $(Q)mv $(PRIVATE_KEY) primary.$(PRIVATE_KEY) $(Q)(test $(SIGN_SECONDARY) = NONE) || ("$(KEYGEN_TOOL)" \ - $(KEYGEN_OPTIONS) -i $(PRIVATE_KEY) $(SECONDARY_KEYGEN_OPTIONS) \ + $(KEYGEN_OPTIONS) -i primary.$(PRIVATE_KEY) $(SECONDARY_KEYGEN_OPTIONS) \ -g $(SECONDARY_PRIVATE_KEY)) || true + $(Q)mv primary.$(PRIVATE_KEY) $(PRIVATE_KEY) $(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true keytools: include/target.h diff --git a/include/image.h b/include/image.h index a66c1ec29..f688263b6 100644 --- a/include/image.h +++ b/include/image.h @@ -79,18 +79,20 @@ int wolfBot_get_dts_size(void *dts_addr); #define SECT_FLAG_UPDATED 0x0f #endif -#define WOLFBOOT_SIGN_PRIMARY_ML_DSA - #ifdef WOLFBOOT_SIGN_PRIMARY_ED25519 #define wolfBoot_verify_signature wolfBoot_verify_signature_ed25519 #endif #ifdef WOLFBOOT_SIGN_PRIMARY_ED448 #define wolfBoot_verify_signature wolfBoot_verify_signature_ed448 #endif -#ifdef WOLFBOOT_SIGN_PRIMARY_RSA +#if defined (WOLFBOOT_SIGN_PRIMARY_RSA2048) || \ + defined (WOLFBOOT_SIGN_PRIMARY_RSA3072) || \ + defined (WOLFBOOT_SIGN_PRIMARY_RSA4096) #define wolfBoot_verify_signature wolfBoot_verify_signature_rsa #endif -#ifdef WOLFBOOT_SIGN_PRIMARY_ECC +#if defined (WOLFBOOT_SIGN_PRIMARY_ECC256) || \ + defined (WOLFBOOT_SIGN_PRIMARY_ECC384) || \ + defined (WOLFBOOT_SIGN_PRIMARY_ECC521) #define wolfBoot_verify_signature wolfBoot_verify_signature_ecc #endif #ifdef WOLFBOOT_SIGN_PRIMARY_LMS @@ -560,16 +562,6 @@ struct wolfBoot_image { }; /* do not warn if this is not used */ -#if !defined(__CCRX__) -static void __attribute__ ((unused)) wolfBoot_image_confirm_signature_ok( - struct wolfBoot_image *img) -{ -} -static void __attribute__ ((unused)) wolfBoot_image_clear_signature_ok( - struct wolfBoot_image *img) -{ -} -#else static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img) { img->signature_ok = 1; @@ -578,7 +570,6 @@ static void wolfBoot_image_clear_signature_ok(struct wolfBoot_image *img) { img->signature_ok = 0; } -#endif #define likely(x) (x) #define unlikely(x) (x) diff --git a/include/keystore.h b/include/keystore.h index 8843baaa5..1fa7dc59d 100644 --- a/include/keystore.h +++ b/include/keystore.h @@ -32,7 +32,7 @@ extern "C" { #ifndef KEYSTORE_PUBKEY_SIZE /* allow building version for external API use */ #define KEYSTORE_ANY -#ifdef ML_DSA_LEVEL +#ifdef WOLFBOOT_SIGN_ML_DSA #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ML_DSA #else #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_RSA4096 diff --git a/options.mk b/options.mk index 6aecdf7e8..ae5fc8734 100644 --- a/options.mk +++ b/options.mk @@ -515,6 +515,8 @@ ifneq ($(SIGN_SECONDARY),) CFLAGS+=-DSIGN_SECONDARY_$(SIGN_SECONDARY) endif +CFLAGS+=-DWOLFBOOT_SIGN_PRIMARY_$(SIGN) + ifeq ($(RAM_CODE),1) CFLAGS+= -D"RAM_CODE" endif diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c index aa78abc15..4cd2f8ffa 100644 --- a/tools/keytools/keygen.c +++ b/tools/keytools/keygen.c @@ -122,7 +122,7 @@ static int saveAsDer = 0; static WC_RNG rng; #ifndef KEYSLOT_MAX_PUBKEY_SIZE - #if defined(WOLFSSL_WC_DILITHIUM) + #if defined(KEYSTORE_PUBKEY_SIZE_ML_DSA) /* ML-DSA pub keys are big. */ #define KEYSLOT_MAX_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ML_DSA #else @@ -388,9 +388,11 @@ static uint32_t get_pubkey_size(uint32_t keyType) case KEYGEN_XMSS: size = KEYSTORE_PUBKEY_SIZE_XMSS; break; +#ifdef KEYSTORE_PUBKEY_SIZE_ML_DSA case KEYGEN_ML_DSA: size = KEYSTORE_PUBKEY_SIZE_ML_DSA; break; +#endif default: size = 0; } @@ -1113,6 +1115,7 @@ int main(int argc, char** argv) #ifdef DEBUG_SIGNTOOL wolfSSL_Debugging_ON(); #endif + printf("Keystore size: %lu\n", sizeof(struct keystore_slot)); /* Check arguments and print usage */ if (argc < 2) diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 427281b27..3d84ed60e 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -309,7 +309,6 @@ static struct cmd_options CMD = { }; - static int load_key_ecc(int sign_type, uint32_t curve_sz, int curve_id, int header_sz, uint8_t **key_buffer, uint32_t *key_buffer_sz, @@ -323,11 +322,7 @@ static int load_key_ecc(int sign_type, uint32_t curve_sz, int curve_id, *pubkey_sz = curve_sz * 2; *pubkey = malloc(*pubkey_sz); /* assume malloc works */ - - printf("Load key: %s", secondary?"secondary":"primary"); - printf(" Size: %d\n", *pubkey_sz); initRet = ret = wc_ecc_init(&key.ecc); - if (CMD.manual_sign || CMD.sha_only) { /* raw (public x + public y) */ if (*key_buffer_sz == (curve_sz * 2)) { @@ -520,7 +515,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz, f = fopen(key_file, "rb"); if (f == NULL) { - printf("Open key file %s failed\n", CMD.key_file); + printf("Open key file %s failed\n", key_file); goto failure; } fseek(f, 0, SEEK_END); @@ -889,11 +884,12 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz, /* Sign the digest */ static int sign_digest(int sign, int hash_algo, uint8_t* signature, uint32_t* signature_sz, - uint8_t* digest, uint32_t digest_sz) + uint8_t* digest, uint32_t digest_sz, int secondary) { int ret; WC_RNG rng; printf("Sign: %02x\n", sign >> 8); + (void)secondary; if ((ret = wc_InitRng(&rng)) != 0) { return ret; @@ -976,6 +972,10 @@ static int sign_digest(int sign, int hash_algo, #endif #ifdef WOLFSSL_HAVE_LMS if (sign == SIGN_LMS) { + const char *key_file = CMD.key_file; + if (secondary) { + key_file = CMD.secondary_key_file; + } /* Set the callbacks, so LMS can update the private key while signing */ ret = wc_LmsKey_SetWriteCb(&key.lms, lms_write_key); if (ret == 0) { @@ -999,6 +999,10 @@ static int sign_digest(int sign, int hash_algo, #endif /* WOLFSSL_HAVE_LMS */ #ifdef WOLFSSL_HAVE_XMSS if (sign == SIGN_XMSS) { + const char *key_file = CMD.key_file; + if (secondary) { + key_file = CMD.secondary_key_file; + } ret = wc_XmssKey_Init(&key.xmss, NULL, INVALID_DEVID); /* Set the callbacks, so XMSS can update the private key while signing */ if (ret == 0) { @@ -1200,6 +1204,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, if (ret == 0) { ret = wc_InitSha256_ex(&sha, NULL, INVALID_DEVID); if (ret == 0) { + printf("Hashing primary pubkey, size: %d\n", pubkey_sz); ret = wc_Sha256Update(&sha, pubkey, pubkey_sz); if (ret == 0) wc_Sha256Final(&sha, buf); @@ -1209,6 +1214,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, /* secondary public key in hybrid mode */ if (ret == 0 && secondary_key_sz > 0) { ret = wc_InitSha256_ex(&sha, NULL, INVALID_DEVID); + printf("Hashing secondary pubkey, size: %d\n", secondary_key_sz); if (ret == 0) { ret = wc_Sha256Update(&sha, secondary_key, secondary_key_sz); if (ret == 0) @@ -1387,7 +1393,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, /* Sign the digest */ printf("CMD.sign == %02x\n", CMD.sign); ret = sign_digest(CMD.sign, CMD.hash_algo, - signature, &CMD.signature_sz, digest, digest_sz); + signature, &CMD.signature_sz, digest, digest_sz, 0); if (ret != 0) { printf("Signing error %d\n", ret); goto failure; @@ -1419,7 +1425,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, } memset(secondary_signature, 0, CMD.secondary_signature_sz); ret = sign_digest(CMD.secondary_sign, CMD.hash_algo, - secondary_signature, &CMD.secondary_signature_sz, digest, digest_sz); + secondary_signature, &CMD.secondary_signature_sz, digest, digest_sz, 1); if (ret != 0) { printf("Secondary Signing error %d\n", ret); goto failure; @@ -1471,7 +1477,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, /* Policy is always SHA2-256 */ ret = sign_digest(CMD.sign, HASH_SHA256, policy + sizeof(uint32_t), &CMD.policy_sz, - digest, digest_sz); + digest, digest_sz, 0); if (ret != 0) { printf("Signing policy error %d\n", ret); goto failure; @@ -2047,7 +2053,7 @@ static void set_signature_sizes(int secondary) if (lms_ret != 0) { fprintf(stderr, "error: wc_LmsKey_SetParameters(%d, %d, %d)" \ " returned %d\n", LMS_LEVELS, LMS_HEIGHT, - LMS_WINTERNITZ, ret); + LMS_WINTERNITZ, lms_ret); exit(1); } @@ -2146,8 +2152,8 @@ int main(int argc, char** argv) uint8_t buf[PATH_MAX-32]; /* leave room to avoid "directive output may be truncated" */ uint8_t *pubkey = NULL; uint32_t pubkey_sz = 0; - uint8_t *kbuf=NULL, *key_buffer; - uint32_t key_buffer_sz; + uint8_t *kbuf=NULL, *key_buffer, *key_buffer2; + uint32_t key_buffer_sz, key_buffer_sz2; #ifdef DEBUG_SIGNTOOL wolfSSL_Debugging_ON(); @@ -2625,10 +2631,10 @@ int main(int argc, char** argv) if (CMD.hybrid) { uint8_t *kbuf2 = NULL; - uint32_t key_buffer_sz2; uint8_t *pubkey2 = NULL; uint32_t pubkey_sz2; - kbuf2 = load_key(&key_buffer, &key_buffer_sz2, &pubkey2, &pubkey_sz2, 1); + printf("Loading secondary key\n"); + kbuf2 = load_key(&key_buffer2, &key_buffer_sz2, &pubkey2, &pubkey_sz2, 1); printf("Creating hybrid signature\n"); make_hybrid_header(pubkey, pubkey_sz, CMD.image_file, CMD.output_image_file, pubkey2, pubkey_sz2);