From a314875c791c2ed5e20630f7b7850f4961dd138c Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 1 Mar 2024 15:22:27 +0100 Subject: [PATCH 1/3] Added support for SIGN=ECC521 --- .../test-renode-fastmath-smallstack.yml | 3 ++ .github/workflows/test-renode-fastmath.yml | 4 +++ .../test-renode-noasm-smallstack.yml | 3 ++ .github/workflows/test-renode-noasm.yml | 3 ++ .github/workflows/test-renode-nrf52.yml | 4 +++ .github/workflows/test-renode-sha3.yml | 3 ++ .github/workflows/test-renode-sha384.yml | 3 ++ .github/workflows/test-renode-smallstack.yml | 4 +++ include/wolfboot/wolfboot.h | 5 +-- options.mk | 4 +-- src/xmalloc.c | 33 ++++++++++++++++--- tools/test-renode.mk | 22 +++++++++++-- 12 files changed, 81 insertions(+), 10 deletions(-) diff --git a/.github/workflows/test-renode-fastmath-smallstack.yml b/.github/workflows/test-renode-fastmath-smallstack.yml index 2d5f68369..715ff84a1 100644 --- a/.github/workflows/test-renode-fastmath-smallstack.yml +++ b/.github/workflows/test-renode-fastmath-smallstack.yml @@ -31,6 +31,9 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1 SPMATH=0" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1 SPMATH=0" # RSA2048 TEST - name: Renode Tests RSA2048 diff --git a/.github/workflows/test-renode-fastmath.yml b/.github/workflows/test-renode-fastmath.yml index 6b31f07a9..838a45729 100644 --- a/.github/workflows/test-renode-fastmath.yml +++ b/.github/workflows/test-renode-fastmath.yml @@ -30,6 +30,10 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 SPMATH=0" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 SPMATH=0" + # RSA2048 TEST - name: Renode Tests RSA2048 diff --git a/.github/workflows/test-renode-noasm-smallstack.yml b/.github/workflows/test-renode-noasm-smallstack.yml index 4e3a3fad2..eddc69172 100644 --- a/.github/workflows/test-renode-noasm-smallstack.yml +++ b/.github/workflows/test-renode-noasm-smallstack.yml @@ -31,6 +31,9 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1 NO_ASM=1" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1 NO_ASM=1" # RSA2048 TEST - name: Renode Tests RSA2048 diff --git a/.github/workflows/test-renode-noasm.yml b/.github/workflows/test-renode-noasm.yml index 0b072a539..1323da486 100644 --- a/.github/workflows/test-renode-noasm.yml +++ b/.github/workflows/test-renode-noasm.yml @@ -30,6 +30,9 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 NO_ASM=1" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 NO_ASM=1" # ED25519 TEST - name: Renode Tests ED25519 diff --git a/.github/workflows/test-renode-nrf52.yml b/.github/workflows/test-renode-nrf52.yml index 7e562f7f1..1759e2ad5 100644 --- a/.github/workflows/test-renode-nrf52.yml +++ b/.github/workflows/test-renode-nrf52.yml @@ -34,6 +34,10 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521" + # ED25519 TEST - name: Renode Tests ED25519 run: ./tools/renode/docker-test.sh "SIGN=ED25519" diff --git a/.github/workflows/test-renode-sha3.yml b/.github/workflows/test-renode-sha3.yml index 05292874c..9ae8e301f 100644 --- a/.github/workflows/test-renode-sha3.yml +++ b/.github/workflows/test-renode-sha3.yml @@ -34,6 +34,9 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 HASH=SHA3" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA3" # ED25519 TEST - name: Renode Tests ED25519 diff --git a/.github/workflows/test-renode-sha384.yml b/.github/workflows/test-renode-sha384.yml index 2d7cde579..75488efc9 100644 --- a/.github/workflows/test-renode-sha384.yml +++ b/.github/workflows/test-renode-sha384.yml @@ -33,6 +33,9 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 HASH=SHA384" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA521" # ED25519 TEST - name: Renode Tests ED25519 diff --git a/.github/workflows/test-renode-smallstack.yml b/.github/workflows/test-renode-smallstack.yml index 11ad29c6a..e83027500 100644 --- a/.github/workflows/test-renode-smallstack.yml +++ b/.github/workflows/test-renode-smallstack.yml @@ -35,6 +35,10 @@ jobs: - name: Renode Tests ECC384 run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1" +# ECC521 TEST + - name: Renode Tests ECC521 + run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1" + # ED25519 TEST - name: Renode Tests ED25519 diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 20d48ab0e..ccdc0da85 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -203,8 +203,9 @@ extern "C" { # endif #elif defined(WOLFBOOT_SIGN_ECC521) # define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_ECC521 - # error "ECC521 curves not yet supported in this version of wolfBoot. " \ - "Please select a valid SIGN= option." + # ifndef WOLFBOOT_UNIVERSAL_KEYSTORE + # define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC521 + # endif #elif defined(WOLFBOOT_SIGN_RSA2048) # define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_RSA2048 # ifndef WOLFBOOT_UNIVERSAL_KEYSTORE diff --git a/options.mk b/options.mk index f7aaea0c4..5b1bcefd3 100644 --- a/options.mk +++ b/options.mk @@ -138,9 +138,9 @@ ifeq ($(SIGN),ECC521) STACK_USAGE=6680 else ifneq ($(SPMATH),1) - STACK_USAGE=7352 + STACK_USAGE=11256 else - STACK_USAGE=3896 + STACK_USAGE=8288 endif endif endif diff --git a/src/xmalloc.c b/src/xmalloc.c index 90cf72b18..b570e6325 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -63,7 +63,7 @@ struct xmalloc_slot { # error "No hash mechanism selected." #endif -#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) +#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521) #ifndef USE_FAST_MATH /* SP MATH */ @@ -98,6 +98,22 @@ struct xmalloc_slot { #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12) #endif #endif /* WOLFBOOT_SIGN_ECC384 */ + #ifdef WOLFBOOT_SIGN_ECC521 + #define MP_SCHEME "SP ECC521" + #define MP_CURVE_SPECS_SIZE (148) + #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM + #define MP_POINT_SIZE (412) + #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17) + #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 17 * 6) + #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12) + #else + #define MP_POINT_SIZE (508) + #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 21) + #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (4 * 21 + 3)) + #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 21 * 6)) + #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12) + #endif + #endif /* WOLFBOOT_SIGN_ECC521 */ #ifndef WC_NO_CACHE_RESISTANT static uint8_t mp_points_3[MP_POINT_SIZE]; #endif @@ -106,10 +122,10 @@ struct xmalloc_slot { static uint8_t mp_points_2[MP_POINT_SIZE * (16 + 1)]; static uint8_t mp_digits_buffer_0[MP_DIGITS_BUFFER_SIZE_0]; static uint8_t mp_digits_buffer_1[MP_DIGITS_BUFFER_SIZE_1]; - #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384)) + #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521)) static uint8_t mp_digits_buffer_2[MP_DIGITS_BUFFER_SIZE_2]; static uint8_t mp_montgomery[MP_MONTGOMERY_SIZE]; - #elif defined(WOLFBOOT_SIGN_ECC384) + #elif defined(WOLFBOOT_SIGN_ECC384) || defined (WOLFBOOT_SIGN_ECC521) static uint8_t mp_montgomery[MP_MONTGOMERY_SIZE]; #endif #else @@ -132,6 +148,15 @@ struct xmalloc_slot { #define MP_INT_BUFFER_SIZE_1 (MP_INT_TYPE_SIZE * 6) #define MP_DIGIT_BUFFER_MONT_SIZE (sizeof(fp_digit)*(FP_SIZE + 1)) #endif + #ifdef WOLFBOOT_SIGN_ECC521 + #define MP_SCHEME "TFM ECC521" + #define MP_CURVE_SPECS_SIZE (MP_INT_TYPE_SIZE) + #define MP_CURVE_FIELD_COUNT_SIZE (380) + #define ECC_POINT_SIZE (516) + #define MP_INT_BUFFER_SIZE (MP_INT_TYPE_SIZE * 5) + #define MP_INT_BUFFER_SIZE_1 (MP_INT_TYPE_SIZE * 6) + #define MP_DIGIT_BUFFER_MONT_SIZE (sizeof(fp_digit)*(FP_SIZE + 1)) + #endif static uint8_t mp_curve_field_count[MP_CURVE_FIELD_COUNT_SIZE]; static uint8_t mp_int_v[MP_INT_TYPE_SIZE]; @@ -170,7 +195,7 @@ static struct xmalloc_slot xmalloc_pool[] = { { (uint8_t *)mp_points_0, MP_POINT_SIZE * 2, 0 }, #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM { (uint8_t *)mp_points_1, MP_POINT_SIZE * 2, 0 }, - #ifdef WOLFBOOT_SIGN_ECC384 + #if defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521) { (uint8_t *)mp_montgomery, MP_MONTGOMERY_SIZE, 0 }, #endif #else diff --git a/tools/test-renode.mk b/tools/test-renode.mk index bdba179fd..76d31d911 100644 --- a/tools/test-renode.mk +++ b/tools/test-renode.mk @@ -78,8 +78,6 @@ ifeq ($(SIGN),ECC384) SIGN_ARGS+= --ecc384 endif -# Already supported in sign tools, not yet in wolfBoot. -# Currently, a compile-time error is produced if selected. ifeq ($(SIGN),ECC521) SIGN_ARGS+= --ecc521 endif @@ -255,6 +253,9 @@ renode-factory-ecc256: FORCE renode-factory-ecc384: FORCE make renode-factory SIGN=ECC384 +renode-factory-ecc521: FORCE + make renode-factory SIGN=ECC521 + renode-factory-rsa2048: FORCE make renode-factory SIGN=RSA2048 @@ -287,6 +288,8 @@ renode-factory-all: FORCE ${Q}make renode-factory-rsa4096 RENODE_PORT=55162 ${Q}make keysclean ${Q}make renode-factory SIGN=NONE RENODE_PORT=55163 + ${Q}make keysclean + ${Q}make renode-factory-ecc521 RENODE_PORT=55166 ${Q}echo All tests in $@ OK! renode-update-ed25519: FORCE @@ -301,6 +304,9 @@ renode-update-ecc256: FORCE renode-update-ecc384: FORCE make renode-update SIGN=ECC384 +renode-update-ecc521: FORCE + make renode-update SIGN=ECC521 + renode-update-rsa2048: FORCE make renode-update SIGN=RSA2048 @@ -328,6 +334,9 @@ renode-no-downgrade-ecc256: FORCE renode-no-downgrade-ecc384: FORCE make renode-no-downgrade SIGN=ECC384 +renode-no-downgrade-ecc521: FORCE + make renode-no-downgrade SIGN=ECC521 + renode-no-downgrade-rsa2048: FORCE make renode-no-downgrade SIGN=RSA2048 @@ -352,6 +361,9 @@ renode-corrupted-ecc256: FORCE renode-corrupted-ecc384: FORCE make renode-corrupted SIGN=ECC384 +renode-corrupted-ecc521: FORCE + make renode-corrupted SIGN=ECC521 + renode-corrupted-rsa2048: FORCE make renode-corrupted SIGN=RSA2048 @@ -388,6 +400,8 @@ renode-update-all: FORCE ${Q}make renode-update-lms RENODE_PORT=55164 ${Q}make keysclean ${Q}make renode-update-xmss RENODE_PORT=55165 + ${Q}make keysclean + ${Q}make renode-update-ecc521 RENODE_PORT=55166 ${Q}echo All tests in $@ OK! renode-no-downgrade-all: FORCE @@ -411,6 +425,8 @@ renode-no-downgrade-all: FORCE ${Q}make renode-no-downgrade-lms RENODE_PORT=55164 ${Q}make keysclean ${Q}make renode-no-downgrade-xmss RENODE_PORT=55165 + ${Q}make keysclean + ${Q}make renode-no-downgrade-ecc521 RENODE_PORT=55166 ${Q}echo All tests in $@ OK! renode-corrupted-all: FORCE @@ -434,6 +450,8 @@ renode-corrupted-all: FORCE ${Q}make renode-corrupted-lms RENODE_PORT=55164 ${Q}make keysclean ${Q}make renode-corrupted-xmss RENODE_PORT=55165 + ${Q}make keysclean + ${Q}make renode-corrupted-ecc521 RENODE_PORT=55166 ${Q}echo All tests in $@ OK! renode-update-all-armored: FORCE From c7c0e8c6863dc7fd1acae1b180df6b275049491f Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 1 Mar 2024 16:55:22 +0100 Subject: [PATCH 2/3] Ecc521+Sha384: fixed test case --- .github/workflows/test-renode-sha384.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-renode-sha384.yml b/.github/workflows/test-renode-sha384.yml index 75488efc9..01a7c4425 100644 --- a/.github/workflows/test-renode-sha384.yml +++ b/.github/workflows/test-renode-sha384.yml @@ -35,7 +35,7 @@ jobs: # ECC521 TEST - name: Renode Tests ECC521 - run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA521" + run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA384" # ED25519 TEST - name: Renode Tests ED25519 From 5ba777c748212f2f6a40afbe77c26fc735fc8006 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 1 Mar 2024 12:28:07 -0800 Subject: [PATCH 3/3] Add documentation for ECC P-521. --- docs/Signing.md | 3 +++ docs/compile.md | 20 ++++++++------------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/docs/Signing.md b/docs/Signing.md index cb84444ef..ff49dcebf 100644 --- a/docs/Signing.md +++ b/docs/Signing.md @@ -92,6 +92,9 @@ file is in this format. * `--ecc384` Use ecc384 for signing the firmware. Assume that the given KEY.DER file is in this format. + * `--ecc521` Use ecc521 for signing the firmware. Assume that the given KEY.DER +file is in this format. + * `--rsa2048` Use rsa2048 for signing the firmware. Assume that the given KEY.DER file is in this format. diff --git a/docs/compile.md b/docs/compile.md index 02b864719..b58c39800 100644 --- a/docs/compile.md +++ b/docs/compile.md @@ -90,21 +90,17 @@ performance and activated features are affected by compile-time flags. By default, wolfBoot is compiled to use Ed25519 DSA. The implementation of ed25519 is smaller, while giving a good compromise in terms of boot-up time. -Better performance can be achieved using ECDSA with curve p-256. To activate ECC256 support, use +Better performance can be achieved using ECDSA with curve p-256. +To activate ECC256, ECC384 or ECC521 support, use: -`SIGN=ECC256` +`SIGN=ECC256` or `SIGN=ECC384` or `SIGN=ECC521` respectively. when invoking `make`. -RSA is also supported, with different key length. To activate RSA2048 or RSA4096, use: +RSA is also supported, with different key length. +To activate RSA2048, RSA3072 or RSA4096, use: -`SIGN=RSA2048` - -or - -`SIGN=RSA4096` - -respectively. +`SIGN=RSA2048` or `SIGN=RSA3072` or `SIGN=RSA4096` respectively. Ed448 is also supported via `SIGN=ED448`. @@ -135,7 +131,7 @@ For more information and examples, see the [firmware update](firmware_update.md) ### Enable debug symbols -To debug the bootloader, simply compile with `DEBUG=1`. The size of the bootloade will increase +To debug the bootloader, simply compile with `DEBUG=1`. The size of the bootloader will increase consistently, so ensure that you have enough space at the beginning of the flash before `WOLFBOOT_PARTITION_BOOT_ADDRESS`. @@ -168,7 +164,7 @@ Some combinations of authentication algorithms, key sizes and math configuration a large amount of memory to be allocated in the stack at runtime. By default, if your configuration falls in one of these cases, wolfBoot compilation will terminate with an explicit error. -In some cases you might have enough memory available to allow large stack allocations. +In some cases you might have enough memory available to allow large stack allocations. To circumvent the compile-time checks on the maximum allowed stack size, use `WOLFBOOT_HUGE_STACK=1`. ### Disable Backup of current running firmware