From 7946fa7f4a9f7b80470169709037df5bfcd6754c Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 Oct 2024 14:54:05 -0700 Subject: [PATCH] Fixes to get things working after hybrid support. --- IDE/XilinxSDK/.cproject | 4 ++-- IDE/XilinxSDK/README.md | 1 + include/image.h | 43 ++++++++++++++++++++++------------- options.mk | 4 +--- src/image.c | 1 + tools/keytools/sign.c | 2 +- tools/unit-tests/unit-image.c | 18 +++++++-------- 7 files changed, 42 insertions(+), 31 deletions(-) diff --git a/IDE/XilinxSDK/.cproject b/IDE/XilinxSDK/.cproject index 170006ff4..57655bbfe 100644 --- a/IDE/XilinxSDK/.cproject +++ b/IDE/XilinxSDK/.cproject @@ -131,7 +131,7 @@ - + @@ -267,7 +267,7 @@ - + diff --git a/IDE/XilinxSDK/README.md b/IDE/XilinxSDK/README.md index 297adfe64..2f04420f8 100644 --- a/IDE/XilinxSDK/README.md +++ b/IDE/XilinxSDK/README.md @@ -215,6 +215,7 @@ WOLFSSL_XMSS_VERIFY_ONLY WOLFSSL_XMSS_MAX_HEIGHT=32 WOLFBOOT_SHA_BLOCK_SIZE=4096 IMAGE_SIGNATURE_SIZE=2500 +XMSS_IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 ``` diff --git a/include/image.h b/include/image.h index 24960518a..c084aa7fa 100644 --- a/include/image.h +++ b/include/image.h @@ -66,6 +66,14 @@ int wolfBot_get_dts_size(void *dts_addr); # endif #endif +#ifndef UNUSEDFUNCTION +# if defined(__GNUC__) || defined(__CC_ARM) +# define UNUSEDFUNCTION __attribute__((unused)) +# else +# define UNUSEDFUNCTION +# endif +#endif + #ifndef WOLFBOOT_FLAGS_INVERT #define SECT_FLAG_NEW 0x0F @@ -79,32 +87,32 @@ int wolfBot_get_dts_size(void *dts_addr); #define SECT_FLAG_UPDATED 0x0f #endif -#ifdef WOLFBOOT_SIGN_PRIMARY_ED25519 +#ifdef WOLFBOOT_SIGN_ED25519 #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed25519 #endif -#ifdef WOLFBOOT_SIGN_PRIMARY_ED448 +#ifdef WOLFBOOT_SIGN_ED448 #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed448 #endif -#if defined (WOLFBOOT_SIGN_PRIMARY_RSA2048) || \ - defined (WOLFBOOT_SIGN_PRIMARY_RSA3072) || \ - defined (WOLFBOOT_SIGN_PRIMARY_RSA4096) || \ - defined (WOLFBOOT_SIGN_PRIMARY_RSA2048ENC) || \ - defined (WOLFBOOT_SIGN_PRIMARY_RSA3072ENC) || \ - defined (WOLFBOOT_SIGN_PRIMARY_RSA4096ENC) +#if defined (WOLFBOOT_SIGN_RSA2048) || \ + defined (WOLFBOOT_SIGN_RSA3072) || \ + defined (WOLFBOOT_SIGN_RSA4096) || \ + defined (WOLFBOOT_SIGN_RSA2048ENC) || \ + defined (WOLFBOOT_SIGN_RSA3072ENC) || \ + defined (WOLFBOOT_SIGN_RSA4096ENC) #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_rsa #endif -#if defined (WOLFBOOT_SIGN_PRIMARY_ECC256) || \ - defined (WOLFBOOT_SIGN_PRIMARY_ECC384) || \ - defined (WOLFBOOT_SIGN_PRIMARY_ECC521) +#if defined (WOLFBOOT_SIGN_ECC256) || \ + defined (WOLFBOOT_SIGN_ECC384) || \ + defined (WOLFBOOT_SIGN_ECC521) #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ecc #endif -#if defined(WOLFBOOT_SIGN_PRIMARY_LMS) || defined(WOLFBOOT_SIGN_PRIMARY_ext_LMS) +#if defined(WOLFBOOT_SIGN_LMS) || defined(WOLFBOOT_SIGN_ext_LMS) #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_lms #endif -#if defined(WOLFBOOT_SIGN_PRIMARY_XMSS ) || defined(WOLFBOOT_SIGN_PRIMARY_ext_XMSS) +#if defined(WOLFBOOT_SIGN_XMSS ) || defined(WOLFBOOT_SIGN_ext_XMSS) #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_xmss #endif -#ifdef WOLFBOOT_SIGN_PRIMARY_ML_DSA +#ifdef WOLFBOOT_SIGN_ML_DSA #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ml_dsa #endif @@ -598,12 +606,15 @@ struct wolfBoot_image { uint8_t not_ext : 1; /* image is no longer external */ }; + /* do not warn if this is not used */ -static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img) +static void UNUSEDFUNCTION wolfBoot_image_confirm_signature_ok( + struct wolfBoot_image *img) { img->signature_ok = 1; } -static void wolfBoot_image_clear_signature_ok(struct wolfBoot_image *img) +static void UNUSEDFUNCTION wolfBoot_image_clear_signature_ok( + struct wolfBoot_image *img) { img->signature_ok = 0; } diff --git a/options.mk b/options.mk index 73da75430..2fa6dfd0d 100644 --- a/options.mk +++ b/options.mk @@ -478,7 +478,7 @@ ifeq ($(SIGN),ML_DSA) ifneq ($(HASH),SHA3) WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o endif - + ifeq ($(WOLFBOOT_SMALL_STACK),1) $(error WOLFBOOT_SMALL_STACK with ML-DSA not supported yet) else @@ -540,8 +540,6 @@ ifneq ($(SIGN_SECONDARY),) endif -CFLAGS+=-DWOLFBOOT_SIGN_PRIMARY_$(SIGN) - ifeq ($(RAM_CODE),1) CFLAGS+= -D"RAM_CODE" endif diff --git a/src/image.c b/src/image.c index 329b55126..e1723ed4b 100644 --- a/src/image.c +++ b/src/image.c @@ -1260,6 +1260,7 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) * */ wolfBoot_verify_signature_primary(key_slot, img, stored_signature); + (void)stored_signature_size; if (img->signature_ok == 1) #ifdef SIGN_HYBRID { diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 00141f562..ff492aa05 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -490,7 +490,7 @@ static int load_key_rsa(int sign_type, uint32_t rsa_keysz, uint32_t rsa_pubkeysz CMD.sign = sign_type; CMD.signature_sz = keySzOut; } - printf("Found RSA%d key\n", keySzOut); + printf("Found RSA%d key\n", keySzOut*8); } } return ret; diff --git a/tools/unit-tests/unit-image.c b/tools/unit-tests/unit-image.c index 41a2d69bc..679686540 100644 --- a/tools/unit-tests/unit-image.c +++ b/tools/unit-tests/unit-image.c @@ -43,7 +43,7 @@ #define ENCRYPT_KEY "123456789abcdef0123456789abcdef0123456789abcdef" #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC256 -#define WOLFBOOT_SIGN_PRIMARY_ECC256 +#define WOLFBOOT_SIGN_ECC256 #include #include @@ -267,7 +267,7 @@ int wc_ecc_import_unsigned(ecc_key* key, const byte* qx, const byte* qy, { if (ecc_import_fail) return -1; - + key->type = ECC_PUBLICKEY; return 0; } @@ -285,7 +285,7 @@ START_TEST(test_verify_signature) { uint8_t pubkey[32]; struct wolfBoot_image test_img; - + test_img.part = PART_UPDATE; test_img.fw_size = test_img_len; test_img.fw_base = 0; @@ -455,7 +455,7 @@ START_TEST(test_verify_authenticity) find_header_mocked = 1; ret = wolfBoot_verify_authenticity(&test_img); ck_assert_int_eq(ret, -1); - + /* Wrong pubkey */ find_header_mocked = 0; hdr_cpy_done = 0; @@ -463,7 +463,7 @@ START_TEST(test_verify_authenticity) test_img_len); ret = wolfBoot_verify_authenticity(&test_img); ck_assert_int_lt(ret, 0); - + /* Wrong signature */ find_header_mocked = 0; find_header_fail = 0; @@ -539,7 +539,7 @@ START_TEST(test_open_image) ck_assert_ptr_eq(img.hdr, (void *)WOLFBOOT_PARTITION_SWAP_ADDRESS); ck_assert_ptr_eq(img.hdr, img.fw_base); ck_assert_uint_eq(img.fw_size, WOLFBOOT_SECTOR_SIZE); - + /* Valid image */ hdr_cpy_done = 0; ext_flash_write(0, test_img_v200000000_signed_bin, @@ -574,17 +574,17 @@ Suite *wolfboot_suite(void) tcase_set_timeout(tcase_headers, 20); tcase_add_test(tcase_headers, test_headers); suite_add_tcase(s, tcase_headers); - + TCase* tcase_verify_authenticity = tcase_create("verify_authenticity"); tcase_set_timeout(tcase_verify_authenticity, 20); tcase_add_test(tcase_verify_authenticity, test_verify_authenticity); suite_add_tcase(s, tcase_verify_authenticity); - + TCase* tcase_verify_integrity = tcase_create("verify_integrity"); tcase_set_timeout(tcase_verify_integrity, 20); tcase_add_test(tcase_verify_integrity, test_verify_integrity); suite_add_tcase(s, tcase_verify_integrity); - + TCase* tcase_open_image = tcase_create("open_image"); tcase_set_timeout(tcase_open_image, 20); tcase_add_test(tcase_open_image, test_open_image);