Peer review fixes. Default to ML-DSA level 2.

dgarske · dgarske · commit 4991eabb18df · 2024-12-05T13:39:47.000-08:00
diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h
@@ -140,12 +140,18 @@ extern "C" {
 #define ML_DSA_L3_PUBKEY_SIZE   1952
 #define ML_DSA_L5_PUBKEY_SIZE   2592
 
-/* Configure using ML_DSA_LEVEL: Default is security category 5. */
-#if defined(WOLFBOOT_SIGN_ML_DSA) && !defined(ML_DSA_LEVEL)
-    #define ML_DSA_LEVEL 5
+/* Configure using ML_DSA_LEVEL: Default is security category 2. */
+#ifndef ML_DSA_LEVEL
+#define ML_DSA_LEVEL 2
+#endif
+
+#if ML_DSA_LEVEL == 2
+    #define KEYSTORE_PUBKEY_SIZE_ML_DSA ML_DSA_L2_PUBKEY_SIZE
+#elif ML_DSA_LEVEL == 3
+    #define KEYSTORE_PUBKEY_SIZE_ML_DSA ML_DSA_L3_PUBKEY_SIZE
+#elif ML_DSA_LEVEL == 5
+    #define KEYSTORE_PUBKEY_SIZE_ML_DSA ML_DSA_L5_PUBKEY_SIZE
 #endif
-/* Default to max size for keystore */
-#define KEYSTORE_PUBKEY_SIZE_ML_DSA  2592
 
 /* Mask for key permissions */
 #define KEY_VERIFY_ALL         (0xFFFFFFFFU)
diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c
@@ -124,7 +124,7 @@ static WC_RNG rng;
 static int noLocalKeys = 0;
 
 /* ML-DSA pub keys are big. */
-#define KEYSLOT_MAX_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ML_DSA
+#define KEYSLOT_MAX_PUBKEY_SIZE ML_DSA_L5_PUBKEY_SIZE
 
 struct keystore_slot {
      uint32_t slot_id;
diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
@@ -45,7 +45,6 @@
 #include <delta.h>
 
 #include "wolfboot/version.h"
-//#include "wolfboot/wolfboot.h"
 
 #ifdef DEBUG_SIGNTOOL
 #define DEBUG_PRINT(...) fprintf(stderr, __VA_ARGS__)
@@ -319,15 +318,15 @@ static uint16_t sign_tool_find_header(uint8_t *haystack, uint16_t type, uint8_t
         len = p[2] | (p[3] << 8);
         /* check len */
         if ((4 + len) > (uint16_t)(CMD.header_sz - IMAGE_HEADER_OFFSET)) {
-            fprintf(stderr, "This field is too large (bigger than the space available "
-                     "in the current header)\n");
-            //fprintf(stderr, "%d %d %d\n", len, CMD.header_sz, IMAGE_HEADER_OFFSET);
+            fprintf(stderr, "This field too large to fit into header "
+                "(%d > %d)\n",
+                (int)(4 + len), (int)(CMD.header_sz - IMAGE_HEADER_OFFSET));
             break;
         }
         /* check max pointer */
         if (p + 4 + len > max_p) {
-            fprintf(stderr, "This field is too large and would overflow the image "
-                     "header\n");
+            fprintf(stderr, "This field is too large and would overflow the "
+                "image header pointer\n");
             break;
         }
 
@@ -2116,7 +2115,7 @@ static void set_signature_sizes(int secondary)
 
         if (!lms_levels_str)
             lms_levels = LMS_LEVELS;
-        else 
+        else
             lms_levels = atoi(lms_levels_str);
         if (!lms_height_str)
             lms_height = LMS_HEIGHT;
