Additional fixes for new keytool features introduced in #521

Author: bigbrett

IDE/AURIX/README.md

@@ -292,7 +292,7 @@ cd $WOLFBOOT_DIR
 
 # Start with a clean build
 make clean && make keysclean && cd $WOLFBOOT_DIR/tools/keytools && make clean
-cd $SCRIPTS_DIR && ./aurixtool.sh clean
+cd $SCRIPTS_DIR && ./wbaurixtool.sh clean
 # Delete any build artifacts in wolfBoot-tc3xx (or wolfBoot-tc3xx-wolfHSM) and test-app (or test-app-wolfHSM) AURIX Studio projects
 # ...
 
@@ -303,13 +303,13 @@ make keytools
 
 # Generate target.h
 cd $SCRIPTS_DIR
-./aurixtool.sh target
+./wbaurixtool.sh target
 
 # Generate keys, as well as configuration macros and linker script based on the selected signature algorithm
-./aurixtool.sh [--hsm] keygen --sign-algo ecc256 --hash-algo sha256 macros lcf
+./wbaurixtool.sh [--hsm] keygen --sign-algo ecc256 --hash-algo sha256 macros lcf
 
 # If using wolfHSM, generate key NVM image
-./aurixtool.sh nvm
+./wbaurixtool.sh nvm
 # Load NVM image hexfile to the device
 # ...
 
@@ -320,7 +320,7 @@ cd $SCRIPTS_DIR
 # ....
 
 # Sign test app
-./aurixtool.sh [--hsm] sign --sign-algo ecc256 --hash-algo sha256 [--debug]
+./wbaurixtool.sh [--hsm] sign --sign-algo ecc256 --hash-algo sha256 [--debug]
 
 # Load wolfBoot + app in Lauterbach using tools/scripts/tc3xx/wolfBoot-loadAll-XXX.cmm
 # ...

IDE/AURIX/test-app-wolfHSM/Cpu0_Main.c

@@ -22,6 +22,8 @@
 #include "IfxPort.h"
 #include "IfxScuWdt.h"
 #include "Ifx_Types.h"
+
+#include "target.h"
 #include "wolfboot/wolfboot.h"
 
 IFX_ALIGN(4) IfxCpu_syncEvent g_cpuSyncEvent = 0;

IDE/AURIX/test-app/Cpu0_Main.c

@@ -22,6 +22,8 @@
 #include "IfxPort.h"
 #include "IfxScuWdt.h"
 #include "Ifx_Types.h"
+
+#include "target.h"
 #include "wolfboot/wolfboot.h"
 
 IFX_ALIGN(4) IfxCpu_syncEvent g_cpuSyncEvent = 0;

config/examples/sim-wolfHSM-mldsa.config

@@ -12,17 +12,17 @@ DEBUG=1
 # Category 2:
 ML_DSA_LEVEL=2
 IMAGE_SIGNATURE_SIZE=2420
-IMAGE_HEADER_SIZE?=8192
+IMAGE_HEADER_SIZE=8192
 #
 # Category 3:
 # ML_DSA_LEVEL=3
 # IMAGE_SIGNATURE_SIZE=3309
-# IMAGE_HEADER_SIZE?=8192
+# IMAGE_HEADER_SIZE=8192
 #
 # Category 5:
 # ML_DSA_LEVEL=5
 # IMAGE_SIGNATURE_SIZE=4627
-# IMAGE_HEADER_SIZE?=12288
+# IMAGE_HEADER_SIZE=12288
 # This example needs a larger sector size.
 # WOLFBOOT_SECTOR_SIZE=0x3000
 #

tools/scripts/tc3xx/wbaurixtool.sh

@@ -100,7 +100,7 @@ get_header_size() {
         "rsa4096") echo "1024" ;;
         "ed25519") echo "256" ;;
         "ed448") echo "512" ;;
-        "lms"|"xmss") echo "0" ;;
+        "lms"|"xmss") echo "0" ;; # currently not supported
         "none") echo "256" ;;
         *) echo "256" ;;  # Default
     esac
@@ -164,10 +164,22 @@ usage() {
 
 # Function to generate keys
 do_keygen() {
-    local base_dir="../../../"
+    local sign_algo="${KEYGEN_OPTS[sign_algo]:-$DEFAULT_SIGN_ALGO}"
+    local pq_params="${COMMON_OPTS[sign_pq_params]}"
+    local header_size
+
+    # Get header size for current algorithm
+    header_size=$(get_header_size "$sign_algo" "$pq_params")
+
+    echo "Generating keys with algorithm: $sign_algo"
+
+    # Set environment variables for keygen tool
+    export IMAGE_HEADER_SIZE="$header_size"
+    if [ "$sign_algo" = "ml_dsa" ]; then
+        export ML_DSA_LEVEL="${pq_params:-2}"  # Default to level 2 if not specified
+    fi
 
-    echo "Generating keys with algorithm: ${KEYGEN_OPTS[sign_algo]}"
-    (cd $base_dir && tools/keytools/keygen --"${KEYGEN_OPTS[sign_algo]}" -g $(basename $PRVKEY_DER) --exportpubkey \
+    (cd $WOLFBOOT_DIR && tools/keytools/keygen --"$sign_algo" -g $(basename $PRVKEY_DER) --exportpubkey \
         ${KEYGEN_OPTS[nolocalkeys]:+--nolocalkeys} --der)
 }
 
@@ -176,9 +188,18 @@ do_sign() {
     local base_path="../../../IDE/AURIX"
     local app_name="test-app${HSM:+-wolfHSM}"
     local sign_algo="${SIGN_OPTS[sign_algo]:-${KEYGEN_OPTS[sign_algo]}}"
+    local pq_params="${COMMON_OPTS[sign_pq_params]}"
+    local header_size
+    local bin_path="$base_path/$app_name/TriCore ${SIGN_OPTS[build_type]} (GCC)/$app_name.bin"
+
+    # Get header size for current algorithm
+    header_size=$(get_header_size "$sign_algo" "$pq_params")
+
+    # Set IMAGE_HEADER_SIZE environment variable for sign tool
+    export IMAGE_HEADER_SIZE="$header_size"
 
     echo "Signing binaries with $sign_algo and ${SIGN_OPTS[hash_algo]}"
-    local bin_path="$base_path/$app_name/TriCore ${SIGN_OPTS[build_type]} (GCC)/$app_name.bin"
+    echo "Using header size: $header_size"
 
     # Sign for both partition 1 and 2
     ../../keytools/sign --"$sign_algo" --"${SIGN_OPTS[hash_algo]}" "$bin_path" "$PRVKEY_DER" 1
@@ -264,11 +285,24 @@ do_gen_macros() {
         use_wolfhsm_pubkey_id="-DWOLFBOOT_USE_WOLFHSM_PUBKEY_ID"
     fi
 
-    # Set image signature size and ML-DSA level only for ML-DSA
+    # Quirk: set additional (redundant) macros for ML DSA based on pq_params
     if [[ "${sign_algo,,}" == ml_dsa* ]]; then
-        image_signature_size="-DIMAGE_SIGNATURE_SIZE=2420"
-        ml_dsa_image_signature_size="-DML_DSA_IMAGE_SIGNATURE_SIZE=2420"
-        ml_dsa_level="-DML_DSA_LEVEL=2"
+        local level="${pq_params:-2}" # Default to level 2 if not specified
+        case "$level" in
+            2)
+                image_signature_size="-DIMAGE_SIGNATURE_SIZE=2420"
+                ml_dsa_image_signature_size="-DML_DSA_IMAGE_SIGNATURE_SIZE=2420"
+                ;;
+            3)
+                image_signature_size="-DIMAGE_SIGNATURE_SIZE=3300"
+                ml_dsa_image_signature_size="-DML_DSA_IMAGE_SIGNATURE_SIZE=3300"
+                ;;
+            5)
+                image_signature_size="-DIMAGE_SIGNATURE_SIZE=5200"
+                ml_dsa_image_signature_size="-DML_DSA_IMAGE_SIGNATURE_SIZE=5200"
+                ;;
+        esac
+        ml_dsa_level="-DML_DSA_LEVEL=$level"
     fi
 
     echo "Generating macros file with sign_algo=$sign_algo, hash_algo=$hash_algo"