Skip to content

Commit 7132a13

Browse files
danielinuxdanielinux
committed
Complete generic sign
1 parent 04d2ecd commit 7132a13

File tree

2 files changed

+44
-80
lines changed

2 files changed

+44
-80
lines changed

tools/keytools/sign.c

Lines changed: 41 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -229,39 +229,20 @@ static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag,
229229
*idx += len;
230230
}
231231

232-
#ifdef WOLFSSL_HAVE_LMS
233232
#include "../lms/lms_common.h"
234-
#endif
235-
236-
#ifdef WOLFSSL_HAVE_XMSS
237233
#include "../xmss/xmss_common.h"
238-
#endif
239234

240235
/* Globals */
241236
static const char wolfboot_delta_file[] = "/tmp/wolfboot-delta.bin";
242237

243238
static struct {
244-
#ifdef HAVE_ED25519
245239
ed25519_key ed;
246-
#endif
247-
#ifdef HAVE_ED448
248240
ed448_key ed4;
249-
#endif
250-
#ifdef HAVE_ECC
251241
ecc_key ecc;
252-
#endif
253-
#ifndef NO_RSA
254242
RsaKey rsa;
255-
#endif
256-
#ifdef WOLFSSL_HAVE_LMS
257243
LmsKey lms;
258-
#endif
259-
#ifdef WOLFSSL_HAVE_XMSS
260244
XmssKey xmss;
261-
#endif
262-
#ifdef WOLFSSL_WC_DILITHIUM
263245
MlDsaKey ml_dsa;
264-
#endif
265246
} key;
266247

267248
struct cmd_options {
@@ -743,7 +724,6 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
743724
if (ret == 0)
744725
break;
745726

746-
#ifdef WOLFSSL_HAVE_LMS
747727
FALL_THROUGH; /* we didn't solve the key, keep trying */
748728
case SIGN_LMS:
749729
ret = -1;
@@ -783,9 +763,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
783763
printf("error: unrecognized LMS key size: %d\n",
784764
*key_buffer_sz);
785765
}
786-
#endif /* WOLFSSL_HAVE_LMS */
787766

788-
#ifdef WOLFSSL_HAVE_XMSS
789767
FALL_THROUGH; /* we didn't solve the key, keep trying */
790768
case SIGN_XMSS:
791769
ret = -1;
@@ -833,9 +811,6 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
833811
printf("error: unrecognized XMSS key size: %d\n",
834812
*key_buffer_sz);
835813
}
836-
#endif /* WOLFSSL_HAVE_XMSS */
837-
838-
#ifdef WOLFSSL_WC_DILITHIUM
839814
FALL_THROUGH; /* we didn't solve the key, keep trying */
840815
case SIGN_ML_DSA:
841816
ret = wc_MlDsaKey_GetPubLen(&key.ml_dsa, (int *)&pub_sz);
@@ -890,8 +865,6 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
890865
*key_buffer_sz);
891866
ret = -1;
892867
}
893-
#endif /* WOLFSSL_WC_DILITHIUM */
894-
895868
break;
896869
} /* end switch (sign) */
897870

@@ -927,21 +900,16 @@ static int sign_digest(int sign, int hash_algo,
927900
return ret;
928901
}
929902

930-
#ifdef HAVE_ED25519
931903
if (sign == SIGN_ED25519) {
932904
ret = wc_ed25519_sign_msg(digest, digest_sz, signature,
933905
signature_sz, &key.ed);
934906
}
935907
else
936-
#endif
937-
#ifdef HAVE_ED448
938908
if (sign == SIGN_ED448) {
939909
ret = wc_ed448_sign_msg(digest, digest_sz, signature,
940910
signature_sz, &key.ed4, NULL, 0);
941911
}
942912
else
943-
#endif
944-
#ifdef HAVE_ECC
945913
if (sign == SIGN_ECC256 ||
946914
sign == SIGN_ECC384 ||
947915
sign == SIGN_ECC521)
@@ -969,8 +937,6 @@ static int sign_digest(int sign, int hash_algo,
969937
mp_clear(&r); mp_clear(&s);
970938
}
971939
else
972-
#endif
973-
#ifndef NO_RSA
974940
if (sign == SIGN_RSA2048 ||
975941
sign == SIGN_RSA3072 ||
976942
sign == SIGN_RSA4096)
@@ -1001,8 +967,6 @@ static int sign_digest(int sign, int hash_algo,
1001967
}
1002968
}
1003969
else
1004-
#endif
1005-
#ifdef WOLFSSL_HAVE_LMS
1006970
if (sign == SIGN_LMS) {
1007971
const char *key_file = CMD.key_file;
1008972
if (secondary) {
@@ -1028,8 +992,6 @@ static int sign_digest(int sign, int hash_algo,
1028992
}
1029993
}
1030994
else
1031-
#endif /* WOLFSSL_HAVE_LMS */
1032-
#ifdef WOLFSSL_HAVE_XMSS
1033995
if (sign == SIGN_XMSS) {
1034996
const char *key_file = CMD.key_file;
1035997
if (secondary) {
@@ -1061,8 +1023,6 @@ static int sign_digest(int sign, int hash_algo,
10611023
}
10621024
}
10631025
else
1064-
#endif /* WOLFSSL_HAVE_XMSS */
1065-
#ifdef WOLFSSL_WC_DILITHIUM
10661026
if (sign == SIGN_ML_DSA) {
10671027
/* Nothing else to do, ready to sign. */
10681028
if (ret == 0) {
@@ -1074,7 +1034,6 @@ static int sign_digest(int sign, int hash_algo,
10741034
}
10751035
}
10761036
else
1077-
#endif /* WOLFSSL_WC_DILITHIUM */
10781037
{
10791038
ret = NOT_COMPILED_IN;
10801039
}
@@ -2146,28 +2105,44 @@ static void set_signature_sizes(int secondary)
21462105
CMD.header_sz = 1024;
21472106
*sz = 512;
21482107
}
2149-
#ifdef WOLFSSL_HAVE_LMS
21502108
else if (*sign == SIGN_LMS) {
21512109
int lms_ret = 0;
21522110
word32 sig_sz = 0;
2111+
char *lms_levels_str, *lms_height_str, *lms_winternitz_str;
2112+
int lms_levels, lms_height, lms_winternitz;
2113+
lms_levels_str = getenv("LMS_LEVELS");
2114+
lms_height_str = getenv("LMS_HEIGHT");
2115+
lms_winternitz_str = getenv("LMS_WINTERNITZ");
2116+
2117+
if (!lms_levels_str)
2118+
lms_levels = LMS_LEVELS;
2119+
else
2120+
lms_levels = atoi(lms_levels_str);
2121+
if (!lms_height_str)
2122+
lms_height = LMS_HEIGHT;
2123+
else
2124+
lms_height = atoi(lms_height_str);
2125+
if (!lms_winternitz_str)
2126+
lms_winternitz = LMS_WINTERNITZ;
2127+
else
2128+
lms_winternitz = atoi(lms_winternitz_str);
21532129

21542130
lms_ret = wc_LmsKey_Init(&key.lms, NULL, INVALID_DEVID);
21552131
if (lms_ret != 0) {
21562132
fprintf(stderr, "error: wc_LmsKey_Init returned %d\n", lms_ret);
21572133
exit(1);
21582134
}
2159-
2160-
lms_ret = wc_LmsKey_SetParameters(&key.lms, LMS_LEVELS,
2161-
LMS_HEIGHT, LMS_WINTERNITZ);
2135+
lms_ret = wc_LmsKey_SetParameters(&key.lms, lms_levels, lms_height,
2136+
lms_winternitz);
21622137
if (lms_ret != 0) {
21632138
fprintf(stderr, "error: wc_LmsKey_SetParameters(%d, %d, %d)" \
2164-
" returned %d\n", LMS_LEVELS, LMS_HEIGHT,
2165-
LMS_WINTERNITZ, lms_ret);
2139+
" returned %d\n", lms_levels, lms_height,
2140+
lms_winternitz, lms_ret);
21662141
exit(1);
21672142
}
21682143

2169-
printf("info: using LMS parameters: L%d-H%d-W%d\n", LMS_LEVELS,
2170-
LMS_HEIGHT, LMS_WINTERNITZ);
2144+
printf("info: using LMS parameters: L%d-H%d-W%d\n", lms_levels,
2145+
lms_height, lms_winternitz);
21712146

21722147
lms_ret = wc_LmsKey_GetSigLen(&key.lms, &sig_sz);
21732148
if (lms_ret != 0) {
@@ -2182,26 +2157,30 @@ static void set_signature_sizes(int secondary)
21822157
CMD.header_sz = 2 * sig_sz;
21832158
*sz = sig_sz;
21842159
}
2185-
#endif /* WOLFSSL_HAVE_LMS */
2186-
#ifdef WOLFSSL_HAVE_XMSS
21872160
else if (*sign == SIGN_XMSS) {
21882161
int xmss_ret = 0;
21892162
word32 sig_sz = 0;
2163+
char *xmss_params = NULL;
2164+
2165+
xmss_params = getenv("XMSS_PARAMS");
2166+
if (!xmss_params)
2167+
xmss_params = WOLFBOOT_XMSS_PARAMS;
2168+
2169+
printf("info: using XMSS parameters: %s\n", xmss_params);
21902170

21912171
xmss_ret = wc_XmssKey_Init(&key.xmss, NULL, INVALID_DEVID);
21922172
if (xmss_ret != 0) {
21932173
fprintf(stderr, "error: wc_XmssKey_Init returned %d\n", xmss_ret);
21942174
exit(1);
21952175
}
21962176

2197-
xmss_ret = wc_XmssKey_SetParamStr(&key.xmss, WOLFBOOT_XMSS_PARAMS);
2177+
xmss_ret = wc_XmssKey_SetParamStr(&key.xmss, xmss_params);
21982178
if (xmss_ret != 0) {
21992179
fprintf(stderr, "error: wc_XmssKey_SetParamStr(%s)" \
2200-
" returned %d\n", WOLFBOOT_XMSS_PARAMS, xmss_ret);
2180+
" returned %d\n", xmss_params, xmss_ret);
22012181
exit(1);
22022182
}
22032183

2204-
printf("info: using XMSS parameters: %s\n", WOLFBOOT_XMSS_PARAMS);
22052184

22062185
xmss_ret = wc_XmssKey_GetSigLen(&key.xmss, &sig_sz);
22072186
if (xmss_ret != 0) {
@@ -2216,26 +2195,29 @@ static void set_signature_sizes(int secondary)
22162195
CMD.header_sz = 2 * sig_sz;
22172196
*sz = sig_sz;
22182197
}
2219-
#endif /* WOLFSSL_HAVE_XMSS */
2220-
#ifdef WOLFSSL_WC_DILITHIUM
22212198
else if (*sign == SIGN_ML_DSA) {
22222199
int ml_dsa_ret = 0;
22232200
uint32_t sig_sz = 0;
2201+
char *env_ml_dsa_level = NULL;
2202+
int ml_dsa_level = ML_DSA_LEVEL;
2203+
env_ml_dsa_level = getenv("ML_DSA_LEVEL");
2204+
if (env_ml_dsa_level)
2205+
ml_dsa_level = atoi(env_ml_dsa_level);
22242206

22252207
ml_dsa_ret = wc_MlDsaKey_Init(&key.ml_dsa, NULL, INVALID_DEVID);
22262208
if (ml_dsa_ret != 0) {
22272209
fprintf(stderr, "error: wc_MlDsaKey_Init returned %d\n", ml_dsa_ret);
22282210
exit(1);
22292211
}
22302212

2231-
ml_dsa_ret = wc_MlDsaKey_SetParams(&key.ml_dsa, ML_DSA_LEVEL);
2213+
ml_dsa_ret = wc_MlDsaKey_SetParams(&key.ml_dsa, ml_dsa_level);
22322214
if (ml_dsa_ret != 0) {
22332215
fprintf(stderr, "error: wc_MlDsaKey_SetParamStr(%d)" \
2234-
" returned %d\n", ML_DSA_LEVEL, ml_dsa_ret);
2216+
" returned %d\n", ml_dsa_level, ml_dsa_ret);
22352217
exit(1);
22362218
}
22372219

2238-
printf("info: using ML-DSA parameters: %d\n", ML_DSA_LEVEL);
2220+
printf("info: using ML-DSA parameters: %d\n", ml_dsa_level);
22392221

22402222
ml_dsa_ret = wc_MlDsaKey_GetSigLen(&key.ml_dsa, (int *)&sig_sz);
22412223
if (ml_dsa_ret != 0) {
@@ -2250,7 +2232,6 @@ static void set_signature_sizes(int secondary)
22502232
CMD.header_sz = 2 * sig_sz;
22512233
*sz = sig_sz;
22522234
}
2253-
#endif /* WOLFSSL_WC_DILITHIUM */
22542235

22552236
env_image_header_size = getenv("IMAGE_HEADER_SIZE");
22562237
if (env_image_header_size) {
@@ -2417,7 +2398,6 @@ int main(int argc, char** argv)
24172398
sign_str = "RSA4096";
24182399
}
24192400
}
2420-
#ifdef WOLFSSL_HAVE_LMS
24212401
else if (strcmp(argv[i], "--lms") == 0) {
24222402
if (CMD.sign != SIGN_AUTO) {
24232403
CMD.hybrid = 1;
@@ -2428,8 +2408,6 @@ int main(int argc, char** argv)
24282408
sign_str = "LMS";
24292409
}
24302410
}
2431-
#endif
2432-
#ifdef WOLFSSL_HAVE_XMSS
24332411
else if (strcmp(argv[i], "--xmss") == 0) {
24342412
if (CMD.sign != SIGN_AUTO) {
24352413
CMD.hybrid = 1;
@@ -2440,8 +2418,6 @@ int main(int argc, char** argv)
24402418
sign_str = "XMSS";
24412419
}
24422420
}
2443-
#endif
2444-
#ifdef HAVE_DILITHIUM
24452421
else if (strcmp(argv[i], "--ml_dsa") == 0) {
24462422
if (CMD.sign != SIGN_AUTO) {
24472423
CMD.hybrid = 1;
@@ -2452,7 +2428,6 @@ int main(int argc, char** argv)
24522428
sign_str = "ML-DSA";
24532429
}
24542430
}
2455-
#endif
24562431
else if (strcmp(argv[i], "--sha256") == 0) {
24572432
CMD.hash_algo = HASH_SHA256;
24582433
hash_str = "SHA256";
@@ -2800,43 +2775,29 @@ int main(int argc, char** argv)
28002775
if (kbuf)
28012776
free(kbuf);
28022777
if (CMD.sign == SIGN_ED25519) {
2803-
#ifdef HAVE_ED25519
28042778
wc_ed25519_free(&key.ed);
2805-
#endif
28062779
}
28072780
else if (CMD.sign == SIGN_ED448) {
2808-
#ifdef HAVE_ED448
28092781
wc_ed448_free(&key.ed4);
2810-
#endif
28112782
}
28122783
else if (CMD.sign == SIGN_ECC256 ||
28132784
CMD.sign == SIGN_ECC384 ||
28142785
CMD.sign == SIGN_ECC521) {
2815-
#ifdef HAVE_ECC
28162786
wc_ecc_free(&key.ecc);
2817-
#endif
28182787
}
28192788
else if (CMD.sign == SIGN_RSA2048 ||
28202789
CMD.sign == SIGN_RSA3072 ||
28212790
CMD.sign == SIGN_RSA4096) {
2822-
#ifndef NO_RSA
28232791
wc_FreeRsaKey(&key.rsa);
2824-
#endif
28252792
}
28262793
else if (CMD.sign == SIGN_LMS) {
2827-
#ifdef WOLFSSL_HAVE_LMS
28282794
wc_LmsKey_Free(&key.lms);
2829-
#endif
28302795
}
28312796
else if (CMD.sign == SIGN_XMSS) {
2832-
#ifdef WOLFSSL_HAVE_XMSS
28332797
wc_XmssKey_Free(&key.xmss);
2834-
#endif
28352798
}
28362799
else if (CMD.sign == SIGN_ML_DSA) {
2837-
#ifdef WOLFSSL_WC_DILITHIUM
28382800
wc_MlDsaKey_Free(&key.ml_dsa);
2839-
#endif
28402801
}
28412802
return ret;
28422803
}

tools/test.mk

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1020,3 +1020,6 @@ test-size-all:
10201020
IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \
10211021
LIMIT=8232 NO_ARM_ASM=1
10221022
make keysclean
1023+
make clean
1024+
make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=18868 \
1025+
IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE?=8192

0 commit comments

Comments
 (0)