Skip to content

Commit

Permalink
Cleanups after hybrid signing PR.
Browse files Browse the repository at this point in the history
  • Loading branch information
dgarske committed Oct 30, 2024
1 parent b333317 commit 20d09ac
Show file tree
Hide file tree
Showing 8 changed files with 43 additions and 41 deletions.
3 changes: 2 additions & 1 deletion arch.mk
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ ifeq ($(ARCH),x86_64)
endif
endif

## ARM
## ARM Cortex-A
ifeq ($(ARCH),AARCH64)
CROSS_COMPILE?=aarch64-none-elf-
CFLAGS+=-DARCH_AARCH64 -march=armv8-a
Expand All @@ -71,6 +71,7 @@ ifeq ($(ARCH),AARCH64)
endif
endif

## ARM Cortex-M
ifeq ($(ARCH),ARM)
CROSS_COMPILE?=arm-none-eabi-
CFLAGS+=-DARCH_ARM
Expand Down
9 changes: 0 additions & 9 deletions hal/raspi3.c
Original file line number Diff line number Diff line change
Expand Up @@ -264,15 +264,6 @@ void* hal_get_dts_update_address(void)
return NULL; /* Not yet supported */
}

/* QSPI functions */
void qspi_init(uint32_t cpu_clock, uint32_t flash_freq)
{
}

void zynq_init(uint32_t cpu_clock)
{
}

#if defined(DISPLAY_CLOCKS)
static uint32_t getclocks(uint8_t cid)
{
Expand Down
43 changes: 27 additions & 16 deletions include/image.h
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,14 @@ int wolfBot_get_dts_size(void *dts_addr);
# endif
#endif

#ifndef UNUSEDFUNCTION
# if defined(__GNUC__) || defined(__CC_ARM)
# define UNUSEDFUNCTION __attribute__((unused))
# else
# define UNUSEDFUNCTION
# endif
#endif


#ifndef WOLFBOOT_FLAGS_INVERT
#define SECT_FLAG_NEW 0x0F
Expand All @@ -79,32 +87,32 @@ int wolfBot_get_dts_size(void *dts_addr);
#define SECT_FLAG_UPDATED 0x0f
#endif

#ifdef WOLFBOOT_SIGN_PRIMARY_ED25519
#ifdef WOLFBOOT_SIGN_ED25519
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed25519
#endif
#ifdef WOLFBOOT_SIGN_PRIMARY_ED448
#ifdef WOLFBOOT_SIGN_ED448
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed448
#endif
#if defined (WOLFBOOT_SIGN_PRIMARY_RSA2048) || \
defined (WOLFBOOT_SIGN_PRIMARY_RSA3072) || \
defined (WOLFBOOT_SIGN_PRIMARY_RSA4096) || \
defined (WOLFBOOT_SIGN_PRIMARY_RSA2048ENC) || \
defined (WOLFBOOT_SIGN_PRIMARY_RSA3072ENC) || \
defined (WOLFBOOT_SIGN_PRIMARY_RSA4096ENC)
#if defined (WOLFBOOT_SIGN_RSA2048) || \
defined (WOLFBOOT_SIGN_RSA3072) || \
defined (WOLFBOOT_SIGN_RSA4096) || \
defined (WOLFBOOT_SIGN_RSA2048ENC) || \
defined (WOLFBOOT_SIGN_RSA3072ENC) || \
defined (WOLFBOOT_SIGN_RSA4096ENC)
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_rsa
#endif
#if defined (WOLFBOOT_SIGN_PRIMARY_ECC256) || \
defined (WOLFBOOT_SIGN_PRIMARY_ECC384) || \
defined (WOLFBOOT_SIGN_PRIMARY_ECC521)
#if defined (WOLFBOOT_SIGN_ECC256) || \
defined (WOLFBOOT_SIGN_ECC384) || \
defined (WOLFBOOT_SIGN_ECC521)
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ecc
#endif
#if defined(WOLFBOOT_SIGN_PRIMARY_LMS) || defined(WOLFBOOT_SIGN_PRIMARY_ext_LMS)
#if defined(WOLFBOOT_SIGN_LMS) || defined(WOLFBOOT_SIGN_ext_LMS)
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_lms
#endif
#if defined(WOLFBOOT_SIGN_PRIMARY_XMSS ) || defined(WOLFBOOT_SIGN_PRIMARY_ext_XMSS)
#if defined(WOLFBOOT_SIGN_XMSS ) || defined(WOLFBOOT_SIGN_ext_XMSS)
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_xmss
#endif
#ifdef WOLFBOOT_SIGN_PRIMARY_ML_DSA
#ifdef WOLFBOOT_SIGN_ML_DSA
#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ml_dsa
#endif

Expand Down Expand Up @@ -598,12 +606,15 @@ struct wolfBoot_image {
uint8_t not_ext : 1; /* image is no longer external */
};


/* do not warn if this is not used */
static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img)
static void UNUSEDFUNCTION wolfBoot_image_confirm_signature_ok(
struct wolfBoot_image *img)
{
img->signature_ok = 1;
}
static void wolfBoot_image_clear_signature_ok(struct wolfBoot_image *img)
static void UNUSEDFUNCTION wolfBoot_image_clear_signature_ok(
struct wolfBoot_image *img)
{
img->signature_ok = 0;
}
Expand Down
4 changes: 1 addition & 3 deletions options.mk
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ ifeq ($(SIGN),ML_DSA)
ifneq ($(HASH),SHA3)
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o
endif

ifeq ($(WOLFBOOT_SMALL_STACK),1)
$(error WOLFBOOT_SMALL_STACK with ML-DSA not supported yet)
else
Expand Down Expand Up @@ -540,8 +540,6 @@ ifneq ($(SIGN_SECONDARY),)
endif


CFLAGS+=-DWOLFBOOT_SIGN_PRIMARY_$(SIGN)

ifeq ($(RAM_CODE),1)
CFLAGS+= -D"RAM_CODE"
endif
Expand Down
1 change: 1 addition & 0 deletions src/image.c
Original file line number Diff line number Diff line change
Expand Up @@ -1260,6 +1260,7 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
*
*/
wolfBoot_verify_signature_primary(key_slot, img, stored_signature);
(void)stored_signature_size;
if (img->signature_ok == 1)
#ifdef SIGN_HYBRID
{
Expand Down
4 changes: 2 additions & 2 deletions src/update_ram.c
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ extern int wolfBoot_get_dts_size(void *dts_addr);
extern uint32_t kernel_load_addr;
extern uint32_t dts_load_addr;

#if (defined(EXT_FLASH) && defined(NO_XIP)) || \
(defined(EXT_ENCRYPTED) && defined(MMU)) && \
#if ((defined(EXT_FLASH) && defined(NO_XIP)) || \
(defined(EXT_ENCRYPTED) && defined(MMU))) && \
!defined(WOLFBOOT_NO_RAMBOOT)
/* Load firmware to RAM on boot (single flash read) */
#undef WOLFBOOT_USE_RAMBOOT
Expand Down
2 changes: 1 addition & 1 deletion tools/keytools/sign.c
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,7 @@ static int load_key_rsa(int sign_type, uint32_t rsa_keysz, uint32_t rsa_pubkeysz
CMD.sign = sign_type;
CMD.signature_sz = keySzOut;
}
printf("Found RSA%d key\n", keySzOut);
printf("Found RSA%d key\n", keySzOut*8);
}
}
return ret;
Expand Down
18 changes: 9 additions & 9 deletions tools/unit-tests/unit-image.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@

#define ENCRYPT_KEY "123456789abcdef0123456789abcdef0123456789abcdef"
#define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC256
#define WOLFBOOT_SIGN_PRIMARY_ECC256
#define WOLFBOOT_SIGN_ECC256

#include <stdio.h>
#include <check.h>
Expand Down Expand Up @@ -267,7 +267,7 @@ int wc_ecc_import_unsigned(ecc_key* key, const byte* qx, const byte* qy,
{
if (ecc_import_fail)
return -1;

key->type = ECC_PUBLICKEY;
return 0;
}
Expand All @@ -285,7 +285,7 @@ START_TEST(test_verify_signature)
{
uint8_t pubkey[32];
struct wolfBoot_image test_img;

test_img.part = PART_UPDATE;
test_img.fw_size = test_img_len;
test_img.fw_base = 0;
Expand Down Expand Up @@ -455,15 +455,15 @@ START_TEST(test_verify_authenticity)
find_header_mocked = 1;
ret = wolfBoot_verify_authenticity(&test_img);
ck_assert_int_eq(ret, -1);

/* Wrong pubkey */
find_header_mocked = 0;
hdr_cpy_done = 0;
ext_flash_write(0, test_img_v200000000_wrong_pubkey_bin,
test_img_len);
ret = wolfBoot_verify_authenticity(&test_img);
ck_assert_int_lt(ret, 0);

/* Wrong signature */
find_header_mocked = 0;
find_header_fail = 0;
Expand Down Expand Up @@ -539,7 +539,7 @@ START_TEST(test_open_image)
ck_assert_ptr_eq(img.hdr, (void *)WOLFBOOT_PARTITION_SWAP_ADDRESS);
ck_assert_ptr_eq(img.hdr, img.fw_base);
ck_assert_uint_eq(img.fw_size, WOLFBOOT_SECTOR_SIZE);

/* Valid image */
hdr_cpy_done = 0;
ext_flash_write(0, test_img_v200000000_signed_bin,
Expand Down Expand Up @@ -574,17 +574,17 @@ Suite *wolfboot_suite(void)
tcase_set_timeout(tcase_headers, 20);
tcase_add_test(tcase_headers, test_headers);
suite_add_tcase(s, tcase_headers);

TCase* tcase_verify_authenticity = tcase_create("verify_authenticity");
tcase_set_timeout(tcase_verify_authenticity, 20);
tcase_add_test(tcase_verify_authenticity, test_verify_authenticity);
suite_add_tcase(s, tcase_verify_authenticity);

TCase* tcase_verify_integrity = tcase_create("verify_integrity");
tcase_set_timeout(tcase_verify_integrity, 20);
tcase_add_test(tcase_verify_integrity, test_verify_integrity);
suite_add_tcase(s, tcase_verify_integrity);

TCase* tcase_open_image = tcase_create("open_image");
tcase_set_timeout(tcase_open_image, 20);
tcase_add_test(tcase_open_image, test_open_image);
Expand Down

0 comments on commit 20d09ac

Please sign in to comment.