Skip to content

Commit

Permalink
Fix check on ML_DSA pubkey size at runtime
Browse files Browse the repository at this point in the history
  • Loading branch information
danielinux committed Dec 3, 2024
1 parent 51eff3e commit c3fe505
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
10 changes: 5 additions & 5 deletions config/examples/sim-ml-dsa.config
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@

ARCH=sim
TARGET=sim
SIGN?=ML_DSA
HASH?=SHA256
SIGN=ML_DSA
HASH=SHA256
WOLFBOOT_SMALL_STACK=0
SPI_FLASH=0
DEBUG=0
Expand All @@ -38,17 +38,17 @@ DELTA_UPDATES=0
# Category 2:
ML_DSA_LEVEL=2
IMAGE_SIGNATURE_SIZE=2420
IMAGE_HEADER_SIZE?=8192
IMAGE_HEADER_SIZE=8192
#
# Category 3:
# ML_DSA_LEVEL=3
# IMAGE_SIGNATURE_SIZE=3309
# IMAGE_HEADER_SIZE?=8192
# IMAGE_HEADER_SIZE=8192
#
# Category 5:
# ML_DSA_LEVEL=5
# IMAGE_SIGNATURE_SIZE=4627
# IMAGE_HEADER_SIZE?=12288
# IMAGE_HEADER_SIZE=12288
# This example needsd larger sector size.
# WOLFBOOT_SECTOR_SIZE=0x3000
#
Expand Down
5 changes: 3 additions & 2 deletions src/image.c
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,7 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot,

#ifdef WOLFBOOT_SIGN_ML_DSA
#include <wolfssl/wolfcrypt/dilithium.h>

static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot,
struct wolfBoot_image *img, uint8_t *sig)
{
Expand Down Expand Up @@ -636,9 +637,9 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot,
wolfBoot_printf("error: wc_MlDsaKey_GetPubLen returned %d\n", ret);
ret = -1;
}
else if (pub_len != KEYSTORE_PUBKEY_SIZE_ML_DSA) {
else if (pub_len > KEYSTORE_PUBKEY_SIZE) {
wolfBoot_printf("error: ML-DSA pub key mismatch: got %d bytes " \
"expected %d\n", pub_len, KEYSTORE_PUBKEY_SIZE_ML_DSA);
"max %d\n", pub_len, KEYSTORE_PUBKEY_SIZE);
ret = -1;
}
}
Expand Down

0 comments on commit c3fe505

Please sign in to comment.