diff --git a/config/examples/sim-ml-dsa.config b/config/examples/sim-ml-dsa.config index cc209b7cf..c6e1e3147 100644 --- a/config/examples/sim-ml-dsa.config +++ b/config/examples/sim-ml-dsa.config @@ -25,8 +25,8 @@ ARCH=sim TARGET=sim -SIGN?=ML_DSA -HASH?=SHA256 +SIGN=ML_DSA +HASH=SHA256 WOLFBOOT_SMALL_STACK=0 SPI_FLASH=0 DEBUG=0 @@ -38,17 +38,17 @@ DELTA_UPDATES=0 # Category 2: ML_DSA_LEVEL=2 IMAGE_SIGNATURE_SIZE=2420 -IMAGE_HEADER_SIZE?=8192 +IMAGE_HEADER_SIZE=8192 # # Category 3: # ML_DSA_LEVEL=3 # IMAGE_SIGNATURE_SIZE=3309 -# IMAGE_HEADER_SIZE?=8192 +# IMAGE_HEADER_SIZE=8192 # # Category 5: # ML_DSA_LEVEL=5 # IMAGE_SIGNATURE_SIZE=4627 -# IMAGE_HEADER_SIZE?=12288 +# IMAGE_HEADER_SIZE=12288 # This example needsd larger sector size. # WOLFBOOT_SECTOR_SIZE=0x3000 # diff --git a/src/image.c b/src/image.c index 00271ba0e..f1cbc3865 100644 --- a/src/image.c +++ b/src/image.c @@ -593,6 +593,7 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot, #ifdef WOLFBOOT_SIGN_ML_DSA #include + static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, struct wolfBoot_image *img, uint8_t *sig) { @@ -636,9 +637,9 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, wolfBoot_printf("error: wc_MlDsaKey_GetPubLen returned %d\n", ret); ret = -1; } - else if (pub_len != KEYSTORE_PUBKEY_SIZE_ML_DSA) { + else if (pub_len > KEYSTORE_PUBKEY_SIZE) { wolfBoot_printf("error: ML-DSA pub key mismatch: got %d bytes " \ - "expected %d\n", pub_len, KEYSTORE_PUBKEY_SIZE_ML_DSA); + "max %d\n", pub_len, KEYSTORE_PUBKEY_SIZE); ret = -1; } }