Support for hybrid authentication (2 ciphers)

Author: danielinux

.github/workflows/test-tpm.yml

@@ -113,7 +113,7 @@ jobs:
     with:
       arch: host
       config-file: ./config/examples/sim-tpm-seal.config
-      make-args: SIGN=ECC256 HASH=SHA256 POLICY_FILE=policy.bin
+      make-args: SIGN=ECC256 HASH=SHA256 POLICY_FILE=policy.bin IMAGE_HEADER_SIZE=512
       keyauthstr: TestAuth
       sealauthstr: SealAuth
 
@@ -143,7 +143,7 @@ jobs:
     with:
       arch: host
       config-file: ./config/examples/sim-tpm-seal.config
-      make-args: SIGN=ECC256 HASH=SHA256 POLICY_FILE=policy.bin
+      make-args: SIGN=ECC256 HASH=SHA256 POLICY_FILE=policy.bin IMAGE_HEADER_SIZE=512
       keyauthstr: TestAuth
 
   sim_tpm_seal_noauth_ecc384:

Makefile

@@ -141,9 +141,13 @@ ifeq ($(FLASH_OTP_KEYSTORE),1)
     MAIN_TARGET+=tools/keytools/otp/otp-keystore-primer.bin
 endif
 
+ifneq ($(SIGN_SECONDARY),)
+  SECONDARY_PRIVATE_KEY=wolfboot_signing_second_private_key.der
+endif
+
 ASFLAGS:=$(CFLAGS)
 
-all: $(MAIN_TARGET)
+all: $(SECONDARY_PRIVATE_KEY) $(MAIN_TARGET)
 
 stage1: stage1/loader_stage1.bin
 stage1/loader_stage1.bin: wolfboot.elf
@@ -203,6 +207,15 @@ $(PRIVATE_KEY):
 	$(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" >  src/keystore.c) || true
 	$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
 
+$(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) keystore.der
+	$(Q)$(MAKE) keytools_check
+	$(Q)rm -f src/keystore.c
+	$(Q)dd if=keystore.der of=pubkey_1.der bs=1 skip=16
+	$(Q)(test $(SIGN_SECONDARY) = NONE) || ("$(KEYGEN_TOOL)" \
+		$(KEYGEN_OPTIONS) -i pubkey_1.der $(SECONDARY_KEYGEN_OPTIONS) \
+		-g $(SECONDARY_PRIVATE_KEY)) || true
+	$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
+
 keytools: include/target.h
 	@echo "Building key tools"
 	@$(MAKE) -C tools/keytools -s clean
@@ -220,7 +233,12 @@ swtpmtools:
 
 test-app/image_v1_signed.bin: $(BOOT_IMG)
 	@echo "\t[SIGN] $(BOOT_IMG)"
-	$(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
+	@echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)"
+	@echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)"
+
+	$(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) \
+		$(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \
+		$(SECONDARY_PRIVATE_KEY) 1 || true
 	$(Q)(test $(SIGN) = NONE) && "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true
 
 test-app/image.elf: wolfboot.elf
@@ -312,7 +330,7 @@ keys: $(PRIVATE_KEY)
 
 clean:
 	$(Q)rm -f src/*.o hal/*.o hal/spi/*.o test-app/*.o src/x86/*.o
-	$(Q)rm -f lib/wolfssl/wolfcrypt/src/*.o lib/wolfTPM/src/*.o lib/wolfTPM/hal/*.o
+	$(Q)rm -f lib/wolfssl/wolfcrypt/src/*.o lib/wolfTPM/src/*.o lib/wolfTPM/hal/*.o lib/wolfTPM/examples/pcr/*.o
 	$(Q)rm -f lib/wolfssl/wolfcrypt/src/port/Renesas/*.o
 	$(Q)rm -f wolfboot.bin wolfboot.elf wolfboot.map test-update.rom wolfboot.hex
 	$(Q)rm -f $(MACHINE_OBJ) $(MAIN_TARGET) $(LSCRIPT)
@@ -408,6 +426,8 @@ tools/keytools/otp/otp-keystore-primer.bin: FORCE
 	make -C tools/keytools/otp clean
 	make -C tools/keytools/otp
 
+secondary: $(SECONDARY_PRIVATE_KEY)
+
 %.o:%.c
 	@echo "\t[CC-$(ARCH)] $@"
 	$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^

arch.mk

@@ -25,8 +25,13 @@ SPI_TARGET=$(TARGET)
 # Default UART driver name
 UART_TARGET=$(TARGET)
 
-# Include SHA256 module because it's implicitly needed by RSA
-WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha256.o
+# Include some modules by default
+WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha256.o \
+                ./lib/wolfssl/wolfcrypt/src/hash.o \
+                ./lib/wolfssl/wolfcrypt/src/memory.o \
+                ./lib/wolfssl/wolfcrypt/src/wc_port.o \
+                ./lib/wolfssl/wolfcrypt/src/wolfmath.o
+
 
 ifeq ($(ARCH),x86_64)
   CFLAGS+=-DARCH_x86_64
@@ -239,7 +244,6 @@ else
         CORTEXM_ARM_EXTRA_OBJS=
         CORTEXM_ARM_EXTRA_CFLAGS=
         SECURE_OBJS+=./src/wc_callable.o
-        SECURE_OBJS+=./lib/wolfssl/wolfcrypt/src/random.o
         CFLAGS+=-DWOLFCRYPT_SECURE_MODE
         SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wc_secure_calls.o
       endif
@@ -1025,9 +1029,12 @@ ifeq ($(TARGET),sim)
   LD_END_GROUP=
   BOOT_IMG=test-app/image.elf
   CFLAGS+=-DARCH_SIM
+  CFLAGS+=-DWOLFBOOT_USE_STDLIBC
+  LDFLAGS +=-Wl,-gc-sections -Wl,-Map=wolfboot.map
   ifeq ($(FORCE_32BIT),1)
     CFLAGS+=-m32
     LDFLAGS+=-m32
+
   endif
   ifeq ($(SPMATH),1)
     MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o

config/examples/sim-ml-dsa-ecc-hybrid.config

@@ -0,0 +1,26 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ML_DSA
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE?=8192
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=0
+SPI_FLASH=0
+DEBUG=0
+WOLFBOOT_UNIVERSAL_KEYSTORE=1
+SIGN_SECONDARY=ECC384
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC

hal/sim.c

@@ -40,6 +40,7 @@
 
 #include "wolfboot/wolfboot.h"
 #include "target.h"
+#include "printf.h"
 
 /* Global pointer to the internal and external flash base */
 uint8_t *sim_ram_base;
@@ -72,7 +73,7 @@ static int mmap_file(const char *path, uint8_t *address, uint8_t** ret_address)
 
     fd = open(path, O_RDWR);
     if (fd == -1) {
-        fprintf(stderr, "can't open %s\n", path);
+        wolfBoot_printf( "can't open %s\n", path);
         return -1;
     }
 
@@ -81,7 +82,7 @@ static int mmap_file(const char *path, uint8_t *address, uint8_t** ret_address)
     if (mmaped_addr == MAP_FAILED)
         return -1;
 
-    fprintf(stderr, "Simulator assigned %s to base %p\n", path, mmaped_addr);
+    wolfBoot_printf( "Simulator assigned %s to base %p\n", path, mmaped_addr);
 
     *ret_address = mmaped_addr;
 
@@ -119,8 +120,8 @@ int hal_flash_write(uintptr_t address, const uint8_t *data, int len)
             uint8_t *addr = (uint8_t *)address;
             if (addr[i] != FLASH_BYTE_ERASED) {
                 /* no writing to non-erased page in NVM_FLASH_WRITEONCE */
-                printf("NVM_FLASH_WRITEONCE non-erased write detected at address %p!\n", addr);
-                printf("Address[%d] = %02x\n", i, addr[i]);
+                wolfBoot_printf("NVM_FLASH_WRITEONCE non-erased write detected at address %p!\n", addr);
+                wolfBoot_printf("Address[%d] = %02x\n", i, addr[i]);
                 return -1;
             }
 #endif
@@ -137,9 +138,9 @@ int hal_flash_write(uintptr_t address, const uint8_t *data, int len)
 int hal_flash_erase(uintptr_t address, int len)
 {
     /* implicit cast abide compiler warning */
-    fprintf(stderr, "hal_flash_erase addr %p len %d\n", (void*)address, len);
+    wolfBoot_printf( "hal_flash_erase addr %p len %d\n", (void*)address, len);
     if (address == erasefail_address + WOLFBOOT_PARTITION_BOOT_ADDRESS) {
-        fprintf(stderr, "POWER FAILURE\n");
+        wolfBoot_printf( "POWER FAILURE\n");
         /* Corrupt page */
         memset((void*)address, 0xEE, len);
         exit(0);
@@ -156,23 +157,23 @@ void hal_init(void)
     ret = mmap_file(INTERNAL_FLASH_FILE,
         (uint8_t*)ARCH_FLASH_OFFSET, &sim_ram_base);
     if (ret != 0) {
-        fprintf(stderr, "failed to load internal flash file\n");
+        wolfBoot_printf( "failed to load internal flash file\n");
         exit(-1);
     }
 
 #ifdef EXT_FLASH
     ret = mmap_file(EXTERNAL_FLASH_FILE,
         (uint8_t*)ARCH_FLASH_OFFSET + 0x10000000, &flash_base);
     if (ret != 0) {
-        fprintf(stderr, "failed to load external flash file\n");
+        wolfBoot_printf( "failed to load external flash file\n");
         exit(-1);
     }
 #endif /* EXT_FLASH */
 
     for (i = 1; i < main_argc; i++) {
         if (strcmp(main_argv[i], "powerfail") == 0) {
             erasefail_address = strtol(main_argv[++i], NULL,  16);
-            fprintf(stderr, "Set power fail to erase at address %x\n",
+            wolfBoot_printf( "Set power fail to erase at address %x\n",
                 erasefail_address);
         }
         /* force a bad write of the boot partition to trigger and test the
@@ -262,15 +263,15 @@ void do_boot(const uint32_t *app_offset)
 
     ret = NSCreateObjectFileImageFromMemory(app_buf, app_size, &fileImage);
     if (ret != 1 || fileImage == NULL) {
-        fprintf(stderr, "Error loading object memory!\n");
+        wolfBoot_printf( "Error loading object memory!\n");
         exit(-1);
     }
     module = NSLinkModule(fileImage, "module",
         (NSLINKMODULE_OPTION_PRIVATE | NSLINKMODULE_OPTION_BINDNOW));
     symbol = NSLookupSymbolInModule(module, "__mh_execute_header");
     pSymbolAddress = NSAddressOfSymbol(symbol);
     if (!find_epc(pSymbolAddress, &epc)) {
-        fprintf(stderr, "Error finding entry point!\n");
+        wolfBoot_printf( "Error finding entry point!\n");
         exit(-1);
     }
 
@@ -283,17 +284,17 @@ void do_boot(const uint32_t *app_offset)
     char *envp[1] = {NULL};
     int fd = memfd_create("test_app", 0);
     if (fd == -1) {
-        fprintf(stderr, "memfd error\n");
+        wolfBoot_printf( "memfd error\n");
         exit(-1);
     }
 
     if ((size_t)write(fd, app_offset, app_size) != app_size) {
-        fprintf(stderr, "can't write test-app to memfd\n");
+        wolfBoot_printf( "can't write test-app to memfd\n");
         exit(-1);
     }
 
     ret = fexecve(fd, main_argv, envp);
-    fprintf(stderr, "fexecve error\n");
+    wolfBoot_printf( "fexecve error\n");
 #endif
     exit(1);
 }

include/image.h

@@ -79,7 +79,68 @@ int wolfBot_get_dts_size(void *dts_addr);
 #define SECT_FLAG_UPDATED   0x0f
 #endif
 
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED25519
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed25519
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED448
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ed448
+#endif
+#if defined (WOLFBOOT_SIGN_PRIMARY_RSA2048) || \
+    defined (WOLFBOOT_SIGN_PRIMARY_RSA3072) || \
+    defined (WOLFBOOT_SIGN_PRIMARY_RSA4096) || \
+    defined (WOLFBOOT_SIGN_PRIMARY_RSA2048ENC) || \
+    defined (WOLFBOOT_SIGN_PRIMARY_RSA3072ENC) || \
+    defined (WOLFBOOT_SIGN_PRIMARY_RSA4096ENC)
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_rsa
+#endif
+#if defined (WOLFBOOT_SIGN_PRIMARY_ECC256) || \
+        defined (WOLFBOOT_SIGN_PRIMARY_ECC384) || \
+        defined (WOLFBOOT_SIGN_PRIMARY_ECC521)
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ecc
+#endif
+#if defined(WOLFBOOT_SIGN_PRIMARY_LMS) || defined(WOLFBOOT_SIGN_PRIMARY_ext_LMS)
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_lms
+#endif
+#if defined(WOLFBOOT_SIGN_PRIMARY_XMSS ) || defined(WOLFBOOT_SIGN_PRIMARY_ext_XMSS)
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_xmss
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ML_DSA
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_ml_dsa
+#endif
+
+#ifdef WOLFBOOT_SIGN_SECONDARY_ED25519
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_ed25519
+#endif
+#ifdef WOLFBOOT_SIGN_SECONDARY_ED448
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_ed448
+#endif
+#if defined (WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSA2048ENC) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSA3072ENC) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSA4096ENC)
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_rsa
+#endif
+#if defined (WOLFBOOT_SIGN_SECONDARY_ECC256) || \
+        defined (WOLFBOOT_SIGN_SECONDARY_ECC384) || \
+        defined (WOLFBOOT_SIGN_SECONDARY_ECC521)
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_ecc
+#endif
+#ifdef WOLFBOOT_SIGN_SECONDARY_LMS
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_lms
+#endif
+#ifdef WOLFBOOT_SIGN_SECONDARY_XMSS
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_xmss
+#endif
+#ifdef WOLFBOOT_SIGN_SECONDARY_ML_DSA
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_ml_dsa
+#endif
 
+#if defined(WOLFBOOT_TPM) && defined (WOLFBOOT_TPM_VERIFY)
+#undef wolfBoot_verify_signature_primary
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_tpm
+#endif
 
 
 #if (defined(WOLFBOOT_ARMORED) && defined(__WOLFBOOT))
@@ -128,6 +189,16 @@ static void __attribute__((noinline)) wolfBoot_image_confirm_signature_ok(
     img->canary_FEED89AB = 0xFEED89ABUL;
 }
 
+static void __attribute__((noinline)) wolfBoot_image_clear_signature_ok(
+	struct wolfBoot_image *img)
+{
+	img->canary_FEED4567 = 0xFEED4567UL;
+	img->signature_ok = 0UL;
+	img->canary_FEED6789 = 0xFEED6789UL;
+	img->not_signature_ok = 1UL;
+	img->canary_FEED89AB = 0xFEED89ABUL;
+}
+
 /**
  * Final sanity check, performed just before do_boot, or before starting an
  * update that has been verified.
@@ -330,8 +401,8 @@ static void __attribute__((noinline)) wolfBoot_image_confirm_signature_ok(
     }
 
 /**
- * ECC / Ed signature verification.
- * ECC and Ed verify functions set an additional value 'p_res'
+ * ECC / Ed / PQ signature verification.
+ * Those verify functions set an additional value 'p_res'
  * which is passed as a pointer.
  *
  * Ensure that the verification function has been called, and then
@@ -528,15 +599,14 @@ struct wolfBoot_image {
 };
 
 /* do not warn if this is not used */
-#if !defined(__CCRX__)
-static void __attribute__ ((unused)) wolfBoot_image_confirm_signature_ok(
-    struct wolfBoot_image *img)
-#else
 static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img)
-#endif
 {
     img->signature_ok = 1;
 }
+static void wolfBoot_image_clear_signature_ok(struct wolfBoot_image *img)
+{
+	img->signature_ok = 0;
+}
 
 #define likely(x) (x)
 #define unlikely(x) (x)

include/keystore.h

@@ -32,7 +32,11 @@ extern "C" {
 #ifndef KEYSTORE_PUBKEY_SIZE
     /* allow building version for external API use */
     #define KEYSTORE_ANY
-    #define KEYSTORE_PUBKEY_SIZE 576 /* Max is RSA 4096 */
+#ifdef WOLFBOOT_SIGN_ML_DSA
+    #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ML_DSA
+#else
+    #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_RSA4096
+#endif
 #endif