[opentitanlib] Add PEM parsing for SPX+ signature

This introduces support for parsing SPX+ signatures from PEM-encoded
files.

A new `SpxRawSignature` struct is introduced to encapsulate raw SPX+
signature data. Its `read_from_file` method now detects whether a
signature file is in raw binary format (based on size) or PEM format.

The `opentitantool` commands (`image` and `spx`) have been updated to
leverage the new `SpxSignature` struct and its file reading
capabilities.

Signed-off-by: Anthony Chen <[email protected]>
(cherry picked from commit 4d3dd86)

Author: anthonychen1251

sw/host/opentitanlib/src/crypto/ecdsa.rs

@@ -141,10 +141,9 @@ impl EcdsaRawSignature {
 
             // Let's try interpreting the file as ASN.1 DER.
             // If unsuccessful, attempt PEM decoding.
-            EcdsaRawSignature::from_der(&data).or_else(|_| {
-                EcdsaRawSignature::from_pem(&data)
-                    .with_context(|| format!("Failed parsing {path:?}"))
-            })
+            EcdsaRawSignature::from_der(&data)
+                .or_else(|_| EcdsaRawSignature::from_pem(&data))
+                .with_context(|| format!("Failed parsing {path:?}"))
         }
     }
 

sw/host/opentitantool/src/command/image.rs

@@ -26,7 +26,9 @@ use opentitanlib::image::manifest_def::ManifestSpec;
 use opentitanlib::image::manifest_ext::{ManifestExtEntry, ManifestExtId};
 use opentitanlib::util::file::{FromReader, ToWriter};
 use opentitanlib::util::parse_int::ParseInt;
-use sphincsplus::{DecodeKey, SpxDomain, SpxError, SpxPublicKey, SpxSecretKey};
+use sphincsplus::{
+    DecodeKey, SphincsPlus, SpxDomain, SpxError, SpxPublicKey, SpxRawSignature, SpxSecretKey,
+};
 
 /// Bootstrap the target device.
 #[derive(Debug, Args)]
@@ -144,6 +146,9 @@ pub struct ManifestUpdateCommand {
     /// The signature domain (None, Pure, PreHashedSha256)
     #[arg(long, default_value_t = SpxDomain::default())]
     domain: SpxDomain,
+    /// The signature algorithm (Shake128sSimple, Sha2128sSimple)
+    #[arg(long, default_value_t = SphincsPlus::Sha2128sSimple)]
+    spx_algorithm: SphincsPlus,
     /// Set to true if the firmware uses a byte-reversed representation of the hash.
     #[arg(long, action = clap::ArgAction::Set, default_value = "false")]
     spx_hash_reversal_bug: bool,
@@ -343,8 +348,10 @@ impl CommandDispatch for ManifestUpdateCommand {
         }
         // Attach SPX+ signature.
         if let Some(spx_signature) = &self.spx_signature {
-            let signature = std::fs::read(spx_signature)?;
-            image.add_manifest_extension(ManifestExtEntry::new_spx_signature_entry(&signature)?)?;
+            let signature = SpxRawSignature::read_from_file(spx_signature, self.spx_algorithm)?;
+            image.add_manifest_extension(ManifestExtEntry::new_spx_signature_entry(
+                signature.as_bytes(),
+            )?)?;
         }
 
         image.write_to_file(self.output.as_ref().unwrap_or(&self.image))?;

sw/host/opentitantool/src/command/spx.rs

@@ -10,7 +10,9 @@ use std::path::PathBuf;
 
 use opentitanlib::app::TransportWrapper;
 use opentitanlib::app::command::CommandDispatch;
-use sphincsplus::{DecodeKey, EncodeKey, SphincsPlus, SpxDomain, SpxPublicKey, SpxSecretKey};
+use sphincsplus::{
+    DecodeKey, EncodeKey, SphincsPlus, SpxDomain, SpxPublicKey, SpxRawSignature, SpxSecretKey,
+};
 
 #[derive(Annotate)]
 pub struct SpxPublicKeyInfo {
@@ -155,6 +157,9 @@ pub struct SpxVerifyCommand {
     /// The signature domain (Raw, Pure, PreHashedSha256)
     #[arg(long, default_value_t = SpxDomain::default())]
     domain: SpxDomain,
+    /// The signature algorithm (Shake128sSimple, Sha2128sSimple)
+    #[arg(long, default_value_t = SphincsPlus::Sha2128sSimple)]
+    spx_algorithm: SphincsPlus,
     /// The file containing the SPHINCS+ raw public key in PEM format.
     #[arg(value_name = "KEY")]
     public_key: PathBuf,
@@ -175,8 +180,8 @@ impl CommandDispatch for SpxVerifyCommand {
             message.reverse();
         }
         let public_key = SpxPublicKey::read_pem_file(&self.public_key)?;
-        let signature = std::fs::read(&self.signature)?;
-        public_key.verify(self.domain, &signature, &message)?;
+        let signature = SpxRawSignature::read_from_file(&self.signature, self.spx_algorithm)?;
+        public_key.verify(self.domain, signature.as_bytes(), &message)?;
         Ok(None)
     }
 }

sw/host/sphincsplus/BUILD

@@ -52,6 +52,7 @@ rust_library(
         "error.rs",
         "key.rs",
         "lib.rs",
+        "signature.rs",
         "variants.rs",
     ],
     proc_macro_deps = [
@@ -60,6 +61,7 @@ rust_library(
     deps = [
         ":bindgen_sha2_128s_simple",
         ":bindgen_shake_128s_simple",
+        "//sw/host/opentitanlib/util",
         "@crate_index//:asn1",
         "@crate_index//:pem-rfc7468",
         "@crate_index//:serde",

sw/host/sphincsplus/lib.rs

@@ -4,10 +4,12 @@
 
 mod error;
 mod key;
+mod signature;
 mod variants;
 
 pub use error::SpxError;
 pub use key::{SpxDomain, SpxPublicKey, SpxSecretKey};
+pub use signature::SpxRawSignature;
 pub use variants::SphincsPlus;
 
 use std::path::Path;

sw/host/sphincsplus/signature.rs

@@ -0,0 +1,66 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+use pem_rfc7468::Decoder;
+use std::fs::File;
+use std::io::Read;
+use std::path::Path;
+
+use crate::{SphincsPlus, SpxError};
+use util::clean_pem_bytes_for_parsing;
+
+#[derive(Clone, PartialEq, Eq, Debug)]
+pub struct SpxRawSignature {
+    raw_data: Vec<u8>,
+}
+
+impl SpxRawSignature {
+    pub fn read(src: &mut impl Read, algorithm: SphincsPlus) -> Result<Self, SpxError> {
+        let mut raw_data = Vec::new();
+        raw_data.resize(algorithm.signature_len(), 0);
+        src.read_exact(&mut raw_data)?;
+        Ok(SpxRawSignature { raw_data })
+    }
+
+    pub fn read_from_file(path: &Path, algorithm: SphincsPlus) -> Result<Self, SpxError> {
+        let mut file = File::open(path)?;
+        let file_size = std::fs::metadata(path)?.len() as usize;
+
+        if file_size == algorithm.signature_len() {
+            // This must be a raw signature, just read it as is.
+            SpxRawSignature::read(&mut file, algorithm)
+        } else {
+            let mut data = Vec::<u8>::new();
+
+            file.read_to_end(&mut data)?;
+
+            // Try parsing as PEM decoding.
+            SpxRawSignature::from_pem(&data, algorithm)
+        }
+    }
+
+    fn from_pem(data: &[u8], algorithm: SphincsPlus) -> Result<Self, SpxError> {
+        // Ensures valid PEM markers and a recognized label are present.
+        let _ = pem_rfc7468::decode_label(data)?;
+        let mut raw_data = Vec::new();
+        let result = Decoder::new(data);
+        match result {
+            Ok(mut decoder) => decoder.decode_to_end(&mut raw_data)?,
+            _ => {
+                let cleaned_data = clean_pem_bytes_for_parsing(data)?;
+                let mut decoder = Decoder::new(&cleaned_data)?;
+                decoder.decode_to_end(&mut raw_data)?
+            }
+        };
+        if algorithm.signature_len() != raw_data.len() {
+            return Err(SpxError::BadSigLength(raw_data.len()));
+        }
+        Ok(SpxRawSignature { raw_data })
+    }
+
+    /// Returns the raw signature bytes.
+    pub fn as_bytes(&self) -> &[u8] {
+        self.raw_data.as_slice()
+    }
+}