Draft: support for hybrid authentication (2 algos)

Author: danielinux

Makefile

@@ -141,6 +141,11 @@ ifeq ($(FLASH_OTP_KEYSTORE),1)
     MAIN_TARGET+=tools/keytools/otp/otp-keystore-primer.bin
 endif
 
+ifneq ($(SIGN_SECONDARY),)
+  SECONDARY_PRIVATE_KEY=wolfboot_signing_second_private_key.der
+  MAIN_TARGET+=$(SECONDARY_PRIVATE_KEY)
+endif
+
 ASFLAGS:=$(CFLAGS)
 
 all: $(MAIN_TARGET)
@@ -203,6 +208,14 @@ $(PRIVATE_KEY):
 	$(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" >  src/keystore.c) || true
 	$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
 
+$(SECONDARY_PRIVATE_KEY):
+	$(Q)$(MAKE) keytools_check
+	$(Q)rm -f src/keystore.c
+	$(Q)(test $(SIGN_SECONDARY) = NONE) || ("$(KEYGEN_TOOL)" \
+		$(KEYGEN_OPTIONS) -i $(PRIVATE_KEY) $(SECONDARY_KEYGEN_OPTIONS) \
+		-g $(SECONDARY_PRIVATE_KEY)) || true
+	$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
+
 keytools: include/target.h
 	@echo "Building key tools"
 	@$(MAKE) -C tools/keytools -s clean
@@ -220,7 +233,12 @@ swtpmtools:
 
 test-app/image_v1_signed.bin: $(BOOT_IMG)
 	@echo "\t[SIGN] $(BOOT_IMG)"
-	$(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
+	@echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)"
+	@echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)"
+
+	$(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) \
+		$(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \
+		$(SECONDARY_PRIVATE_KEY) 1 || true
 	$(Q)(test $(SIGN) = NONE) && "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true
 
 test-app/image.elf: wolfboot.elf
@@ -400,6 +418,8 @@ tools/keytools/otp/otp-keystore-primer.bin: FORCE
 	make -C tools/keytools/otp clean
 	make -C tools/keytools/otp
 
+secondary: $(SECONDARY_PRIVATE_KEY)
+
 %.o:%.c
 	@echo "\t[CC-$(ARCH)] $@"
 	$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^

arch.mk

@@ -997,9 +997,11 @@ ifeq ($(TARGET),sim)
   LD_END_GROUP=
   BOOT_IMG=test-app/image.elf
   CFLAGS+=-DARCH_SIM
+  LDFLAGS +=-Wl,-gc-sections -Wl,-Map=wolfboot.map
   ifeq ($(FORCE_32BIT),1)
     CFLAGS+=-m32
     LDFLAGS+=-m32
+
   endif
   ifeq ($(SPMATH),1)
     MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o

config/examples/sim-ml-dsa-ecc-hybrid.conf

@@ -0,0 +1,26 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ML_DSA
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE?=8192
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=0
+SPI_FLASH=0
+DEBUG=1
+WOLFBOOT_UNIVERSAL_KEYSTORE=1
+SIGN_SECONDARY=ECC384
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC

include/image.h

@@ -79,7 +79,29 @@ int wolfBot_get_dts_size(void *dts_addr);
 #define SECT_FLAG_UPDATED   0x0f
 #endif
 
+#define WOLFBOOT_SIGN_PRIMARY_ML_DSA
 
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED25519
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ed25519
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED448
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ed448
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_RSA
+#define wolfBoot_verify_signature wolfBoot_verify_signature_rsa
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ECC
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ecc
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_LMS
+#define wolfBoot_verify_signature wolfBoot_verify_signature_lms
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_XMSS
+#define wolfBoot_verify_signature wolfBoot_verify_signature_xmss
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ML_DSA
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ml_dsa
+#endif
 
 
 #if (defined(WOLFBOOT_ARMORED) && defined(__WOLFBOOT))
@@ -128,6 +150,16 @@ static void __attribute__((noinline)) wolfBoot_image_confirm_signature_ok(
     img->canary_FEED89AB = 0xFEED89ABUL;
 }
 
+static void __attribute__((noinline)) wolfBoot_image_clear_signature_ok(
+	struct wolfBoot_image *img)
+{
+	img->canary_FEED4567 = 0xFEED4567UL;
+	img->signature_ok = 0UL;
+	img->canary_FEED6789 = 0xFEED6789UL;
+	img->not_signature_ok = 1UL;
+	img->canary_FEED89AB = 0xFEED89ABUL;
+}
+
 /**
  * Final sanity check, performed just before do_boot, or before starting an
  * update that has been verified.
@@ -330,8 +362,8 @@ static void __attribute__((noinline)) wolfBoot_image_confirm_signature_ok(
     }
 
 /**
- * ECC / Ed signature verification.
- * ECC and Ed verify functions set an additional value 'p_res'
+ * ECC / Ed / PQ signature verification.
+ * Those verify functions set an additional value 'p_res'
  * which is passed as a pointer.
  *
  * Ensure that the verification function has been called, and then
@@ -531,12 +563,22 @@ struct wolfBoot_image {
 #if !defined(__CCRX__)
 static void __attribute__ ((unused)) wolfBoot_image_confirm_signature_ok(
     struct wolfBoot_image *img)
+{
+}
+static void __attribute__ ((unused)) wolfBoot_image_clear_signature_ok(
+	struct wolfBoot_image *img)
+{
+}
 #else
 static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img)
-#endif
 {
     img->signature_ok = 1;
 }
+static void wolfBoot_image_clear_signature_ok(struct wolfBoot_image *img)
+{
+	img->signature_ok = 0;
+}
+#endif
 
 #define likely(x) (x)
 #define unlikely(x) (x)

include/keystore.h

@@ -32,7 +32,11 @@ extern "C" {
 #ifndef KEYSTORE_PUBKEY_SIZE
     /* allow building version for external API use */
     #define KEYSTORE_ANY
-    #define KEYSTORE_PUBKEY_SIZE 576 /* Max is RSA 4096 */
+#ifdef ML_DSA_LEVEL
+    #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ML_DSA
+#else
+    #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_RSA4096
+#endif
 #endif
 
 

include/loader.h

@@ -77,6 +77,28 @@ extern "C" {
 #   error "No public key available for given signing algorithm."
 #endif /* Algorithm selection */
 
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED25519
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ed25519
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ED448
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ed448
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_RSA
+#define wolfBoot_verify_signature wolfBoot_verify_signature_rsa
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ECC
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ecc
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_LMS
+#define wolfBoot_verify_signature wolfBoot_verify_signature_lms
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_XMSS
+#define wolfBoot_verify_signature wolfBoot_verify_signature_xmss
+#endif
+#ifdef WOLFBOOT_SIGN_PRIMARY_ML_DSA
+#define wolfBoot_verify_signature wolfBoot_verify_signature_ml_dsa
+#endif
+
 void wolfBoot_start(void);
 
 #if defined(ARCH_ARM) && defined(WOLFBOOT_ARMORED)

include/wolfboot/wolfboot.h

@@ -67,12 +67,14 @@ extern "C" {
 #define HDR_IMG_DELTA_BASE          0x05
 #define HDR_IMG_DELTA_SIZE          0x06
 #define HDR_PUBKEY                  0x10
+#define HDR_SECONDARY_PUBKEY        0x12
 #define HDR_SHA3_384                0x13
 #define HDR_SHA384                  0x14
 #define HDR_IMG_DELTA_INVERSE       0x15
 #define HDR_IMG_DELTA_INVERSE_SIZE  0x16
 #define HDR_SIGNATURE               0x20
 #define HDR_POLICY_SIGNATURE        0x21
+#define HDR_SECONDARY_SIGNATURE     0x22
 #define HDR_PADDING                 0xFF
 
 /* Auth Key types */
@@ -118,72 +120,71 @@ extern "C" {
 #define HDR_IMG_TYPE_APP          0x0001
 #endif
 
- #define KEYSTORE_PUBKEY_SIZE_NONE    0
- #define KEYSTORE_PUBKEY_SIZE_ED25519 32
- #define KEYSTORE_PUBKEY_SIZE_ED448   57
- #define KEYSTORE_PUBKEY_SIZE_ECC256  64
- #define KEYSTORE_PUBKEY_SIZE_ECC384  96
- #define KEYSTORE_PUBKEY_SIZE_ECC521  132
- #define KEYSTORE_PUBKEY_SIZE_RSA2048 320
- #define KEYSTORE_PUBKEY_SIZE_RSA3072 448
- #define KEYSTORE_PUBKEY_SIZE_RSA4096 576
- #define KEYSTORE_PUBKEY_SIZE_LMS     60
- #define KEYSTORE_PUBKEY_SIZE_XMSS    68
- /* ML-DSA pub key size is a function of parameters.
-  * This needs to be configurable. Default to security
-  * category 2. */
- #ifdef ML_DSA_LEVEL
-     #if ML_DSA_LEVEL == 2
-         #define KEYSTORE_PUBKEY_SIZE_ML_DSA  1312
-     #elif ML_DSA_LEVEL == 3
-         #define KEYSTORE_PUBKEY_SIZE_ML_DSA  1952
-     #elif ML_DSA_LEVEL == 5
-         #define KEYSTORE_PUBKEY_SIZE_ML_DSA  2592
-     #else
-         #error "Invalid ML_DSA_LEVEL!"
-     #endif
- #else
-     #define KEYSTORE_PUBKEY_SIZE_ML_DSA  1312
- #endif /* ML_DSA_LEVEL */
+#define KEYSTORE_PUBKEY_SIZE_NONE    0
+#define KEYSTORE_PUBKEY_SIZE_ED25519 32
+#define KEYSTORE_PUBKEY_SIZE_ED448   57
+#define KEYSTORE_PUBKEY_SIZE_ECC256  64
+#define KEYSTORE_PUBKEY_SIZE_ECC384  96
+#define KEYSTORE_PUBKEY_SIZE_ECC521  132
+#define KEYSTORE_PUBKEY_SIZE_RSA2048 320
+#define KEYSTORE_PUBKEY_SIZE_RSA3072 448
+#define KEYSTORE_PUBKEY_SIZE_RSA4096 576
+#define KEYSTORE_PUBKEY_SIZE_LMS     60
+#define KEYSTORE_PUBKEY_SIZE_XMSS    68
+
+/* ML-DSA pub key size is a function of parameters.
+ * This needs to be configurable. Default to security
+ * category 2. */
+#ifdef ML_DSA_LEVEL
+    #if ML_DSA_LEVEL == 2
+        #define KEYSTORE_PUBKEY_SIZE_ML_DSA  1312
+    #elif ML_DSA_LEVEL == 3
+        #define KEYSTORE_PUBKEY_SIZE_ML_DSA  1952
+    #elif ML_DSA_LEVEL == 5
+        #define KEYSTORE_PUBKEY_SIZE_ML_DSA  2592
+    #else
+        #error "Invalid ML_DSA_LEVEL!"
+    #endif
+#endif /* ML_DSA_LEVEL */
 
 /* Mask for key permissions */
- #define KEY_VERIFY_ALL         (0xFFFFFFFFU)
- #define KEY_VERIFY_ONLY_ID(X)  (1U << X)
- #define KEY_VERIFY_SELF_ONLY   KEY_VERIFY_ONLY_ID(0)
- #define KEY_VERIFY_APP_ONLY   KEY_VERIFY_ONLY_ID(1)
+#define KEY_VERIFY_ALL         (0xFFFFFFFFU)
+#define KEY_VERIFY_ONLY_ID(X)  (1U << X)
+#define KEY_VERIFY_SELF_ONLY   KEY_VERIFY_ONLY_ID(0)
+#define KEY_VERIFY_APP_ONLY   KEY_VERIFY_ONLY_ID(1)
 
 #if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH)
 
- /* Hashing configuration */
- #if defined(WOLFBOOT_HASH_SHA256)
- #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
- #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
- #   endif
- #   define WOLFBOOT_SHA_HDR HDR_SHA256
- #   define WOLFBOOT_SHA_DIGEST_SIZE (32)
- #   define image_hash image_sha256
- #   define key_hash key_sha256
- #   define self_hash self_sha256
- #elif defined(WOLFBOOT_HASH_SHA384)
- #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
- #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
- #   endif
- #   define WOLFBOOT_SHA_HDR HDR_SHA384
- #   define WOLFBOOT_SHA_DIGEST_SIZE (48)
- #   define image_hash image_sha384
- #   define key_hash key_sha384
- #   define self_hash self_sha384
- #elif defined(WOLFBOOT_HASH_SHA3_384)
- #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
- #     define WOLFBOOT_SHA_BLOCK_SIZE (128)
- #   endif
- #   define WOLFBOOT_SHA_HDR HDR_SHA3_384
- #   define WOLFBOOT_SHA_DIGEST_SIZE (48)
- #   define image_hash image_sha3_384
- #   define key_hash key_sha3_384
- #else
- #   error "No valid hash algorithm defined!"
- #endif
+/* Hashing configuration */
+#if defined(WOLFBOOT_HASH_SHA256)
+#   ifndef WOLFBOOT_SHA_BLOCK_SIZE
+#     define WOLFBOOT_SHA_BLOCK_SIZE (256)
+#   endif
+#   define WOLFBOOT_SHA_HDR HDR_SHA256
+#   define WOLFBOOT_SHA_DIGEST_SIZE (32)
+#   define image_hash image_sha256
+#   define key_hash key_sha256
+#   define self_hash self_sha256
+#elif defined(WOLFBOOT_HASH_SHA384)
+#   ifndef WOLFBOOT_SHA_BLOCK_SIZE
+#     define WOLFBOOT_SHA_BLOCK_SIZE (256)
+#   endif
+#   define WOLFBOOT_SHA_HDR HDR_SHA384
+#   define WOLFBOOT_SHA_DIGEST_SIZE (48)
+#   define image_hash image_sha384
+#   define key_hash key_sha384
+#   define self_hash self_sha384
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+#   ifndef WOLFBOOT_SHA_BLOCK_SIZE
+#     define WOLFBOOT_SHA_BLOCK_SIZE (128)
+#   endif
+#   define WOLFBOOT_SHA_HDR HDR_SHA3_384
+#   define WOLFBOOT_SHA_DIGEST_SIZE (48)
+#   define image_hash image_sha3_384
+#   define key_hash key_sha3_384
+#else
+#   error "No valid hash algorithm defined!"
+#endif
 
 #ifdef WOLFBOOT_TPM
     #if defined(WOLFBOOT_HASH_SHA256)

options.mk

@@ -507,6 +507,14 @@ ifeq ($(SIGN),ML_DSA)
   endif
 endif
 
+ifneq ($(SIGN_SECONDARY),)
+  LOWERCASE_SECONDARY=$(shell echo $(SIGN_SECONDARY) | tr '[:upper:]' '[:lower:]')
+  SECONDARY_KEYGEN_OPTIONS=--$(LOWERCASE_SECONDARY)
+  SECONDARY_SIGN_OPTIONS=--$(LOWERCASE_SECONDARY)
+  CFLAGS+=-DSIGN_HYBRID
+  CFLAGS+=-DSIGN_SECONDARY_$(SIGN_SECONDARY)
+endif
+
 ifeq ($(RAM_CODE),1)
   CFLAGS+= -D"RAM_CODE"
 endif