@@ -252,6 +252,25 @@ static uint16_t find_exact_fill_custom_len(void)
252252 return 0 ;
253253}
254254
255+ static uint32_t find_cert_chain_len_for_required_size (int hash_algo ,
256+ uint32_t required_size , uint32_t secondary_key_sz )
257+ {
258+ uint32_t len ;
259+
260+ reset_cmd_defaults ();
261+ CMD .hash_algo = hash_algo ;
262+ CMD .hybrid = 1 ;
263+ CMD .secondary_sign = SIGN_ED25519 ;
264+
265+ for (len = 1 ; len < IMAGE_HEADER_SIZE ; len ++ ) {
266+ if (header_required_size (0 , len , secondary_key_sz ) == required_size ) {
267+ return len ;
268+ }
269+ }
270+
271+ return 0 ;
272+ }
273+
255274START_TEST (test_make_header_ex_fails_when_encrypted_output_open_fails )
256275{
257276 char tempdir [] = "/tmp/wolfboot-sign-XXXXXX" ;
@@ -526,6 +545,66 @@ START_TEST(test_make_header_ex_roundtrip_finds_tlv_that_exactly_fills_header)
526545}
527546END_TEST
528547
548+ START_TEST (test_make_header_ex_keeps_boundary_header_for_sha384_sha3_hybrid_cert_chain )
549+ {
550+ static const int hash_algos [] = { HASH_SHA384 , HASH_SHA3 };
551+ char tempdir [] = "/tmp/wolfboot-sign-XXXXXX" ;
552+ char image_path [PATH_MAX ];
553+ char output_path [PATH_MAX ];
554+ char cert_chain_path [PATH_MAX ];
555+ uint8_t image_buf [] = { 0x71 , 0x72 , 0x73 , 0x74 };
556+ uint8_t pubkey [] = { 0xA5 , 0x5A , 0x33 , 0xCC };
557+ uint8_t secondary_key [] = { 0x11 , 0x22 , 0x33 , 0x44 };
558+ uint8_t * cert_chain_buf = NULL ;
559+ struct stat st ;
560+ size_t i ;
561+ int ret ;
562+
563+ ck_assert_ptr_nonnull (mkdtemp (tempdir ));
564+
565+ snprintf (image_path , sizeof (image_path ), "%s/image.bin" , tempdir );
566+ snprintf (output_path , sizeof (output_path ), "%s/output.bin" , tempdir );
567+ snprintf (cert_chain_path , sizeof (cert_chain_path ), "%s/cert-chain.bin" ,
568+ tempdir );
569+ ck_assert_int_eq (write_file (image_path , image_buf , sizeof (image_buf )), 0 );
570+
571+ for (i = 0 ; i < sizeof (hash_algos ) / sizeof (hash_algos [0 ]); i ++ ) {
572+ uint32_t cert_chain_len = find_cert_chain_len_for_required_size (
573+ hash_algos [i ], IMAGE_HEADER_SIZE , sizeof (secondary_key ));
574+
575+ ck_assert_uint_ne (cert_chain_len , 0 );
576+ cert_chain_buf = realloc (cert_chain_buf , cert_chain_len );
577+ ck_assert_ptr_nonnull (cert_chain_buf );
578+ memset (cert_chain_buf , 0xC3 + (int )i , cert_chain_len );
579+ ck_assert_int_eq (write_file (cert_chain_path , cert_chain_buf ,
580+ cert_chain_len ), 0 );
581+
582+ reset_cmd_defaults ();
583+ CMD .hash_algo = hash_algos [i ];
584+ CMD .hybrid = 1 ;
585+ CMD .secondary_sign = SIGN_ED25519 ;
586+ CMD .header_sz = IMAGE_HEADER_SIZE ;
587+ CMD .cert_chain_file = cert_chain_path ;
588+
589+ reset_mocks (NULL , 0 );
590+ ret = make_header_ex (0 , pubkey , sizeof (pubkey ), image_path , output_path ,
591+ 0 , 0 , 0 , 0 , secondary_key , sizeof (secondary_key ), NULL , 0 );
592+
593+ ck_assert_int_eq (ret , 0 );
594+ ck_assert_uint_eq (CMD .header_sz , IMAGE_HEADER_SIZE );
595+ ck_assert_int_eq (stat (output_path , & st ), 0 );
596+ ck_assert_uint_eq ((uint32_t )st .st_size ,
597+ IMAGE_HEADER_SIZE + sizeof (image_buf ));
598+ unlink (output_path );
599+ unlink (cert_chain_path );
600+ }
601+
602+ free (cert_chain_buf );
603+ unlink (image_path );
604+ rmdir (tempdir );
605+ }
606+ END_TEST
607+
529608Suite * wolfboot_suite (void )
530609{
531610 Suite * s = suite_create ("sign-encrypted-output" );
@@ -539,6 +618,8 @@ Suite *wolfboot_suite(void)
539618 test_make_header_ex_roundtrip_custom_tlvs_via_wolfboot_parser );
540619 tcase_add_test (tcase ,
541620 test_make_header_ex_roundtrip_finds_tlv_that_exactly_fills_header );
621+ tcase_add_test (tcase ,
622+ test_make_header_ex_keeps_boundary_header_for_sha384_sha3_hybrid_cert_chain );
542623 suite_add_tcase (s , tcase );
543624
544625 return s ;
0 commit comments