Skip to content

Commit d550f66

Browse files
bigbrettbigbrett
committed
Fix XMSS and ML_DSA keygen type mismatch between image headers and keystore by unifying AUTH_KEY_*/KEYGEN_* constants
1 parent e30ca2d commit d550f66

2 files changed

Lines changed: 56 additions & 64 deletions

File tree

include/wolfboot/wolfboot.h

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,7 @@ extern "C" {
215215
#define HDR_PADDING 0xFF
216216

217217
/* Auth Key types */
218+
#define AUTH_KEY_NONE 0x00
218219
#define AUTH_KEY_ED25519 0x01
219220
#define AUTH_KEY_ECC256 0x02
220221
#define AUTH_KEY_RSA2048 0x03
@@ -224,9 +225,9 @@ extern "C" {
224225
#define AUTH_KEY_ECC521 0x07
225226
#define AUTH_KEY_RSA3072 0x08
226227
#define AUTH_KEY_LMS 0x09
227-
/* 0x0A...0x0F reserved */
228-
#define AUTH_KEY_XMSS 0x10
229-
#define AUTH_KEY_ML_DSA 0x11
228+
#define AUTH_KEY_XMSS 0x0A
229+
#define AUTH_KEY_ML_DSA 0x0B
230+
#define AUTH_KEY_NUM 0x0C
230231

231232
/*
232233
* 8 bits: auth type

tools/keytools/keygen.c

Lines changed: 52 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -96,19 +96,6 @@
9696
#include "wolfboot/wolfboot.h"
9797

9898

99-
#define KEYGEN_NONE 0
100-
#define KEYGEN_ED25519 1
101-
#define KEYGEN_ECC256 2
102-
#define KEYGEN_RSA2048 3
103-
#define KEYGEN_RSA4096 4
104-
#define KEYGEN_ED448 5
105-
#define KEYGEN_ECC384 6
106-
#define KEYGEN_ECC521 7
107-
#define KEYGEN_RSA3072 8
108-
#define KEYGEN_LMS 9
109-
#define KEYGEN_XMSS 10
110-
#define KEYGEN_ML_DSA 11
111-
11299
/* Globals */
113100
static FILE *fpub, *fpub_image;
114101
static int force = 0;
@@ -425,34 +412,34 @@ static uint32_t get_pubkey_size(uint32_t keyType)
425412
uint32_t size = 0;
426413

427414
switch (keyType) {
428-
case KEYGEN_ED25519:
415+
case AUTH_KEY_ED25519:
429416
size = KEYSTORE_PUBKEY_SIZE_ED25519;
430417
break;
431-
case KEYGEN_ED448:
418+
case AUTH_KEY_ED448:
432419
size = KEYSTORE_PUBKEY_SIZE_ED448;
433420
break;
434-
case KEYGEN_ECC256:
421+
case AUTH_KEY_ECC256:
435422
size = KEYSTORE_PUBKEY_SIZE_ECC256;
436423
break;
437-
case KEYGEN_ECC384:
424+
case AUTH_KEY_ECC384:
438425
size = KEYSTORE_PUBKEY_SIZE_ECC384;
439426
break;
440-
case KEYGEN_RSA2048:
427+
case AUTH_KEY_RSA2048:
441428
size = KEYSTORE_PUBKEY_SIZE_RSA2048;
442429
break;
443-
case KEYGEN_RSA3072:
430+
case AUTH_KEY_RSA3072:
444431
size = KEYSTORE_PUBKEY_SIZE_RSA3072;
445432
break;
446-
case KEYGEN_RSA4096:
433+
case AUTH_KEY_RSA4096:
447434
size = KEYSTORE_PUBKEY_SIZE_RSA4096;
448435
break;
449-
case KEYGEN_LMS:
436+
case AUTH_KEY_LMS:
450437
size = KEYSTORE_PUBKEY_SIZE_LMS;
451438
break;
452-
case KEYGEN_XMSS:
439+
case AUTH_KEY_XMSS:
453440
size = KEYSTORE_PUBKEY_SIZE_XMSS;
454441
break;
455-
case KEYGEN_ML_DSA:
442+
case AUTH_KEY_ML_DSA:
456443
{
457444
char *env_ml_dsa_level = getenv("ML_DSA_LEVEL");
458445
if (env_ml_dsa_level == NULL) {
@@ -514,6 +501,10 @@ void keystore_add(uint32_t ktype, uint8_t *key, uint32_t sz, const char *keyfile
514501

515502
memset(&sl, 0, sizeof(sl));
516503
sl.slot_id = id_slot;
504+
if (ktype >= AUTH_KEY_NUM) {
505+
fprintf(stderr, "error: unknown key type %u\n", ktype);
506+
exit(1);
507+
}
517508
sl.key_type = ktype;
518509
sl.part_id_mask = id_mask;
519510

@@ -584,11 +575,11 @@ static void keygen_rsa(const char *keyfile, int kbits, uint32_t id_mask)
584575
}
585576

586577
if (kbits == 2048)
587-
keystore_add(KEYGEN_RSA2048, pub_der, publen, keyfile, id_mask);
578+
keystore_add(AUTH_KEY_RSA2048, pub_der, publen, keyfile, id_mask);
588579
else if (kbits == 3072)
589-
keystore_add(KEYGEN_RSA3072, pub_der, publen, keyfile, id_mask);
580+
keystore_add(AUTH_KEY_RSA3072, pub_der, publen, keyfile, id_mask);
590581
else if (kbits == 4096)
591-
keystore_add(KEYGEN_RSA4096, pub_der, publen, keyfile, id_mask);
582+
keystore_add(AUTH_KEY_RSA4096, pub_der, publen, keyfile, id_mask);
592583
}
593584

594585
#define MAX_ECC_KEY_SIZE 66
@@ -688,11 +679,11 @@ static void keygen_ecc(const char *priv_fname, uint16_t ecc_key_size,
688679
memcpy(k_buffer + ecc_key_size, Qy, ecc_key_size);
689680

690681
if (ecc_key_size == 32)
691-
keystore_add(KEYGEN_ECC256, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
682+
keystore_add(AUTH_KEY_ECC256, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
692683
else if (ecc_key_size == 48)
693-
keystore_add(KEYGEN_ECC384, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
684+
keystore_add(AUTH_KEY_ECC384, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
694685
else if (ecc_key_size == 66)
695-
keystore_add(KEYGEN_ECC521, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
686+
keystore_add(AUTH_KEY_ECC521, k_buffer, 2 * ecc_key_size, priv_fname, id_mask);
696687
}
697688

698689

@@ -730,7 +721,7 @@ static void keygen_ed25519(const char *privkey, uint32_t id_mask)
730721
}
731722
}
732723

733-
keystore_add(KEYGEN_ED25519, pub, ED25519_PUB_KEY_SIZE, privkey, id_mask);
724+
keystore_add(AUTH_KEY_ED25519, pub, ED25519_PUB_KEY_SIZE, privkey, id_mask);
734725
}
735726

736727
static void keygen_ed448(const char *privkey, uint32_t id_mask)
@@ -767,7 +758,7 @@ static void keygen_ed448(const char *privkey, uint32_t id_mask)
767758
}
768759
}
769760

770-
keystore_add(KEYGEN_ED448, pub, ED448_PUB_KEY_SIZE, privkey, id_mask);
761+
keystore_add(AUTH_KEY_ED448, pub, ED448_PUB_KEY_SIZE, privkey, id_mask);
771762
}
772763

773764
#include "../lms/lms_common.h"
@@ -868,7 +859,7 @@ static void keygen_lms(const char *priv_fname, uint32_t id_mask)
868859
}
869860
}
870861

871-
keystore_add(KEYGEN_LMS, lms_pub, KEYSTORE_PUBKEY_SIZE_LMS, priv_fname, id_mask);
862+
keystore_add(AUTH_KEY_LMS, lms_pub, KEYSTORE_PUBKEY_SIZE_LMS, priv_fname, id_mask);
872863

873864
wc_LmsKey_Free(&key);
874865
}
@@ -968,7 +959,7 @@ static void keygen_xmss(const char *priv_fname, uint32_t id_mask)
968959
}
969960

970961

971-
keystore_add(KEYGEN_XMSS, xmss_pub, KEYSTORE_PUBKEY_SIZE_XMSS, priv_fname, id_mask);
962+
keystore_add(AUTH_KEY_XMSS, xmss_pub, KEYSTORE_PUBKEY_SIZE_XMSS, priv_fname, id_mask);
972963

973964
wc_XmssKey_Free(&key);
974965
}
@@ -1144,7 +1135,7 @@ static void keygen_ml_dsa(const char *priv_fname, uint32_t id_mask)
11441135
}
11451136
}
11461137

1147-
keystore_add(KEYGEN_ML_DSA, pub, pub_len, priv_fname, id_mask);
1138+
keystore_add(AUTH_KEY_ML_DSA, pub, pub_len, priv_fname, id_mask);
11481139

11491140
wc_MlDsaKey_Free(&key);
11501141
free(priv);
@@ -1185,55 +1176,55 @@ static void key_generate(uint32_t ktype, const char *kfilename, uint32_t id_mask
11851176

11861177
switch (ktype) {
11871178
#ifdef HAVE_ED25519
1188-
case KEYGEN_ED25519:
1179+
case AUTH_KEY_ED25519:
11891180
keygen_ed25519(kfilename, id_mask);
11901181
break;
11911182
#endif
11921183

11931184
#ifdef HAVE_ED448
1194-
case KEYGEN_ED448:
1185+
case AUTH_KEY_ED448:
11951186
keygen_ed448(kfilename, id_mask);
11961187
break;
11971188
#endif
11981189

11991190
#ifdef HAVE_ECC
1200-
case KEYGEN_ECC256:
1191+
case AUTH_KEY_ECC256:
12011192
keygen_ecc(kfilename, 32, id_mask);
12021193
break;
1203-
case KEYGEN_ECC384:
1194+
case AUTH_KEY_ECC384:
12041195
keygen_ecc(kfilename, 48, id_mask);
12051196
break;
1206-
case KEYGEN_ECC521:
1197+
case AUTH_KEY_ECC521:
12071198
keygen_ecc(kfilename, 66, id_mask);
12081199
break;
12091200
#endif
12101201

12111202
#ifndef NO_RSA
1212-
case KEYGEN_RSA2048:
1203+
case AUTH_KEY_RSA2048:
12131204
keygen_rsa(kfilename, 2048, id_mask);
12141205
break;
1215-
case KEYGEN_RSA3072:
1206+
case AUTH_KEY_RSA3072:
12161207
keygen_rsa(kfilename, 3072, id_mask);
12171208
break;
1218-
case KEYGEN_RSA4096:
1209+
case AUTH_KEY_RSA4096:
12191210
keygen_rsa(kfilename, 4096, id_mask);
12201211
break;
12211212
#endif
12221213

12231214
#ifdef WOLFSSL_HAVE_LMS
1224-
case KEYGEN_LMS:
1215+
case AUTH_KEY_LMS:
12251216
keygen_lms(kfilename, id_mask);
12261217
break;
12271218
#endif
12281219

12291220
#ifdef WOLFSSL_HAVE_XMSS
1230-
case KEYGEN_XMSS:
1221+
case AUTH_KEY_XMSS:
12311222
keygen_xmss(kfilename, id_mask);
12321223
break;
12331224
#endif
12341225

12351226
#ifdef WOLFSSL_WC_DILITHIUM
1236-
case KEYGEN_ML_DSA:
1227+
case AUTH_KEY_ML_DSA:
12371228
keygen_ml_dsa(kfilename, id_mask);
12381229
break;
12391230
#endif
@@ -1276,8 +1267,8 @@ static void key_import(uint32_t ktype, const char *fname, uint32_t id_mask)
12761267
keySz = get_pubkey_size(ktype);
12771268

12781269
if (readLen > (int)keySz) {
1279-
if (ktype == KEYGEN_ECC256 || ktype == KEYGEN_ECC384 ||
1280-
ktype == KEYGEN_ECC521) {
1270+
if (ktype == AUTH_KEY_ECC256 || ktype == AUTH_KEY_ECC384 ||
1271+
ktype == AUTH_KEY_ECC521) {
12811272
initKey = ret = wc_EccPublicKeyDecode(buf, &keySzOut, eccKey, readLen);
12821273

12831274
if (ret == 0) {
@@ -1288,7 +1279,7 @@ static void key_import(uint32_t ktype, const char *fname, uint32_t id_mask)
12881279
if (initKey == 0)
12891280
wc_ecc_free(eccKey);
12901281
}
1291-
else if (ktype == KEYGEN_ED25519) {
1282+
else if (ktype == AUTH_KEY_ED25519) {
12921283
initKey = ret = wc_Ed25519PublicKeyDecode(buf, &keySzOut,
12931284
ed25519Key, readLen);
12941285
if (ret < 0)
@@ -1302,7 +1293,7 @@ static void key_import(uint32_t ktype, const char *fname, uint32_t id_mask)
13021293
if (initKey == 0)
13031294
wc_ed25519_free(ed25519Key);
13041295
}
1305-
else if (ktype == KEYGEN_ED448) {
1296+
else if (ktype == AUTH_KEY_ED448) {
13061297
initKey = ret = wc_Ed448PublicKeyDecode(buf, &keySzOut,
13071298
ed448Key, readLen);
13081299

@@ -1368,42 +1359,42 @@ int main(int argc, char** argv)
13681359
for (i = 1; i < argc; i++) {
13691360
/* Parse Arguments */
13701361
if (strcmp(argv[i], "--ed25519") == 0) {
1371-
keytype = KEYGEN_ED25519;
1362+
keytype = AUTH_KEY_ED25519;
13721363
}
13731364
else if (strcmp(argv[i], "--ed448") == 0) {
1374-
keytype = KEYGEN_ED448;
1365+
keytype = AUTH_KEY_ED448;
13751366
}
13761367
else if (strcmp(argv[i], "--ecc256") == 0) {
1377-
keytype = KEYGEN_ECC256;
1368+
keytype = AUTH_KEY_ECC256;
13781369
}
13791370
else if (strcmp(argv[i], "--ecc384") == 0) {
1380-
keytype = KEYGEN_ECC384;
1371+
keytype = AUTH_KEY_ECC384;
13811372
}
13821373
else if (strcmp(argv[i], "--ecc521") == 0) {
1383-
keytype = KEYGEN_ECC521;
1374+
keytype = AUTH_KEY_ECC521;
13841375
}
13851376
else if (strcmp(argv[i], "--rsa2048") == 0) {
1386-
keytype = KEYGEN_RSA2048;
1377+
keytype = AUTH_KEY_RSA2048;
13871378
}
13881379
else if (strcmp(argv[i], "--rsa3072") == 0) {
1389-
keytype = KEYGEN_RSA3072;
1380+
keytype = AUTH_KEY_RSA3072;
13901381
}
13911382
else if (strcmp(argv[i], "--rsa4096") == 0) {
1392-
keytype = KEYGEN_RSA4096;
1383+
keytype = AUTH_KEY_RSA4096;
13931384
}
13941385
#if defined(WOLFSSL_HAVE_LMS)
13951386
else if (strcmp(argv[i], "--lms") == 0) {
1396-
keytype = KEYGEN_LMS;
1387+
keytype = AUTH_KEY_LMS;
13971388
}
13981389
#endif
13991390
#if defined(WOLFSSL_HAVE_XMSS)
14001391
else if (strcmp(argv[i], "--xmss") == 0) {
1401-
keytype = KEYGEN_XMSS;
1392+
keytype = AUTH_KEY_XMSS;
14021393
}
14031394
#endif
14041395
#if defined(WOLFSSL_WC_DILITHIUM)
14051396
else if (strcmp(argv[i], "--ml_dsa") == 0) {
1406-
keytype = KEYGEN_ML_DSA;
1397+
keytype = AUTH_KEY_ML_DSA;
14071398
}
14081399
#endif
14091400
else if (strcmp(argv[i], "--force") == 0) {
@@ -1465,7 +1456,7 @@ int main(int argc, char** argv)
14651456
}
14661457
}
14671458
printf("Keytype: %s\n", KName[keytype]);
1468-
if (keytype == 0)
1459+
if (keytype == AUTH_KEY_NONE)
14691460
exit(0);
14701461
fpub = fopen(pubkeyfile, "rb");
14711462
if (!force && (fpub != NULL)) {

0 commit comments

Comments
 (0)