diff --git a/.github/workflows/test-cryptocb-simulator.yml b/.github/workflows/test-cryptocb-simulator.yml new file mode 100644 index 0000000000..b3c0d3aa49 --- /dev/null +++ b/.github/workflows/test-cryptocb-simulator.yml @@ -0,0 +1,242 @@ +name: test simulator with crypto callback (cryptocb) + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '**' ] + +jobs: + cryptocb_simulator_tests: + runs-on: ubuntu-latest + container: + image: ghcr.io/wolfssl/wolfboot-ci-sim:v1.0 + timeout-minutes: 30 + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - name: Trust workspace + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + + # 64 bit simulator, cryptocb enabled + # + - name: make clean + run: | + make keysclean + + - name: Select config (64 bit simulator) + run: | + cp config/examples/sim.config .config + + - name: Build tools + run: | + make -C tools/keytools && make -C tools/bin-assemble + + # Classical algorithms (each tested once with SPMATH=1) + # Note: ECC uses wc_ecc_verify_hash_ex which bypasses cryptocb PK dispatch, + # so we only verify hash for ECC. ED25519 and RSA dispatch PK through cryptocb. + # + - name: Build wolfboot.elf (ED25519, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ED25519 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ED25519) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC256, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC256 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC256) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC521, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC521 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC521) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA2048, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA2048 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA2048) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA3072, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA3072 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA3072) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA4096, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA4096 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA4096) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + # SHA-384 hash coverage (paired with algorithms that naturally use 384-bit) + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384 + SHA384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 HASH=SHA384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384 + SHA384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-384" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA4096 + SHA384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA4096 HASH=SHA384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA4096 + SHA384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-384" "RSA" + + # SHA3-384 hash coverage + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384 + SHA3-384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 HASH=SHA3 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384 + SHA3-384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA3-384" + + # AES encrypted partition coverage (external flash + AES128-CTR) + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ED25519 + AES128 encrypt, cryptocb) + run: | + cp config/examples/sim-encrypt-update.config .config + make clean && make test-sim-external-flash-with-enc-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ED25519 + AES128 encrypt) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" "AES-CTR" + + # PQ algorithms (each uses its own config, build + test inline) + # + - name: Build and test LMS (cryptocb) + run: | + cp config/examples/sim-lms.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Build and test XMSS (cryptocb) + run: | + cp config/examples/sim-xmss.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Build and test ML-DSA level 2 (cryptocb) + run: | + cp config/examples/sim-ml-dsa.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + - name: Build and test ML-DSA level 3 (cryptocb) + run: | + cp config/examples/sim-ml-dsa3.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + - name: Build and test ML-DSA level 5 (cryptocb) + run: | + cp config/examples/sim-ml-dsa5.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + # Hybrid auth: ML_DSA + ECDSA + # + - name: make clean (hybrid) + run: | + make keysclean + + - name: Select config (hybrid ML_DSA + ECC) + run: | + cp config/examples/sim-ml-dsa-ecc-hybrid.config .config + + - name: Build tools (hybrid) + run: | + make -C tools/keytools && make -C tools/bin-assemble + + - name: Build wolfboot.elf (hybrid, cryptocb) + run: | + make clean && make WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run hybrid boot test with cryptocb verification + run: | + ./wolfboot.elf get_version > sim_cryptocb.log 2>/dev/null + grep -q "sim-cryptocb: hash SHA-256" sim_cryptocb.log || (echo "hash SHA-256 not found" && cat sim_cryptocb.log && exit 1) + grep -q "sim-cryptocb: pk ML-DSA-verify" sim_cryptocb.log || (echo "pk ML-DSA-verify not found" && cat sim_cryptocb.log && exit 1) + echo "Hybrid cryptocb verification passed" diff --git a/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h b/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h index 931be82297..9b7041aab0 100644 --- a/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h @@ -60,6 +60,9 @@ # define WOLF_CRYPTO_CB # define RENESAS_SCE_INSTALLEDKEY_ADDR 0x08001000U # define SCE_ID 7890 +# define RENESAS_DEVID SCE_ID +# define WOLFBOOT_DEVID_PUBKEY SCE_ID +# define WOLFBOOT_DEVID_CRYPT (SCE_ID + 1) # undef VECTOR_Reset_Handler # define VECTOR_Reset_Handler ((uint32_t *)(0x20204)) ... diff --git a/IDE/Renesas/e2studio/RX72N/include/user_settings.h b/IDE/Renesas/e2studio/RX72N/include/user_settings.h index 767bb4c28d..9f7e15f0a7 100644 --- a/IDE/Renesas/e2studio/RX72N/include/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/include/user_settings.h @@ -42,6 +42,8 @@ # define WOLF_CRYPTO_CB # define RENESAS_TSIP_INSTALLEDKEY_ADDR 0xFFFF0000 # define RENESAS_DEVID 7890 +# define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID +# define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) #else #define WOLFBOOT_SIGN_RSA2048 /* #define WOLFBOOT_SIGN_RSA3072 */ diff --git a/IDE/Renesas/e2studio/RZN2L/user_settings.h b/IDE/Renesas/e2studio/RZN2L/user_settings.h index 8f9a0fc015..bc182a7b91 100644 --- a/IDE/Renesas/e2studio/RZN2L/user_settings.h +++ b/IDE/Renesas/e2studio/RZN2L/user_settings.h @@ -56,6 +56,8 @@ #define RENESAS_RSIP_INSTALLEDKEY_FLASH_ADDR 0x60200000 #define RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR 0x10000100 #define RENESAS_DEVID 7890 + #define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID + #define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) #if defined(WOLFBOOT_SIGN_RSA3072) ||\ defined(WOLFBOOT_SIGN_RSA4096) ||\ diff --git a/arch.mk b/arch.mk index f56e3444f7..2630eba2ef 100644 --- a/arch.mk +++ b/arch.mk @@ -504,6 +504,8 @@ ifeq ($(ARCH),RENESAS_RX) ifeq ($(PKA),1) CFLAGS+=-DWOLFBOOT_RENESAS_TSIP + CFLAGS+=-DWOLFBOOT_DEVID_PUBKEY=7890 + CFLAGS+=-DWOLFBOOT_DEVID_CRYPT=7891 RX_DRIVER_PATH?=./lib OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o \ diff --git a/hal/sim.c b/hal/sim.c index 18e7e827f9..765d26d9c7 100644 --- a/hal/sim.c +++ b/hal/sim.c @@ -48,6 +48,66 @@ #include "elf.h" #endif +#if defined(WOLFBOOT_TEST_SIM_CRYPTOCB) && defined(__WOLFBOOT) +#include +#include + +/* Crypto callback that prints dispatched algorithm names to stdout, then + * returns CRYPTOCB_UNAVAILABLE to trigger software fallback. Test scripts + * redirect stdout to a log and grep for "sim-cryptocb: " lines. + * + * NOTE: We only need to support the algorithms used by wolfBoot that also have + * internal support for crypto callbacks. Algorithms like ED448 do not need to + * be handled here since they do not dispatch to a crypto callback internally. + */ +static int sim_cryptocb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + (void)devIdArg; + (void)ctx; + + if (info == NULL) + return CRYPTOCB_UNAVAILABLE; + + if (info->algo_type == WC_ALGO_TYPE_HASH) { + const char* name = "unknown"; + switch (info->hash.type) { + case WC_HASH_TYPE_SHA256: name = "SHA-256"; break; + case WC_HASH_TYPE_SHA384: name = "SHA-384"; break; + case WC_HASH_TYPE_SHA3_384: name = "SHA3-384"; break; + default: break; + } + printf("sim-cryptocb: hash %s\n", name); + } + else if (info->algo_type == WC_ALGO_TYPE_PK) { + const char* name = "unknown"; + switch (info->pk.type) { + case WC_PK_TYPE_RSA: name = "RSA"; break; + case WC_PK_TYPE_ECDSA_VERIFY: name = "ECDSA-verify"; break; + case WC_PK_TYPE_ED25519_VERIFY: name = "ED25519-verify"; break; + #ifdef HAVE_DILITHIUM + case WC_PK_TYPE_PQC_SIG_VERIFY: + name = "ML-DSA-verify"; + break; + #endif + default: break; + } + printf("sim-cryptocb: pk %s\n", name); + } + #if !defined(NO_AES) || !defined(NO_DES3) + else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { + const char* name = "unknown"; + switch (info->cipher.type) { + case WC_CIPHER_AES_CTR: name = "AES-CTR"; break; + default: break; + } + printf("sim-cryptocb: cipher %s\n", name); + } + #endif + + return CRYPTOCB_UNAVAILABLE; +} +#endif /* WOLFBOOT_TEST_SIM_CRYPTOCB && __WOLFBOOT */ + #ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT #include "wolfhsm/wh_error.h" #include "wolfhsm/wh_client.h" @@ -438,6 +498,24 @@ void hal_init(void) else if (strcmp(main_argv[i], "emergency") == 0) forceEmergency = 1; } + +#if defined(WOLFBOOT_TEST_SIM_CRYPTOCB) && defined(__WOLFBOOT) + { + int cb_ret; + wolfCrypt_Init(); + /* simulator WOLFBOOT_DEVID_XXX are all the same, only need to register + * one of them for the sim test - chose hash. */ + cb_ret = wc_CryptoCb_RegisterDevice(WOLFBOOT_DEVID_HASH, + sim_cryptocb, NULL); + if (cb_ret != 0) { + wolfBoot_printf("Failed to register sim crypto callback: %d\n", + cb_ret); + exit(-1); + } + wolfBoot_printf("Registered sim_cryptocb with devId %d\n", + WOLFBOOT_DEVID_HASH); + } +#endif } void ext_flash_lock(void) @@ -583,6 +661,7 @@ void do_boot(const uint32_t *app_offset) } wolfBoot_printf("Stored test-app to memfd, address %p (%zu bytes)\n", app_offset, wret); + fflush(stdout); ret = fexecve(fd, main_argv, envp); wolfBoot_printf( "fexecve error\n"); #endif diff --git a/include/user_settings.h b/include/user_settings.h index c681839c07..f69c166cc1 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -695,6 +695,7 @@ extern int tolower(int c); #define WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY #define RENESAS_SCE_INSTALLEDKEY_ADDR 0x08001000U #define SCE_ID 7890 + #define RENESAS_DEVID SCE_ID #endif #ifdef WOLFBOOT_RENESAS_RSIP #define WOLFSSL_RENESAS_FSPSM @@ -705,6 +706,12 @@ extern int tolower(int c); #define RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR 0x10000100 #define RENESAS_DEVID 7890 #endif + #ifndef WOLFBOOT_DEVID_PUBKEY + #define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID + #endif + #ifndef WOLFBOOT_DEVID_CRYPT + #define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) + #endif #endif #endif /* WOLFBOOT_PKCS11_APP */ @@ -735,4 +742,11 @@ extern int tolower(int c); #define HAVE_UINTPTR_T /* make sure stdint.h is included */ #endif +/* WOLF_CRYPTO_CB requires WC_RNG type for cryptocb.h function declarations. + * Forward-declare as incomplete type — sufficient for WC_RNG* pointers in + * function signatures. We never call functions that dereference WC_RNG. */ +#if defined(WOLF_CRYPTO_CB) && defined(WC_NO_RNG) +typedef struct WC_RNG WC_RNG; +#endif + #endif /* !_WOLFBOOT_USER_SETTINGS_H_ */ diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 6075de6f46..d55399ccdb 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -316,6 +316,19 @@ extern "C" { #define KEY_VERIFY_SELF_ONLY KEY_VERIFY_ONLY_ID(0) #define KEY_VERIFY_APP_ONLY KEY_VERIFY_ONLY_ID(1) +/* HAL crypto device ID abstraction. + * Override per-class via build system -D flags. + * Defaults to INVALID_DEVID (software-only). */ +#ifndef WOLFBOOT_DEVID_HASH + #define WOLFBOOT_DEVID_HASH (-2) /* INVALID_DEVID */ +#endif +#ifndef WOLFBOOT_DEVID_PUBKEY + #define WOLFBOOT_DEVID_PUBKEY (-2) /* INVALID_DEVID */ +#endif +#ifndef WOLFBOOT_DEVID_CRYPT + #define WOLFBOOT_DEVID_CRYPT (-2) /* INVALID_DEVID */ +#endif + #if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH) #include "wolfssl/wolfcrypt/settings.h" diff --git a/options.mk b/options.mk index 3116fc169b..a815b5a1de 100644 --- a/options.mk +++ b/options.mk @@ -1106,6 +1106,18 @@ ifneq ($(WOLFBOOT_PART_ID),) SIGN_OPTIONS+=--id $(WOLFBOOT_PART_ID) endif +# Simulator crypto callback test option +ifeq ($(ARCH),sim) +ifeq ($(WOLFBOOT_TEST_SIM_CRYPTOCB),1) + CFLAGS += -DWOLFBOOT_TEST_SIM_CRYPTOCB + CFLAGS += -DWOLF_CRYPTO_CB + CFLAGS += -DWOLFBOOT_DEVID_HASH=0xCB + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=0xCB + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=0xCB + WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o +endif +endif + # wolfHSM client options ifeq ($(WOLFHSM_CLIENT),1) WOLFCRYPT_OBJS += \ @@ -1139,6 +1151,12 @@ ifeq ($(WOLFHSM_CLIENT),1) CFLAGS += -I"$(WOLFBOOT_LIB_WOLFHSM)" # defines CFLAGS += -DWOLFBOOT_ENABLE_WOLFHSM_CLIENT -DWOLFHSM_CFG_ENABLE_CLIENT + # HAL crypto devId abstraction for wolfHSM client + CFLAGS += -DWOLFBOOT_DEVID_HASH=hsmDevIdHash + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=hsmDevIdPubKey + ifeq ($(ENCRYPT),1) + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=hsmDevIdCrypt + endif # Make sure we export generated public keys so they can be used to load into # HSM out-of-band KEYGEN_OPTIONS += --exportpubkey --der @@ -1197,8 +1215,14 @@ ifeq ($(WOLFHSM_SERVER),1) #includes CFLAGS += -I"$(WOLFBOOT_LIB_WOLFHSM)" - # defines' + # defines CFLAGS += -DWOLFBOOT_ENABLE_WOLFHSM_SERVER -DWOLFHSM_CFG_ENABLE_SERVER + # HAL crypto devId abstraction for wolfHSM server + CFLAGS += -DWOLFBOOT_DEVID_HASH=hsmDevIdHash + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=hsmDevIdPubKey + ifeq ($(ENCRYPT),1) + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=hsmDevIdCrypt + endif # Ensure wolfHSM is configured to use certificate manager if we are # doing cert chain verification diff --git a/src/image.c b/src/image.c index cf434066f3..6b41a3a705 100644 --- a/src/image.c +++ b/src/image.c @@ -141,7 +141,7 @@ static void wolfBoot_verify_signature_ed25519(uint8_t key_slot, { int ret, res; ed25519_key ed; - ret = wc_ed25519_init(&ed); + ret = wc_ed25519_init_ex(&ed, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret < 0) { /* Failed to initialize key */ return; @@ -165,7 +165,7 @@ static void wolfBoot_verify_signature_ed448(uint8_t key_slot, { int ret, res; ed448_key ed; - ret = wc_ed448_init(&ed); + ret = wc_ed448_init_ex(&ed, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret < 0) { /* Failed to initialize key */ return; @@ -227,16 +227,7 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, } #endif -#if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ - defined(WOLFBOOT_RENESAS_TSIP) || \ - defined(WOLFBOOT_RENESAS_RSIP) - ret = wc_ecc_init_ex(&ecc, NULL, RENESAS_DEVID); -#elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ - defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) - ret = wc_ecc_init_ex(&ecc, NULL, hsmDevIdPubKey); -#else - ret = wc_ecc_init(&ecc); -#endif + ret = wc_ecc_init_ex(&ecc, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { #if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ @@ -450,7 +441,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, #if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ defined(WOLFBOOT_RENESAS_TSIP) || \ defined(WOLFBOOT_RENESAS_RSIP) - ret = wc_InitRsaKey_ex(&rsa, NULL, RENESAS_DEVID); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE); RSA_VERIFY_FN(ret, @@ -463,7 +454,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, (void)digest_out; #elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) - ret = wc_InitRsaKey_ex(&rsa, NULL, hsmDevIdPubKey); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { return; } @@ -533,7 +524,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, #endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ #else /* wolfCrypt software RSA verify */ - ret = wc_InitRsaKey(&rsa, NULL); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { /* Import public key */ ret = wc_RsaPublicKeyDecode((byte*)pubkey, &inOutIdx, &rsa, pubkey_sz); @@ -585,7 +576,7 @@ static void wolfBoot_verify_signature_lms(uint8_t key_slot, return; } - ret = wc_LmsKey_Init(&lms, NULL, INVALID_DEVID); + ret = wc_LmsKey_Init(&lms, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_LmsKey_Init returned %d\n", ret); return; @@ -653,7 +644,7 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot, return; } - ret = wc_XmssKey_Init(&xmss, NULL, INVALID_DEVID); + ret = wc_XmssKey_Init(&xmss, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_XmssKey_Init returned %d\n", ret); return; @@ -726,11 +717,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, } #endif -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - ret = wc_MlDsaKey_Init(&ml_dsa, NULL, hsmDevIdPubKey); -#else - ret = wc_MlDsaKey_Init(&ml_dsa, NULL, INVALID_DEVID); -#endif + ret = wc_MlDsaKey_Init(&ml_dsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_MlDsaKey_Init returned %d\n", ret); @@ -983,11 +970,7 @@ static int header_sha256(wc_Sha256 *sha256_ctx, struct wolfBoot_image *img) stored_sha_len = get_header(img, HDR_SHA256, &stored_sha); if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - (void)wc_InitSha256_ex(sha256_ctx, NULL, hsmDevIdHash); -#else - wc_InitSha256(sha256_ctx); -#endif + (void)wc_InitSha256_ex(sha256_ctx, NULL, WOLFBOOT_DEVID_HASH); end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ while (p < end_sha) { blksz = WOLFBOOT_SHA_BLOCK_SIZE; @@ -1049,7 +1032,7 @@ static void key_sha256(uint8_t key_slot, uint8_t *hash) if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha256(&sha256_ctx); + (void)wc_InitSha256_ex(&sha256_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha256Update(&sha256_ctx, pubkey, (word32)pubkey_sz); wc_Sha256Final(&sha256_ctx, hash); wc_Sha256Free(&sha256_ctx); @@ -1074,11 +1057,7 @@ static int header_sha384(wc_Sha384 *sha384_ctx, struct wolfBoot_image *img) stored_sha_len = get_header(img, HDR_SHA384, &stored_sha); if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - (void)wc_InitSha384_ex(sha384_ctx, NULL, hsmDevIdHash); -#else - wc_InitSha384(sha384_ctx); -#endif + (void)wc_InitSha384_ex(sha384_ctx, NULL, WOLFBOOT_DEVID_HASH); end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ while (p < end_sha) { blksz = WOLFBOOT_SHA_BLOCK_SIZE; @@ -1148,7 +1127,7 @@ static void key_sha384(uint8_t key_slot, uint8_t *hash) if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha384(&sha384_ctx); + (void)wc_InitSha384_ex(&sha384_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha384Update(&sha384_ctx, pubkey, (word32)pubkey_sz); wc_Sha384Final(&sha384_ctx, hash); wc_Sha384Free(&sha384_ctx); @@ -1175,7 +1154,7 @@ static int header_sha3_384(wc_Sha3 *sha3_ctx, struct wolfBoot_image *img) stored_sha_len = get_header(img, HDR_SHA3_384, &stored_sha); if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; - wc_InitSha3_384(sha3_ctx, NULL, INVALID_DEVID); + (void)wc_InitSha3_384(sha3_ctx, NULL, WOLFBOOT_DEVID_HASH); end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ while (p < end_sha) { blksz = WOLFBOOT_SHA_BLOCK_SIZE; @@ -1242,7 +1221,7 @@ static void key_sha3_384(uint8_t key_slot, uint8_t *hash) memset(hash, 0, WC_SHA3_384_DIGEST_SIZE); if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha3_384(&sha3_ctx, NULL, INVALID_DEVID); + (void)wc_InitSha3_384(&sha3_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha3_384_Update(&sha3_ctx, pubkey, (word32)pubkey_sz); wc_Sha3_384_Final(&sha3_ctx, hash); wc_Sha3_384_Free(&sha3_ctx); diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 8d52712ae9..67d593039a 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1771,7 +1771,6 @@ Aes aes_dec, aes_enc; */ int aes_init(void) { - int devId = INVALID_DEVID; int ret = 0; #if defined(CUSTOM_ENCRYPT_KEY) && !defined(WOLFBOOT_RENESAS_TSIP) uint8_t stored_nonce[ENCRYPT_NONCE_SIZE]; @@ -1782,7 +1781,6 @@ int aes_init(void) #endif #ifdef WOLFBOOT_RENESAS_TSIP wrap_enc_key_t* enc_key; - devId = RENESAS_DEVID + 1; enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR; key = enc_key->encrypted_user_key; stored_nonce = enc_key->initial_vector; @@ -1806,8 +1804,8 @@ int aes_init(void) XMEMSET(&aes_enc, 0, sizeof(aes_enc)); XMEMSET(&aes_dec, 0, sizeof(aes_dec)); - wc_AesInit(&aes_enc, NULL, devId); - wc_AesInit(&aes_dec, NULL, devId); + wc_AesInit(&aes_enc, NULL, WOLFBOOT_DEVID_CRYPT); + wc_AesInit(&aes_dec, NULL, WOLFBOOT_DEVID_CRYPT); if (!encrypt_key_is_valid(key, ENCRYPT_KEY_SIZE)) { ret = -1; @@ -1834,7 +1832,7 @@ int aes_init(void) XMEMCPY(&aes_dec.ctx, &aes_enc.ctx, sizeof(aes_enc.ctx)); /* register AES crypto callback */ - wc_CryptoCb_RegisterDevice(devId, wc_tsip_AesCipher, NULL); + wc_CryptoCb_RegisterDevice(WOLFBOOT_DEVID_CRYPT, wc_tsip_AesCipher, NULL); #endif /* WOLFBOOT_RENESAS_TSIP */ /* AES_ENCRYPTION is used for both directions in CTR diff --git a/tools/scripts/sim-cryptocb-sunnyday-update.sh b/tools/scripts/sim-cryptocb-sunnyday-update.sh new file mode 100755 index 0000000000..647fd7cf71 --- /dev/null +++ b/tools/scripts/sim-cryptocb-sunnyday-update.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Sunnyday update test with cryptocb dispatch verification. +# stdout is redirected to sim_cryptocb.log which contains both +# sim_cryptocb output ("sim-cryptocb: ...") and the test-app +# version number. Version is extracted by filtering out crypto lines. +# +# Usage: sim-cryptocb-sunnyday-update.sh [expected_pk] [expected_cipher] +# Example: sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" +# Example: sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" "AES-CTR" +# + +LOGFILE="sim_cryptocb.log" + +if [ $# -lt 1 ]; then + echo "usage: $0 [expected_pk] [expected_cipher]" + exit 1 +fi + +EXPECTED_HASH=$1 +EXPECTED_PK=${2:-} +EXPECTED_CIPHER=${3:-} + +# First boot: update_trigger + get_version (stdout -> log) +./wolfboot.elf update_trigger get_version > $LOGFILE 2>/dev/null +V=$(grep -v "^sim-cryptocb:" $LOGFILE | tail -1) +if [ "x$V" != "x1" ]; then + echo "Failed first boot with update_trigger (V: $V)" + cat $LOGFILE + exit 1 +fi + +# Second boot: success + get_version (stdout -> log) +./wolfboot.elf success get_version > $LOGFILE 2>/dev/null +V=$(grep -v "^sim-cryptocb:" $LOGFILE | tail -1) +if [ "x$V" != "x2" ]; then + echo "Failed update (V: $V)" + cat $LOGFILE + exit 1 +fi + +# Verify crypto callback log entries +if ! grep -q "sim-cryptocb: hash $EXPECTED_HASH" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: hash $EXPECTED_HASH' not found" + cat $LOGFILE + exit 1 +fi +echo "Verified: hash $EXPECTED_HASH dispatched through cryptocb" + +# Optional PK verification (skip for ECC which bypasses cryptocb PK dispatch) +if [ -n "$EXPECTED_PK" ]; then + if ! grep -q "sim-cryptocb: pk $EXPECTED_PK" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: pk $EXPECTED_PK' not found" + cat $LOGFILE + exit 1 + fi + echo "Verified: pk $EXPECTED_PK dispatched through cryptocb" +fi + +# Optional Cipher verification (for encrypted partition tests) +if [ -n "$EXPECTED_CIPHER" ]; then + if ! grep -q "sim-cryptocb: cipher $EXPECTED_CIPHER" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: cipher $EXPECTED_CIPHER' not found" + cat $LOGFILE + exit 1 + fi + echo "Verified: cipher $EXPECTED_CIPHER dispatched through cryptocb" +fi + +echo Test successful. +exit 0 diff --git a/tools/unit-tests/unit-image.c b/tools/unit-tests/unit-image.c index fef59d2c95..d2245ba4cb 100644 --- a/tools/unit-tests/unit-image.c +++ b/tools/unit-tests/unit-image.c @@ -360,8 +360,11 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr) } } -#if defined(WOLFBOOT_SIGN_ECC256) -int wc_ecc_init(ecc_key* key) { +#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || \ + defined(WOLFBOOT_SIGN_ECC521) +int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) { + (void)heap; + (void)devId; if (ecc_init_fail) return -1; return 0; @@ -460,10 +463,11 @@ END_TEST defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \ defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \ defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) -int wc_InitRsaKey(RsaKey* key, void* heap) +int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { (void)key; (void)heap; + (void)devId; return 0; }