Skip to content

Improved encryption constants between the bootloader and the signing tool #660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dgarske wants to merge 1 commit into
base: master
Choose a base branch
from
+42 −26
Open

Improved encryption constants between the bootloader and the signing tool #660

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 22 additions & 10 deletions include/wolfboot/wolfboot.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,21 +499,33 @@ int wolfBoot_dualboot_candidate_addr(void**);
int wolfBoot_get_partition_state(uint8_t part, uint8_t *st);


/* Encryption algorithm constants - always available for tools */
#define ENCRYPT_BLOCK_SIZE_CHACHA 64
#define ENCRYPT_BLOCK_SIZE_AES 16

#define ENCRYPT_KEY_SIZE_CHACHA 32 /* ChaCha20 - 256bit */
#define ENCRYPT_KEY_SIZE_AES128 16 /* AES128 */
#define ENCRYPT_KEY_SIZE_AES256 32 /* AES256 */

#define ENCRYPT_NONCE_SIZE_CHACHA 12 /* 96 bit */
#define ENCRYPT_NONCE_SIZE_AES 16 /* AES IV size */


#ifdef EXT_ENCRYPTED
/* Encryption support */
/* Encryption support - compile-time algorithm selection */

#if defined(ENCRYPT_WITH_CHACHA)
#define ENCRYPT_BLOCK_SIZE 64
#define ENCRYPT_KEY_SIZE 32 /* Chacha20 - 256bit */
#define ENCRYPT_NONCE_SIZE 12 /* 96 bit*/
#define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_CHACHA
#define ENCRYPT_KEY_SIZE ENCRYPT_KEY_SIZE_CHACHA
#define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_CHACHA
#elif defined(ENCRYPT_WITH_AES128)
#define ENCRYPT_BLOCK_SIZE 16
#define ENCRYPT_KEY_SIZE 16 /* AES128 */
#define ENCRYPT_NONCE_SIZE 16 /* AES IV size */
#define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_AES
#define ENCRYPT_KEY_SIZE ENCRYPT_KEY_SIZE_AES128
#define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_AES
#elif defined(ENCRYPT_WITH_AES256)
#define ENCRYPT_BLOCK_SIZE 16
#define ENCRYPT_KEY_SIZE 32 /* AES256 */
#define ENCRYPT_NONCE_SIZE 16 /* AES IV size */
#define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_AES
#define ENCRYPT_KEY_SIZE ENCRYPT_KEY_SIZE_AES256
#define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_AES
#elif defined(ENCRYPT_PKCS11)
#define ENCRYPT_BLOCK_SIZE ENCRYPT_PKCS11_BLOCK_SIZE
/* In this case, the key ID is stored in flash rather than the key itself */
Expand Down
36 changes: 20 additions & 16 deletions tools/keytools/sign.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,9 +206,10 @@ static inline int fp_truncate(FILE *f, size_t len)
#define ENC_AES128 2
#define ENC_AES256 3

#define ENC_BLOCK_SIZE 16
#define ENC_MAX_KEY_SZ 32
#define ENC_MAX_IV_SZ 16
/* Use algorithm-specific constants from wolfboot.h */
#define ENC_MAX_BLOCK_SZ ENCRYPT_BLOCK_SIZE_CHACHA /* 64 - largest block size */
#define ENC_MAX_KEY_SZ ENCRYPT_KEY_SIZE_AES256 /* 32 */
#define ENC_MAX_IV_SZ ENCRYPT_NONCE_SIZE_AES /* 16 */

static void header_append_u32(uint8_t* header, uint32_t* idx, uint32_t tmp32)
{
Expand Down Expand Up @@ -1761,21 +1762,24 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,

if ((CMD.encrypt != ENC_OFF) && CMD.encrypt_key_file) {
uint8_t key[ENC_MAX_KEY_SZ], iv[ENC_MAX_IV_SZ];
uint8_t enc_buf[ENC_BLOCK_SIZE];
int ivSz, keySz;
uint8_t enc_buf[ENC_MAX_BLOCK_SZ];
int ivSz, keySz, encBlockSz;
uint32_t fsize = 0;
switch (CMD.encrypt) {
case ENC_CHACHA:
ivSz = CHACHA_IV_BYTES;
keySz = CHACHA_MAX_KEY_SZ;
ivSz = ENCRYPT_NONCE_SIZE_CHACHA;
keySz = ENCRYPT_KEY_SIZE_CHACHA;
encBlockSz = ENCRYPT_BLOCK_SIZE_CHACHA;
break;
case ENC_AES128:
ivSz = 16;
keySz = 16;
ivSz = ENCRYPT_NONCE_SIZE_AES;
keySz = ENCRYPT_KEY_SIZE_AES128;
encBlockSz = ENCRYPT_BLOCK_SIZE_AES;
break;
case ENC_AES256:
ivSz = 16;
keySz = 32;
ivSz = ENCRYPT_NONCE_SIZE_AES;
keySz = ENCRYPT_KEY_SIZE_AES256;
encBlockSz = ENCRYPT_BLOCK_SIZE_AES;
break;
default:
printf("No valid encryption mode selected\n");
Expand Down Expand Up @@ -1817,9 +1821,9 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
#endif
wc_Chacha_SetKey(&cha, key, sizeof(key));
wc_Chacha_SetIV(&cha, iv, 0);
for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
for (pos = 0; pos < fsize; pos += encBlockSz) {
int fread_retval;
fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
fread_retval = (int)fread(buf, 1, encBlockSz, f);
if ((fread_retval == 0) && feof(f)) {
break;
}
Expand All @@ -1830,14 +1834,14 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
Aes aes_e;
wc_AesInit(&aes_e, NULL, 0);
wc_AesSetKeyDirect(&aes_e, key, keySz, iv, AES_ENCRYPTION);
for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
for (pos = 0; pos < fsize; pos += encBlockSz) {
int fread_retval;
fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
fread_retval = (int)fread(buf, 1, encBlockSz, f);
if ((fread_retval == 0) && feof(f)) {
break;
}
/* Pad with FF if input is too short */
while((fread_retval % ENC_BLOCK_SIZE) != 0) {
while((fread_retval % encBlockSz) != 0) {
buf[fread_retval++] = 0xFF;
}
wc_AesCtrEncrypt(&aes_e, enc_buf, buf, fread_retval);
Expand Down