LMS wolfBoot support.

Author: philljj

config/examples/sim-lms.config

@@ -0,0 +1,50 @@
+# LMS/HSS signature example, based on sim.config example.
+#
+# LMS/HSS is a post-quantum, stateful, hash-based signature scheme.
+#
+# The acceptable parameter values are those in RFC8554:
+#   levels = {1..8}
+#   height = {5, 10, 15, 20, 25}
+#   winternitz = {1, 2, 4, 8}
+#
+# The number of available signatures is:
+#   N = 2 ** (levels * height)
+#
+# LMS/HSS Signature sizes are directly proportional to the levels parm,
+# and inversely proportional to Winternitz. They grow only modestly with
+# the height.
+#
+# Key generation time is strongly determined by the height of the first
+# level tree.
+#
+# Use the helper script
+#   tools/lms/lms_siglen
+# to calculate your signature length given the chosen levels, height,
+# Winternitz values.
+#
+
+ARCH=sim
+TARGET=sim
+SIGN?=LMS
+HASH?=SHA256
+LMS_LEVELS=2
+LMS_HEIGHT=5
+LMS_WINTERNITZ=8
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+IMAGE_SIGNATURE_SIZE=2644
+IMAGE_HEADER_SIZE?=5288
+
+# it should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

include/loader.h

@@ -61,6 +61,12 @@ extern "C" {
     extern const unsigned char rsa4096_pub_key[];
     extern unsigned int rsa4096_pub_key_len;
 #   define IMAGE_SIGNATURE_SIZE (512)
+#elif defined(WOLFBOOT_SIGN_LMS)
+    /* Because signature size in LMS is function of
+     * LMS variables, IMAGE_SIGNATURE_SIZE is set in
+     * options.mk from the .config file. */
+    extern const unsigned char lms_pub_key[];
+    extern unsigned int lms_pub_key_len;
 #elif !defined(WOLFBOOT_NO_SIGN)
 #   error "No public key available for given signing algorithm."
 #endif /* Algorithm selection */

include/wolfboot/wolfboot.h

@@ -80,6 +80,7 @@ extern "C" {
 #define AUTH_KEY_ECC384  0x06
 #define AUTH_KEY_ECC521  0x07
 #define AUTH_KEY_RSA3072 0x08
+#define AUTH_KEY_LMS     0x09
 
 
 
@@ -99,6 +100,7 @@ extern "C" {
 #define HDR_IMG_TYPE_AUTH_ECC384  (AUTH_KEY_ECC384  << 8)
 #define HDR_IMG_TYPE_AUTH_ECC521  (AUTH_KEY_ECC521  << 8)
 #define HDR_IMG_TYPE_AUTH_RSA3072 (AUTH_KEY_RSA3072 << 8)
+#define HDR_IMG_TYPE_AUTH_LMS     (AUTH_KEY_LMS     << 8)
 
 #define HDR_IMG_TYPE_DIFF         0x00D0
 
@@ -115,6 +117,7 @@ extern "C" {
  #define KEYSTORE_PUBKEY_SIZE_RSA2048 320
  #define KEYSTORE_PUBKEY_SIZE_RSA3072 448
  #define KEYSTORE_PUBKEY_SIZE_RSA4096 576
+ #define KEYSTORE_PUBKEY_SIZE_LMS     60
 
 /* Mask for key permissions */
  #define KEY_VERIFY_ALL         (0xFFFFFFFFU)
@@ -194,6 +197,9 @@ extern "C" {
  #elif defined(WOLFBOOT_SIGN_RSA4096)
  #   define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_RSA4096
  #   define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_RSA4096
+ #elif defined(WOLFBOOT_SIGN_LMS)
+ #   define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_LMS
+ #   define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_LMS
  #else
  #   error "No valid authentication mechanism selected. " \
            "Please select a valid SIGN= option."

options.mk

@@ -286,6 +286,53 @@ ifeq ($(SIGN),RSA4096)
   endif
 endif
 
+ifeq ($(SIGN),LMS)
+  # In LMS the signature size is a function of the LMS parameters.
+  # All five of these parms must be set in the LMS .config file:
+  #   LMS_LEVELS, LMS_HEIGHT, LMS_WINTERNITZ, IMAGE_SIGNATURE_SIZE,
+  #   IMAGE_HEADER_SIZE
+
+  ifndef LMS_LEVELS
+    $(error LMS_LEVELS not set)
+  endif
+
+  ifndef LMS_HEIGHT
+    $(error LMS_HEIGHT not set)
+  endif
+
+  ifndef LMS_WINTERNITZ
+    $(error LMS_WINTERNITZ not set)
+  endif
+
+  ifndef IMAGE_SIGNATURE_SIZE
+    $(error IMAGE_SIGNATURE_SIZE not set)
+  endif
+
+  ifndef IMAGE_HEADER_SIZE
+    $(error IMAGE_HEADER_SIZE not set)
+  endif
+
+  LMSDIR = lib/hash-sigs
+  KEYGEN_OPTIONS+=--lms
+  SIGN_OPTIONS+=--lms
+  WOLFCRYPT_OBJS+= \
+    ./lib/wolfssl/wolfcrypt/src/ext_lms.o \
+    ./lib/wolfssl/wolfcrypt/src/hash.o \
+    ./lib/wolfssl/wolfcrypt/src/memory.o \
+    ./lib/wolfssl/wolfcrypt/src/wc_port.o
+  CFLAGS+=-D"WOLFBOOT_SIGN_LMS" -D"WOLFSSL_HAVE_LMS" -D"HAVE_LIBLMS" \
+    -D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
+    -D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)" -I"$(LMSDIR)" \
+    -D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
+    -D"PRINTF_ENABLED"
+  LD_END_GROUP+=-L./$(LMSDIR) -l:hss_lib.a
+  ifeq ($(WOLFBOOT_SMALL_STACK),1)
+    $(error WOLFBOOT_SMALL_STACK with LMS not supported)
+  else
+    STACK_USAGE=18064
+  endif
+endif
+
 
 ifeq ($(USE_GCC_HEADLESS),1)
   CFLAGS+="-Wstack-usage=$(STACK_USAGE)"

src/image.c

@@ -372,6 +372,80 @@ static void wolfBoot_verify_signature(uint8_t key_slot,
 #endif /* WOLFBOOT_SIGN_RSA2048 || WOLFBOOT_SIGN_3072 || \
         * WOLFBOOT_SIGN_RSA4096 */
 
+#ifdef WOLFBOOT_SIGN_LMS
+#include <wolfssl/wolfcrypt/lms.h>
+#ifdef HAVE_LIBLMS
+    #include <wolfssl/wolfcrypt/ext_lms.h>
+#endif
+
+static void wolfBoot_verify_signature(uint8_t key_slot,
+        struct wolfBoot_image *img, uint8_t *sig)
+{
+    int       ret = 0;
+    LmsKey    lms;
+    word32    pub_len = 0;
+    uint8_t * pubkey = NULL;
+
+    wolfBoot_printf("info: LMS wolfBoot_verify_signature\n");
+
+    pubkey = keystore_get_buffer(key_slot);
+    if (pubkey == NULL) {
+        wolfBoot_printf("error: Lms pubkey not found\n");
+        return;
+    }
+
+    ret = wc_LmsKey_Init(&lms, NULL, INVALID_DEVID);
+    if (ret != 0) {
+        wolfBoot_printf("error: wc_LmsKey_Init returned %d\n", ret);
+        return;
+    }
+
+    /* Set the LMS parameters. */
+    ret = wc_LmsKey_SetParameters(&lms, LMS_LEVELS, LMS_HEIGHT,
+                                  LMS_WINTERNITZ);
+    if (ret != 0) {
+        /* Something is wrong with the pub key or LMS parameters. */
+        wolfBoot_printf("error: wc_LmsKey_SetParameters(%d, %d, %d)" \
+                        " returned %d\n", LMS_LEVELS, LMS_HEIGHT,
+                        LMS_WINTERNITZ, ret);
+        return;
+    }
+
+    wolfBoot_printf("info: using LMS parameters: L%d-H%d-W%d\n", LMS_LEVELS,
+                    LMS_HEIGHT, LMS_WINTERNITZ);
+
+    /* Set the public key. */
+    XMEMCPY(lms.pub, pubkey, KEYSTORE_PUBKEY_SIZE);
+
+    ret = wc_LmsKey_GetPubLen(&lms, &pub_len);
+
+    if (ret != 0) {
+        /* Something is wrong with the pub key or LMS parameters. */
+        wolfBoot_printf("error: wc_LmsKey_GetPubLen %d\n", ret);
+        return;
+    }
+
+    if (pub_len != KEYSTORE_PUBKEY_SIZE) {
+        /* Something is wrong with the pub key or LMS parameters. */
+        wolfBoot_printf("error: wc_LmsKey_GetPubLen mismatch: "\
+                        " got %d, expected %d\n", pub_len,
+                        KEYSTORE_PUBKEY_SIZE);
+        return;
+    }
+
+    ret = wc_LmsKey_Verify(&lms, sig, IMAGE_SIGNATURE_SIZE, img->sha_hash,
+                           WOLFBOOT_SHA_DIGEST_SIZE);
+
+    if (ret == 0) {
+        wolfBoot_printf("info: wc_LmsKey_Verify returned OK\n");
+        wolfBoot_image_confirm_signature_ok(img);
+    }
+    else {
+        wolfBoot_printf("error: wc_LmsKey_Verify returned %d\n", ret);
+    }
+}
+#endif /* WOLFBOOT_SIGN_LMS */
+
 
 static uint16_t get_header_ext(struct wolfBoot_image *img, uint16_t type,
         uint8_t **ptr);

tools/config.mk

@@ -30,6 +30,9 @@ ifeq ($(ARCH),)
   DISABLE_BACKUP?=0
   WOLFBOOT_VERSION?=0
   V?=0
+  LMS_LEVELS?=0
+  LMS_HEIGHT?=0
+  LMS_WINTERNITZ?=0
   NO_MPU?=0
   ENCRYPT?=0
   ENCRYPT_WITH_CHACHA?=0

tools/keytools/Makefile

@@ -16,6 +16,14 @@ CFLAGS  += -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) -I$(WOLFBOOTDIR)/include -DW
 LDFLAGS =
 OBJDIR = ./
 
+ifeq ($(SIGN),LMS)
+  LMSDIR = $(WOLFBOOTDIR)/lib/hash-sigs/
+  LDFLAGS+=-L$(LMSDIR) -l:hss_lib.a
+  CFLAGS  +=-DWOLFBOOT_SIGN_LMS -DWOLFSSL_HAVE_LMS -DHAVE_LIBLMS -I$(LMSDIR) \
+            -D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
+            -D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)"
+endif
+
 # option variables
 DEBUG_FLAGS     = -g -DDEBUG -DDEBUG_SIGNTOOL -DDEBUG_WOLFSSL -DDEBUG_WOLFSSL_VERBOSE -fsanitize=address
 OPTIMIZE        = -O2
@@ -63,7 +71,8 @@ OBJS_REAL=\
 	$(WOLFDIR)/wolfcrypt/src/sha512.o \
 	$(WOLFDIR)/wolfcrypt/src/tfm.o \
 	$(WOLFDIR)/wolfcrypt/src/wc_port.o \
-	$(WOLFDIR)/wolfcrypt/src/wolfmath.o
+	$(WOLFDIR)/wolfcrypt/src/wolfmath.o \
+	$(WOLFDIR)/wolfcrypt/src/ext_lms.o
 
 OBJS_REAL+=\
 	$(WOLFBOOTDIR)/src/delta.o