major refactor: simplify to aux algo scheme

bigbrett · bigbrett · commit 4a54197e7588 · 2026-04-28T10:10:30.000-06:00
diff --git a/.github/workflows/test-wolfhsm-simulator.yml b/.github/workflows/test-wolfhsm-simulator.yml
@@ -59,13 +59,13 @@ jobs:
             needs_posix_server: true
             posix_server_nvminit: true
             needs_nvm_image: false
-            make_overrides: "SIGN=ECC256 HASH=SHA256 CERT_CHAIN_CA_ALGO=rsa4096 CERT_CHAIN_LEAF_ALGO=ecc256"
+            make_overrides: "SIGN=ECC256 HASH=SHA256 CERT_CHAIN_GEN_CA_ALGO=rsa4096"
           - name: "wolfHSM server cert chain verify mixed inverse (RSA4096 chain, ECC256 leaf)"
             file: "config/examples/sim-wolfHSM-server-certchain-mixed.config"
             needs_posix_server: false
             posix_server_nvminit: false
             needs_nvm_image: true
-            make_overrides: "SIGN=ECC256 HASH=SHA256 CERT_CHAIN_CA_ALGO=rsa4096 CERT_CHAIN_LEAF_ALGO=ecc256"
+            make_overrides: "SIGN=ECC256 HASH=SHA256 CERT_CHAIN_GEN_CA_ALGO=rsa4096"
 
       fail-fast: false
 
diff --git a/config/examples/sim-wolfHSM-client-certchain-mixed.config b/config/examples/sim-wolfHSM-client-certchain-mixed.config
@@ -13,12 +13,11 @@ IMAGE_HEADER_SIZE=4096
 
 # Cert chain options (defaults — overridable by the build environment):
 #   - CA chain (root + intermediate) signed with ECC256 + SHA256
-#   - Leaf cert identity is RSA4096 (signs the wolfBoot image with SHA384)
-#   - The verifier algo for chain certs is auto-derived from CERT_CHAIN_CA_ALGO
+#   - Leaf cert identity is RSA4096 (fixed by SIGN, signs the image with SHA384)
+#   - AUX_PK_ALGOS / AUX_HASH_ALGOS are auto-populated from CERT_CHAIN_GEN_*
 CERT_CHAIN_VERIFY=1
-CERT_CHAIN_CA_ALGO?=ecc256
-CERT_CHAIN_LEAF_ALGO?=rsa4096
-CERT_CHAIN_CA_HASH?=sha256
+CERT_CHAIN_GEN_CA_ALGO?=ecc256
+CERT_CHAIN_GEN_CA_HASH?=sha256
 
 # wolfHSM options
 WOLFHSM_CLIENT=1
diff --git a/config/examples/sim-wolfHSM-server-certchain-mixed.config b/config/examples/sim-wolfHSM-server-certchain-mixed.config
@@ -13,12 +13,11 @@ IMAGE_HEADER_SIZE=4096
 
 # Cert chain options (defaults — overridable by the build environment):
 #   - CA chain (root + intermediate) signed with ECC256 + SHA256
-#   - Leaf cert identity is RSA4096 (signs the wolfBoot image with SHA384)
-#   - The verifier algo for chain certs is auto-derived from CERT_CHAIN_CA_ALGO
+#   - Leaf cert identity is RSA4096 (fixed by SIGN, signs the image with SHA384)
+#   - AUX_PK_ALGOS / AUX_HASH_ALGOS are auto-populated from CERT_CHAIN_GEN_*
 CERT_CHAIN_VERIFY=1
-CERT_CHAIN_CA_ALGO?=ecc256
-CERT_CHAIN_LEAF_ALGO?=rsa4096
-CERT_CHAIN_CA_HASH?=sha256
+CERT_CHAIN_GEN_CA_ALGO?=ecc256
+CERT_CHAIN_GEN_CA_HASH?=sha256
 
 # wolfHSM options
 WOLFHSM_SERVER=1
diff --git a/include/user_settings.h b/include/user_settings.h
@@ -75,7 +75,7 @@ extern int tolower(int c);
 
 /* ED25519 and SHA512 */
 #if defined(WOLFBOOT_SIGN_ED25519) || defined(WOLFBOOT_SIGN_SECONDARY_ED25519) || \
-    defined(CERT_CHAIN_PK_ED25519)
+    defined(WOLFBOOT_AUX_PK_ED25519)
 #   define HAVE_ED25519
 #   define ED25519_SMALL
 #   if !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
@@ -88,7 +88,7 @@ extern int tolower(int c);
 
 /* ED448 and SHA3/SHAKE256 */
 #if defined(WOLFBOOT_SIGN_ED448) || defined(WOLFBOOT_SIGN_SECONDARY_ED448) || \
-    defined(CERT_CHAIN_PK_ED448)
+    defined(WOLFBOOT_AUX_PK_ED448)
 #   define HAVE_ED448
 #   define HAVE_ED448_VERIFY
 #   define ED448_SMALL
@@ -108,9 +108,9 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
     defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
     defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
-    defined(CERT_CHAIN_PK_ECC256) || \
-    defined(CERT_CHAIN_PK_ECC384) || \
-    defined(CERT_CHAIN_PK_ECC521) || \
+    defined(WOLFBOOT_AUX_PK_ECC256) || \
+    defined(WOLFBOOT_AUX_PK_ECC384) || \
+    defined(WOLFBOOT_AUX_PK_ECC521) || \
     defined(WOLFCRYPT_SECURE_MODE) || \
     defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 
@@ -173,13 +173,13 @@ extern int tolower(int c);
     /* Curve */
 #   if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) || \
         defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
-        defined(CERT_CHAIN_PK_ECC256) || \
+        defined(WOLFBOOT_AUX_PK_ECC256) || \
         defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 #       define HAVE_ECC256
 #   endif
 #   if defined(WOLFBOOT_SIGN_ECC384) || \
         defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
-        defined(CERT_CHAIN_PK_ECC384) || \
+        defined(WOLFBOOT_AUX_PK_ECC384) || \
         defined(WOLFCRYPT_SECURE_MODE) || \
         defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 #       define HAVE_ECC384
@@ -188,7 +188,7 @@ extern int tolower(int c);
     /* ECC521 only enabled if specifically requested (not for tests - too large) */
 #   if defined(WOLFBOOT_SIGN_ECC521) || \
         defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
-        defined(CERT_CHAIN_PK_ECC521) || \
+        defined(WOLFBOOT_AUX_PK_ECC521) || \
         defined(WOLFCRYPT_SECURE_MODE)
 #       define HAVE_ECC521
 #       define WOLFSSL_SP_521
@@ -236,9 +236,9 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048) || \
     defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072) || \
     defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096) || \
-    defined(CERT_CHAIN_PK_RSA2048) || \
-    defined(CERT_CHAIN_PK_RSA3072) || \
-    defined(CERT_CHAIN_PK_RSA4096) || \
+    defined(WOLFBOOT_AUX_PK_RSA2048) || \
+    defined(WOLFBOOT_AUX_PK_RSA3072) || \
+    defined(WOLFBOOT_AUX_PK_RSA4096) || \
     (defined(WOLFCRYPT_SECURE_MODE) && (!defined(PKCS11_SMALL)))
 
 #   define WC_RSA_BLINDING
@@ -270,7 +270,7 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_SMALL
 #       define WOLFSSL_SP_MATH
 #   endif
-    /* If ECC was already enabled (e.g. via CERT_CHAIN_PK_ECC*), the ECC
+    /* If ECC was already enabled (e.g. via WOLFBOOT_AUX_PK_ECC*), the ECC
      * block above will have set FP_MAX_BITS / SP_INT_BITS for the ECC curve
      * size. RSA needs much wider math, so undefine first and let the
      * algo-specific block below redefine. */
@@ -317,10 +317,10 @@ extern int tolower(int c);
 #       define RSA_MIN_SIZE 2048
 #       define RSA_MAX_SIZE 4096
 #   endif
-#   if defined(CERT_CHAIN_PK_RSA2048) || \
-       defined(CERT_CHAIN_PK_RSA3072) || \
-       defined(CERT_CHAIN_PK_RSA4096)
-       /* Widen math constraints to support cert chain RSA key sizes */
+#   if defined(WOLFBOOT_AUX_PK_RSA2048) || \
+       defined(WOLFBOOT_AUX_PK_RSA3072) || \
+       defined(WOLFBOOT_AUX_PK_RSA4096)
+       /* Widen math constraints to support aux RSA key sizes */
 #       undef FP_MAX_BITS
 #       undef SP_INT_BITS
 #       undef RSA_MIN_SIZE
@@ -334,17 +334,17 @@ extern int tolower(int c);
 #       define RSA_MAX_SIZE 4096
 #       if defined(WOLFBOOT_SIGN_RSA2048) || \
            defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
-           defined(CERT_CHAIN_PK_RSA2048)
+           defined(WOLFBOOT_AUX_PK_RSA2048)
 #           define WOLFSSL_SP_2048
 #       endif
 #       if defined(WOLFBOOT_SIGN_RSA3072) || \
            defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
-           defined(CERT_CHAIN_PK_RSA3072)
+           defined(WOLFBOOT_AUX_PK_RSA3072)
 #           define WOLFSSL_SP_3072
 #       endif
 #       if defined(WOLFBOOT_SIGN_RSA4096) || \
            defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
-           defined(CERT_CHAIN_PK_RSA4096)
+           defined(WOLFBOOT_AUX_PK_RSA4096)
 #           define WOLFSSL_SP_4096
 #       endif
 #   endif
@@ -402,8 +402,8 @@ extern int tolower(int c);
 #   endif
 #endif
 
-/* Cert chain additional hash algorithms */
-#if defined(CERT_CHAIN_HASH_SHA384) || defined(CERT_CHAIN_HASH_SHA512)
+/* Auxiliary hash algorithms (e.g. for cert chain verification) */
+#if defined(WOLFBOOT_AUX_HASH_SHA384) || defined(WOLFBOOT_AUX_HASH_SHA512)
 #   ifndef WOLFSSL_SHA384
 #       define WOLFSSL_SHA384
 #   endif
@@ -414,7 +414,7 @@ extern int tolower(int c);
 #   endif
 #endif
 
-#ifdef CERT_CHAIN_HASH_SHA3
+#ifdef WOLFBOOT_AUX_HASH_SHA3
 #   ifndef WOLFSSL_SHA3
 #       define WOLFSSL_SHA3
 #   endif
diff --git a/options.mk b/options.mk
@@ -1440,79 +1440,77 @@ ifneq ($(CERT_CHAIN_VERIFY),)
       CERT_CHAIN_GEN_ALGO+=rsa4096
     endif
 
-    # Per-level algo / hash overrides (default: same algo for CA + leaf,
-    # SHA256 for cert signatures).
-    CERT_CHAIN_CA_ALGO   ?= $(CERT_CHAIN_GEN_ALGO)
-    CERT_CHAIN_LEAF_ALGO ?= $(CERT_CHAIN_GEN_ALGO)
-    CERT_CHAIN_CA_HASH   ?= sha256
-
-    # The leaf cert wraps the wolfBoot signing key, so its algo must
-    # match SIGN. Catch a mismatch here with a clear error rather than
-    # letting openssl fail later inside the chain-gen helper.
-    ifneq ($(strip $(CERT_CHAIN_LEAF_ALGO)),$(strip $(CERT_CHAIN_GEN_ALGO)))
-      $(error CERT_CHAIN_LEAF_ALGO ($(CERT_CHAIN_LEAF_ALGO)) must match the algorithm derived from SIGN=$(SIGN) ($(CERT_CHAIN_GEN_ALGO)))
-    endif
+    # Per-level overrides for the dummy chain generator. Defaults: CA chain
+    # uses the same algo as the leaf (SIGN-derived), SHA256 for cert sigs.
+    # The leaf algo is fixed by SIGN — the leaf cert wraps the wolfBoot
+    # signing key, so it can't diverge.
+    CERT_CHAIN_GEN_CA_ALGO ?= $(CERT_CHAIN_GEN_ALGO)
+    CERT_CHAIN_GEN_CA_HASH ?= sha256
 
     # If any chain component is RSA, the wolfHSM cert buffer must be
     # large enough to hold an RSA4096 cert (~1.5-2 KB).
-    ifneq ($(filter rsa%,$(CERT_CHAIN_CA_ALGO) $(CERT_CHAIN_LEAF_ALGO)),)
+    ifneq ($(filter rsa%,$(CERT_CHAIN_GEN_CA_ALGO) $(CERT_CHAIN_GEN_ALGO)),)
       CFLAGS += -DWOLFHSM_CFG_MAX_CERT_SIZE=4096
     endif
 
-    CERT_CHAIN_GEN_FLAGS := --ca-algo $(CERT_CHAIN_CA_ALGO) \
-                            --leaf-algo $(CERT_CHAIN_LEAF_ALGO) \
-                            --ca-hash $(CERT_CHAIN_CA_HASH)
+    CERT_CHAIN_GEN_FLAGS := --ca-algo $(CERT_CHAIN_GEN_CA_ALGO) \
+                            --leaf-algo $(CERT_CHAIN_GEN_ALGO) \
+                            --ca-hash $(CERT_CHAIN_GEN_CA_HASH)
+
+    # Auto-bridge: the verifier in the bootloader must support whatever
+    # algo and hash actually sign the dummy chain. Without this, a
+    # non-default GEN_CA_ALGO/GEN_CA_HASH builds successfully but fails at
+    # runtime when the matching wolfCrypt module is absent.
+    AUX_PK_ALGOS   += $(CERT_CHAIN_GEN_CA_ALGO)
+    AUX_HASH_ALGOS += $(CERT_CHAIN_GEN_CA_HASH)
   endif
   SIGN_OPTIONS += --cert-chain $(CERT_CHAIN_FILE)
+endif
 
-  # Additional algorithms for cert chain verification
-  # Usage: CERT_CHAIN_HASH=sha384,sha512  CERT_CHAIN_PK=rsa4096,ecc256
+# Auxiliary wolfCrypt algorithms - compile in extra wolfCrypt code beyond
+# what SIGN/HASH already pulls in. Decoupled from any specific feature; the
+# cert chain verifier auto-populates these (see above), but the variables
+# are also available as a generic primitive for any future feature that
+# needs extra algo support compiled in.
+# Usage: AUX_HASH_ALGOS=sha384,sha512  AUX_PK_ALGOS=rsa4096,ecc256
+ifneq ($(strip $(AUX_PK_ALGOS)$(AUX_HASH_ALGOS)),)
   comma := ,
-  CERT_CHAIN_HASH_LIST := $(subst $(comma), ,$(CERT_CHAIN_HASH))
-  CERT_CHAIN_PK_LIST   := $(subst $(comma), ,$(CERT_CHAIN_PK))
+  AUX_HASH_ALGOS_LIST := $(sort $(subst $(comma), ,$(AUX_HASH_ALGOS)))
+  AUX_PK_ALGOS_LIST   := $(sort $(subst $(comma), ,$(AUX_PK_ALGOS)))
 
-  # For auto-generated chains, ensure the verifier supports the CA algo
-  # and CA hash actually used to sign the chain. Without this, a non-
-  # default CERT_CHAIN_CA_ALGO/CERT_CHAIN_CA_HASH builds successfully
-  # but fails at runtime when the matching wolfCrypt module is absent.
-  ifeq ($(USER_CERT_CHAIN),)
-    CERT_CHAIN_HASH_LIST := $(sort $(CERT_CHAIN_HASH_LIST) $(CERT_CHAIN_CA_HASH))
-    CERT_CHAIN_PK_LIST   := $(sort $(CERT_CHAIN_PK_LIST) $(CERT_CHAIN_CA_ALGO))
-  endif
-
-  # --- Cert chain hash algorithms ---
+  # --- Hash algorithms ---
   # SHA256 is always present in wolfCrypt for wolfBoot, no extra flag needed.
-  ifneq ($(filter sha384,$(CERT_CHAIN_HASH_LIST)),)
-    CFLAGS += -DCERT_CHAIN_HASH_SHA384
+  ifneq ($(filter sha384,$(AUX_HASH_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_HASH_SHA384
     ifeq ($(filter %/sha512.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha512.o
     endif
   endif
-  ifneq ($(filter sha512,$(CERT_CHAIN_HASH_LIST)),)
-    CFLAGS += -DCERT_CHAIN_HASH_SHA512
+  ifneq ($(filter sha512,$(AUX_HASH_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_HASH_SHA512
     ifeq ($(filter %/sha512.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha512.o
     endif
   endif
-  ifneq ($(filter sha3,$(CERT_CHAIN_HASH_LIST)),)
-    CFLAGS += -DCERT_CHAIN_HASH_SHA3
+  ifneq ($(filter sha3,$(AUX_HASH_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_HASH_SHA3
     ifeq ($(filter %/sha3.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha3.o
     endif
   endif
 
-  # --- Cert chain PK algorithms ---
-  ifneq ($(filter rsa2048,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_RSA2048
+  # --- PK algorithms ---
+  ifneq ($(filter rsa2048,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_RSA2048
   endif
-  ifneq ($(filter rsa3072,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_RSA3072
+  ifneq ($(filter rsa3072,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_RSA3072
   endif
-  ifneq ($(filter rsa4096,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_RSA4096
+  ifneq ($(filter rsa4096,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_RSA4096
   endif
-  # Add RSA objects if any RSA cert chain PK is requested
-  ifneq ($(filter rsa2048 rsa3072 rsa4096,$(CERT_CHAIN_PK_LIST)),)
+  # Add RSA objects if any RSA aux PK is requested
+  ifneq ($(filter rsa2048 rsa3072 rsa4096,$(AUX_PK_ALGOS_LIST)),)
     ifeq ($(filter %/rsa.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(RSA_OBJS)
     endif
@@ -1521,17 +1519,17 @@ ifneq ($(CERT_CHAIN_VERIFY),)
     endif
   endif
 
-  ifneq ($(filter ecc256,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_ECC256
+  ifneq ($(filter ecc256,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_ECC256
   endif
-  ifneq ($(filter ecc384,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_ECC384
+  ifneq ($(filter ecc384,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_ECC384
   endif
-  ifneq ($(filter ecc521,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_ECC521
+  ifneq ($(filter ecc521,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_ECC521
   endif
-  # Add ECC objects if any ECC cert chain PK is requested
-  ifneq ($(filter ecc256 ecc384 ecc521,$(CERT_CHAIN_PK_LIST)),)
+  # Add ECC objects if any ECC aux PK is requested
+  ifneq ($(filter ecc256 ecc384 ecc521,$(AUX_PK_ALGOS_LIST)),)
     ifeq ($(filter %/ecc.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(ECC_OBJS)
     endif
@@ -1540,23 +1538,22 @@ ifneq ($(CERT_CHAIN_VERIFY),)
     endif
   endif
 
-  ifneq ($(filter ed25519,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_ED25519
+  ifneq ($(filter ed25519,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_ED25519
     ifeq ($(filter %/ed25519.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(ED25519_OBJS)
     endif
   endif
 
-  ifneq ($(filter ed448,$(CERT_CHAIN_PK_LIST)),)
-    CFLAGS += -DCERT_CHAIN_PK_ED448
+  ifneq ($(filter ed448,$(AUX_PK_ALGOS_LIST)),)
+    CFLAGS += -DWOLFBOOT_AUX_PK_ED448
     ifeq ($(filter %/ed448.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(ED448_OBJS)
     endif
     ifeq ($(filter %/sha3.o,$(WOLFCRYPT_OBJS)),)
       WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha3.o
     endif
   endif
-
 endif
 
 # Clock Speed (Hz)
