diff --git a/Makefile b/Makefile index a110752b..37884dd5 100644 --- a/Makefile +++ b/Makefile @@ -27,17 +27,17 @@ endif ## Architecture/CPU configuration include arch.mk + ## DSA Settings ifeq ($(SIGN),ECC256) - KEYGEN_OPTIONS=--ecc256 - SIGN_OPTIONS=--ecc256 + KEYGEN_OPTIONS+=--ecc256 + SIGN_OPTIONS+=--ecc256 PRIVATE_KEY=ecc256.der WOLFCRYPT_OBJS+= \ $(MATH_OBJS) \ ./lib/wolfssl/wolfcrypt/src/ecc.o \ ./lib/wolfssl/wolfcrypt/src/memory.o \ ./lib/wolfssl/wolfcrypt/src/wc_port.o \ - ./lib/wolfssl/wolfcrypt/src/sha256.o \ ./lib/wolfssl/wolfcrypt/src/hash.o \ ./src/xmalloc_ecc.o CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DXMALLOC_USER \ @@ -46,13 +46,12 @@ ifeq ($(SIGN),ECC256) endif ifeq ($(SIGN),ED25519) - KEYGEN_OPTIONS=--ed25519 - SIGN_OPTIONS=--ed25519 + KEYGEN_OPTIONS+=--ed25519 + SIGN_OPTIONS+=--ed25519 PRIVATE_KEY=ed25519.der WOLFCRYPT_OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \ ./lib/wolfssl/wolfcrypt/src/ed25519.o \ ./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \ - ./lib/wolfssl/wolfcrypt/src/sha256.o \ ./lib/wolfssl/wolfcrypt/src/hash.o \ ./lib/wolfssl/wolfcrypt/src/wolfmath.o \ ./lib/wolfssl/wolfcrypt/src/fe_low_mem.o @@ -63,15 +62,14 @@ ifeq ($(SIGN),ED25519) endif ifeq ($(SIGN),RSA2048) - KEYGEN_OPTIONS=--rsa2048 - SIGN_OPTIONS=--rsa2048 + KEYGEN_OPTIONS+=--rsa2048 + SIGN_OPTIONS+=--rsa2048 PRIVATE_KEY=rsa2048.der IMAGE_HEADER_SIZE=512 WOLFCRYPT_OBJS+= \ $(RSA_EXTRA_OBJS) \ $(MATH_OBJS) \ ./lib/wolfssl/wolfcrypt/src/rsa.o \ - ./lib/wolfssl/wolfcrypt/src/sha256.o \ ./lib/wolfssl/wolfcrypt/src/asn.o \ ./lib/wolfssl/wolfcrypt/src/hash.o \ ./src/xmalloc_rsa.o @@ -81,15 +79,14 @@ ifeq ($(SIGN),RSA2048) endif ifeq ($(SIGN),RSA4096) - KEYGEN_OPTIONS=--rsa4096 - SIGN_OPTIONS=--rsa4096 + KEYGEN_OPTIONS+=--rsa4096 + SIGN_OPTIONS+=--rsa4096 PRIVATE_KEY=rsa4096.der IMAGE_HEADER_SIZE=1024 WOLFCRYPT_OBJS+= \ $(RSA_EXTRA_OBJS) \ $(MATH_OBJS) \ ./lib/wolfssl/wolfcrypt/src/rsa.o \ - ./lib/wolfssl/wolfcrypt/src/sha256.o \ ./lib/wolfssl/wolfcrypt/src/asn.o \ ./lib/wolfssl/wolfcrypt/src/hash.o \ ./lib/wolfssl/wolfcrypt/src/wolfmath.o \ diff --git a/arch.mk b/arch.mk index beb5132c..5699284c 100644 --- a/arch.mk +++ b/arch.mk @@ -13,6 +13,18 @@ ARCH_FLASH_OFFSET=0x0 # Default SPI driver name SPI_TARGET=$(TARGET) +## Hash settings +ifeq ($(HASH),SHA256) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha256.o + CFLAGS+=-DWOLFBOOT_HASH_SHA256 +endif + +ifeq ($(HASH),SHA3) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o + CFLAGS+=-DWOLFBOOT_HASH_SHA3_384 + SIGN_OPTIONS+=--sha3 +endif + ## ARM ifeq ($(ARCH),ARM) CROSS_COMPILE:=arm-none-eabi- diff --git a/include/user_settings.h b/include/user_settings.h index fdb0e6c8..af713715 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -108,6 +108,10 @@ # define TFM_TIMING_RESISTANT #endif +#ifdef WOLFBOOT_HASH_SHA3_384 +# define WOLFSSL_SHA3 +#endif + /* Disables - For minimum wolfCrypt build */ #define NO_AES #define NO_CMAC diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index f83c444c..b9f2c42c 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -44,6 +44,7 @@ #define HDR_IMG_TYPE 0x04 #define HDR_PUBKEY 0x10 #define HDR_SIGNATURE 0x20 +#define HDR_SHA3_384 0x13 #define HDR_PADDING 0xFF #define HDR_IMG_TYPE_AUTH_ED25519 0x0100 @@ -86,4 +87,21 @@ uint16_t wolfBoot_get_image_type(uint8_t part); #define wolfBoot_current_firmware_version() wolfBoot_get_image_version(PART_BOOT) #define wolfBoot_update_firmware_version() wolfBoot_get_image_version(PART_UPDATE) + +/* Hashing function configuration */ +#define WOLFBOOT_SHA_BLOCK_SIZE (16) +#if defined(WOLFBOOT_HASH_SHA256) +# define WOLFBOOT_SHA_HDR HDR_SHA256 +# define WOLFBOOT_SHA_DIGEST_SIZE (32) +# define image_hash image_sha256 +# define key_hash key_sha256 +#elif defined(WOLFBOOT_HASH_SHA3_384) +# define WOLFBOOT_SHA_HDR HDR_SHA3_384 +# define WOLFBOOT_SHA_DIGEST_SIZE (48) +# define image_hash image_sha3_384 +# define key_hash key_sha3_384 +#else +# error "No valid hash algorithm defined!" +#endif + #endif /* !WOLFBOOT_H */ diff --git a/src/image.c b/src/image.c index 4a37d121..03a6fc78 100644 --- a/src/image.c +++ b/src/image.c @@ -26,7 +26,14 @@ #ifndef WOLFTPM2_NO_WOLFCRYPT #include + +#ifdef WOLFBOOT_HASH_SHA256 #include +#endif + +#ifdef WOLFBOOT_HASH_SHA3_384 +#include +#endif #ifdef WOLFBOOT_SIGN_ED25519 #include @@ -45,7 +52,7 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig) /* Failed to import ed25519 key */ return -1; } - ret = wc_ed25519_verify_msg(sig, IMAGE_SIGNATURE_SIZE, hash, SHA256_DIGEST_SIZE, &res, &ed); + ret = wc_ed25519_verify_msg(sig, IMAGE_SIGNATURE_SIZE, hash, WOLFBOOT_SHA_DIGEST_SIZE, &res, &ed); if ((ret < 0) || (res == 0)) { return -1; } @@ -82,7 +89,7 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig) mp_init(&s); mp_read_unsigned_bin(&r, sig, ECC_KEY_SIZE); mp_read_unsigned_bin(&s, sig + ECC_KEY_SIZE, ECC_KEY_SIZE); - ret = wc_ecc_verify_hash_ex(&r, &s, hash, SHA256_DIGEST_SIZE, &res, &ecc); + ret = wc_ecc_verify_hash_ex(&r, &s, hash, WOLFBOOT_SHA_DIGEST_SIZE, &res, &ecc); if ((ret < 0) || (res == 0)) { return -1; } @@ -122,7 +129,7 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig) return -1; } ret = wc_RsaSSL_Verify(sig, RSA_SIG_SIZE, digest_out, RSA_SIG_SIZE, &rsa); - if (ret == SHA256_DIGEST_SIZE) { + if (ret == WOLFBOOT_SHA_DIGEST_SIZE) { if (memcmp(digest_out, hash, ret) == 0) return 0; } @@ -137,9 +144,6 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig) #include "wolftpm/tpm2_wrap.h" static WOLFTPM2_DEV wolftpm_dev; -#define SHA256_BLOCK_SIZE 16 -#define SHA256_DIGEST_SIZE 32 - #endif /* WOLFTPM2_NO_WOLFCRYPT */ static uint16_t get_header_ext(struct wolfBoot_image *img, uint16_t type, uint8_t **ptr); @@ -153,7 +157,7 @@ static uint16_t get_header(struct wolfBoot_image *img, uint16_t type, uint8_t ** return wolfBoot_find_header(img->hdr + IMAGE_HEADER_OFFSET, type, ptr); } -static uint8_t ext_hash_block[SHA256_BLOCK_SIZE]; +static uint8_t ext_hash_block[WOLFBOOT_SHA_BLOCK_SIZE]; static uint8_t *get_sha_block(struct wolfBoot_image *img, uint32_t offset) { @@ -161,14 +165,14 @@ static uint8_t *get_sha_block(struct wolfBoot_image *img, uint32_t offset) return NULL; #ifdef PART_UPDATE_EXT if (img->part == PART_UPDATE) { - ext_flash_read((uint32_t)(img->fw_base) + offset, ext_hash_block, SHA256_BLOCK_SIZE); + ext_flash_read((uint32_t)(img->fw_base) + offset, ext_hash_block, WOLFBOOT_SHA_BLOCK_SIZE); return ext_hash_block; } #endif return (uint8_t *)(img->fw_base + offset); } -static uint8_t digest[SHA256_DIGEST_SIZE]; +static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE]; static uint8_t verification[IMAGE_SIGNATURE_SIZE]; #ifdef EXT_FLASH @@ -202,7 +206,9 @@ static uint8_t *get_img_hdr(struct wolfBoot_image *img) } #ifndef WOLFTPM2_NO_WOLFCRYPT -static int image_hash(struct wolfBoot_image *img, uint8_t *hash) + +#if defined(WOLFBOOT_HASH_SHA256) +static int image_sha256(struct wolfBoot_image *img, uint8_t *hash) { uint8_t *stored_sha, *end_sha; uint16_t stored_sha_len; @@ -214,12 +220,12 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hash) return -1; p = get_img_hdr(img); stored_sha_len = get_header(img, HDR_SHA256, &stored_sha); - if (stored_sha_len != SHA256_DIGEST_SIZE) + if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; wc_InitSha256(&sha256_ctx); end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ while (p < end_sha) { - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if (end_sha - p < blksz) blksz = end_sha - p; wc_Sha256Update(&sha256_ctx, p, blksz); @@ -229,7 +235,7 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hash) p = get_sha_block(img, position); if (p == NULL) break; - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if (position + blksz > img->fw_size) blksz = img->fw_size - position; wc_Sha256Update(&sha256_ctx, p, blksz); @@ -240,7 +246,7 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hash) return 0; } -static void key_hash(uint8_t *hash) +static void key_sha256(uint8_t *hash) { int blksz; unsigned int i = 0; @@ -248,7 +254,7 @@ static void key_hash(uint8_t *hash) wc_InitSha256(&sha256_ctx); while(i < KEY_LEN) { - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if ((i + blksz) > KEY_LEN) blksz = KEY_LEN - i; wc_Sha256Update(&sha256_ctx, (KEY_BUFFER + i), blksz); @@ -256,6 +262,63 @@ static void key_hash(uint8_t *hash) } wc_Sha256Final(&sha256_ctx, hash); } +#endif /* SHA2 256 */ +#if defined(WOLFBOOT_HASH_SHA3_384) +static int image_sha3_384(struct wolfBoot_image *img, uint8_t *hash) +{ + uint8_t *stored_sha, *end_sha; + uint16_t stored_sha_len; + uint8_t *p; + int blksz; + uint32_t position = 0; + wc_Sha3 sha3_ctx; + if (!img) + return -1; + p = get_img_hdr(img); + stored_sha_len = get_header(img, HDR_SHA3_384, &stored_sha); + if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) + return -1; + wc_InitSha3_384(&sha3_ctx, NULL, 0); + end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ + while (p < end_sha) { + blksz = WOLFBOOT_SHA_BLOCK_SIZE; + if (end_sha - p < blksz) + blksz = end_sha - p; + wc_Sha3_384_Update(&sha3_ctx, p, blksz); + p += blksz; + } + do { + p = get_sha_block(img, position); + if (p == NULL) + break; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; + if (position + blksz > img->fw_size) + blksz = img->fw_size - position; + wc_Sha3_384_Update(&sha3_ctx, p, blksz); + position += blksz; + } while(position < img->fw_size); + + wc_Sha3_384_Final(&sha3_ctx, hash); + return 0; +} + +static void key_sha3_384(uint8_t *hash) +{ + int blksz; + unsigned int i = 0; + wc_Sha3 sha3_ctx; + wc_InitSha3_384(&sha3_ctx, NULL, 0); + while(i < KEY_LEN) + { + blksz = WOLFBOOT_SHA_BLOCK_SIZE; + if ((i + blksz) > KEY_LEN) + blksz = KEY_LEN - i; + wc_Sha3_384_Update(&sha3_ctx, (KEY_BUFFER + i), blksz); + i += blksz; + } + wc_Sha3_384_Final(&sha3_ctx, hash); +} +#endif #else /* WOLFTPM2_NO_WOLFCRYPT */ @@ -296,7 +359,7 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig) KEY_BUFFER + ECC_INT_SIZE, ECC_INT_SIZE); if (rc < 0) return -1; - rc = wolfTPM2_VerifyHash(&wolftpm_dev, &tpmKey, sig, 2 * ECC_INT_SIZE, hash, SHA256_DIGEST_SIZE); + rc = wolfTPM2_VerifyHash(&wolftpm_dev, &tpmKey, sig, 2 * ECC_INT_SIZE, hash, WOLFBOOT_SHA_DIGEST_SIZE); wolfTPM2_UnloadHandle(&wolftpm_dev, &tpmKey.handle); if (rc < 0) return -1; @@ -324,13 +387,12 @@ int wolfBoot_tpm2_init(void) return 0; } - -static void key_hash(uint8_t *hashBuf) +static void key_sha256(uint8_t *hashBuf) { int blksz, rc; unsigned int i = 0; const char gUsageAuth[]="wolfBoot TPM Usage Auth"; - uint32_t hashSz = SHA256_DIGEST_SIZE; + uint32_t hashSz = WOLFBOOT_SHA_DIGEST_SIZE; WOLFTPM2_HASH hash; XMEMSET(&hash, 0, sizeof(hash)); rc = wolfTPM2_HashStart(&wolftpm_dev, &hash, TPM_ALG_SHA256, @@ -339,7 +401,7 @@ static void key_hash(uint8_t *hashBuf) return; while(i < KEY_LEN) { - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if ((i + blksz) > KEY_LEN) blksz = KEY_LEN - i; wolfTPM2_HashUpdate(&wolftpm_dev, &hash, KEY_BUFFER + i, blksz); @@ -348,7 +410,7 @@ static void key_hash(uint8_t *hashBuf) wolfTPM2_HashFinish(&wolftpm_dev, &hash, hashBuf, &hashSz); } -static int image_hash(struct wolfBoot_image *img, uint8_t *hashBuf) +static int image_sha256(struct wolfBoot_image *img, uint8_t *hashBuf) { const char gUsageAuth[]="wolfBoot TPM Usage Auth"; uint8_t *stored_sha, *end_sha; @@ -357,13 +419,13 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hashBuf) int blksz; uint32_t position = 0; WOLFTPM2_HASH hash; - uint32_t hashSz = SHA256_DIGEST_SIZE; + uint32_t hashSz = WOLFBOOT_SHA_DIGEST_SIZE; int rc; if (!img) return -1; p = get_img_hdr(img); stored_sha_len = get_header(img, HDR_SHA256, &stored_sha); - if (stored_sha_len != SHA256_DIGEST_SIZE) + if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; XMEMSET(&hash, 0, sizeof(hash)); rc = wolfTPM2_HashStart(&wolftpm_dev, &hash, TPM_ALG_SHA256, @@ -372,7 +434,7 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hashBuf) return -1; end_sha = stored_sha - (2 * sizeof(uint16_t)); /* Subtract 2 Type + 2 Len */ while (p < end_sha) { - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if (end_sha - p < blksz) blksz = end_sha - p; wolfTPM2_HashUpdate(&wolftpm_dev, &hash, p, blksz); @@ -382,7 +444,7 @@ static int image_hash(struct wolfBoot_image *img, uint8_t *hashBuf) p = get_sha_block(img, position); if (p == NULL) break; - blksz = SHA256_BLOCK_SIZE; + blksz = WOLFBOOT_SHA_BLOCK_SIZE; if (position + blksz > img->fw_size) blksz = img->fw_size - position; wolfTPM2_HashUpdate(&wolftpm_dev, &hash, p, blksz); @@ -441,8 +503,8 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img) { uint8_t *stored_sha; uint16_t stored_sha_len; - stored_sha_len = get_header(img, HDR_SHA256, &stored_sha); - if (stored_sha_len != SHA256_DIGEST_SIZE) + stored_sha_len = get_header(img, WOLFBOOT_SHA_HDR, &stored_sha); + if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; if (image_hash(img, digest) != 0) return -1; @@ -466,20 +528,17 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) if (stored_signature_size != IMAGE_SIGNATURE_SIZE) return -1; pubkey_hint_size = get_header(img, HDR_PUBKEY, &pubkey_hint); - if (pubkey_hint_size == SHA256_DIGEST_SIZE) { + if (pubkey_hint_size == WOLFBOOT_SHA_DIGEST_SIZE) { key_hash(digest); - if (memcmp(digest, pubkey_hint, SHA256_DIGEST_SIZE) != 0) + if (memcmp(digest, pubkey_hint, WOLFBOOT_SHA_DIGEST_SIZE) != 0) return -1; } image_type_size = get_header(img, HDR_IMG_TYPE, &image_type_buf); if (image_type_size != sizeof(uint16_t)) return -1; image_type = (uint16_t)(image_type_buf[0] + (image_type_buf[1] << 8)); - if ((image_type & 0xFF00) != HDR_IMG_TYPE_AUTH) return -1; - - if (image_hash(img, digest) != 0) return -1; if (wolfBoot_verify_signature(digest, stored_signature) != 0) diff --git a/test-app/Makefile b/test-app/Makefile index c91655d2..2f0a3d06 100644 --- a/test-app/Makefile +++ b/test-app/Makefile @@ -11,6 +11,15 @@ endif ifeq ($(SIGN),RSA4096) IMAGE_HEADER_SIZE:=1024 endif +ifeq ($(HASH),SHA256) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha256.o + CFLAGS+=-DWOLFBOOT_HASH_SHA256 +endif + +ifeq ($(HASH),SHA3_384) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o + CFLAGS+=-DWOLFBOOT_HASH_SHA3_384 +endif CFLAGS:=-g -ggdb -Wall -Wstack-usage=1024 -ffreestanding -Wno-unused -DPLATFORM_$(TARGET) -I../include -nostartfiles diff --git a/tools/config.mk b/tools/config.mk index d22030d3..16929f44 100644 --- a/tools/config.mk +++ b/tools/config.mk @@ -3,6 +3,7 @@ ifeq ($(ARCH),) ARCH?=ARM TARGET?=stm32f4 SIGN?=ED25519 + HASH?=SHA256 KINETIS?=$(HOME)/src/FRDM-K64F KINETIS_CPU=MK64FN1M0VLL12 KINETIS_DRIVERS?=$(KINETIS)/devices/MK64F12 @@ -33,7 +34,7 @@ ifeq ($(ARCH),) endif -CONFIG_VARS:= ARCH TARGET SIGN KINETIS KINETIS_CPU KINETIS_DRIVERS \ +CONFIG_VARS:= ARCH TARGET SIGN HASH KINETIS KINETIS_CPU KINETIS_DRIVERS \ KINETIS_CMSIS FREEDOM_E_SDK STM32CUBE DEBUG VTOR CORTEX_M0 NO_ASM EXT_FLASH \ SPI_FLASH ALLOW_DOWNGRADE NVM_FLASH_WRITEONCE WOLFBOOT_VERSION V \ SPMATH RAM_CODE DUALBANK_SWAP IMAGE_HEADER_SIZE PKA WOLFTPM \ diff --git a/tools/keytools/sign.py b/tools/keytools/sign.py index d599692e..af72b0d0 100755 --- a/tools/keytools/sign.py +++ b/tools/keytools/sign.py @@ -30,6 +30,7 @@ HDR_END = 0x00 HDR_VERSION = 0x01 HDR_TIMESTAMP = 0x02 HDR_SHA256 = 0x03 +HDR_SHA3_384 = 0x13 HDR_IMG_TYPE = 0x04 HDR_PUBKEY = 0x10 HDR_SIGNATURE = 0x20 @@ -39,8 +40,8 @@ HDR_PADDING = 0xFF HDR_VERSION_LEN = 4 HDR_TIMESTAMP_LEN = 8 HDR_SHA256_LEN = 32 +HDR_SHA3_384_LEN = 48 HDR_IMG_TYPE_LEN = 2 -HDR_PUBKEY_LEN = 32 HDR_SIGNATURE_LEN = 64 HDR_IMG_TYPE_AUTH_ED25519 = 0x0100 @@ -58,9 +59,10 @@ self_update=False argc = len(sys.argv) argv = sys.argv +hash_algo='sha256' if (argc < 4) or (argc > 6): - print("Usage: %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--wolfboot-update] image key.der fw_version\n" % sys.argv[0]) + print("Usage: %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--sha256 | --sha3] [--wolfboot-update] image key.der fw_version\n" % sys.argv[0]) sys.exit(1) for i in range(1, len(argv)): if (argv[i] == '--ed25519'): @@ -71,6 +73,10 @@ for i in range(1, len(argv)): sign='rsa2048' elif (argv[i] == '--rsa4096'): sign='rsa4096' + elif (argv[i] == '--sha256'): + hash_algo='sha256' + elif (argv[i] == '--sha3'): + hash_algo='sha3' elif (argv[i] == '--wolfboot-update'): self_update = True else: @@ -188,33 +194,66 @@ if (not self_update): header += struct.pack('