From 601e46e480ad6f2023b6b519d19368c875293113 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 31 Dec 2025 11:25:09 -0800
Subject: [PATCH] Improved encryption constants between the bootloader and the
 signing tool. Allows the sign tool to properly use the correct block size for
 each encryption algorithm (64 for ChaCha, 16 for AES).

---
 include/wolfboot/wolfboot.h | 32 ++++++++++++++++++++++----------
 tools/keytools/sign.c       | 36 ++++++++++++++++++++----------------
 2 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h
index b92aced7f8..f380835910 100644
--- a/include/wolfboot/wolfboot.h
+++ b/include/wolfboot/wolfboot.h
@@ -499,21 +499,33 @@ int wolfBoot_dualboot_candidate_addr(void**);
 int wolfBoot_get_partition_state(uint8_t part, uint8_t *st);
 
 
+/* Encryption algorithm constants - always available for tools */
+#define ENCRYPT_BLOCK_SIZE_CHACHA  64
+#define ENCRYPT_BLOCK_SIZE_AES     16
+
+#define ENCRYPT_KEY_SIZE_CHACHA    32  /* ChaCha20 - 256bit */
+#define ENCRYPT_KEY_SIZE_AES128    16  /* AES128 */
+#define ENCRYPT_KEY_SIZE_AES256    32  /* AES256 */
+
+#define ENCRYPT_NONCE_SIZE_CHACHA  12  /* 96 bit */
+#define ENCRYPT_NONCE_SIZE_AES     16  /* AES IV size */
+
+
 #ifdef EXT_ENCRYPTED
-/* Encryption support */
+/* Encryption support - compile-time algorithm selection */
 
 #if defined(ENCRYPT_WITH_CHACHA)
-    #define ENCRYPT_BLOCK_SIZE 64
-    #define ENCRYPT_KEY_SIZE   32 /* Chacha20 - 256bit */
-    #define ENCRYPT_NONCE_SIZE 12 /* 96 bit*/
+    #define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_CHACHA
+    #define ENCRYPT_KEY_SIZE   ENCRYPT_KEY_SIZE_CHACHA
+    #define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_CHACHA
 #elif defined(ENCRYPT_WITH_AES128)
-    #define ENCRYPT_BLOCK_SIZE 16
-    #define ENCRYPT_KEY_SIZE   16 /* AES128  */
-    #define ENCRYPT_NONCE_SIZE 16 /* AES IV size */
+    #define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_AES
+    #define ENCRYPT_KEY_SIZE   ENCRYPT_KEY_SIZE_AES128
+    #define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_AES
 #elif defined(ENCRYPT_WITH_AES256)
-    #define ENCRYPT_BLOCK_SIZE 16
-    #define ENCRYPT_KEY_SIZE   32 /* AES256 */
-    #define ENCRYPT_NONCE_SIZE 16 /* AES IV size */
+    #define ENCRYPT_BLOCK_SIZE ENCRYPT_BLOCK_SIZE_AES
+    #define ENCRYPT_KEY_SIZE   ENCRYPT_KEY_SIZE_AES256
+    #define ENCRYPT_NONCE_SIZE ENCRYPT_NONCE_SIZE_AES
 #elif defined(ENCRYPT_PKCS11)
     #define ENCRYPT_BLOCK_SIZE ENCRYPT_PKCS11_BLOCK_SIZE
     /* In this case, the key ID is stored in flash rather than the key itself */
diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
index 712b1c8bac..b5761b1948 100644
--- a/tools/keytools/sign.c
+++ b/tools/keytools/sign.c
@@ -206,9 +206,10 @@ static inline int fp_truncate(FILE *f, size_t len)
 #define ENC_AES128 2
 #define ENC_AES256 3
 
-#define ENC_BLOCK_SIZE 16
-#define ENC_MAX_KEY_SZ 32
-#define ENC_MAX_IV_SZ  16
+/* Use algorithm-specific constants from wolfboot.h */
+#define ENC_MAX_BLOCK_SZ ENCRYPT_BLOCK_SIZE_CHACHA  /* 64 - largest block size */
+#define ENC_MAX_KEY_SZ   ENCRYPT_KEY_SIZE_AES256    /* 32 */
+#define ENC_MAX_IV_SZ    ENCRYPT_NONCE_SIZE_AES     /* 16 */
 
 static void header_append_u32(uint8_t* header, uint32_t* idx, uint32_t tmp32)
 {
@@ -1761,21 +1762,24 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
 
     if ((CMD.encrypt != ENC_OFF) && CMD.encrypt_key_file) {
         uint8_t key[ENC_MAX_KEY_SZ], iv[ENC_MAX_IV_SZ];
-        uint8_t enc_buf[ENC_BLOCK_SIZE];
-        int ivSz, keySz;
+        uint8_t enc_buf[ENC_MAX_BLOCK_SZ];
+        int ivSz, keySz, encBlockSz;
         uint32_t fsize = 0;
         switch (CMD.encrypt) {
             case ENC_CHACHA:
-                ivSz = CHACHA_IV_BYTES;
-                keySz = CHACHA_MAX_KEY_SZ;
+                ivSz = ENCRYPT_NONCE_SIZE_CHACHA;
+                keySz = ENCRYPT_KEY_SIZE_CHACHA;
+                encBlockSz = ENCRYPT_BLOCK_SIZE_CHACHA;
                 break;
             case ENC_AES128:
-                ivSz = 16;
-                keySz = 16;
+                ivSz = ENCRYPT_NONCE_SIZE_AES;
+                keySz = ENCRYPT_KEY_SIZE_AES128;
+                encBlockSz = ENCRYPT_BLOCK_SIZE_AES;
                 break;
             case ENC_AES256:
-                ivSz = 16;
-                keySz = 32;
+                ivSz = ENCRYPT_NONCE_SIZE_AES;
+                keySz = ENCRYPT_KEY_SIZE_AES256;
+                encBlockSz = ENCRYPT_BLOCK_SIZE_AES;
                 break;
             default:
                 printf("No valid encryption mode selected\n");
@@ -1817,9 +1821,9 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
 #endif
             wc_Chacha_SetKey(&cha, key, sizeof(key));
             wc_Chacha_SetIV(&cha, iv, 0);
-            for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
+            for (pos = 0; pos < fsize; pos += encBlockSz) {
                 int fread_retval;
-                fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
+                fread_retval = (int)fread(buf, 1, encBlockSz, f);
                 if ((fread_retval == 0) && feof(f)) {
                     break;
                 }
@@ -1830,14 +1834,14 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
             Aes aes_e;
             wc_AesInit(&aes_e, NULL, 0);
             wc_AesSetKeyDirect(&aes_e, key, keySz, iv, AES_ENCRYPTION);
-            for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
+            for (pos = 0; pos < fsize; pos += encBlockSz) {
                 int fread_retval;
-                fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
+                fread_retval = (int)fread(buf, 1, encBlockSz, f);
                 if ((fread_retval == 0) && feof(f)) {
                     break;
                 }
                 /* Pad with FF if input is too short */
-                while((fread_retval % ENC_BLOCK_SIZE) != 0) {
+                while((fread_retval % encBlockSz) != 0) {
                     buf[fread_retval++] = 0xFF;
                 }
                 wc_AesCtrEncrypt(&aes_e, enc_buf, buf, fread_retval);