boot: zephyr: mynewt: sha-512 from tinycrypt

* Mynewt always uses sha-512 from tinycrypt * Zephyr can choose either tinycrypt or mbedTLS Signed-off-by: Fabio Utzig <[email protected]>
mcu-tools · Feb 4, 2020 · 34e93a5 · 34e93a5
1 parent a1c142d
commit 34e93a5
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 10 deletions.
diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml
@@ -49,5 +49,7 @@ pkg.deps.BOOTUTIL_USE_TINYCRYPT:
  - "@mcuboot/ext/mbedtls-asn1"
 
 pkg.deps.BOOTUTIL_SIGN_ED25519:
- - "@apache-mynewt-core/crypto/mbedtls"
+ - "@mcuboot/ext/tinycrypt/lib"
+ - "@mcuboot/ext/tinycrypt-sha512/lib"
+ - "@mcuboot/ext/mbedtls-asn1"
  - "@mcuboot/ext/fiat"
diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
@@ -51,6 +51,8 @@ get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY)
 # Path to tinycrypt library source subdirectory of MCUBOOT_DIR.
 set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib")
 assert_exists(TINYCRYPT_DIR)
+set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib")
+assert_exists(TINYCRYPT_SHA512_DIR)
 # Path to crypto-fiat
 set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat")
 assert_exists(FIAT_DIR)
@@ -144,8 +146,27 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
  # is set using Kconfig.)
  zephyr_include_directories(include)
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
- # For ed25519, mbedTLS is used for ASN1 parsing and SHA512
- zephyr_include_directories(include)
+ if(CONFIG_BOOT_USE_TINYCRYPT)
+ zephyr_library_include_directories(
+ ${MBEDTLS_ASN1_DIR}/include
+ ${BOOT_DIR}/zephyr/include
+ ${TINYCRYPT_DIR}/include
+ ${TINYCRYPT_SHA512_DIR}/include
+ )
+ zephyr_library_sources(
+ ${TINYCRYPT_DIR}/source/sha256.c
+ ${TINYCRYPT_DIR}/source/utils.c
+ ${TINYCRYPT_SHA512_DIR}/source/sha512.c
+ # Additionally pull in just the ASN.1 parser from mbedTLS.
+ ${MBEDTLS_ASN1_DIR}/src/asn1parse.c
+ ${MBEDTLS_ASN1_DIR}/src/platform_util.c
+ )
+ zephyr_library_compile_definitions(
+ MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
+ )
+ else()
+ zephyr_include_directories(include)
+ endif()
 
  zephyr_library_include_directories(
  ${BOOT_DIR}/zephyr/include

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -76,16 +76,11 @@ endif
 config BOOT_SIGNATURE_TYPE_ECDSA_P256
  bool "Elliptic curve digital signatures with curve P-256"
 
-config BOOT_SIGNATURE_TYPE_ED25519
- bool "Edwards curve digital signatures using ed25519"
- select BOOT_USE_MBEDTLS
- select MBEDTLS
-
 if BOOT_SIGNATURE_TYPE_ECDSA_P256
 choice
  prompt "Ecdsa implementation"
- default BOOT_TINYCRYPT
-config BOOT_TINYCRYPT
+ default BOOT_ECDSA_TINYCRYPT
+config BOOT_ECDSA_TINYCRYPT
  bool "Use tinycrypt"
  select BOOT_USE_TINYCRYPT
 config BOOT_CC310
@@ -96,6 +91,24 @@ config BOOT_CC310
  select BOOT_USE_CC310
 endchoice
 endif
+
+config BOOT_SIGNATURE_TYPE_ED25519
+ bool "Edwards curve digital signatures using ed25519"
+
+if BOOT_SIGNATURE_TYPE_ED25519
+choice
+ prompt "Ecdsa implementation"
+ default BOOT_ED25519_TINYCRYPT
+config BOOT_ED25519_TINYCRYPT
+ bool "Use tinycrypt"
+ select BOOT_USE_TINYCRYPT
+config BOOT_ED25519_MBEDTLS
+ bool "Use mbedTLS"
+ select BOOT_USE_MBEDTLS
+ select MBEDTLS
+endchoice
+endif
+
 endchoice
 
 config BOOT_SIGNATURE_KEY_FILE