Add Tinycrypt based SHA-512 for ED25519

Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.

Signed-off-by: Fabio Utzig <[email protected]>

ext/fiat/src/curve25519.c

@@ -31,8 +31,16 @@
 #include <string.h>
 #include <stdint.h>
 
+#include <mcuboot_config/mcuboot_config.h>
+
+#if defined(MCUBOOT_USE_MBED_TLS)
 #include <mbedtls/platform_util.h>
 #include <mbedtls/sha512.h>
+#else
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+#include <tinycrypt/sha512.h>
+#endif
 
 #include "curve25519.h"
 // Various pre-computed constants.
@@ -126,12 +134,20 @@ static void fe_tobytes(uint8_t s[32], const fe *f) {
 
 // h = 0
 static void fe_0(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
  mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+ _set(h, 0, sizeof(fe));
+#endif
 }
 
 // h = 1
 static void fe_1(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
  mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+ _set(h, 0, sizeof(fe));
+#endif
  h->v[0] = 1;
 }
 
@@ -1074,9 +1090,13 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
  }
  }
 
+#if defined(MCUBOOT_USE_MBED_TLS)
+
  mbedtls_sha512_context ctx;
- mbedtls_sha512_init(&ctx);
  int ret;
+
+ mbedtls_sha512_init(&ctx);
+
  ret = mbedtls_sha512_starts_ret(&ctx, 0);
  assert(ret == 0);
 
@@ -1092,6 +1112,27 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
  assert(ret == 0);
  mbedtls_sha512_free(&ctx);
 
+#else
+
+ struct tc_sha512_state_struct s;
+ int rc;
+
+ rc = tc_sha512_init(&s);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+ rc = tc_sha512_update(&s, signature, 32);
+ assert(rc == TC_CRYPTO_SUCCESS);
+ rc = tc_sha512_update(&s, public_key, 32);
+ assert(rc == TC_CRYPTO_SUCCESS);
+ rc = tc_sha512_update(&s, message, message_len);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+ uint8_t h[TC_SHA512_DIGEST_SIZE];
+ rc = tc_sha512_final(h, &s);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+#endif
+
  x25519_sc_reduce(h);
 
  ge_p2 R;

sim/mcuboot-sys/build.rs

@@ -97,16 +97,18 @@ fn main() {
  conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
  } else if sig_ed25519 {
  conf.define("MCUBOOT_SIGN_ED25519", None);
- conf.define("MCUBOOT_USE_MBED_TLS", None);
+ conf.define("MCUBOOT_USE_TINYCRYPT", None);
 
- conf.include("../../ext/mbedtls/include");
- conf.file("../../ext/mbedtls/library/sha256.c");
- conf.file("../../ext/mbedtls/library/sha512.c");
+ conf.include("../../ext/tinycrypt/lib/include");
+ conf.include("../../ext/tinycrypt-sha512/lib/include");
+ conf.include("../../ext/mbedtls-asn1/include");
+ conf.file("../../ext/tinycrypt/lib/source/sha256.c");
+ conf.file("../../ext/tinycrypt-sha512/lib/source/sha512.c");
+ conf.file("../../ext/tinycrypt/lib/source/utils.c");
  conf.file("csupport/keys.c");
  conf.file("../../ext/fiat/src/curve25519.c");
- conf.file("../../ext/mbedtls/library/platform.c");
- conf.file("../../ext/mbedtls/library/platform_util.c");
- conf.file("../../ext/mbedtls/library/asn1parse.c");
+ conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
+ conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
  } else if !enc_ec256 {
  // No signature type, only sha256 validation. The default
  // configuration file bundled with mbedTLS is sufficient.
@@ -221,7 +223,7 @@ fn main() {
  } else if (sig_ecdsa || enc_ec256) && !enc_kw {
  conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
  } else if sig_ed25519 {
- conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
  } else if enc_kw {
  conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
  }