boot: zephyr: mynewt: sha-512 from tinycrypt

utzig · utzig · commit 34e93a507b9f · 2020-02-04T06:09:01.000-03:00
* Mynewt always uses sha-512 from tinycrypt
* Zephyr can choose either tinycrypt or mbedTLS

Signed-off-by: Fabio Utzig &lt;utzig@apache.org&gt;
diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml
@@ -49,5 +49,7 @@ pkg.deps.BOOTUTIL_USE_TINYCRYPT:
     - "@mcuboot/ext/mbedtls-asn1"
 
 pkg.deps.BOOTUTIL_SIGN_ED25519:
-    - "@apache-mynewt-core/crypto/mbedtls"
+    - "@mcuboot/ext/tinycrypt/lib"
+    - "@mcuboot/ext/tinycrypt-sha512/lib"
+    - "@mcuboot/ext/mbedtls-asn1"
     - "@mcuboot/ext/fiat"
diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
@@ -51,6 +51,8 @@ get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY)
 # Path to tinycrypt library source subdirectory of MCUBOOT_DIR.
 set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib")
 assert_exists(TINYCRYPT_DIR)
+set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib")
+assert_exists(TINYCRYPT_SHA512_DIR)
 # Path to crypto-fiat
 set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat")
 assert_exists(FIAT_DIR)
@@ -144,8 +146,27 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
   # is set using Kconfig.)
   zephyr_include_directories(include)
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
-  # For ed25519, mbedTLS is used for ASN1 parsing and SHA512
-  zephyr_include_directories(include)
+  if(CONFIG_BOOT_USE_TINYCRYPT)
+    zephyr_library_include_directories(
+      ${MBEDTLS_ASN1_DIR}/include
+      ${BOOT_DIR}/zephyr/include
+      ${TINYCRYPT_DIR}/include
+      ${TINYCRYPT_SHA512_DIR}/include
+      )
+    zephyr_library_sources(
+      ${TINYCRYPT_DIR}/source/sha256.c
+      ${TINYCRYPT_DIR}/source/utils.c
+      ${TINYCRYPT_SHA512_DIR}/source/sha512.c
+      # Additionally pull in just the ASN.1 parser from mbedTLS.
+      ${MBEDTLS_ASN1_DIR}/src/asn1parse.c
+      ${MBEDTLS_ASN1_DIR}/src/platform_util.c
+      )
+    zephyr_library_compile_definitions(
+      MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
+      )
+  else()
+    zephyr_include_directories(include)
+  endif()
 
   zephyr_library_include_directories(
     ${BOOT_DIR}/zephyr/include
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -76,16 +76,11 @@ endif
 config BOOT_SIGNATURE_TYPE_ECDSA_P256
 	bool "Elliptic curve digital signatures with curve P-256"
 
-config BOOT_SIGNATURE_TYPE_ED25519
-	bool "Edwards curve digital signatures using ed25519"
-	select BOOT_USE_MBEDTLS
-	select MBEDTLS
-
 if BOOT_SIGNATURE_TYPE_ECDSA_P256
 choice
 	prompt "Ecdsa implementation"
-	default BOOT_TINYCRYPT
-config BOOT_TINYCRYPT
+	default BOOT_ECDSA_TINYCRYPT
+config BOOT_ECDSA_TINYCRYPT
 	bool "Use tinycrypt"
 	select BOOT_USE_TINYCRYPT
 config BOOT_CC310
@@ -96,6 +91,24 @@ config BOOT_CC310
 	select BOOT_USE_CC310
 endchoice
 endif
+
+config BOOT_SIGNATURE_TYPE_ED25519
+	bool "Edwards curve digital signatures using ed25519"
+
+if BOOT_SIGNATURE_TYPE_ED25519
+choice
+	prompt "Ecdsa implementation"
+	default BOOT_ED25519_TINYCRYPT
+config BOOT_ED25519_TINYCRYPT
+	bool "Use tinycrypt"
+	select BOOT_USE_TINYCRYPT
+config BOOT_ED25519_MBEDTLS
+	bool "Use mbedTLS"
+	select BOOT_USE_MBEDTLS
+	select MBEDTLS
+endchoice
+endif
+
 endchoice
 
 config BOOT_SIGNATURE_KEY_FILE
