Add Tinycrypt based SHA-512 for ED25519

Add option to build ed25519 with Tinycrypt.

This depends on merging of an external PR adding SHA-512 support to
Tinycrypt and a following update of the local copy.

Signed-off-by: Fabio Utzig <[email protected]>

Author: utzig

ext/fiat/src/curve25519.c

@@ -31,8 +31,14 @@
 #include <string.h>
 #include <stdint.h>
 
+#if defined(MCUBOOT_USE_MBED_TLS)
 #include <mbedtls/platform_util.h>
 #include <mbedtls/sha512.h>
+#else
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+#include <tinycrypt/sha512.h>
+#endif
 
 #include "curve25519.h"
 // Various pre-computed constants.
@@ -126,12 +132,20 @@ static void fe_tobytes(uint8_t s[32], const fe *f) {
 
 // h = 0
 static void fe_0(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
   mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+  _set(h, 0, sizeof(fe));
+#endif
 }
 
 // h = 1
 static void fe_1(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
   mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+  _set(h, 0, sizeof(fe));
+#endif
   h->v[0] = 1;
 }
 
@@ -1074,9 +1088,13 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
     }
   }
 
+#if defined(MCUBOOT_USE_MBED_TLS)
+
   mbedtls_sha512_context ctx;
-  mbedtls_sha512_init(&ctx);
   int ret;
+
+  mbedtls_sha512_init(&ctx);
+
   ret = mbedtls_sha512_starts_ret(&ctx, 0);
   assert(ret == 0);
 
@@ -1092,6 +1110,27 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
   assert(ret == 0);
   mbedtls_sha512_free(&ctx);
 
+#else
+
+  struct tc_sha512_state_struct s;
+  int rc;
+
+  rc = tc_sha512_init(&s);
+  assert(rc == TC_CRYPTO_SUCCESS);
+
+  rc = tc_sha512_update(&s, signature, 32);
+  assert(rc == TC_CRYPTO_SUCCESS);
+  rc = tc_sha512_update(&s, public_key, 32);
+  assert(rc == TC_CRYPTO_SUCCESS);
+  rc = tc_sha512_update(&s, message, message_len);
+  assert(rc == TC_CRYPTO_SUCCESS);
+
+  uint8_t h[TC_SHA512_DIGEST_SIZE];
+  rc = tc_sha512_final(h, &s);
+  assert(rc == TC_CRYPTO_SUCCESS);
+
+#endif
+
   x25519_sc_reduce(h);
 
   ge_p2 R;

sim/mcuboot-sys/build.rs

@@ -88,16 +88,17 @@ fn main() {
         conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
     } else if sig_ed25519 {
         conf.define("MCUBOOT_SIGN_ED25519", None);
-        conf.define("MCUBOOT_USE_MBED_TLS", None);
+        conf.define("MCUBOOT_USE_TINYCRYPT", None);
 
-        conf.include("../../ext/mbedtls/include");
-        conf.file("../../ext/mbedtls/library/sha256.c");
-        conf.file("../../ext/mbedtls/library/sha512.c");
+        conf.include("../../ext/tinycrypt/lib/include");
+        conf.include("../../ext/mbedtls-asn1/include");
+        conf.file("../../ext/tinycrypt/lib/source/sha256.c");
+        conf.file("../../ext/tinycrypt/lib/source/sha512.c");
+        conf.file("../../ext/tinycrypt/lib/source/utils.c");
         conf.file("csupport/keys.c");
         conf.file("../../ext/fiat/src/curve25519.c");
-        conf.file("../../ext/mbedtls/library/platform.c");
-        conf.file("../../ext/mbedtls/library/platform_util.c");
-        conf.file("../../ext/mbedtls/library/asn1parse.c");
+        conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
+        conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
     } else if !enc_ec256 {
         // No signature type, only sha256 validation. The default
         // configuration file bundled with mbedTLS is sufficient.
@@ -212,7 +213,7 @@ fn main() {
     } else if (sig_ecdsa || enc_ec256) && !enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
     } else if sig_ed25519 {
-        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
+        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
     } else if enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
     }