Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bootutil/crypto: Support using mbedTLS for ecdsa #1937

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bootutil/crypto: Support using mbedTLS for ecdsa #1937

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions boot/bootutil/include/bootutil/crypto/ecdsa.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,13 +102,13 @@ static int bootutil_import_key(uint8_t **cp, uint8_t *end)
return -2;
}
/* id-ecPublicKey (RFC5480) */
if (alg.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.MBEDTLS_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -3;
}
/* namedCurve (RFC5480) */
if (param.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1 ||
memcmp(param.MBEDTLS_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
if (param.len != sizeof(ec_secp256r1_oid) - 1 ||
memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
return -4;
}
/* ECPoint (RFC5480) */
Expand Down
68 changes: 36 additions & 32 deletions boot/zephyr/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,40 +148,44 @@ zephyr_library_sources(
endif()

if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256)
zephyr_library_include_directories(
${MBEDTLS_ASN1_DIR}/include
)
zephyr_library_sources(
# Additionally pull in just the ASN.1 parser from mbedTLS.
${MBEDTLS_ASN1_DIR}/src/asn1parse.c
${MBEDTLS_ASN1_DIR}/src/platform_util.c
)
if(CONFIG_BOOT_USE_TINYCRYPT)
# When using ECDSA signatures, pull in our copy of the tinycrypt library.
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
)
zephyr_include_directories(${TINYCRYPT_DIR}/include)
if (CONFIG_BOOT_ECDSA_MBEDTLS)
zephyr_include_directories(include)
else()
zephyr_library_include_directories(
${MBEDTLS_ASN1_DIR}/include
)
zephyr_library_sources(
# Additionally pull in just the ASN.1 parser from mbedTLS.
${MBEDTLS_ASN1_DIR}/src/asn1parse.c
${MBEDTLS_ASN1_DIR}/src/platform_util.c
)
if(CONFIG_BOOT_USE_TINYCRYPT)
# When using ECDSA signatures, pull in our copy of the tinycrypt library.
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
)
zephyr_include_directories(${TINYCRYPT_DIR}/include)

zephyr_library_sources(
${TINYCRYPT_DIR}/source/ecc.c
${TINYCRYPT_DIR}/source/ecc_dsa.c
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
)
elseif(CONFIG_BOOT_USE_NRF_CC310_BL)
zephyr_library_sources(${NRF_DIR}/cc310_glue.c)
zephyr_library_include_directories(${NRF_DIR})
zephyr_link_libraries(nrfxlib_crypto)
endif()
zephyr_library_sources(
${TINYCRYPT_DIR}/source/ecc.c
${TINYCRYPT_DIR}/source/ecc_dsa.c
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
)
elseif(CONFIG_BOOT_USE_NRF_CC310_BL)
zephyr_library_sources(${NRF_DIR}/cc310_glue.c)
zephyr_library_include_directories(${NRF_DIR})
zephyr_link_libraries(nrfxlib_crypto)
endif()

# Since here we are not using Zephyr's mbedTLS but rather our own, we need
# to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this
# variable is set by its Kconfig in the Zephyr codebase.
zephyr_library_compile_definitions(
MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
)
# Since here we are not using Zephyr's mbedTLS but rather our own, we need
# to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this
# variable is set by its Kconfig in the Zephyr codebase.
zephyr_library_compile_definitions(
MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
)
endif()
elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE)
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
Expand Down
5 changes: 5 additions & 0 deletions boot/zephyr/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ config BOOT_ECDSA_TINYCRYPT
bool "Use tinycrypt"
select BOOT_USE_TINYCRYPT

config BOOT_ECDSA_MBEDTLS
bool "Use mbedTLS"
select BOOT_USE_MBEDTLS
select MBEDTLS

config BOOT_ECDSA_CC310
bool "Use CC310"
depends on HAS_HW_NRF_CC310
Expand Down
1 change: 1 addition & 0 deletions boot/zephyr/include/mcuboot-mbedtls-cfg.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
defined(CONFIG_BOOT_ENCRYPT_EC256) || \
(defined(CONFIG_BOOT_ENCRYPT_X25519) && !defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519))
#include "config-asn1.h"
#include "config-ec.h"
#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
#include "config-ed25519.h"
#else
Expand Down