boot: zephyr: mynewt: sha-512 from tinycrypt * Mynewt always uses sha-512 from tinycrypt * Zephyr can choose either tinycrypt or mbedTLS Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: 34e93a507b9f849221afa438ada3f681b716a5f5 [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Mon Feb 03 09:59:53 2020 -0300
committer: Fabio Utzig <utzig@utzig.org> Tue Feb 04 06:09:01 2020 -0300
tree: 249a06c39898a54d8b137fe5ac0e77b0b4712622
parent: a1c142d168e08d2f0a4dc860d24dfeef769b5829 [diff]
diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml
index 622d8dc..3f114f3 100644
--- a/boot/bootutil/pkg.yml
+++ b/boot/bootutil/pkg.yml

@@ -49,5 +49,7 @@
     - "@mcuboot/ext/mbedtls-asn1"
 
 pkg.deps.BOOTUTIL_SIGN_ED25519:
-    - "@apache-mynewt-core/crypto/mbedtls"
+    - "@mcuboot/ext/tinycrypt/lib"
+    - "@mcuboot/ext/tinycrypt-sha512/lib"
+    - "@mcuboot/ext/mbedtls-asn1"
     - "@mcuboot/ext/fiat"

diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index 7906a24..cc400f9 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt

@@ -51,6 +51,8 @@
 # Path to tinycrypt library source subdirectory of MCUBOOT_DIR.
 set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib")
 assert_exists(TINYCRYPT_DIR)
+set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib")
+assert_exists(TINYCRYPT_SHA512_DIR)
 # Path to crypto-fiat
 set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat")
 assert_exists(FIAT_DIR)
@@ -144,8 +146,27 @@
   # is set using Kconfig.)
   zephyr_include_directories(include)
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
-  # For ed25519, mbedTLS is used for ASN1 parsing and SHA512
-  zephyr_include_directories(include)
+  if(CONFIG_BOOT_USE_TINYCRYPT)
+    zephyr_library_include_directories(
+      ${MBEDTLS_ASN1_DIR}/include
+      ${BOOT_DIR}/zephyr/include
+      ${TINYCRYPT_DIR}/include
+      ${TINYCRYPT_SHA512_DIR}/include
+      )
+    zephyr_library_sources(
+      ${TINYCRYPT_DIR}/source/sha256.c
+      ${TINYCRYPT_DIR}/source/utils.c
+      ${TINYCRYPT_SHA512_DIR}/source/sha512.c
+      # Additionally pull in just the ASN.1 parser from mbedTLS.
+      ${MBEDTLS_ASN1_DIR}/src/asn1parse.c
+      ${MBEDTLS_ASN1_DIR}/src/platform_util.c
+      )
+    zephyr_library_compile_definitions(
+      MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
+      )
+  else()
+    zephyr_include_directories(include)
+  endif()
 
   zephyr_library_include_directories(
     ${BOOT_DIR}/zephyr/include

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 2809410..09d5a9d 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig

@@ -76,16 +76,11 @@
 config BOOT_SIGNATURE_TYPE_ECDSA_P256
 	bool "Elliptic curve digital signatures with curve P-256"
 
-config BOOT_SIGNATURE_TYPE_ED25519
-	bool "Edwards curve digital signatures using ed25519"
-	select BOOT_USE_MBEDTLS
-	select MBEDTLS
-
 if BOOT_SIGNATURE_TYPE_ECDSA_P256
 choice
 	prompt "Ecdsa implementation"
-	default BOOT_TINYCRYPT
-config BOOT_TINYCRYPT
+	default BOOT_ECDSA_TINYCRYPT
+config BOOT_ECDSA_TINYCRYPT
 	bool "Use tinycrypt"
 	select BOOT_USE_TINYCRYPT
 config BOOT_CC310
@@ -96,6 +91,24 @@
 	select BOOT_USE_CC310
 endchoice
 endif
+
+config BOOT_SIGNATURE_TYPE_ED25519
+	bool "Edwards curve digital signatures using ed25519"
+
+if BOOT_SIGNATURE_TYPE_ED25519
+choice
+	prompt "Ecdsa implementation"
+	default BOOT_ED25519_TINYCRYPT
+config BOOT_ED25519_TINYCRYPT
+	bool "Use tinycrypt"
+	select BOOT_USE_TINYCRYPT
+config BOOT_ED25519_MBEDTLS
+	bool "Use mbedTLS"
+	select BOOT_USE_MBEDTLS
+	select MBEDTLS
+endchoice
+endif
+
 endchoice
 
 config BOOT_SIGNATURE_KEY_FILE
commit	34e93a507b9f849221afa438ada3f681b716a5f5	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Mon Feb 03 09:59:53 2020 -0300
committer	Fabio Utzig <utzig@utzig.org>	Tue Feb 04 06:09:01 2020 -0300
tree	249a06c39898a54d8b137fe5ac0e77b0b4712622
parent	a1c142d168e08d2f0a4dc860d24dfeef769b5829 [diff]