sim: add Mbed TLS EC256 encrypted image support
Add new feature that allows testing EC256 encrypted images using the
Mbed TLS backend.
Move config-ecdsa.h to config-ec.h because definitions are very similar
between ECDSA and ECDH with Mbed TLS so resort to a single config file.
Add new feature and fix the build; add proper Mbed TLS memory
initialization when enc-ec256-mbedtls is used.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/sim/mcuboot-sys/Cargo.toml b/sim/mcuboot-sys/Cargo.toml
index 19114f9..ac203f1 100644
--- a/sim/mcuboot-sys/Cargo.toml
+++ b/sim/mcuboot-sys/Cargo.toml
@@ -44,6 +44,9 @@
# Encrypt image in the secondary slot using ECIES-P256
enc-ec256 = []
+# Encrypt image in the secondary slot using ECIES-P256 using Mbed TLS
+enc-ec256-mbedtls = []
+
# Encrypt image in the secondary slot using ECIES-X25519
enc-x25519 = []
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index 74b19f0..df8c67e 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -21,6 +21,7 @@
let enc_rsa = env::var("CARGO_FEATURE_ENC_RSA").is_ok();
let enc_kw = env::var("CARGO_FEATURE_ENC_KW").is_ok();
let enc_ec256 = env::var("CARGO_FEATURE_ENC_EC256").is_ok();
+ let enc_ec256_mbedtls = env::var("CARGO_FEATURE_ENC_EC256_MBEDTLS").is_ok();
let enc_x25519 = env::var("CARGO_FEATURE_ENC_X25519").is_ok();
let bootstrap = env::var("CARGO_FEATURE_BOOTSTRAP").is_ok();
let multiimage = env::var("CARGO_FEATURE_MULTIIMAGE").is_ok();
@@ -230,6 +231,26 @@
conf.file("../../ext/tinycrypt/lib/source/ctr_mode.c");
conf.file("../../ext/tinycrypt/lib/source/hmac.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_dh.c");
+ } else if enc_ec256_mbedtls {
+ conf.define("MCUBOOT_ENCRYPT_EC256", None);
+ conf.define("MCUBOOT_ENC_IMAGES", None);
+ conf.define("MCUBOOT_USE_MBED_TLS", None);
+ conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
+
+ conf.include("../../ext/mbedtls/crypto/include");
+
+ conf.file("../../boot/bootutil/src/encrypted.c");
+ conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
+ conf.file("../../ext/mbedtls/crypto/library/bignum.c");
+ conf.file("../../ext/mbedtls/crypto/library/ecdh.c");
+ conf.file("../../ext/mbedtls/crypto/library/md.c");
+ conf.file("../../ext/mbedtls/crypto/library/aes.c");
+ conf.file("../../ext/mbedtls/crypto/library/ecp.c");
+ conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
+ conf.file("../../ext/mbedtls/crypto/library/platform.c");
+ conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
+ conf.file("csupport/keys.c");
}
if enc_x25519 {
@@ -263,8 +284,8 @@
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa-kw.h>"));
} else if sig_rsa || sig_rsa3072 || enc_rsa {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
- } else if sig_ecdsa_mbedtls {
- conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ecdsa.h>"));
+ } else if sig_ecdsa_mbedtls || enc_ec256_mbedtls {
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ec.h>"));
} else if (sig_ecdsa || enc_ec256) && !enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
} else if sig_ed25519 || enc_x25519 {
diff --git a/sim/mcuboot-sys/csupport/run.c b/sim/mcuboot-sys/csupport/run.c
index 0133262..2bea140 100644
--- a/sim/mcuboot-sys/csupport/run.c
+++ b/sim/mcuboot-sys/csupport/run.c
@@ -231,7 +231,8 @@
struct boot_loader_state *state;
#if defined(MCUBOOT_SIGN_RSA) || \
- (defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS))
+ (defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS)) ||\
+ (defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS))
mbedtls_platform_set_calloc_free(calloc, free);
#endif