Add ed25519 verification to sim
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/sim/mcuboot-sys/Cargo.toml b/sim/mcuboot-sys/Cargo.toml
index 7512e22..4f20725 100644
--- a/sim/mcuboot-sys/Cargo.toml
+++ b/sim/mcuboot-sys/Cargo.toml
@@ -21,6 +21,9 @@
# Verify ECDSA (secp256r1) signatures.
sig-ecdsa = []
+# Verify ED25519 signatures.
+sig-ed25519 = []
+
# Overwrite only upgrade
overwrite-only = []
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index ce4ee25..3e419bd 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -12,6 +12,7 @@
let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
+ let sig_ed25519 = env::var("CARGO_FEATURE_SIG_ED25519").is_ok();
let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
let validate_primary_slot =
env::var("CARGO_FEATURE_VALIDATE_PRIMARY_SLOT").is_ok();
@@ -37,7 +38,7 @@
}
// Currently no more than one sig type can be used simultaneously.
- if vec![sig_rsa, sig_rsa3072, sig_ecdsa].iter()
+ if vec![sig_rsa, sig_rsa3072, sig_ecdsa, sig_ed25519].iter()
.fold(0, |sum, &v| sum + v as i32) > 1 {
panic!("mcuboot does not support more than one sig type at the same time");
}
@@ -83,6 +84,18 @@
conf.file("../../ext/mbedtls/src/platform_util.c");
conf.file("../../ext/mbedtls/src/asn1parse.c");
+ } else if sig_ed25519 {
+ conf.define("MCUBOOT_SIGN_ED25519", None);
+ conf.define("MCUBOOT_USE_MBED_TLS", None);
+
+ conf.include("mbedtls/include");
+ conf.file("mbedtls/library/sha256.c");
+ conf.file("mbedtls/library/sha512.c");
+ conf.file("csupport/keys.c");
+ conf.file("../../ext/fiat/src/curve25519.c");
+ conf.file("mbedtls/library/platform.c");
+ conf.file("mbedtls/library/platform_util.c");
+ conf.file("mbedtls/library/asn1parse.c");
} else {
// Neither signature type, only verify sha256. The default
// configuration file bundled with mbedTLS is sufficient.
@@ -148,6 +161,10 @@
conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
}
+
+ if sig_ed25519 {
+ panic!("ed25519 does not support image encryption with KW yet");
+ }
}
if sig_rsa && enc_kw {
@@ -156,6 +173,8 @@
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
} else if sig_ecdsa && !enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
+ } else if sig_ed25519 {
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
} else if enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
}
@@ -165,6 +184,8 @@
conf.file("../../boot/bootutil/src/image_rsa.c");
} else if sig_ecdsa {
conf.file("../../boot/bootutil/src/image_ec256.c");
+ } else if sig_ed25519 {
+ conf.file("../../boot/bootutil/src/image_ed25519.c");
}
conf.file("../../boot/bootutil/src/loader.c");
conf.file("../../boot/bootutil/src/caps.c");
diff --git a/sim/mcuboot-sys/csupport/keys.c b/sim/mcuboot-sys/csupport/keys.c
index 23bdb21..e0aca05 100644
--- a/sim/mcuboot-sys/csupport/keys.c
+++ b/sim/mcuboot-sys/csupport/keys.c
@@ -122,6 +122,17 @@
0x8b, 0x68, 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53,
0x8e, 0xfa, 0xc1, };
const unsigned int root_pub_der_len = 91;
+#elif defined(MCUBOOT_SIGN_ED25519)
+#define HAVE_KEYS
+const unsigned char root_pub_der[] = {
+ 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+ 0x70, 0x03, 0x21, 0x00, 0xd4, 0xb3, 0x1b, 0xa4,
+ 0x9a, 0x3a, 0xdd, 0x3f, 0x82, 0x5d, 0x10, 0xca,
+ 0x7f, 0x31, 0xb5, 0x0b, 0x0d, 0xe8, 0x7f, 0x37,
+ 0xcc, 0xc4, 0x9f, 0x1a, 0x40, 0x3a, 0x5c, 0x13,
+ 0x20, 0xff, 0xb4, 0xe0,
+};
+const unsigned int root_pub_der_len = 44;
#endif
#if defined(HAVE_KEYS)