TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 9771028579749bf5fbfd32490d56529473bddeba^! / . / sim / mcuboot-sys / build.rs
commit9771028579749bf5fbfd32490d56529473bddeba[log] [tgz]
authorFabio Utzig <utzig@apache.org>Fri May 24 17:44:49 2019 -0300
committerFabio Utzig <utzig@utzig.org>Thu Jun 13 19:21:05 2019 -0300
treefcf4038d1b27901996255d95b444497d32e664d5
parent4876484bce36cb030e1ec1acee0669ef996187cf [diff] [blame]
Add ed25519 verification to sim

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index ce4ee25..3e419bd 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs

@@ -12,6 +12,7 @@
     let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
     let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
     let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
+    let sig_ed25519 = env::var("CARGO_FEATURE_SIG_ED25519").is_ok();
     let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
     let validate_primary_slot =
                   env::var("CARGO_FEATURE_VALIDATE_PRIMARY_SLOT").is_ok();
@@ -37,7 +38,7 @@
     }
 
     // Currently no more than one sig type can be used simultaneously.
-    if vec![sig_rsa, sig_rsa3072, sig_ecdsa].iter()
+    if vec![sig_rsa, sig_rsa3072, sig_ecdsa, sig_ed25519].iter()
         .fold(0, |sum, &v| sum + v as i32) > 1 {
         panic!("mcuboot does not support more than one sig type at the same time");
     }
@@ -83,6 +84,18 @@
 
         conf.file("../../ext/mbedtls/src/platform_util.c");
         conf.file("../../ext/mbedtls/src/asn1parse.c");
+    } else if sig_ed25519 {
+        conf.define("MCUBOOT_SIGN_ED25519", None);
+        conf.define("MCUBOOT_USE_MBED_TLS", None);
+
+        conf.include("mbedtls/include");
+        conf.file("mbedtls/library/sha256.c");
+        conf.file("mbedtls/library/sha512.c");
+        conf.file("csupport/keys.c");
+        conf.file("../../ext/fiat/src/curve25519.c");
+        conf.file("mbedtls/library/platform.c");
+        conf.file("mbedtls/library/platform_util.c");
+        conf.file("mbedtls/library/asn1parse.c");
     } else {
         // Neither signature type, only verify sha256. The default
         // configuration file bundled with mbedTLS is sufficient.
@@ -148,6 +161,10 @@
             conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
             conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
         }
+
+        if sig_ed25519 {
+            panic!("ed25519 does not support image encryption with KW yet");
+        }
     }
 
     if sig_rsa && enc_kw {
@@ -156,6 +173,8 @@
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
     } else if sig_ecdsa && !enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
+    } else if sig_ed25519 {
+        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
     } else if enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
     }
@@ -165,6 +184,8 @@
         conf.file("../../boot/bootutil/src/image_rsa.c");
     } else if sig_ecdsa {
         conf.file("../../boot/bootutil/src/image_ec256.c");
+    } else if sig_ed25519 {
+        conf.file("../../boot/bootutil/src/image_ed25519.c");
     }
     conf.file("../../boot/bootutil/src/loader.c");
     conf.file("../../boot/bootutil/src/caps.c");