Add Tinycrypt based SHA-512 for ED25519
Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/ext/fiat/src/curve25519.c b/ext/fiat/src/curve25519.c
index 0215caf..84f6bcf 100644
--- a/ext/fiat/src/curve25519.c
+++ b/ext/fiat/src/curve25519.c
@@ -31,8 +31,16 @@
#include <string.h>
#include <stdint.h>
+#include <mcuboot_config/mcuboot_config.h>
+
+#if defined(MCUBOOT_USE_MBED_TLS)
#include <mbedtls/platform_util.h>
#include <mbedtls/sha512.h>
+#else
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+#include <tinycrypt/sha512.h>
+#endif
#include "curve25519.h"
// Various pre-computed constants.
@@ -126,12 +134,20 @@
// h = 0
static void fe_0(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+ _set(h, 0, sizeof(fe));
+#endif
}
// h = 1
static void fe_1(fe *h) {
+#if defined(MCUBOOT_USE_MBED_TLS)
mbedtls_platform_zeroize(h, sizeof(fe));
+#else
+ _set(h, 0, sizeof(fe));
+#endif
h->v[0] = 1;
}
@@ -1074,9 +1090,13 @@
}
}
+#if defined(MCUBOOT_USE_MBED_TLS)
+
mbedtls_sha512_context ctx;
- mbedtls_sha512_init(&ctx);
int ret;
+
+ mbedtls_sha512_init(&ctx);
+
ret = mbedtls_sha512_starts_ret(&ctx, 0);
assert(ret == 0);
@@ -1092,6 +1112,27 @@
assert(ret == 0);
mbedtls_sha512_free(&ctx);
+#else
+
+ struct tc_sha512_state_struct s;
+ int rc;
+
+ rc = tc_sha512_init(&s);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+ rc = tc_sha512_update(&s, signature, 32);
+ assert(rc == TC_CRYPTO_SUCCESS);
+ rc = tc_sha512_update(&s, public_key, 32);
+ assert(rc == TC_CRYPTO_SUCCESS);
+ rc = tc_sha512_update(&s, message, message_len);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+ uint8_t h[TC_SHA512_DIGEST_SIZE];
+ rc = tc_sha512_final(h, &s);
+ assert(rc == TC_CRYPTO_SUCCESS);
+
+#endif
+
x25519_sc_reduce(h);
ge_p2 R;
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index 3bf4409..66bba79 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -97,16 +97,18 @@
conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
} else if sig_ed25519 {
conf.define("MCUBOOT_SIGN_ED25519", None);
- conf.define("MCUBOOT_USE_MBED_TLS", None);
+ conf.define("MCUBOOT_USE_TINYCRYPT", None);
- conf.include("../../ext/mbedtls/include");
- conf.file("../../ext/mbedtls/library/sha256.c");
- conf.file("../../ext/mbedtls/library/sha512.c");
+ conf.include("../../ext/tinycrypt/lib/include");
+ conf.include("../../ext/tinycrypt-sha512/lib/include");
+ conf.include("../../ext/mbedtls-asn1/include");
+ conf.file("../../ext/tinycrypt/lib/source/sha256.c");
+ conf.file("../../ext/tinycrypt-sha512/lib/source/sha512.c");
+ conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("csupport/keys.c");
conf.file("../../ext/fiat/src/curve25519.c");
- conf.file("../../ext/mbedtls/library/platform.c");
- conf.file("../../ext/mbedtls/library/platform_util.c");
- conf.file("../../ext/mbedtls/library/asn1parse.c");
+ conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
+ conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
} else if !enc_ec256 {
// No signature type, only sha256 validation. The default
// configuration file bundled with mbedTLS is sufficient.
@@ -221,7 +223,7 @@
} else if (sig_ecdsa || enc_ec256) && !enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
} else if sig_ed25519 {
- conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
} else if enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
}