commit a4818a556524ebb21c12fc3527061db3fcfdad51
author Marti Bolivar <marti@opensourcefoundries.com> Thu Apr 12 13:02:38 2018 -0400
committer Fabio Utzig <utzig@utzig.org> Wed Apr 25 18:44:03 2018 -0300
tree b3d3a1beb43d67db273c44576a4460471f31e4d0
parent f91bca51a635bba90e92df00d829abeb6b6f6949

zephyr: migrate signature type to Kconfig

Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.

This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.

Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)

We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.

To move to a single prj.conf:

- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
  the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
  depending on the case

This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.

Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>

boot/zephyr/include/config-rsa.h

diff --git a/boot/zephyr/include/config-boot.h b/boot/zephyr/include/config-rsa.h
similarity index 80%
rename from boot/zephyr/include/config-boot.h
rename to boot/zephyr/include/config-rsa.h
index 50bee10..3b5c1f5 100644
--- a/boot/zephyr/include/config-boot.h
+++ b/boot/zephyr/include/config-rsa.h
@@ -26,8 +26,8 @@
  * - RSA or ECDSA signature verification
  */
 
-#ifndef MBEDTLS_CONFIG_BOOT_H
-#define MBEDTLS_CONFIG_BOOT_H
+#ifndef MCUBOOT_MBEDTLS_CONFIG_RSA
+#define MCUBOOT_MBEDTLS_CONFIG_RSA
 
 #ifdef CONFIG_MCUBOOT_SERIAL
 /* Mcuboot uses mbedts-base64 for serial protocol encoding. */
@@ -56,20 +56,8 @@
 #define MBEDTLS_TEST_NULL_ENTROPY
 #endif
 
-/* mbed TLS feature support */
-#ifdef MCUBOOT_SIGN_EC
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#endif
-
-#ifdef MCUBOOT_SIGN_RSA
 #define MBEDTLS_RSA_C
 #define MBEDTLS_PKCS1_V21
-#endif
 
 /* mbed TLS modules */
 #define MBEDTLS_ASN1_PARSE_C
@@ -80,13 +68,8 @@
 #define MBEDTLS_SHA256_C
 
 /* Save RAM by adjusting to our exact needs */
-#ifdef MCUBOOT_SIGN_RSA
 #define MBEDTLS_ECP_MAX_BITS             2048
 #define MBEDTLS_MPI_MAX_SIZE              256
-#else
-#define MBEDTLS_ECP_MAX_BITS             256
-#define MBEDTLS_MPI_MAX_SIZE              32 // 256 bits is 32 bytes
-#endif
 
 #define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
 
@@ -95,4 +78,4 @@
 
 #include "mbedtls/check_config.h"
 
-#endif /* MBEDTLS_CONFIG_BOOT_H */
+#endif /* MCUBOOT_MBEDTLS_CONFIG_RSA */

boot/zephyr/include/mcuboot-mbedtls-cfg.h

diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h
new file mode 100644
index 0000000..14cd9eb
--- /dev/null
+++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h
@@ -0,0 +1,32 @@
+/*
+ *  Copyright (C) 2018 Open Source Foundries Limited
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef _MCUBOOT_MBEDTLS_CONFIG_
+#define _MCUBOOT_MBEDTLS_CONFIG_
+
+/**
+ * @file
+ *
+ * This is the top-level mbedTLS configuration file for MCUboot. The
+ * configuration depends on the signature type, so this file just
+ * pulls in the right header depending on that setting.
+ */
+
+/*
+ * IMPORTANT:
+ *
+ * If you put any "generic" definitions in here, make sure to update
+ * the simulator build.rs accordingly.
+ */
+
+#ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
+#include "config-rsa.h"
+#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
+#include "config-asn1.h"
+#else
+#error "Cannot configure mbedTLS; signature type is unknown."
+#endif
+
+#endif

boot/zephyr/include/mcuboot_config/mcuboot_config.h

diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
index d7d141d..03d1e37 100644
--- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h
+++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
@@ -18,9 +18,17 @@
  */
 #ifndef __BOOTSIM__
 
-/*
- * Initially blank.
- */
+#ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
+#define MCUBOOT_SIGN_RSA
+#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
+#define MCUBOOT_SIGN_EC256
+#endif
+
+#ifdef CONFIG_BOOT_USE_MBEDTLS
+#define MCUBOOT_USE_MBED_TLS
+#elif defined(CONFIG_BOOT_USE_TINYCRYPT)
+#define MCUBOOT_USE_TINYCRYPT
+#endif
 
 #endif /* !__BOOTSIM__ */