Add Mynewt support for bundled tinycrypt + mbedtls
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml
index 6d04674..e5b2098 100644
--- a/boot/bootutil/pkg.yml
+++ b/boot/bootutil/pkg.yml
@@ -34,10 +34,13 @@
pkg.deps:
- "@mcuboot/boot/mynewt/mcuboot_config"
- "@apache-mynewt-core/hw/hal"
- - "@apache-mynewt-core/crypto/mbedtls"
- "@apache-mynewt-core/kernel/os"
- "@apache-mynewt-core/sys/defs"
- "@apache-mynewt-core/sys/flash_map"
+pkg.deps.BOOTUTIL_USE_MBED_TLS:
+ - "@apache-mynewt-core/crypto/mbedtls"
+
pkg.deps.BOOTUTIL_USE_TINYCRYPT:
- - "@mcuboot/boot/mynewt/tinycrypt"
+ - "@mcuboot/ext/tinycrypt/lib"
+ - "@mcuboot/ext/mbedtls"
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/aes.h b/boot/mynewt/tinycrypt/include/tinycrypt/aes.h
deleted file mode 120000
index 559fd61..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/aes.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/aes.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/cbc_mode.h b/boot/mynewt/tinycrypt/include/tinycrypt/cbc_mode.h
deleted file mode 120000
index f342701..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/cbc_mode.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ccm_mode.h b/boot/mynewt/tinycrypt/include/tinycrypt/ccm_mode.h
deleted file mode 120000
index 563305f..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ccm_mode.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/cmac_mode.h b/boot/mynewt/tinycrypt/include/tinycrypt/cmac_mode.h
deleted file mode 120000
index 4dda539..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/cmac_mode.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/constants.h b/boot/mynewt/tinycrypt/include/tinycrypt/constants.h
deleted file mode 120000
index a572a1b..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/constants.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/constants.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ctr_mode.h b/boot/mynewt/tinycrypt/include/tinycrypt/ctr_mode.h
deleted file mode 120000
index 2d38453..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ctr_mode.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ctr_prng.h b/boot/mynewt/tinycrypt/include/tinycrypt/ctr_prng.h
deleted file mode 120000
index f6b12ef..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ctr_prng.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ecc.h b/boot/mynewt/tinycrypt/include/tinycrypt/ecc.h
deleted file mode 120000
index 1487a34..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ecc.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ecc.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dh.h b/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dh.h
deleted file mode 120000
index 12dc17b..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dh.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dsa.h b/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dsa.h
deleted file mode 120000
index b3c5824..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_dsa.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_platform_specific.h b/boot/mynewt/tinycrypt/include/tinycrypt/ecc_platform_specific.h
deleted file mode 120000
index a96f014..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/ecc_platform_specific.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/ecc_platform_specific.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/hmac.h b/boot/mynewt/tinycrypt/include/tinycrypt/hmac.h
deleted file mode 120000
index eb3224f..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/hmac.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/hmac.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/hmac_prng.h b/boot/mynewt/tinycrypt/include/tinycrypt/hmac_prng.h
deleted file mode 120000
index fe11c1c..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/hmac_prng.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/sha256.h b/boot/mynewt/tinycrypt/include/tinycrypt/sha256.h
deleted file mode 120000
index 9d74f28..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/sha256.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/sha256.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/include/tinycrypt/utils.h b/boot/mynewt/tinycrypt/include/tinycrypt/utils.h
deleted file mode 120000
index cb568e3..0000000
--- a/boot/mynewt/tinycrypt/include/tinycrypt/utils.h
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../ext/tinycrypt/lib/include/tinycrypt/utils.h
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/aes_decrypt.c b/boot/mynewt/tinycrypt/src/aes_decrypt.c
deleted file mode 120000
index dfadb18..0000000
--- a/boot/mynewt/tinycrypt/src/aes_decrypt.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/aes_decrypt.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/aes_encrypt.c b/boot/mynewt/tinycrypt/src/aes_encrypt.c
deleted file mode 120000
index 1b19ebb..0000000
--- a/boot/mynewt/tinycrypt/src/aes_encrypt.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/aes_encrypt.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/cbc_mode.c b/boot/mynewt/tinycrypt/src/cbc_mode.c
deleted file mode 120000
index b408b0e..0000000
--- a/boot/mynewt/tinycrypt/src/cbc_mode.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/cbc_mode.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ccm_mode.c b/boot/mynewt/tinycrypt/src/ccm_mode.c
deleted file mode 120000
index b9fc601..0000000
--- a/boot/mynewt/tinycrypt/src/ccm_mode.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ccm_mode.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/cmac_mode.c b/boot/mynewt/tinycrypt/src/cmac_mode.c
deleted file mode 120000
index c9b1b15..0000000
--- a/boot/mynewt/tinycrypt/src/cmac_mode.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/cmac_mode.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ctr_mode.c b/boot/mynewt/tinycrypt/src/ctr_mode.c
deleted file mode 120000
index 02a6557..0000000
--- a/boot/mynewt/tinycrypt/src/ctr_mode.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ctr_mode.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ctr_prng.c b/boot/mynewt/tinycrypt/src/ctr_prng.c
deleted file mode 120000
index 8d83ea4..0000000
--- a/boot/mynewt/tinycrypt/src/ctr_prng.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ctr_prng.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ecc.c b/boot/mynewt/tinycrypt/src/ecc.c
deleted file mode 120000
index 50ea61d..0000000
--- a/boot/mynewt/tinycrypt/src/ecc.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ecc.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ecc_dh.c b/boot/mynewt/tinycrypt/src/ecc_dh.c
deleted file mode 120000
index 04de4da..0000000
--- a/boot/mynewt/tinycrypt/src/ecc_dh.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ecc_dh.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ecc_dsa.c b/boot/mynewt/tinycrypt/src/ecc_dsa.c
deleted file mode 120000
index 43f73c1..0000000
--- a/boot/mynewt/tinycrypt/src/ecc_dsa.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ecc_dsa.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/ecc_platform_specific.c b/boot/mynewt/tinycrypt/src/ecc_platform_specific.c
deleted file mode 120000
index 4a504e5..0000000
--- a/boot/mynewt/tinycrypt/src/ecc_platform_specific.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/ecc_platform_specific.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/hmac.c b/boot/mynewt/tinycrypt/src/hmac.c
deleted file mode 120000
index d8ef08f..0000000
--- a/boot/mynewt/tinycrypt/src/hmac.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/hmac.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/hmac_prng.c b/boot/mynewt/tinycrypt/src/hmac_prng.c
deleted file mode 120000
index 59ac942..0000000
--- a/boot/mynewt/tinycrypt/src/hmac_prng.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/hmac_prng.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/sha256.c b/boot/mynewt/tinycrypt/src/sha256.c
deleted file mode 120000
index ad2da0a..0000000
--- a/boot/mynewt/tinycrypt/src/sha256.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/sha256.c
\ No newline at end of file
diff --git a/boot/mynewt/tinycrypt/src/utils.c b/boot/mynewt/tinycrypt/src/utils.c
deleted file mode 120000
index e4e74c2..0000000
--- a/boot/mynewt/tinycrypt/src/utils.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../../ext/tinycrypt/lib/source/utils.c
\ No newline at end of file
diff --git a/ext/mbedtls/include/mbedtls/config.h b/ext/mbedtls/include/mbedtls/config.h
new file mode 100644
index 0000000..2fa14eb
--- /dev/null
+++ b/ext/mbedtls/include/mbedtls/config.h
@@ -0,0 +1,96 @@
+/**
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+//#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_FS_IO
+//#define MBEDTLS_VERSION_FEATURES
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module: library/platform.c
+ * Caller: Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module: library/timing.c
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
+
+#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
+#endif
+
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/boot/mynewt/tinycrypt/pkg.yml b/ext/mbedtls/pkg.yml
similarity index 88%
copy from boot/mynewt/tinycrypt/pkg.yml
copy to ext/mbedtls/pkg.yml
index 154708b..5e8b467 100644
--- a/boot/mynewt/tinycrypt/pkg.yml
+++ b/ext/mbedtls/pkg.yml
@@ -6,7 +6,7 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
@@ -17,11 +17,8 @@
# under the License.
#
-pkg.name: boot/mynewt/tinycrypt
-pkg.description: "MCUboot's bundled tinycrypt"
+pkg.name: ext/mbedtls
+pkg.description: "MCUboot's bundled mbed-tls ASN1 parser"
pkg.author: "Apache Mynewt <dev@mynewt.apache.org>"
pkg.homepage: "http://mynewt.apache.org/"
pkg.keywords:
-
-pkg.cflags:
- - "-std=c99"
diff --git a/boot/mynewt/tinycrypt/pkg.yml b/ext/tinycrypt/lib/pkg.yml
similarity index 94%
rename from boot/mynewt/tinycrypt/pkg.yml
rename to ext/tinycrypt/lib/pkg.yml
index 154708b..42db8aa 100644
--- a/boot/mynewt/tinycrypt/pkg.yml
+++ b/ext/tinycrypt/lib/pkg.yml
@@ -17,11 +17,14 @@
# under the License.
#
-pkg.name: boot/mynewt/tinycrypt
+pkg.name: ext/tinycrypt/lib
pkg.description: "MCUboot's bundled tinycrypt"
pkg.author: "Apache Mynewt <dev@mynewt.apache.org>"
pkg.homepage: "http://mynewt.apache.org/"
pkg.keywords:
+pkg.src_dirs:
+ - "source"
+
pkg.cflags:
- "-std=c99"