Add ecdsa to build
This enables building ecdsa feature using tinycrypt (mbed still built
for ASN1). The default mbed-tls config was update to use the MCUBOOT_SIGN_*
symbols.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/zephyr/include/config-boot.h b/boot/zephyr/include/config-boot.h
index 72cca68..fbfe01c 100644
--- a/boot/zephyr/include/config-boot.h
+++ b/boot/zephyr/include/config-boot.h
@@ -34,10 +34,6 @@
#define MBEDTLS_BASE64_C
#endif
-/* TODO: Configure this between app and target. Really, we want the
- * config to come from the app. */
-#define CONFIG_BOOT_VERIFY_RSA_SIGNATURE
-
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
@@ -61,7 +57,7 @@
#endif
/* mbed TLS feature support */
-#ifdef CONFIG_BOOT_VERIFY_ECDSA_SIGNATURE
+#ifdef MCUBOOT_SIGN_EC
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -70,7 +66,7 @@
#define MBEDTLS_ECP_C
#endif
-#ifdef CONFIG_BOOT_VERIFY_RSA_SIGNATURE
+#ifdef MCUBOOT_SIGN_RSA
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V15
#endif
@@ -84,7 +80,7 @@
#define MBEDTLS_SHA256_C
/* Save RAM by adjusting to our exact needs */
-#ifdef CONFIG_BOOT_VERIFY_RSA_SIGNATURE
+#ifdef MCUBOOT_SIGN_RSA
#define MBEDTLS_ECP_MAX_BITS 2048
#define MBEDTLS_MPI_MAX_SIZE 256
#else
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index d181e34..aadfb68 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -13,7 +13,7 @@
let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
- let mut conf = gcc::Config::new();
+ let mut conf = gcc::Build::new();
conf.define("__BOOTSIM__", None);
conf.define("MCUBOOT_USE_FLASH_AREA_GET_SECTORS", None);
conf.define("MCUBOOT_VALIDATE_SLOT0", None);
@@ -37,10 +37,23 @@
conf.file("mbedtls/library/bignum.c");
conf.file("mbedtls/library/asn1parse.c");
} else if sig_ecdsa {
- conf.define("MCUBOOT_SIGN_ECDSA", None);
+ conf.define("MCUBOOT_SIGN_EC256", None);
conf.define("MCUBOOT_USE_TINYCRYPT", None);
- // TODO: Compile files + tinycrypt.
- panic!("ECDSA not yet implemented in sim");
+
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
+ conf.include("mbedtls/include");
+ conf.include("../../ext/tinycrypt/lib/include");
+
+ conf.file("../../boot/zephyr/keys.c");
+
+ conf.file("../../ext/tinycrypt/lib/source/utils.c");
+ conf.file("../../ext/tinycrypt/lib/source/sha256.c");
+ conf.file("../../ext/tinycrypt/lib/source/ecc.c");
+ conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c");
+ conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c");
+
+ conf.file("mbedtls/library/bignum.c");
+ conf.file("mbedtls/library/asn1parse.c");
} else {
// Neither signature type, only verify sha256.
conf.define("MCUBOOT_USE_MBED_TLS", None);
@@ -55,7 +68,11 @@
}
conf.file("../../boot/bootutil/src/image_validate.c");
- conf.file("../../boot/bootutil/src/image_rsa.c");
+ if sig_rsa {
+ conf.file("../../boot/bootutil/src/image_rsa.c");
+ } else if sig_ecdsa {
+ conf.file("../../boot/bootutil/src/image_ec256.c");
+ }
conf.file("../../boot/bootutil/src/loader.c");
conf.file("../../boot/bootutil/src/caps.c");
conf.file("../../boot/bootutil/src/bootutil_misc.c");
@@ -69,6 +86,7 @@
conf.compile("libbootutil.a");
walk_dir("../../boot").unwrap();
+ walk_dir("../../ext/tinycrypt/lib/source").unwrap();
walk_dir("csupport").unwrap();
walk_dir("mbedtls/include").unwrap();
walk_dir("mbedtls/library").unwrap();