sim: add Mbed TLS EC256 encrypted image support (6c553d67) · Commits · Wenxi XU / Mcuboot

boot/zephyr/include/config-ecdsa.h→boot/zephyr/include/config-ec.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -53,6 +53,7 @@
		#endif

		#define MBEDTLS_ECDSA_C
		#define MBEDTLS_ECDH_C

		/* mbed TLS modules */
		#define MBEDTLS_ASN1_PARSE_C

sim/Cargo.toml

+1 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ validate-primary-slot = ["mcuboot-sys/validate-primary-slot"]
		enc-rsa = ["mcuboot-sys/enc-rsa"]
		enc-kw = ["mcuboot-sys/enc-kw"]
		enc-ec256 = ["mcuboot-sys/enc-ec256"]
		enc-ec256-mbedtls = ["mcuboot-sys/enc-ec256-mbedtls"]
		enc-x25519 = ["mcuboot-sys/enc-x25519"]
		bootstrap = ["mcuboot-sys/bootstrap"]
		multiimage = ["mcuboot-sys/multiimage"]

sim/mcuboot-sys/Cargo.toml

+3 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,9 @@ enc-kw = []
		# Encrypt image in the secondary slot using ECIES-P256
		enc-ec256 = []

		# Encrypt image in the secondary slot using ECIES-P256 using Mbed TLS
		enc-ec256-mbedtls = []

		# Encrypt image in the secondary slot using ECIES-X25519
		enc-x25519 = []

sim/mcuboot-sys/build.rs

+23 −2

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ fn main() {
		let enc_rsa = env::var("CARGO_FEATURE_ENC_RSA").is_ok();
		let enc_kw = env::var("CARGO_FEATURE_ENC_KW").is_ok();
		let enc_ec256 = env::var("CARGO_FEATURE_ENC_EC256").is_ok();
		let enc_ec256_mbedtls = env::var("CARGO_FEATURE_ENC_EC256_MBEDTLS").is_ok();
		let enc_x25519 = env::var("CARGO_FEATURE_ENC_X25519").is_ok();
		let bootstrap = env::var("CARGO_FEATURE_BOOTSTRAP").is_ok();
		let multiimage = env::var("CARGO_FEATURE_MULTIIMAGE").is_ok();
		@@ -230,6 +231,26 @@ fn main() {
		conf.file("../../ext/tinycrypt/lib/source/ctr_mode.c");
		conf.file("../../ext/tinycrypt/lib/source/hmac.c");
		conf.file("../../ext/tinycrypt/lib/source/ecc_dh.c");
		} else if enc_ec256_mbedtls {
		conf.define("MCUBOOT_ENCRYPT_EC256", None);
		conf.define("MCUBOOT_ENC_IMAGES", None);
		conf.define("MCUBOOT_USE_MBED_TLS", None);
		conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);

		conf.include("../../ext/mbedtls/crypto/include");

		conf.file("../../boot/bootutil/src/encrypted.c");
		conf.file("../../ext/mbedtls/crypto/library/sha256.c");
		conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
		conf.file("../../ext/mbedtls/crypto/library/bignum.c");
		conf.file("../../ext/mbedtls/crypto/library/ecdh.c");
		conf.file("../../ext/mbedtls/crypto/library/md.c");
		conf.file("../../ext/mbedtls/crypto/library/aes.c");
		conf.file("../../ext/mbedtls/crypto/library/ecp.c");
		conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
		conf.file("../../ext/mbedtls/crypto/library/platform.c");
		conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
		conf.file("csupport/keys.c");
		}

		if enc_x25519 {
		@@ -263,8 +284,8 @@ fn main() {
		conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa-kw.h>"));
		} else if sig_rsa \|\| sig_rsa3072 \|\| enc_rsa {
		conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
		} else if sig_ecdsa_mbedtls {
		conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ecdsa.h>"));
		} else if sig_ecdsa_mbedtls \|\| enc_ec256_mbedtls {
		conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ec.h>"));
		} else if (sig_ecdsa \|\| enc_ec256) && !enc_kw {
		conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
		} else if sig_ed25519 \|\| enc_x25519 {

sim/mcuboot-sys/csupport/run.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -231,7 +231,8 @@ int invoke_boot_go(struct sim_context ctx, struct area_desc adesc)
		struct boot_loader_state *state;

		#if defined(MCUBOOT_SIGN_RSA) \|\| \
		(defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS))
		(defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS)) \|\|\
		(defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS))
		mbedtls_platform_set_calloc_free(calloc, free);
		#endif

Admin message