Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace sdk-nrf specific PSA implementation for ed25519 with provided by the upstream #401

Merged
merged 44 commits into from
Mar 25, 2025
+194 −98
Merged

Replace sdk-nrf specific PSA implementation for ed25519 with provided by the upstream #401

Changes from 1 commit
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
75e5709
Revert "[nrf noup] zephyr: Add support for encrypted compressed updates"
de-nordic Mar 4, 2025
f2840ff
Revert "[nrf fromtree] boot: bootutil: Add TLV for size of compressed…
de-nordic Mar 4, 2025
410377e
Revert "[nrf noup] boot: bootutil: image_validate: Add KMU support to…
de-nordic Mar 4, 2025
1a835fc
Revert "[nrf noup] boot: bootutil: Allow configuring number of KMU keys"
de-nordic Mar 4, 2025
ff3a915
Revert "[nrf noup] boot: zephyr: Add experimental selection to compre…
de-nordic Mar 4, 2025
e2addc3
Revert "[nrf noup] bootutil: Add support for KMU stored ED25519 signa…
de-nordic Mar 4, 2025
f360290
Revert "[nrf noup] bootutil: PureEdDSA using ED25519"
de-nordic Mar 4, 2025
767e145
Revert "[nrf noup] bootutil: Enable hash calculation directly on stor…
de-nordic Mar 4, 2025
078353f
Revert "[nrf noup] bootutil: Provide support for SHA512 with ED25519"
de-nordic Mar 4, 2025
38a0a09
Revert "[nrf noup] PSA configuration required changes"
de-nordic Mar 4, 2025
20e6df9
Revert "[nrf noup] Fix logging for ED25519_psa"
de-nordic Mar 4, 2025
7af2e2a
Revert "[nrf noup] Remove setting default MCUboot mbedTLS config"
de-nordic Mar 4, 2025
88b537b
Revert "[nrf noup] zephyr: Add support for ARM thumb filter"
de-nordic Mar 4, 2025
cc47bbb
Revert "[nrf noup] PSA implementation of x25519 and ed25519 verificat…
de-nordic Mar 4, 2025
31c9761
Revert "[nrf noup] zephyr: Add support for compressed image updates"
de-nordic Mar 4, 2025
ee74f6c
Revert "[nrf noup] zephyr: Fix path variables"
de-nordic Mar 4, 2025
ed16d23
[nrf fromtree] zephyr: Fix usage of CONFIG_MBEDTLS_BUILTIN and ASN1
de-nordic Jan 22, 2025
c92e60b
[nrf fromtree] bootutil: Allow SHA512 with TinyCrypt
de-nordic Oct 2, 2024
ddf9d4c
[nrf fromtree] bootutil: Enable hash calculation directly on storage
de-nordic Sep 5, 2024
d3d39fb
[nrf fromtree] bootutil: PureEdDSA using ED25519
de-nordic Sep 6, 2024
87507cc
[nrf fromtree] zephyr: Allow SHA512 with TinyCrypt
de-nordic Oct 2, 2024
5c0ac27
[nrf fromtree] zephyr: Add Kconfig and configuration for SHA on storage
de-nordic Sep 5, 2024
4389f0c
[nrf fromtree] zephyr: Add Kconfig option to select PureEdDS
de-nordic Sep 6, 2024
f1a9a95
[nrf fromtree] zephyr: Fix image encryption configuration for mbedTLS.
de-nordic Jan 24, 2025
a49c95a
[nrf fromtree] bootutil: PSA implementation of x25519 and ed25519 ver…
de-nordic May 29, 2024
d7def4a
[nrf fromtree] zephyr: Enable building ed25519 PSA variant with Zephyr
de-nordic Jan 24, 2025
8466eba
[nrf fromtree] bootutil: Allow bypassing ASN.1 encoding for ED25519 k…
de-nordic Oct 8, 2024
7d10500
[nrf fromtree] zephyr: Add Kconfig option CONFIG_BOOT_KEY_IMPORT_BYPA…
de-nordic Oct 8, 2024
821a3ab
[nrf fromtree] bootutil: Fix ASN1 bypass not building
de-nordic Mar 12, 2025
94a1df6
[nrf fromtree] zephyr: Do not compile ASN1 code when bypassed
de-nordic Mar 12, 2025
3164c96
[nrf fromtree] zephyr: Prevent selecting MBEDTLS_ASN1_PARSE_C when no…
de-nordic Mar 12, 2025
e4ff1b6
[nrf fromtree] zephyr: Fix ED25519 compilation with mbedTLS
de-nordic Mar 12, 2025
fdfd19b
[nrf fromtree] zephyr: Add missing selection for allowed SHA algorithms
de-nordic Mar 13, 2025
24433b1
[nrf fromlist] bootutil: Fix ed25519 pure signature verification
de-nordic Mar 18, 2025
f78a440
[nrf noup] zephyr: sdk-nrf specific overrides on PSA Kconfigs
de-nordic Mar 4, 2025
44b1e56
[nrf noup] zephyr: Fix path variables
nordicjm Jul 11, 2023
2d2033f
[nrf noup] zephyr: Add support for compressed image updates
nordicjm Aug 22, 2024
98b3541
[nrf noup] zephyr: Add support for ARM thumb filter
nordicjm Sep 2, 2024
dea42cb
[nrf noup] Remove setting default MCUboot mbedTLS config
de-nordic Oct 17, 2024
bb7a99c
[nrf noup] bootutil: Add support for KMU stored ED25519 signature key
de-nordic Sep 20, 2024
672f5cf
[nrf noup] boot: zephyr: Add experimental selection to compression
nordicjm Nov 7, 2024
810ee4e
[nrf noup] boot: bootutil: Allow configuring number of KMU keys
nordicjm Dec 2, 2024
0654e03
[nrf fromtree] boot: bootutil: Add TLV for size of compressed but dec…
nordicjm Jan 9, 2025
ea76eeb
[nrf noup] zephyr: Use mbedTLS specific C functions with RSA
de-nordic Mar 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[nrf fromtree] bootutil: Allow SHA512 with TinyCrypt 
The commit enables SHA512 support, for image hashing, with
TinyCrypt.
Although on 32bit machines the SHA256 will be faster than
SHA512, benefit of enabling the SHA512 is that you have only
one algorithm compiled in which reduces size of code.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit f72158f)
@de-nordic
de-nordic committed Mar 13, 2025
commit c92e60b7c43d77079c25a7092ab9d7fb86d2f572
20 changes: 20 additions & 0 deletions boot/bootutil/include/bootutil/crypto/sha.h
View file
Original file line number Diff line number Diff line change
@@ -70,7 +70,11 @@
#endif /* MCUBOOT_USE_MBED_TLS */

#if defined(MCUBOOT_USE_TINYCRYPT)
#if defined(MCUBOOT_SHA512)
#include <tinycrypt/sha512.h>
#else
#include <tinycrypt/sha256.h>
#endif
#include <tinycrypt/constants.h>
#endif /* MCUBOOT_USE_TINYCRYPT */

@@ -193,11 +197,19 @@ static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
#endif /* MCUBOOT_USE_MBED_TLS */

#if defined(MCUBOOT_USE_TINYCRYPT)
#if defined(MCUBOOT_SHA512)
typedef struct tc_sha512_state_struct bootutil_sha_context;
#else
typedef struct tc_sha256_state_struct bootutil_sha_context;
#endif

static inline int bootutil_sha_init(bootutil_sha_context *ctx)
{
#if defined(MCUBOOT_SHA512)
tc_sha512_init(ctx);
#else
tc_sha256_init(ctx);
#endif
return 0;
}

@@ -211,13 +223,21 @@ static inline int bootutil_sha_update(bootutil_sha_context *ctx,
const void *data,
uint32_t data_len)
{
#if defined(MCUBOOT_SHA512)
return tc_sha512_update(ctx, data, data_len);
#else
return tc_sha256_update(ctx, data, data_len);
#endif
}

static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
uint8_t *output)
{
#if defined(MCUBOOT_SHA512)
return tc_sha512_final(output, ctx);
#else
return tc_sha256_final(output, ctx);
#endif
}
#endif /* MCUBOOT_USE_TINYCRYPT */

9 changes: 6 additions & 3 deletions boot/bootutil/src/image_ed25519.c
View file
Original file line number Diff line number Diff line change
@@ -21,12 +21,14 @@
#include "bootutil/crypto/common.h"
#include "bootutil/crypto/sha.h"

#define EDDSA_SIGNATURE_LENGTH 64

static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
#define NUM_ED25519_BYTES 32

extern int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[64],
const uint8_t public_key[32]);
const uint8_t signature[EDDSA_SIGNATURE_LENGTH],
const uint8_t public_key[NUM_ED25519_BYTES]);

/*
* Parse the public key used for signing.
@@ -76,7 +78,8 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t *pubkey;
uint8_t *end;

if (hlen != IMAGE_HASH_SIZE || slen != 64) {
if (hlen != IMAGE_HASH_SIZE ||
slen != EDDSA_SIGNATURE_LENGTH) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}