boot:crypto Add custom crypto support

The `MCUBOOT_USE_CUSTOM_CRYPTO` option allows to implement a custom
backend that lets users plug in any crypto library, hardware
accelerator, proprietary SDK, or another software implementation
without modifying MCUboot's own source.

Signed-off-by: Oleksandr Shkurchenko <Oleksandr.Shkurchenko@infineon.com>

Author: OleksandrShkurchenko

.github/workflows/sim.yaml

@@ -48,6 +48,8 @@ jobs:
         - "sig-ecdsa-psa enc-ec256 max-align-16, sig-ecdsa-psa enc-ec256 swap-offset validate-primary-slot max-align-16"
         - "ram-load enc-aes256-kw multiimage"
         - "ram-load enc-aes256-kw sig-ecdsa-mbedtls multiimage"
+        - "custom-crypto,custom-crypto overwrite-only,custom-crypto validate-primary-slot"
+        - "custom-enc-crypto,custom-enc-crypto overwrite-only,custom-enc-crypto validate-primary-slot,custom-enc-crypto max-align-32"
     runs-on: ubuntu-latest
     env:
       MULTI_FEATURES: ${{ matrix.features }}

boot/bootutil/include/bootutil/crypto/aes_ctr.h

@@ -2,9 +2,10 @@
  * This module provides a thin abstraction over some of the crypto
  * primitives to make it easier to swap out the used crypto library.
  *
- * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
- * MCUBOOT_USE_TINYCRYPT.  It is a compile error there is not exactly
- * one of these defined.
+ * At this point, there are four choices: MCUBOOT_USE_MBED_TLS,
+ * MCUBOOT_USE_TINYCRYPT, MCUBOOT_USE_PSA_CRYPTO, or
+ * MCUBOOT_USE_CUSTOM_CRYPTO.  It is a compile error if there is not
+ * exactly one of these defined.
  */
 
 #ifndef __BOOTUTIL_CRYPTO_AES_CTR_H_
@@ -13,8 +14,10 @@
 #include "mcuboot_config/mcuboot_config.h"
 
 #if (defined(MCUBOOT_USE_MBED_TLS) + \
-     defined(MCUBOOT_USE_TINYCRYPT) + defined(MCUBOOT_USE_PSA_CRYPTO)) != 1
-    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT or PSA"
+     defined(MCUBOOT_USE_TINYCRYPT) + \
+     defined(MCUBOOT_USE_PSA_CRYPTO) + \
+     defined(MCUBOOT_USE_CUSTOM_CRYPTO)) != 1
+    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT or PSA or CUSTOM_CRYPTO"
 #endif
 
 #if defined(MCUBOOT_USE_MBED_TLS)
@@ -27,6 +30,10 @@
 
 #if defined(MCUBOOT_USE_PSA_CRYPTO)
     #include "bootutil/crypto/aes_ctr_psa.h"
-#endif
+#endif /* MCUBOOT_USE_PSA_CRYPTO */
+
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+    #include "mcuboot_custom_crypto.h"
+#endif /* MCUBOOT_USE_CUSTOM_CRYPTO */
 
 #endif /* __BOOTUTIL_CRYPTO_AES_CTR_H_ */

boot/bootutil/include/bootutil/crypto/ecdh_p256.h

@@ -2,9 +2,9 @@
  * This module provides a thin abstraction over some of the crypto
  * primitives to make it easier to swap out the used crypto library.
  *
- * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
- * MCUBOOT_USE_TINYCRYPT.  It is a compile error there is not exactly
- * one of these defined.
+ * At this point, there are three choices: MCUBOOT_USE_MBED_TLS,
+ * MCUBOOT_USE_TINYCRYPT, or MCUBOOT_USE_CUSTOM_CRYPTO.  It is a compile
+ * error if there is not exactly one of these defined.
  */
 
 #ifndef __BOOTUTIL_CRYPTO_ECDH_P256_H_
@@ -13,8 +13,9 @@
 #include "mcuboot_config/mcuboot_config.h"
 
 #if (defined(MCUBOOT_USE_MBED_TLS) + \
-     defined(MCUBOOT_USE_TINYCRYPT)) != 1
-    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"
+     defined(MCUBOOT_USE_TINYCRYPT) + \
+     defined(MCUBOOT_USE_CUSTOM_CRYPTO)) != 1
+    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT or CUSTOM_CRYPTO"
 #endif
 
 #if defined(MCUBOOT_USE_MBED_TLS)
@@ -29,6 +30,10 @@
     #define BOOTUTIL_CRYPTO_ECDH_P256_HASH_SIZE (4 * 8)
 #endif /* MCUBOOT_USE_TINYCRYPT */
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+    #include "mcuboot_custom_crypto.h"
+#endif /* MCUBOOT_USE_CUSTOM_CRYPTO */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -149,6 +154,10 @@ static inline int bootutil_ecdh_p256_shared_secret(bootutil_ecdh_p256_context *c
 }
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+/* When MCUBOOT_USE_CUSTOM_CRYPTO is defined, bootutil_ecdh_p256_context and
+ * all bootutil_ecdh_p256_* functions are provided by <mcuboot_custom_crypto.h> which
+ * is included above via the platform-specific include path. */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/ecdsa.h

@@ -2,19 +2,22 @@
  * SPDX-License-Identifier: Apache-2.0
  *
  * Copyright (c) 2023-2025 Arm Limited
+ * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon
+ * Technologies AG
  */
 
 /*
  * This module provides a thin abstraction over some of the crypto
  * primitives to make it easier to swap out the used crypto library.
  *
  * At this point, the choices are: MCUBOOT_USE_TINYCRYPT, MCUBOOT_USE_CC310,
- * MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_PSA_CRYPTO. Note that support for
- * MCUBOOT_USE_PSA_CRYPTO is still experimental and it might not support all
- * the crypto abstractions that MCUBOOT_USE_MBED_TLS supports. For this
- * reason, it's allowed to have both of them defined, and for crypto modules
- * that support both abstractions, the MCUBOOT_USE_PSA_CRYPTO will take
- * precedence.
+ * MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_PSA_CRYPTO, MCUBOOT_USE_CUSTOM_CRYPTO.
+ * Note that support for MCUBOOT_USE_PSA_CRYPTO is still experimental and it
+ * might not support all the crypto abstractions that MCUBOOT_USE_MBED_TLS
+ * supports. For this reason, it's allowed to have both of them defined, and
+ * for crypto modules that support both abstractions, the MCUBOOT_USE_PSA_CRYPTO
+ * will take precedence. MCUBOOT_USE_CUSTOM_CRYPTO delegates all operations to
+ * a platform-supplied <mcuboot_custom_crypto.h> resolved via the include path.
  */
 
 #ifndef __BOOTUTIL_CRYPTO_ECDSA_H_
@@ -27,15 +30,20 @@
 #define MCUBOOT_USE_PSA_OR_MBED_TLS
 #endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO) && defined(MCUBOOT_USE_PSA_OR_MBED_TLS)
+    #error "MCUBOOT_USE_CUSTOM_CRYPTO is mutually exclusive with MCUBOOT_USE_PSA_CRYPTO and MCUBOOT_USE_MBED_TLS"
+#endif
+
 #if defined(MCUBOOT_SIGN_EC384) && \
     !defined(MCUBOOT_USE_PSA_CRYPTO)
     #error "P384 requires PSA_CRYPTO to be defined"
 #endif
 
 #if (defined(MCUBOOT_USE_TINYCRYPT) + \
      defined(MCUBOOT_USE_CC310) + \
-     defined(MCUBOOT_USE_PSA_OR_MBED_TLS)) != 1
-    #error "One crypto backend must be defined: either CC310/TINYCRYPT/MBED_TLS/PSA_CRYPTO"
+     defined(MCUBOOT_USE_PSA_OR_MBED_TLS) + \
+     defined(MCUBOOT_USE_CUSTOM_CRYPTO)) != 1
+    #error "One crypto backend must be defined: either CC310/TINYCRYPT/MBED_TLS/PSA_CRYPTO/CUSTOM_CRYPTO"
 #endif
 
 #if defined(MCUBOOT_USE_TINYCRYPT)
@@ -47,6 +55,10 @@
     #include <cc310_glue.h>
 #endif /* MCUBOOT_USE_CC310 */
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+    #include "mcuboot_custom_crypto.h"
+#endif /* MCUBOOT_USE_CUSTOM_CRYPTO */
+
 #if defined(MCUBOOT_USE_PSA_CRYPTO)
     #include <psa/crypto.h>
     #include <string.h>
@@ -66,7 +78,7 @@
 #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (32)
 
 #include "bootutil/sign_key.h"
-#if !defined(MCUBOOT_USE_PSA_CRYPTO)
+#if !defined(MCUBOOT_USE_PSA_CRYPTO) && !defined(MCUBOOT_USE_CUSTOM_CRYPTO)
 #include "bootutil/crypto/common.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/oid.h"
@@ -615,6 +627,10 @@ static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
 
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+/* When MCUBOOT_USE_CUSTOM_CRYPTO is defined, bootutil_ecdsa_context and all
+ * bootutil_ecdsa_* functions are provided by <mcuboot_custom_crypto.h> which is
+ * included above via the platform-specific include path. */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/hmac_sha256.h

@@ -2,9 +2,9 @@
  * This module provides a thin abstraction over some of the crypto
  * primitives to make it easier to swap out the used crypto library.
  *
- * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
- * MCUBOOT_USE_TINYCRYPT.  It is a compile error there is not exactly
- * one of these defined.
+ * At this point, there are three choices: MCUBOOT_USE_MBED_TLS,
+ * MCUBOOT_USE_TINYCRYPT, or MCUBOOT_USE_CUSTOM_CRYPTO.  It is a compile
+ * error if there is not exactly one of these defined.
  */
 
 #ifndef __BOOTUTIL_CRYPTO_HMAC_SHA256_H_
@@ -13,10 +13,15 @@
 #include "mcuboot_config/mcuboot_config.h"
 
 #if (defined(MCUBOOT_USE_MBED_TLS) + \
-     defined(MCUBOOT_USE_TINYCRYPT)) != 1
-    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"
+     defined(MCUBOOT_USE_TINYCRYPT) + \
+     defined(MCUBOOT_USE_CUSTOM_CRYPTO)) != 1
+    #error "One crypto backend must be defined: MBED_TLS, TINYCRYPT, or CUSTOM_CRYPTO"
 #endif
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+    #include "mcuboot_custom_crypto.h"
+#endif /* MCUBOOT_USE_CUSTOM_CRYPTO */
+
 #if defined(MCUBOOT_USE_MBED_TLS)
     #include <stdint.h>
     #include <stddef.h>
@@ -37,6 +42,10 @@
 extern "C" {
 #endif
 
+/* When MCUBOOT_USE_CUSTOM_CRYPTO is defined, bootutil_hmac_sha256_context and
+ * all bootutil_hmac_sha256_* functions are provided by <mcuboot_custom_crypto.h>
+ * which is resolved via the include path. */
+
 #if defined(MCUBOOT_USE_TINYCRYPT)
 typedef struct tc_hmac_state_struct bootutil_hmac_sha256_context;
 static inline void bootutil_hmac_sha256_init(bootutil_hmac_sha256_context *ctx)

boot/bootutil/include/bootutil/crypto/sha.h

@@ -4,18 +4,22 @@
  * Copyright (c) 2017-2019 Linaro LTD
  * Copyright (c) 2017-2019 JUUL Labs
  * Copyright (c) 2021-2023 Arm Limited
+ * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon
+ * Technologies AG
  */
 
 /*
  * This module provides a thin abstraction over some of the crypto
  * primitives to make it easier to swap out the used crypto library.
  *
  * At this point, the choices are: MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_TINYCRYPT,
- * MCUBOOT_USE_PSA_CRYPTO, MCUBOOT_USE_CC310. Note that support for MCUBOOT_USE_PSA_CRYPTO
- * is still experimental and it might not support all the crypto abstractions
- * that MCUBOOT_USE_MBED_TLS supports. For this reason, it's allowed to have
- * both of them defined, and for crypto modules that support both abstractions,
- * the MCUBOOT_USE_PSA_CRYPTO will take precedence.
+ * MCUBOOT_USE_PSA_CRYPTO, MCUBOOT_USE_CC310, MCUBOOT_USE_CUSTOM_CRYPTO. Note
+ * that support for MCUBOOT_USE_PSA_CRYPTO is still experimental and it might
+ * not support all the crypto abstractions that MCUBOOT_USE_MBED_TLS supports.
+ * For this reason, it's allowed to have both of them defined, and for crypto
+ * modules that support both abstractions, the MCUBOOT_USE_PSA_CRYPTO will take
+ * precedence. MCUBOOT_USE_CUSTOM_CRYPTO delegates all operations to a
+ * platform-supplied <mcuboot_custom_crypto.h> resolved via the include path.
  */
 
 #ifndef __BOOTUTIL_CRYPTO_SHA_H_
@@ -28,10 +32,15 @@
 #define MCUBOOT_USE_PSA_OR_MBED_TLS
 #endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO) && defined(MCUBOOT_USE_PSA_OR_MBED_TLS)
+    #error "MCUBOOT_USE_CUSTOM_CRYPTO is mutually exclusive with MCUBOOT_USE_PSA_CRYPTO and MCUBOOT_USE_MBED_TLS"
+#endif
+
 #if (defined(MCUBOOT_USE_PSA_OR_MBED_TLS) + \
      defined(MCUBOOT_USE_TINYCRYPT) + \
-     defined(MCUBOOT_USE_CC310)) != 1
-    #error "One crypto backend must be defined: either CC310/MBED_TLS/TINYCRYPT/PSA_CRYPTO"
+     defined(MCUBOOT_USE_CC310) + \
+     defined(MCUBOOT_USE_CUSTOM_CRYPTO)) != 1
+    #error "One crypto backend must be defined: either CC310/MBED_TLS/TINYCRYPT/PSA_CRYPTO/CUSTOM_CRYPTO"
 #endif
 
 #if defined(MCUBOOT_SHA512)
@@ -78,6 +87,10 @@
     #include <cc310_glue.h>
 #endif /* MCUBOOT_USE_CC310 */
 
+#if defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+    #include "mcuboot_custom_crypto.h"
+#endif /* MCUBOOT_USE_CUSTOM_CRYPTO */
+
 #include <stdint.h>
 
 #ifdef __cplusplus
@@ -267,6 +280,10 @@ static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
 }
 #endif /* MCUBOOT_USE_CC310 */
 
+/* When MCUBOOT_USE_CUSTOM_CRYPTO is defined, bootutil_sha_context and all
+ * bootutil_sha_* functions are provided by <mcuboot_custom_crypto.h> which is
+ * included above via the platform-specific include path. */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/src/encrypted.c

@@ -9,6 +9,13 @@
 #include "mcuboot_config/mcuboot_config.h"
 
 #if defined(MCUBOOT_ENC_IMAGES)
+
+/* When MCUBOOT_USE_CUSTOM_CRYPTO is active the custom crypto translation unit
+ * provides all boot_enc_* and boot_decrypt_key symbols and handles HMAC/KDF
+ * internally without depending on MBED_TLS or TINYCRYPT.  Suppress this
+ * entire file to avoid duplicate symbol link errors. */
+#if !defined(MCUBOOT_USE_CUSTOM_CRYPTO)
+
 #include <stddef.h>
 #include <inttypes.h>
 #include <string.h>
@@ -720,4 +727,6 @@ boot_enc_zeroize(struct enc_key_data *enc_state)
     memset(enc_state, 0, sizeof(struct enc_key_data) * BOOT_NUM_SLOTS);
 }
 
+#endif /* !MCUBOOT_USE_CUSTOM_CRYPTO */
+
 #endif /* MCUBOOT_ENC_IMAGES */

boot/bootutil/src/encrypted_psa.c

@@ -1,11 +1,15 @@
 /*
  * Copyright (c) 2025 Nordic Semiconductor ASA
+ * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon
+ * Technologies AG
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
 #include "mcuboot_config/mcuboot_config.h"
 
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+
 #include <stddef.h>
 #include <inttypes.h>
 #include <string.h>
@@ -536,3 +540,5 @@ int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
     return ret;
 }
 #endif /* defined(MCUBOOT_ENC_IMAGES) */
+
+#endif /* defined(MCUBOOT_USE_PSA_CRYPTO) */