diff --git a/.github/workflows/imgtool.yaml b/.github/workflows/imgtool.yaml index 5559f6e362..9394fbd1c0 100644 --- a/.github/workflows/imgtool.yaml +++ b/.github/workflows/imgtool.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14", "pypy3.9", "pypy3.10", "pypy3.11"] + python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14", "pypy3.11"] steps: - uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} diff --git a/.github/workflows/sim.yaml b/.github/workflows/sim.yaml index 851fef52d2..e1534bf599 100644 --- a/.github/workflows/sim.yaml +++ b/.github/workflows/sim.yaml @@ -46,6 +46,28 @@ jobs: - "sig-ecdsa hw-rollback-protection multiimage" - "sig-ecdsa-psa,sig-ecdsa-psa sig-p384,sig-ecdsa-psa swap-move bootstrap max-align-16" - "sig-ecdsa-psa enc-ec256 max-align-16, sig-ecdsa-psa enc-ec256 swap-offset validate-primary-slot max-align-16" + # Same set, routed through Mbed TLS 4.1 via the mbedtls-v4 + # feature. These mirror the 3.6 path above and should behave + # identically — the crypto config is the same shape (ECDSA + # P-256/P-384 + SHA-256). + - "sig-ecdsa-psa mbedtls-v4,sig-ecdsa-psa sig-p384 mbedtls-v4,sig-ecdsa-psa swap-move bootstrap max-align-16 mbedtls-v4" + # Orthogonal feature combinations untested on the 3.6 + # sig-ecdsa-psa path but expected to work — swap/align/ + # multiimage/validate don't touch crypto. Good shakedown for + # the CMake-driven build surface. + - "sig-ecdsa-psa swap-offset mbedtls-v4,sig-ecdsa-psa validate-primary-slot mbedtls-v4,sig-ecdsa-psa overwrite-only mbedtls-v4,sig-ecdsa-psa multiimage mbedtls-v4" + # Reset/XIP/rollback combinations. Higher risk of surfacing + # PSA-specific assumptions baked into these code paths; run + # and triage. + - "sig-ecdsa-psa ram-load mbedtls-v4,sig-ecdsa-psa direct-xip mbedtls-v4,sig-ecdsa-psa overwrite-only downgrade-prevention mbedtls-v4,sig-ecdsa-psa hw-rollback-protection multiimage mbedtls-v4" + # Genuine PSA encryption via encrypted_psa.c (vs. the 3.6 + # stub path above, which leaves PSA init as a no-op and uses + # TinyCrypt). Mirrors the 3.6 enc-ec256 row. + - "sig-ecdsa-psa enc-ec256 mbedtls-v4,sig-ecdsa-psa enc-ec256 swap-offset validate-primary-slot max-align-16 mbedtls-v4" + # AES-256 variant. Same ECIES-P256 machinery, larger + # BOOT_ENC_KEY_SIZE. PSA_KEY_TYPE_AES covers all AES key + # sizes so no config delta. + - "sig-ecdsa-psa enc-aes256-ec256 mbedtls-v4,sig-ecdsa-psa enc-aes256-ec256 swap-offset validate-primary-slot max-align-16 mbedtls-v4" - "ram-load enc-aes256-kw multiimage" - "ram-load enc-aes256-kw sig-ecdsa-mbedtls multiimage" runs-on: ubuntu-latest diff --git a/.gitmodules b/.gitmodules index 37919b0f0b..7abf6ed810 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,5 +1,5 @@ [submodule "sim/mbedtls"] - path = ext/mbedtls + path = ext/mbedtls-3.6.0 url = https://github.com/ARMmbed/mbedtls [submodule "boot/cypress/libs/mtb-pdl-cat1"] path = boot/cypress/libs/mtb-pdl-cat1 @@ -19,3 +19,6 @@ [submodule "boot/cypress/libs/cy-mbedtls-acceleration"] path = boot/cypress/libs/cy-mbedtls-acceleration url = https://github.com/cypresssemiconductorco/cy-mbedtls-acceleration.git +[submodule "ext/mbedtls-4.1.0"] + path = ext/mbedtls-4.1.0 + url = https://github.com/Mbed-TLS/mbedtls.git diff --git a/.mbedignore b/.mbedignore index 5dd4ea2c4b..ad811f4835 100644 --- a/.mbedignore +++ b/.mbedignore @@ -12,7 +12,7 @@ scripts/* sim/* testplan/* ext/fiat/* -ext/mbedtls/* +ext/mbedtls-3.6.0/* ext/mbedtls-asn1/* ext/nrf/* ext/tinycrypt/tests/* diff --git a/Cargo.lock b/Cargo.lock index d10cc1fb46..f185ca6a5f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -78,9 +78,13 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "cc" -version = "1.0.73" +version = "1.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" +checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20" +dependencies = [ + "find-msvc-tools", + "shlex", +] [[package]] name = "cfg-if" @@ -97,6 +101,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "cmake" +version = "0.1.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678" +dependencies = [ + "cc", +] + [[package]] name = "cpufeatures" version = "0.2.2" @@ -140,6 +153,12 @@ dependencies = [ "termcolor", ] +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + [[package]] name = "generic-array" version = "0.14.5" @@ -223,6 +242,7 @@ name = "mcuboot-sys" version = "0.1.0" dependencies = [ "cc", + "cmake", "libc", "log", "simflash", @@ -396,6 +416,12 @@ dependencies = [ "syn", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "simflash" version = "0.1.0" diff --git a/boot/bootutil/src/encrypted_psa.c b/boot/bootutil/src/encrypted_psa.c index d6b470b948..8f3b3cd0f0 100644 --- a/boot/bootutil/src/encrypted_psa.c +++ b/boot/bootutil/src/encrypted_psa.c @@ -14,9 +14,27 @@ #define MBEDTLS_ASN1_PARSE_C #include "bootutil/crypto/sha.h" +#include "mbedtls/build_info.h" #include "mbedtls/oid.h" #include "mbedtls/asn1.h" +/* + * In Mbed TLS 4.x, MBEDTLS_OID_EC_ALG_UNRESTRICTED and + * MBEDTLS_OID_EC_GRP_SECP256R1 were moved from the public + * `mbedtls/oid.h` to the private `tf-psa-crypto/utilities/crypto_oid.h`. + * Rather than pull a private header, define the raw OID byte strings + * locally when the public macros are not available. Values are taken + * from X9.62 / SEC2: + * id-ecPublicKey (1.2.840.10045.2.1) → {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01} + * secp256r1 (1.2.840.10045.3.1.7) → {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07} + */ +#if !defined(MBEDTLS_OID_EC_ALG_UNRESTRICTED) +#define MBEDTLS_OID_EC_ALG_UNRESTRICTED "\x2a\x86\x48\xce\x3d\x02\x01" +#endif +#if !defined(MBEDTLS_OID_EC_GRP_SECP256R1) +#define MBEDTLS_OID_EC_GRP_SECP256R1 "\x2a\x86\x48\xce\x3d\x03\x01\x07" +#endif + #include "bootutil/image.h" #include "bootutil/enc_key.h" #include "bootutil/sign_key.h" @@ -329,7 +347,7 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey) /* Only info, no salt */ psa_ret = psa_key_derivation_input_bytes(&key_do, PSA_KEY_DERIVATION_INPUT_INFO, - "MCUBoot_ECIES_v1", 16); + (const uint8_t *)"MCUBoot_ECIES_v1", 16); if (psa_ret != PSA_SUCCESS) { psa_cleanup_ret = psa_key_derivation_abort(&key_do); if (psa_cleanup_ret != PSA_SUCCESS) { @@ -431,6 +449,9 @@ int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, psa_cipher_operation_t psa_op; size_t elen = 0; /* Decrypted length */ + /* PSA cipher API handles CTR block alignment internally. */ + (void)blk_off; + /* Fixme: calling psa_crypto_init multiple times is not a problem, * yet the code here is only present because there is not general * crypto init. */ @@ -488,6 +509,9 @@ int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, psa_cipher_operation_t psa_op; size_t dlen = 0; /* Decrypted length */ + /* PSA cipher API handles CTR block alignment internally. */ + (void)blk_off; + /* Fixme: the init should already happen before calling the function, but * somehow it does not, for example when recovering in swap. */ diff --git a/boot/espressif/CMakeLists.txt b/boot/espressif/CMakeLists.txt index e77eca83b9..a610e45263 100644 --- a/boot/espressif/CMakeLists.txt +++ b/boot/espressif/CMakeLists.txt @@ -336,7 +336,7 @@ set(port_srcs ) if(CONFIG_ESP_MCUBOOT_SERIAL) - set(MBEDTLS_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls") + set(MBEDTLS_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls-3.6.0") list(APPEND bootutil_srcs ${BOOT_SERIAL_DIR}/src/boot_serial.c diff --git a/boot/espressif/include/crypto_config/rsa.cmake b/boot/espressif/include/crypto_config/rsa.cmake index 54f1bd1d36..33932f28f3 100644 --- a/boot/espressif/include/crypto_config/rsa.cmake +++ b/boot/espressif/include/crypto_config/rsa.cmake @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 if (DEFINED CONFIG_ESP_USE_MBEDTLS) - set(MBEDTLS_DIR ${MCUBOOT_ROOT_DIR}/ext/mbedtls) + set(MBEDTLS_DIR ${MCUBOOT_ROOT_DIR}/ext/mbedtls-3.6.0) set(CRYPTO_INC ${MBEDTLS_DIR}/include ) diff --git a/docs/readme-espressif.md b/docs/readme-espressif.md index 59e7a1a04b..20c723b7a6 100644 --- a/docs/readme-espressif.md +++ b/docs/readme-espressif.md @@ -47,7 +47,7 @@ The following instructions considers a MCUboot Espressif port standalone build. 2. Update the Mbed TLS submodule required by MCUboot: ```bash - git submodule update --init --recursive ext/mbedtls + git submodule update --init --recursive ext/mbedtls-3.6.0 ``` 3. If ESP-IDF is the chosen option for use as HAL layer and the system already have ESP-IDF diff --git a/ext/mbedtls b/ext/mbedtls-3.6.0 similarity index 100% rename from ext/mbedtls rename to ext/mbedtls-3.6.0 diff --git a/ext/mbedtls-4.1.0 b/ext/mbedtls-4.1.0 new file mode 160000 index 0000000000..0fe989b6b5 --- /dev/null +++ b/ext/mbedtls-4.1.0 @@ -0,0 +1 @@ +Subproject commit 0fe989b6b514192783c469039edd325fd0989806 diff --git a/scripts/requirements.txt b/scripts/requirements.txt index 33b11bb540..ebf67b2b14 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -5,3 +5,11 @@ cbor2 setuptools pyyaml pytest + +# Needed by Mbed TLS 4.x's CMake-driven build (invoked from +# sim/mcuboot-sys/build.rs when the `mbedtls-v4` Cargo feature is +# enabled) to generate psa_crypto_driver_wrappers* and +# tf_psa_crypto_config_check_*.h. Harmless if that feature is never +# used. +jinja2 +jsonschema diff --git a/sim/Cargo.toml b/sim/Cargo.toml index 58ef25ad85..582c9f2e2e 100644 --- a/sim/Cargo.toml +++ b/sim/Cargo.toml @@ -12,6 +12,7 @@ sig-rsa3072 = ["mcuboot-sys/sig-rsa3072"] sig-ecdsa = ["mcuboot-sys/sig-ecdsa"] sig-ecdsa-mbedtls = ["mcuboot-sys/sig-ecdsa-mbedtls"] sig-ecdsa-psa = ["mcuboot-sys/sig-ecdsa-psa", "mcuboot-sys/psa-crypto-api"] +mbedtls-v4 = ["mcuboot-sys/mbedtls-v4"] sig-p384 = ["mcuboot-sys/sig-p384"] sig-ed25519 = ["mcuboot-sys/sig-ed25519"] overwrite-only = ["mcuboot-sys/overwrite-only"] diff --git a/sim/mcuboot-sys/Cargo.toml b/sim/mcuboot-sys/Cargo.toml index 08971a7660..86e59f6513 100644 --- a/sim/mcuboot-sys/Cargo.toml +++ b/sim/mcuboot-sys/Cargo.toml @@ -102,11 +102,18 @@ hw-rollback-protection = [] # Enable the PSA Crypto APIs where supported for cryptography related operations. psa-crypto-api = [] +# Route the simulator build to ext/mbedtls-4.1.0 instead of the default +# ext/mbedtls-3.6.0 (LTS). Only supported in combination with feature +# paths that have been ported to the 4.x API surface; currently just +# sig-ecdsa-psa. +mbedtls-v4 = [] + # Test for ih_load_addr in upgrade/next boot slot check-load-addr = [] [build-dependencies] cc = "1.0.25" +cmake = "0.1" [dependencies] libc = "0.2" diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs index 727f44f4b8..6e70030ec0 100644 --- a/sim/mcuboot-sys/build.rs +++ b/sim/mcuboot-sys/build.rs @@ -1,6 +1,7 @@ // Build mcuboot as a library, based on the requested features. extern crate cc; +extern crate cmake; use std::collections::BTreeSet; use std::env; @@ -41,6 +42,7 @@ fn main() { let max_align_32 = env::var("CARGO_FEATURE_MAX_ALIGN_32").is_ok(); let hw_rollback_protection = env::var("CARGO_FEATURE_HW_ROLLBACK_PROTECTION").is_ok(); let check_load_addr = env::var("CARGO_FEATURE_CHECK_LOAD_ADDR").is_ok(); + let mbedtls_v4 = env::var("CARGO_FEATURE_MBEDTLS_V4").is_ok(); let mut conf = CachedBuild::new(); conf.conf.define("__BOOTSIM__", None); @@ -99,65 +101,69 @@ fn main() { panic!("mcuboot does not support more than one sig type at the same time"); } - if psa_crypto_api { + if mbedtls_v4 && !sig_ecdsa_psa { + panic!("mbedtls-v4 is only supported in combination with sig-ecdsa-psa"); + } + + if psa_crypto_api && !mbedtls_v4 { if sig_ecdsa || enc_ec256 || enc_x25519 || enc_aes256_ec256 || sig_ecdsa_mbedtls || enc_aes256_x25519 || enc_kw || enc_aes256_kw { conf.file("csupport/psa_crypto_init_stub.c"); } else { conf.conf.define("MCUBOOT_USE_PSA_CRYPTO", None); - conf.file("../../ext/mbedtls/library/aes.c"); - conf.file("../../ext/mbedtls/library/aesni.c"); - conf.file("../../ext/mbedtls/library/aria.c"); - conf.file("../../ext/mbedtls/library/asn1write.c"); - conf.file("../../ext/mbedtls/library/base64.c"); - conf.file("../../ext/mbedtls/library/camellia.c"); - conf.file("../../ext/mbedtls/library/ccm.c"); - conf.file("../../ext/mbedtls/library/chacha20.c"); - conf.file("../../ext/mbedtls/library/chachapoly.c"); - conf.file("../../ext/mbedtls/library/cipher.c"); - conf.file("../../ext/mbedtls/library/cipher_wrap.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/ctr_drbg.c"); - conf.file("../../ext/mbedtls/library/des.c"); - conf.file("../../ext/mbedtls/library/ecdsa.c"); - conf.file("../../ext/mbedtls/library/ecp.c"); - conf.file("../../ext/mbedtls/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/library/entropy.c"); - conf.file("../../ext/mbedtls/library/entropy_poll.c"); - conf.file("../../ext/mbedtls/library/gcm.c"); - conf.file("../../ext/mbedtls/library/md5.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/oid.c"); - conf.file("../../ext/mbedtls/library/pem.c"); - conf.file("../../ext/mbedtls/library/pk.c"); - conf.file("../../ext/mbedtls/library/pkcs5.c"); - conf.file("../../ext/mbedtls/library/pkcs12.c"); - conf.file("../../ext/mbedtls/library/pkparse.c"); - conf.file("../../ext/mbedtls/library/pk_wrap.c"); - conf.file("../../ext/mbedtls/library/pkwrite.c"); - conf.file("../../ext/mbedtls/library/poly1305.c"); - conf.file("../../ext/mbedtls/library/psa_crypto.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_cipher.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_client.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_ecp.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_hash.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_mac.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_rsa.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_slot_management.c"); - conf.file("../../ext/mbedtls/library/psa_crypto_storage.c"); - conf.file("../../ext/mbedtls/library/psa_its_file.c"); - conf.file("../../ext/mbedtls/library/psa_util.c"); - conf.file("../../ext/mbedtls/library/ripemd160.c"); - conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c"); - conf.file("../../ext/mbedtls/library/sha1.c"); - conf.file("../../ext/mbedtls/library/sha512.c"); - conf.file("../../ext/mbedtls/tests/src/random.c"); - conf.conf.include("../../ext/mbedtls/library"); + conf.file("../../ext/mbedtls-3.6.0/library/aes.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aesni.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aria.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1write.c"); + conf.file("../../ext/mbedtls-3.6.0/library/base64.c"); + conf.file("../../ext/mbedtls-3.6.0/library/camellia.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ccm.c"); + conf.file("../../ext/mbedtls-3.6.0/library/chacha20.c"); + conf.file("../../ext/mbedtls-3.6.0/library/chachapoly.c"); + conf.file("../../ext/mbedtls-3.6.0/library/cipher.c"); + conf.file("../../ext/mbedtls-3.6.0/library/cipher_wrap.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ctr_drbg.c"); + conf.file("../../ext/mbedtls-3.6.0/library/des.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecdsa.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp_curves.c"); + conf.file("../../ext/mbedtls-3.6.0/library/entropy.c"); + conf.file("../../ext/mbedtls-3.6.0/library/entropy_poll.c"); + conf.file("../../ext/mbedtls-3.6.0/library/gcm.c"); + conf.file("../../ext/mbedtls-3.6.0/library/md5.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/oid.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pem.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pk.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pkcs5.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pkcs12.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pkparse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pk_wrap.c"); + conf.file("../../ext/mbedtls-3.6.0/library/pkwrite.c"); + conf.file("../../ext/mbedtls-3.6.0/library/poly1305.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_cipher.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_client.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_ecp.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_hash.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_mac.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_rsa.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_slot_management.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_crypto_storage.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_its_file.c"); + conf.file("../../ext/mbedtls-3.6.0/library/psa_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ripemd160.c"); + conf.file("../../ext/mbedtls-3.6.0/library/rsa_alt_helpers.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha1.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha512.c"); + conf.file("../../ext/mbedtls-3.6.0/tests/src/random.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/library"); } - conf.conf.include("../../ext/mbedtls/tests/include/"); - conf.file("../../ext/mbedtls/tests/src/fake_external_rng_for_test.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/tests/include/"); + conf.file("../../ext/mbedtls-3.6.0/tests/src/fake_external_rng_for_test.c"); } if sig_rsa || sig_rsa3072 { @@ -173,26 +179,26 @@ fn main() { } conf.conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.conf.include("../../ext/mbedtls/include"); - conf.file("../../ext/mbedtls/library/sha256.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); conf.file("csupport/keys.c"); - conf.file("../../ext/mbedtls/library/rsa.c"); - conf.file("../../ext/mbedtls/library/bignum.c"); - conf.file("../../ext/mbedtls/library/bignum_core.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); - conf.file("../../ext/mbedtls/library/md.c"); + conf.file("../../ext/mbedtls-3.6.0/library/rsa.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum_core.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/md.c"); } else if sig_ecdsa { conf.conf.define("MCUBOOT_SIGN_EC256", None); conf.conf.define("MCUBOOT_USE_TINYCRYPT", None); if !enc_kw { - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); } conf.conf.include("../../ext/tinycrypt/lib/include"); @@ -203,69 +209,71 @@ fn main() { conf.file("../../ext/tinycrypt/lib/source/ecc.c"); conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c"); conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); } else if sig_ecdsa_mbedtls { conf.conf.define("MCUBOOT_SIGN_EC256", None); conf.conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.conf.include("../../ext/mbedtls/include"); - conf.file("../../ext/mbedtls/library/sha256.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); conf.file("csupport/keys.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); - conf.file("../../ext/mbedtls/library/bignum.c"); - conf.file("../../ext/mbedtls/library/bignum_core.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/ecdsa.c"); - conf.file("../../ext/mbedtls/library/ecp.c"); - conf.file("../../ext/mbedtls/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum_core.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecdsa.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp_curves.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + } else if sig_ecdsa_psa && mbedtls_v4 { + add_mbedtls_v4_psa_ecdsa(&mut conf, sig_p384, enc_ec256 || enc_aes256_ec256); } else if sig_ecdsa_psa { - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); if sig_p384 { conf.conf.define("MCUBOOT_SIGN_EC384", None); - conf.file("../../ext/mbedtls/library/sha512.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha512.c"); } else { conf.conf.define("MCUBOOT_SIGN_EC256", None); - conf.file("../../ext/mbedtls/library/sha256.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); } conf.file("csupport/keys.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); - conf.file("../../ext/mbedtls/library/bignum.c"); - conf.file("../../ext/mbedtls/library/bignum_core.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/ecp.c"); - conf.file("../../ext/mbedtls/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum_core.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp_curves.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); } else if sig_ed25519 { conf.conf.define("MCUBOOT_SIGN_ED25519", None); conf.conf.define("MCUBOOT_USE_TINYCRYPT", None); conf.conf.include("../../ext/tinycrypt/lib/include"); conf.conf.include("../../ext/tinycrypt-sha512/lib/include"); - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); conf.file("../../ext/tinycrypt/lib/source/sha256.c"); conf.file("../../ext/tinycrypt-sha512/lib/source/sha512.c"); conf.file("../../ext/tinycrypt/lib/source/utils.c"); conf.file("csupport/keys.c"); conf.file("../../ext/fiat/src/curve25519.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); } else if !enc_ec256 && !enc_x25519 { // No signature type, only sha256 validation. The default // configuration file bundled with mbedTLS is sufficient. // When using ECIES-P256 rely on Tinycrypt. conf.conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.conf.include("../../ext/mbedtls/include"); - conf.file("../../ext/mbedtls/library/sha256.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); } if overwrite_only { @@ -292,21 +300,21 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.conf.include("../../ext/mbedtls/include"); - conf.conf.include("../../ext/mbedtls/library"); - conf.file("../../ext/mbedtls/library/sha256.c"); - - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/rsa.c"); - conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c"); - conf.file("../../ext/mbedtls/library/md.c"); - conf.file("../../ext/mbedtls/library/aes.c"); - conf.file("../../ext/mbedtls/library/bignum.c"); - conf.file("../../ext/mbedtls/library/bignum_core.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/library"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); + + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/rsa.c"); + conf.file("../../ext/mbedtls-3.6.0/library/rsa_alt_helpers.c"); + conf.file("../../ext/mbedtls-3.6.0/library/md.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aes.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum_core.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); } if enc_kw || enc_aes256_kw { @@ -320,19 +328,19 @@ fn main() { conf.file("csupport/keys.c"); if sig_rsa || sig_rsa3072 { - conf.file("../../ext/mbedtls/library/sha256.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); } /* Simulator uses Mbed-TLS to wrap keys */ - conf.conf.include("../../ext/mbedtls/include"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.conf.include("../../ext/mbedtls/library"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/cipher.c"); - conf.file("../../ext/mbedtls/library/cipher_wrap.c"); - conf.file("../../ext/mbedtls/library/aes.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.conf.include("../../ext/mbedtls-3.6.0/library"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/cipher.c"); + conf.file("../../ext/mbedtls-3.6.0/library/cipher_wrap.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aes.c"); if sig_ecdsa { conf.conf.define("MCUBOOT_USE_TINYCRYPT", None); @@ -351,7 +359,41 @@ fn main() { } } - if enc_ec256 { + if (enc_ec256 || enc_aes256_ec256) && mbedtls_v4 { + // Genuine PSA encryption. encrypted.c holds the high-level + // boot_enc_* interface (unconditional); encrypted_psa.c + // supplies the crypto primitives (boot_decrypt_key, + // bootutil_aes_ctr_*) under MCUBOOT_USE_PSA_CRYPTO. + // ECDH + HKDF + AES-CTR + HMAC all come from the + // tfpsacrypto library built by add_mbedtls_v4_psa_ecdsa(). + // MCUBOOT_USE_PSA_CRYPTO is already defined there; we must + // not define MCUBOOT_USE_TINYCRYPT — ecdsa.h errors on both + // backends being set. + // + // enc_aes256_ec256 shares the ECIES-P256 machinery and + // differs only in BOOT_ENC_KEY_SIZE (32 vs. 16 bytes), which + // is gated by MCUBOOT_AES_256. No additional PSA_WANT_* + // entries are needed — PSA_KEY_TYPE_AES covers all AES key + // sizes. + // + // CONFIG_BOOT_ECDSA_PSA is a Zephyr Kconfig symbol that + // encrypted.c uses to skip its duplicated legacy ASN.1 + + // ECDH code (a block that would otherwise try to compile + // against MBEDTLS_OID_* macros no longer public in 4.x). + // Setting it here turns the file into the thin boot_enc_* + // wrapper we want, delegating to encrypted_psa.c. + if enc_aes256_ec256 { + conf.conf.define("MCUBOOT_AES_256", None); + } + conf.conf.define("MCUBOOT_ENCRYPT_EC256", None); + conf.conf.define("MCUBOOT_ENC_IMAGES", None); + conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None); + conf.conf.define("CONFIG_BOOT_ECDSA_PSA", None); + + conf.file("../../boot/bootutil/src/encrypted.c"); + conf.file("../../boot/bootutil/src/encrypted_psa.c"); + // keys.c is already added by add_mbedtls_v4_psa_ecdsa(). + } else if enc_ec256 { conf.conf.define("MCUBOOT_ENCRYPT_EC256", None); conf.conf.define("MCUBOOT_ENC_IMAGES", None); conf.conf.define("MCUBOOT_USE_TINYCRYPT", None); @@ -360,7 +402,7 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); conf.conf.include("../../ext/tinycrypt/lib/include"); /* FIXME: fail with other signature schemes ? */ @@ -371,8 +413,8 @@ fn main() { conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c"); conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c"); conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c"); @@ -388,22 +430,22 @@ fn main() { conf.conf.define("MCUBOOT_USE_MBED_TLS", None); conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None); - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); conf.file("../../boot/bootutil/src/encrypted.c"); - conf.file("../../ext/mbedtls/library/sha256.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); - conf.file("../../ext/mbedtls/library/bignum.c"); - conf.file("../../ext/mbedtls/library/bignum_core.c"); - conf.file("../../ext/mbedtls/library/constant_time.c"); - conf.file("../../ext/mbedtls/library/nist_kw.c"); - conf.file("../../ext/mbedtls/library/ecdh.c"); - conf.file("../../ext/mbedtls/library/md.c"); - conf.file("../../ext/mbedtls/library/aes.c"); - conf.file("../../ext/mbedtls/library/ecp.c"); - conf.file("../../ext/mbedtls/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum.c"); + conf.file("../../ext/mbedtls-3.6.0/library/bignum_core.c"); + conf.file("../../ext/mbedtls-3.6.0/library/constant_time.c"); + conf.file("../../ext/mbedtls-3.6.0/library/nist_kw.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecdh.c"); + conf.file("../../ext/mbedtls-3.6.0/library/md.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aes.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp.c"); + conf.file("../../ext/mbedtls-3.6.0/library/ecp_curves.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); conf.file("csupport/keys.c"); } @@ -416,7 +458,7 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); conf.conf.include("../../ext/tinycrypt/lib/include"); conf.conf.include("../../ext/tinycrypt-sha512/lib/include"); @@ -425,8 +467,8 @@ fn main() { conf.file("../../ext/tinycrypt/lib/source/utils.c"); conf.file("../../ext/tinycrypt/lib/source/sha256.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c"); conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c"); @@ -444,24 +486,24 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.conf.include("../../ext/mbedtls/include"); + conf.conf.include("../../ext/mbedtls-3.6.0/include"); conf.file("../../ext/fiat/src/curve25519.c"); - conf.file("../../ext/mbedtls/library/asn1parse.c"); - conf.file("../../ext/mbedtls/library/platform.c"); - conf.file("../../ext/mbedtls/library/platform_util.c"); - conf.file("../../ext/mbedtls/library/aes.c"); - conf.file("../../ext/mbedtls/library/sha256.c"); - conf.file("../../ext/mbedtls/library/md.c"); - conf.file("../../ext/mbedtls/library/sha512.c"); + conf.file("../../ext/mbedtls-3.6.0/library/asn1parse.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform.c"); + conf.file("../../ext/mbedtls-3.6.0/library/platform_util.c"); + conf.file("../../ext/mbedtls-3.6.0/library/aes.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha256.c"); + conf.file("../../ext/mbedtls-3.6.0/library/md.c"); + conf.file("../../ext/mbedtls-3.6.0/library/sha512.c"); } if sig_rsa && enc_kw { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); } else if sig_rsa || sig_rsa3072 || enc_rsa || enc_aes256_rsa { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); - } else if sig_ecdsa_mbedtls || enc_ec256_mbedtls || enc_aes256_ec256 { + } else if (sig_ecdsa_mbedtls || enc_ec256_mbedtls || enc_aes256_ec256) && !mbedtls_v4 { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); - } else if (sig_ecdsa || enc_ec256) && !enc_kw { + } else if (sig_ecdsa || enc_ec256) && !enc_kw && !mbedtls_v4 { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); } else if sig_ed25519 || enc_x25519 { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); @@ -469,6 +511,9 @@ fn main() { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); } else if enc_aes256_x25519 { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); + } else if sig_ecdsa_psa && mbedtls_v4 { + // 4.x uses TF_PSA_CRYPTO_CONFIG_FILE (set by + // add_mbedtls_v4_psa_ecdsa()) and has no MBEDTLS_CONFIG_FILE. } else if sig_ecdsa_psa { conf.conf.define("MBEDTLS_CONFIG_FILE", Some("")); } @@ -518,8 +563,108 @@ fn main() { walk_dir("../../ext/tinycrypt/lib/source").unwrap(); walk_dir("../../ext/mbedtls-asn1").unwrap(); walk_dir("csupport").unwrap(); - walk_dir("../../ext/mbedtls/include").unwrap(); - walk_dir("../../ext/mbedtls/library").unwrap(); + walk_dir("../../ext/mbedtls-3.6.0/include").unwrap(); + walk_dir("../../ext/mbedtls-3.6.0/library").unwrap(); + if mbedtls_v4 { + walk_dir("../../ext/mbedtls-4.1.0/include").unwrap(); + walk_dir("../../ext/mbedtls-4.1.0/tf-psa-crypto").unwrap(); + } +} + +/// Configure the build to route sig-ecdsa-psa through Mbed TLS 4.1.0 +/// (TF-PSA-Crypto 1.1.0) instead of the default 3.6.0. +/// +/// The approach mirrors Zephyr's Mbed TLS 4.1 integration: drive the +/// upstream CMake build to produce `libtfpsacrypto.a`, then link our +/// simulator's libbootutil.a against it. Compared to hand-picking +/// sources, this lets upstream own the (still-evolving) 4.x file +/// layout, generator plumbing, and config-adjustment logic; our only +/// inputs are the config header and a handful of CMake `-D` knobs. +/// +/// Requires `cmake` in PATH and `python3` with `jinja2` + `jsonschema` +/// (see `scripts/requirements.txt`). The 4.x CMake invokes its own +/// Python generators for `psa_crypto_driver_wrappers*` and +/// `tf_psa_crypto_config_check_*.h` when GEN_FILES is ON (the default +/// on non-Windows hosts). +fn add_mbedtls_v4_psa_ecdsa(conf: &mut CachedBuild, sig_p384: bool, enc_ec256: bool) { + let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR") + .expect("CARGO_MANIFEST_DIR not set")); + let tf_src = manifest_dir + .join("../../ext/mbedtls-4.1.0/tf-psa-crypto") + .canonicalize() + .expect("tf-psa-crypto source dir not found — did submodules initialize?"); + let config_file = manifest_dir + .join("csupport/config-ec-psa-v4.h") + .canonicalize() + .expect("config-ec-psa-v4.h not found"); + + // Build the static TF-PSA-Crypto library via upstream CMake. + // - Only the `tfpsacrypto` target: skips programs, tests, shared lib. + // - `TF_PSA_CRYPTO_CONFIG_FILE` points at our header; upstream compiles + // every object with `-DTF_PSA_CRYPTO_CONFIG_FILE=\"\"`. + // - `MCUBOOT_SIGN_EC256`/`EC384` is forwarded so the `#if defined` + // gates inside config-ec-psa-v4.h are evaluated the same way for + // the library build as for our boot-code build; otherwise the + // library would lack P-384 / SHA-384 support. + // - `TF_PSA_CRYPTO_FATAL_WARNINGS=OFF` so upstream's -Wall/-Wextra + // don't fail our build on warning differences between toolchains. + let mut cmake_conf = cmake::Config::new(&tf_src); + cmake_conf + .define("TF_PSA_CRYPTO_CONFIG_FILE", config_file.to_str().unwrap()) + .define("ENABLE_PROGRAMS", "OFF") + .define("ENABLE_TESTING", "OFF") + .define("USE_STATIC_TF_PSA_CRYPTO_LIBRARY", "ON") + .define("USE_SHARED_TF_PSA_CRYPTO_LIBRARY", "OFF") + .define("TF_PSA_CRYPTO_FATAL_WARNINGS", "OFF") + .define("DISABLE_PACKAGE_CONFIG_AND_INSTALL", "ON") + .build_target("tfpsacrypto"); + if sig_p384 { + cmake_conf.cflag("-DMCUBOOT_SIGN_EC384"); + } else { + cmake_conf.cflag("-DMCUBOOT_SIGN_EC256"); + } + if enc_ec256 { + cmake_conf.cflag("-DMCUBOOT_ENCRYPT_EC256"); + } + let dst = cmake_conf.build(); + + // `cmake` crate returns the install-prefix path even with build_target; + // the static library is produced in the build tree under core/. + let lib_dir = dst.join("build").join("core"); + println!("cargo:rustc-link-search=native={}", lib_dir.display()); + println!("cargo:rustc-link-lib=static=tfpsacrypto"); + + // Tell Cargo to rebuild if the config file or any .c/.h under the + // source tree changes; walk_dir() below covers the source tree, and + // this covers the config header explicitly. + println!("cargo:rerun-if-changed={}", config_file.display()); + + // Compile-time glue for the C code in libbootutil.a: define the + // MCUboot PSA macros, point the public headers at our config, and + // add include paths so `` and `` resolve. + conf.conf.define("MCUBOOT_USE_PSA_CRYPTO", None); + conf.conf.define( + "TF_PSA_CRYPTO_CONFIG_FILE", + Some(format!("\"{}\"", config_file.display()).as_str()), + ); + if sig_p384 { + conf.conf.define("MCUBOOT_SIGN_EC384", None); + } else { + conf.conf.define("MCUBOOT_SIGN_EC256", None); + } + conf.conf.include("../../ext/mbedtls-4.1.0/include"); + conf.conf.include("../../ext/mbedtls-4.1.0/tf-psa-crypto/include"); + conf.conf.include("../../ext/mbedtls-4.1.0/tf-psa-crypto/drivers/builtin/include"); + + // Public key data. + conf.file("csupport/keys.c"); + + // MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG (set in config-ec-psa-v4.h) makes + // the library reference `mbedtls_psa_external_get_random`. Upstream + // supplies this only under ENABLE_TESTING, and that shim drags in + // the whole test-framework header tree. Our self-contained stub + // uses libc rand() — sufficient for verification-only tests. + conf.file("csupport/psa_rng_stub_v4.c"); } // Output the names of all files within a directory so that Cargo knows when to rebuild. diff --git a/sim/mcuboot-sys/csupport/config-ec-psa-v4.h b/sim/mcuboot-sys/csupport/config-ec-psa-v4.h new file mode 100644 index 0000000000..85e97c899d --- /dev/null +++ b/sim/mcuboot-sys/csupport/config-ec-psa-v4.h @@ -0,0 +1,62 @@ +/* + * PSA Crypto configuration for ECDSA signature verification on + * Mbed TLS 4.1.0 (TF-PSA-Crypto 1.1.0). + * + * Used with the `mbedtls-v4` Cargo feature. Supplied to the build + * via `-DTF_PSA_CRYPTO_CONFIG_FILE=`; this file + * replaces the default `psa/crypto_config.h`. + * + * Unlike 3.x, crypto configuration in 4.x is PSA-native: enable + * mechanisms via PSA_WANT_* macros; the build system's + * crypto_adjust_config_enable_builtins.h then flips on the + * corresponding MBEDTLS_*_C legacy internals automatically. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#ifndef MCUBOOT_CONFIG_EC_PSA_V4_H +#define MCUBOOT_CONFIG_EC_PSA_V4_H + +/* Opt into the 1.x config format. */ +#define TF_PSA_CRYPTO_CONFIG_VERSION 0x01000000 + +/* Build the PSA implementation (not just client stubs). */ +#define MBEDTLS_PSA_CRYPTO_C + +/* Entropy is supplied externally by the test RNG shim + * (fake_external_rng_for_test.c); do not pull in CTR_DRBG/entropy. */ +#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + +/* No permanent key storage — keys are always imported per boot. */ +/* (MBEDTLS_PSA_CRYPTO_STORAGE_C intentionally left unset.) */ + +/* ECDSA verification over NIST P-256 with SHA-256. */ +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 + +#if defined(MCUBOOT_SIGN_EC384) +/* P-384 variant, selected via Cargo feature sig-p384. */ +#define PSA_WANT_ALG_SHA_384 1 +#define PSA_WANT_ECC_SECP_R1_384 1 +#endif + +#if defined(MCUBOOT_ENCRYPT_EC256) +/* + * ECIES-P256 image encryption via boot/bootutil/src/encrypted_psa.c: + * ECDH key agreement feeds HKDF, whose output keys AES-CTR (data) and + * HMAC-SHA-256 (TLV authenticator). Enabled by the combined + * sig-ecdsa-psa + enc-ec256 + mbedtls-v4 Cargo features. + */ +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_CTR 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif + +#endif /* MCUBOOT_CONFIG_EC_PSA_V4_H */ diff --git a/sim/mcuboot-sys/csupport/psa_rng_stub_v4.c b/sim/mcuboot-sys/csupport/psa_rng_stub_v4.c new file mode 100644 index 0000000000..aae2461e6d --- /dev/null +++ b/sim/mcuboot-sys/csupport/psa_rng_stub_v4.c @@ -0,0 +1,45 @@ +/* + * Simulator stub for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * + * Mbed TLS 4.1 (TF-PSA-Crypto 1.1) requires the caller to supply + * `mbedtls_psa_external_get_random()` when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + * is set. Upstream ships a test implementation in + * `framework/tests/src/fake_external_rng_for_test.c`, but that file + * drags in a large chunk of the test framework (test_common.h, + * , etc.) as transitive headers, so we use this + * self-contained stub instead. + * + * ECDSA signature *verification* — the only PSA operation mcuboot's + * sig-ecdsa-psa path drives — does not consume randomness, but the + * symbol must still resolve at link time. Fill from libc rand() so + * that, if the PSA core ever does sample entropy for other code paths + * in this simulator build, it gets bytes rather than a failure. + * + * NOT FOR PRODUCTION USE. libc rand() is not cryptographically secure. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include + +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void)context; + for (size_t i = 0; i < output_size; ++i) { + output[i] = (uint8_t)rand(); + } + *output_length = output_size; + return PSA_SUCCESS; +} + +/* + * The simulator's Rust side calls these to flip the test RNG on/off + * (see sim/mcuboot-sys/src/c.rs). Our implementation is always "on", + * so the toggles are no-ops but must still link. + */ +void mbedtls_test_enable_insecure_external_rng(void) { } +void mbedtls_test_disable_insecure_external_rng(void) { }