Commit Graph

25 Commits

Author SHA1 Message Date
Fabio Utzig 0f409b0589 ext: tinycrypt: update ctr mode to stream
Add an offset parameter to mode ctr so it can be properly used as a
streaming cipher, like required by the flash encryption algorithm.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-11-25 12:37:29 -03:00
Piotr Ciura 71966db097 boot: Support for nrf52840 with ecc keys and cryptocell
Added traslation for cryptocell peripheral for use with chip
without TrustZone.

Signed-off-by: Piotr Ciura <piotr.ciura@nordicsemi.no>
2020-08-04 07:09:33 -03:00
Fabio Utzig 8fcdb6d066 ext: fiat: add X25519 routines from upstream
Upstream sha was: 92b7c89e6e8ba82924b57153bea68241cc45f658

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
Fabio Utzig 165e00e9e0 Update fiat from latest upstream
Update from upstream: 92b7c89e6e8ba82924b57153bea68241cc45f658

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-02 07:00:46 -03:00
Andrzej Puzdrowski fefdea20d2 zephyr:boards nrf52840_pca10056 rename to nrf52840dk_nrf52840
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/

Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-27 15:35:23 -06:00
Øyvind Rønningstad f42a8205e8 serial_recovery: Replace CBOR decoding code with generated code
- Add the cddl_gen repository as a submodule.
 - Add a CDDL description file for the serial recovery packets to be
   decoded.
 - Add generated code files and cddl_gen's CBOR library to CMakeList.txt
   for Zephyr.
 - Convert boot_serial.c to use the new code.
 - Add a bash script to (re)generate code files using cddl_gen.py.

Serial recovery should work exactly as before, but the binary should be
about 1k smaller.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-03-24 13:10:17 -06:00
Fabio Utzig 3cd904a661 Update mbedTLS to 2.19.3
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig a1c142d168 Add Tinycrypt based SHA-512 for ED25519
Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
Fabio Utzig e4fe4633ff Add sha-512 port of tinycrypt's sha-256
A patch adding sha-512 to upstream tinycrypt was submitted:
https://github.com/intel/tinycrypt/pull/42

While it is not accepted, add the code under a new ext/tinycrypt-sha512
depedency.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
sigvartmh 477ff5bab0 Bugfix: nRF Cryptocell not being disabled
Copy paste bug in cc310 glue layer for nRF where disable does not set
the enable register to 0. Thanks to @solsbarry for pointing this out.

Fixes: #586

Signed-off-by: sigvartmh <sigvart.m@gmail.com>
2019-11-06 18:35:00 -03:00
David Brown 1318938006 Upgrade mbedtls submodule to 2.16.3
Upgrade the referenced mbedtls submodule to 2.16.3, the latest stable
release as of this commit.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown f984b95735 Move mbedtls submodule from sim to ext
Move the external mbedtls submodule out of the sim/mcuboot-sys directory
into the ext directory.  This will allow the same copy of mbed TLS to be
used by other board support packages, instead of having to make a
duplicate clone.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown b748f6fa2a Rename ext/mbedtls to ext/mbedtls-asn1
The ext/mbedtls directory has a copy of the ASN.1 parser from the mbed
TLS library.  To allow a future change to bring the entire mbed TLS
library in as a submodule under ext, rename this to mbedtls-asn1 to make
it clear this is only a subset.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
Fabio Utzig a1e8e4334d Add Mynewt ed25519 support
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Fabio Utzig 705dfb3c29 Add third_party/fiat from boringssl
This adds the boringssl version of fiat-crypto. The version bundled here
had most if its non-used code removed, like signing, X25519 curve
operations not required by verification, etc.

Under boringssl tree, fiat can be found in third_party/fiat. The version
included here comes from a boringssl tree where the last commit is
f109f2087349712d3ac717d15fab48e130618110.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Sigvart Hovland 25ec746698 ext: nrf: Add nrf cc310 glue layer
Add glue layer for using the nrf cc310 to keep the cc310 interface more generic.
Add readme on how to build mcuboot with nrf cc310 support.

Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com>
2019-03-25 07:12:34 -03:00
Fabio Utzig 3ac36ead36 Update bundled ASN1 parser to Mbed-TLS 2.14.1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-03 11:22:05 -02:00
Fabio Utzig ac18eec773 Add Mynewt support for bundled tinycrypt + mbedtls
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:32:59 -07:00
Fabio Utzig ba05f2a309 Add asn1 parser of mbed-tls
This bundles the asn1 parser from mbed-tls into mcuboot, which allows
adding EC crypto (tinycrypt based) functionality for target OSes that
don't bundle mbed-tls.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:32:59 -07:00
Marti Bolivar bf909a1fcc zephyr: port build system to CMake
Convert the Zephyr build to the new CMake-based sytem.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
2017-11-20 18:10:29 -07:00
Fabio Utzig f0355743a8 Add back tinycrypt Makefiles
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-10 14:34:17 -03:00
Fabio Utzig 3efe6b6206 Add tinycrypt 0.2.8
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-10 14:34:17 -03:00
David Brown 09ef1c4b06 zephyr: Reconfigure to use local tinycrypt
Disable the Zephyr-provided Tinycrypt, and use our local copy.  This
avoids problems with changing version across different Zephyr releases.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-08 14:18:22 -06:00
David Brown fecda2d6c5 ext: Pull in tinycrypt v0.2.6
Zephyr 1.9 moves to tinycrypt v0.2.7.  This introduces a breaking API
change.  This makes things challenging for mcuboot, which would like to
be able to work across multiple platforms.

To help with this, bring in the last working version of Tinycrypt v0.2.6
from https://github.com/01org/tinycrypt.  Tinycrypt is released under a
3-clause BSD-style license, with parts under the micro-ecc license,
which is a 2-clause license.  Please see ext/tinycrypt/LICENSE for
details.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-08 14:18:22 -06:00