Infineon: Add support for PSOC C3 family

Signed-off-by: INFINEON\DovhalA <[email protected]>

.gitmodules

@@ -4,14 +4,12 @@
 [submodule "boot/cypress/libs/cy-mbedtls-acceleration"]
 	path = boot/cypress/libs/cy-mbedtls-acceleration
 	url = https://github.com/Infineon/cy-mbedtls-acceleration.git
-	branch = c5f703d0354c69611e6c8226a609cead96e1f8a6
 [submodule "boot/cypress/libs/mtb-hal-cat1"]
 	path = boot/cypress/libs/mtb-hal-cat1
 	url = https://github.com/Infineon/mtb-hal-cat1.git
 [submodule "boot/cypress/libs/mtb-pdl-cat1"]
 	path = boot/cypress/libs/mtb-pdl-cat1
 	url = https://github.com/Infineon/mtb-pdl-cat1.git
-	branch = 4eb815bb8c6f455b0c516ec86b2e16b02bd367d7
 [submodule "boot/cypress/libs/cmsis"]
 	path = boot/cypress/libs/cmsis
 	url = https://github.com/Infineon/cmsis.git

boot/bootutil/include/bootutil/boot_record.h

@@ -24,6 +24,16 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
+/*
+ * User can redefine sw_module start id by passing SW_MODULE_START_ID value
+ * at compile time. This may be needed if mcuboot is a part of a system with
+ * several boot stages and previous stages are also fill measured boot data.
+ */ 
+#if defined(SW_MODULE_START_ID)
+#define GET_SW_MODULE_ID(sw_module) ((sw_module) + (SW_MODULE_START_ID))
+#else
+#define GET_SW_MODULE_ID(sw_module) sw_module
+#endif
 
 /**
  * @brief Add a data item to the shared data area between bootloader and
@@ -39,7 +49,8 @@ extern "C" {
 int boot_add_data_to_shared_area(uint8_t        major_type,
                                  uint16_t       minor_type,
                                  size_t         size,
-                                 const uint8_t *data);
+                                 const uint8_t *data,
+                                 const struct flash_area *fap);
 
 /**
  * Add an image's all boot status information to the shared memory area

boot/bootutil/include/bootutil/crypto/aes_ctr.h

@@ -44,40 +44,141 @@
 extern "C" {
 #endif
 
-#if defined(MCUBOOT_USE_MBED_TLS)
+#if defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_PSA_CRYPTO)
 typedef mbedtls_aes_context bootutil_aes_ctr_context;
 static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
 {
-    (void)mbedtls_aes_init(ctx);
+   (void)mbedtls_aes_init(ctx);
 }
 
 static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_aes_free(ctx); */
-    (void)ctx;
+   /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
+   /* (void)mbedtls_aes_free(ctx); */
+   (void)ctx;
 }
 
 static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
 {
-    return mbedtls_aes_setkey_enc(ctx, k, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE * 8);
+   return mbedtls_aes_setkey_enc(ctx, k, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE * 8);
 }
 
 static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
 {
-    uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
-    (void)memset(&stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
-    return mbedtls_aes_crypt_ctr(ctx, mlen, &blk_off, counter, stream_block, m, c);
+   uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
+   (void)memset(&stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
+   return mbedtls_aes_crypt_ctr(ctx, mlen, &blk_off, counter, stream_block, m, c);
 }
 
 static inline int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m)
 {
-    uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
-    (void)memset(&stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
-    return mbedtls_aes_crypt_ctr(ctx, clen, &blk_off, counter, stream_block, c, m);
+   uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
+   (void)memset(&stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
+   return mbedtls_aes_crypt_ctr(ctx, clen, &blk_off, counter, stream_block, c, m);
 }
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+#include "crypto.h"
+#include "crypto_values.h"
+
+typedef struct
+{
+    psa_key_handle_t key_handle;
+    psa_cipher_operation_t operation;
+} bootutil_aes_ctr_context;
+
+static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
+{
+    ctx->operation = psa_cipher_operation_init();
+}
+
+static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
+{
+    psa_cipher_abort(&ctx->operation);
+}
+
+static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *key)
+{
+    psa_status_t status;
+
+    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_set_key_algorithm(&key_attributes, PSA_ALG_CTR);
+    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
+    psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT);
+
+    status = psa_import_key(&key_attributes, key, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE, &ctx->key_handle);
+
+    if (status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    return 0;
+}
+
+static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
+{
+    (void)blk_off;
+
+    psa_status_t status;
+    size_t out_sz;
+    size_t f_sz;
+
+    ctx->operation = psa_cipher_operation_init();
+
+    status = psa_cipher_encrypt_setup(&ctx->operation, ctx->key_handle, PSA_ALG_CTR);
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_set_iv(&ctx->operation, counter, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE);
+    }
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_update(&ctx->operation, m, mlen, c, mlen, &out_sz);
+    }
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_finish(&ctx->operation, c + out_sz, sizeof(mlen) - out_sz, &f_sz);
+    }
+
+    if ((status != PSA_SUCCESS) || ((out_sz + f_sz) != mlen)) {
+        return -1;
+    }
+
+    return 0;
+}
+
+static inline int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m)
+{
+    (void)blk_off;
+
+    psa_status_t status;
+    size_t out_sz;
+    size_t f_sz;
+
+    ctx->operation = psa_cipher_operation_init();
+
+    status = psa_cipher_decrypt_setup(&ctx->operation, ctx->key_handle, PSA_ALG_CTR);
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_set_iv(&ctx->operation, counter, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE);
+    }
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_update(&ctx->operation, c, clen, m, clen, &out_sz);
+    }
+
+    if (status == PSA_SUCCESS) {
+        status = psa_cipher_finish(&ctx->operation, m + out_sz, sizeof(clen) - out_sz, &f_sz);
+    }
+
+    if ((status != PSA_SUCCESS) || ((out_sz + f_sz) != clen)) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* MCUBOOT_USE_PSA_CRYPTO */
+
 #if defined(MCUBOOT_USE_TINYCRYPT)
 typedef struct tc_aes_key_sched_struct bootutil_aes_ctr_context;
 static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)

boot/bootutil/include/bootutil/crypto/ecdh_p256.h

@@ -67,7 +67,7 @@ static inline int bootutil_ecdh_p256_shared_secret(bootutil_ecdh_p256_context *c
 }
 #endif /* MCUBOOT_USE_TINYCRYPT */
 
-#if defined(MCUBOOT_USE_MBED_TLS)
+#if defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_PSA_CRYPTO)
 #define NUM_ECC_BYTES 32
 
 #if MBEDTLS_VERSION_NUMBER >= 0x03000000
@@ -147,6 +147,67 @@ static inline int bootutil_ecdh_p256_shared_secret(bootutil_ecdh_p256_context *c
 }
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+
+#include "crypto.h"
+#include "crypto_values.h"
+
+#define NUM_ECC_BYTES 32
+
+typedef void* bootutil_ecdh_p256_context;
+
+static inline void bootutil_ecdh_p256_init(bootutil_ecdh_p256_context *ctx)
+{
+    (void) ctx;
+}
+
+static inline void bootutil_ecdh_p256_drop(bootutil_ecdh_p256_context *ctx)
+{
+    (void) ctx;
+}
+
+static inline int bootutil_ecdh_p256_shared_secret(bootutil_ecdh_p256_context *ctx, const uint8_t *pub_key, const uint8_t *priv_key, uint8_t *shared)
+{
+    (void) ctx;
+
+    psa_status_t status;
+    psa_key_handle_t private_key_handle;
+
+    psa_key_attributes_t private_key_attributes = psa_key_attributes_init();
+
+    psa_set_key_usage_flags(&private_key_attributes, PSA_KEY_USAGE_DERIVE);
+    psa_set_key_algorithm(&private_key_attributes, PSA_ALG_ECDH);
+    psa_set_key_type(&private_key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&private_key_attributes, 256u);
+
+    status = psa_import_key(&private_key_attributes, priv_key, 32, &private_key_handle);
+
+    if (status == PSA_SUCCESS)
+    {
+        size_t res_len;
+
+        status = psa_raw_key_agreement(PSA_ALG_ECDH,
+                                    private_key_handle,
+                                    pub_key,
+                                    65,
+                                    shared,
+                                    32,
+                                    &res_len);
+    }
+
+    psa_destroy_key(private_key_handle);
+
+    if (status != PSA_SUCCESS)
+    {
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* MCUBOOT_USE_PSA_CRYPTO */
+
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/hmac_sha256.h

@@ -84,7 +84,7 @@ static inline int bootutil_hmac_sha256_finish(bootutil_hmac_sha256_context *ctx,
 }
 #endif /* MCUBOOT_USE_TINYCRYPT */
 
-#if defined(MCUBOOT_USE_MBED_TLS)
+#if defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_PSA_CRYPTO)
 /**
  * The generic message-digest context.
  */
@@ -127,6 +127,78 @@ static inline int bootutil_hmac_sha256_finish(bootutil_hmac_sha256_context *ctx,
 }
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+/**
+ * The generic message-digest context.
+ */
+typedef struct
+{
+    psa_key_handle_t key_handle;
+    psa_mac_operation_t operation;
+} bootutil_hmac_sha256_context;
+
+static inline void bootutil_hmac_sha256_init(bootutil_hmac_sha256_context *ctx)
+{
+    ctx->operation = psa_mac_operation_init();
+}
+
+static inline void bootutil_hmac_sha256_drop(bootutil_hmac_sha256_context *ctx)
+{
+    psa_mac_abort(&ctx->operation);
+    psa_destroy_key(ctx->key_handle);
+}
+
+static inline int bootutil_hmac_sha256_set_key(bootutil_hmac_sha256_context *ctx, const uint8_t *key, unsigned int key_size)
+{
+    psa_status_t status;
+    psa_key_attributes_t key_attributes = psa_key_attributes_init();
+
+    psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_HASH);
+    psa_set_key_algorithm(&key_attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256));
+    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_HMAC);
+    psa_set_key_bits(&key_attributes, 256u);
+
+    status = psa_import_key(&key_attributes, key, key_size, &ctx->key_handle);
+
+    if (status == PSA_SUCCESS) {
+        status = psa_mac_sign_setup(&ctx->operation, ctx->key_handle, PSA_ALG_HMAC(PSA_ALG_SHA_256));
+    }
+
+    if (status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    return 0;
+}
+
+static inline int bootutil_hmac_sha256_update(bootutil_hmac_sha256_context *ctx, const void *data, unsigned int data_length)
+{
+    psa_status_t status;
+
+    status = psa_mac_update(&ctx->operation, data, data_length);
+
+    if (status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    return 0;
+}
+
+static inline int bootutil_hmac_sha256_finish(bootutil_hmac_sha256_context *ctx, uint8_t *tag, unsigned int taglen)
+{
+    size_t output_len;
+    psa_status_t status;
+
+    status = psa_mac_sign_finish(&ctx->operation, tag, taglen, &output_len);
+
+    if (status != PSA_SUCCESS) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* MCUBOOT_USE_MBED_TLS */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/sha256.h

@@ -20,6 +20,10 @@
 
 #include "mcuboot_config/mcuboot_config.h"
 
+#if defined(MCUBOOT_SHA256_CUSTOM_INTERFACE)
+    #include "sha256_port.h"
+#else
+
 #if (defined(MCUBOOT_USE_MBED_TLS) + \
      defined(MCUBOOT_USE_TINYCRYPT) + \
      defined(MCUBOOT_USE_CC310)) != 1
@@ -143,4 +147,6 @@ static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
 }
 #endif
 
+#endif /* MCUBOOT_SHA256_CUSTOM_INTERFACE */
+
 #endif /* __BOOTUTIL_CRYPTO_SHA256_H_ */