EC256/RSA encryption doesn't build with PSA backend #2632
Description
Hi
This is basically re-opening the #2629
I have applied the patch provided by de-nordic, this fixed the issue with serial recovery and partially with RSA but the project (standalone, non-zephyr) still cannot be build.
This is my mcuboot_config.h
...
MCUBOOT_SIGN_EC256
MCUBOOT_ENC_IMAGES
MCUBOOT_ENCRYPT_EC256
MCUBOOT_USE_PSA_CRYPTO
...
errors:
Error[Pe020]: identifier "MBEDTLS_OID_EC_ALG_UNRESTRICTED" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 100
Error[Pe020]: identifier "MBEDTLS_OID_EC_GRP_SECP256R1" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 101
Error[Pe020]: identifier "mbedtls_asn1_buf" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 112
Error[Pe020]: identifier "mbedtls_asn1_buf" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 113
Error[Pe223]: function "mbedtls_asn1_get_tag" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 115
Error[Pe020]: identifier "MBEDTLS_ASN1_CONSTRUCTED" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 116
Error[Pe020]: identifier "MBEDTLS_ASN1_SEQUENCE" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 116
Error[Pe223]: function "mbedtls_asn1_get_int" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 125
Error[Pe223]: function "mbedtls_asn1_get_alg" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 129
Error[Pe223]: function "mbedtls_asn1_get_tag" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 142
Error[Pe020]: identifier "MBEDTLS_ASN1_OCTET_STRING" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 142
Error[Pe223]: function "mbedtls_asn1_get_tag" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 148
Error[Pe020]: identifier "MBEDTLS_ASN1_CONSTRUCTED" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 149
Error[Pe020]: identifier "MBEDTLS_ASN1_SEQUENCE" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 149
Error[Pe223]: function "mbedtls_asn1_get_int" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 154
Error[Pe223]: function "mbedtls_asn1_get_tag" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 160
Error[Pe020]: identifier "MBEDTLS_ASN1_OCTET_STRING" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 160
Error[Pe020]: identifier "NUM_ECC_BYTES" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 164
Error[Pe020]: identifier "bootutil_hmac_sha256_context" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 244
Error[Pe020]: identifier "BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 245
Error[Pe223]: function "bootutil_hmac_sha256_init" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 262
Error[Pe223]: function "bootutil_hmac_sha256_set_key" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 265
Error[Pe223]: function "bootutil_hmac_sha256_update" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 270
Error[Pe223]: function "bootutil_hmac_sha256_finish" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 275
Error[Pe223]: function "bootutil_hmac_sha256_drop" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 280
Error[Pe020]: identifier "bootutil_hmac_sha256_context" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 383
Error[Pe020]: identifier "BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 385
Error[Pe020]: identifier "BOOT_ENC_BLOCK_SIZE" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 389
Error[Pe020]: identifier "bootutil_key_exchange_ctx" is undefined mcuboot_opensource\boot\bootutil\src\encrypted.c 392
Error[Pe223]: function "bootutil_ecdh_p256_init" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 455
Error[Pe223]: function "bootutil_ecdh_p256_shared_secret" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 457
Error[Pe223]: function "bootutil_ecdh_p256_drop" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 458
Error[Pe223]: function "bootutil_hmac_sha256_init" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 507
Error[Pe223]: function "bootutil_hmac_sha256_set_key" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 512
Error[Pe223]: function "bootutil_hmac_sha256_drop" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 514
Error[Pe223]: function "bootutil_hmac_sha256_update" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 518
Error[Pe223]: function "bootutil_hmac_sha256_drop" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 520
Error[Pe223]: function "bootutil_hmac_sha256_finish" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 525
Error[Pe223]: function "bootutil_hmac_sha256_drop" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted.c 526
The bootutil_hmac_* functions are defined only for Tinycrypt or mbedTLS legacy backend.
If I switch to RSA
...
MCUBOOT_SIGN_RSA
MCUBOOT_SIGN_RSA_LEN 2048
MCUBOOT_ENC_IMAGES
MCUBOOT_ENCRYPT_RSA
MCUBOOT_USE_PSA_CRYPTO
...
It fails with these errors
Error[Pe020]: identifier "EC_PRIVK_LEN" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 248
Error[Pe223]: function "parse_priv_enckey" declared implicitly mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 278
Error[Pe020]: identifier "ECC_FAMILY" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 284
Error[Pe020]: identifier "EC_PUBK_INDEX" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 314
Error[Pe020]: identifier "EC_PUBK_LEN" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 315
Error[Pe020]: identifier "EC_CIPHERKEY_INDEX" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 374
Error[Pe020]: identifier "EC_CIPHERKEY_LEN" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 374
Error[Pe020]: identifier "EC_TAG_INDEX" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 375
Error[Pe020]: identifier "EC_TAG_LEN" is undefined mcuboot_opensource\boot\bootutil\src\encrypted_psa.c 376
Since I didn't get an anwer if PSA is supported for last version I rather point out the issue here.