Update mbedtls to mbedtls-3.0.0
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: If406625c09949cca7575d234807e49c00cbc2fa7
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index 082899c..6f16f04 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -75,15 +75,15 @@
}
conf.define("MCUBOOT_USE_MBED_TLS", None);
- conf.include("../../ext/mbedtls/crypto/include");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.include("../../ext/mbedtls/include");
+ conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("csupport/keys.c");
- conf.file("../../ext/mbedtls/crypto/library/rsa.c");
- conf.file("../../ext/mbedtls/crypto/library/bignum.c");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
- conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
+ conf.file("../../ext/mbedtls/library/rsa.c");
+ conf.file("../../ext/mbedtls/library/bignum.c");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/asn1parse.c");
} else if sig_ecdsa {
conf.define("MCUBOOT_SIGN_EC256", None);
conf.define("MCUBOOT_USE_TINYCRYPT", None);
@@ -100,24 +100,24 @@
conf.file("../../ext/tinycrypt/lib/source/ecc.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c");
-
+ conf.include("../../ext/mbedtls/library");
conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
} else if sig_ecdsa_mbedtls {
conf.define("MCUBOOT_SIGN_EC256", None);
conf.define("MCUBOOT_USE_MBED_TLS", None);
- conf.include("../../ext/mbedtls/crypto/include");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.include("../../ext/mbedtls/include");
+ conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("csupport/keys.c");
- conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
- conf.file("../../ext/mbedtls/crypto/library/bignum.c");
- conf.file("../../ext/mbedtls/crypto/library/ecdsa.c");
- conf.file("../../ext/mbedtls/crypto/library/ecp.c");
- conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/asn1parse.c");
+ conf.file("../../ext/mbedtls/library/bignum.c");
+ conf.file("../../ext/mbedtls/library/ecdsa.c");
+ conf.file("../../ext/mbedtls/library/ecp.c");
+ conf.file("../../ext/mbedtls/library/ecp_curves.c");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
} else if sig_ed25519 {
conf.define("MCUBOOT_SIGN_ED25519", None);
conf.define("MCUBOOT_USE_TINYCRYPT", None);
@@ -137,8 +137,9 @@
// configuration file bundled with mbedTLS is sufficient.
// When using ECIES-P256 rely on Tinycrypt.
conf.define("MCUBOOT_USE_MBED_TLS", None);
- conf.include("../../ext/mbedtls/crypto/include");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.include("../../ext/mbedtls/include");
+ conf.file("../../ext/mbedtls/library/sha256.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
}
if overwrite_only {
@@ -163,17 +164,18 @@
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
- conf.include("../../ext/mbedtls/crypto/include");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.include("../../ext/mbedtls/include");
+ conf.include("../../ext/mbedtls/library");
+ conf.file("../../ext/mbedtls/library/sha256.c");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
- conf.file("../../ext/mbedtls/crypto/library/rsa.c");
- conf.file("../../ext/mbedtls/crypto/library/rsa_internal.c");
- conf.file("../../ext/mbedtls/crypto/library/md.c");
- conf.file("../../ext/mbedtls/crypto/library/aes.c");
- conf.file("../../ext/mbedtls/crypto/library/bignum.c");
- conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/rsa.c");
+ conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c");
+ conf.file("../../ext/mbedtls/library/md.c");
+ conf.file("../../ext/mbedtls/library/aes.c");
+ conf.file("../../ext/mbedtls/library/bignum.c");
+ conf.file("../../ext/mbedtls/library/asn1parse.c");
}
if enc_kw || enc_aes256_kw {
@@ -187,17 +189,18 @@
conf.file("csupport/keys.c");
if sig_rsa || sig_rsa3072 {
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
+ conf.file("../../ext/mbedtls/library/sha256.c");
}
/* Simulator uses Mbed-TLS to wrap keys */
- conf.include("../../ext/mbedtls/crypto/include");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
- conf.file("../../ext/mbedtls/crypto/library/nist_kw.c");
- conf.file("../../ext/mbedtls/crypto/library/cipher.c");
- conf.file("../../ext/mbedtls/crypto/library/cipher_wrap.c");
- conf.file("../../ext/mbedtls/crypto/library/aes.c");
+ conf.include("../../ext/mbedtls/include");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.include("../../ext/mbedtls/library");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/nist_kw.c");
+ conf.file("../../ext/mbedtls/library/cipher.c");
+ conf.file("../../ext/mbedtls/library/cipher_wrap.c");
+ conf.file("../../ext/mbedtls/library/aes.c");
if sig_ecdsa {
conf.define("MCUBOOT_USE_TINYCRYPT", None);
@@ -253,19 +256,19 @@
conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
- conf.include("../../ext/mbedtls/crypto/include");
+ conf.include("../../ext/mbedtls/include");
conf.file("../../boot/bootutil/src/encrypted.c");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
- conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
- conf.file("../../ext/mbedtls/crypto/library/bignum.c");
- conf.file("../../ext/mbedtls/crypto/library/ecdh.c");
- conf.file("../../ext/mbedtls/crypto/library/md.c");
- conf.file("../../ext/mbedtls/crypto/library/aes.c");
- conf.file("../../ext/mbedtls/crypto/library/ecp.c");
- conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/sha256.c");
+ conf.file("../../ext/mbedtls/library/asn1parse.c");
+ conf.file("../../ext/mbedtls/library/bignum.c");
+ conf.file("../../ext/mbedtls/library/ecdh.c");
+ conf.file("../../ext/mbedtls/library/md.c");
+ conf.file("../../ext/mbedtls/library/aes.c");
+ conf.file("../../ext/mbedtls/library/ecp.c");
+ conf.file("../../ext/mbedtls/library/ecp_curves.c");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("csupport/keys.c");
}
@@ -306,16 +309,17 @@
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
- conf.include("../../ext/mbedtls/crypto/include");
+ conf.include("../../ext/mbedtls/include");
+ conf.include("../../ext/mbedtls-asn1/include");
conf.file("../../ext/fiat/src/curve25519.c");
conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
- conf.file("../../ext/mbedtls/crypto/library/platform.c");
- conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
- conf.file("../../ext/mbedtls/crypto/library/aes.c");
- conf.file("../../ext/mbedtls/crypto/library/sha256.c");
- conf.file("../../ext/mbedtls/crypto/library/md.c");
- conf.file("../../ext/mbedtls/crypto/library/sha512.c");
+ conf.file("../../ext/mbedtls/library/platform.c");
+ conf.file("../../ext/mbedtls/library/platform_util.c");
+ conf.file("../../ext/mbedtls/library/aes.c");
+ conf.file("../../ext/mbedtls/library/sha256.c");
+ conf.file("../../ext/mbedtls/library/md.c");
+ conf.file("../../ext/mbedtls/library/sha512.c");
}
if sig_rsa && enc_kw {
@@ -338,6 +342,7 @@
if sig_rsa || sig_rsa3072 {
conf.file("../../boot/bootutil/src/image_rsa.c");
} else if sig_ecdsa || sig_ecdsa_mbedtls {
+ conf.include("../../ext/mbedtls/include");
conf.file("../../boot/bootutil/src/image_ec256.c");
} else if sig_ed25519 {
conf.file("../../boot/bootutil/src/image_ed25519.c");
@@ -370,8 +375,8 @@
walk_dir("../../ext/tinycrypt/lib/source").unwrap();
walk_dir("../../ext/mbedtls-asn1").unwrap();
walk_dir("csupport").unwrap();
- walk_dir("../../ext/mbedtls/crypto/include").unwrap();
- walk_dir("../../ext/mbedtls/crypto/library").unwrap();
+ walk_dir("../../ext/mbedtls/include").unwrap();
+ walk_dir("../../ext/mbedtls/library").unwrap();
}
// Output the names of all files within a directory so that Cargo knows when to rebuild.
diff --git a/sim/mcuboot-sys/csupport/run.c b/sim/mcuboot-sys/csupport/run.c
index 201b50b..78b273a 100644
--- a/sim/mcuboot-sys/csupport/run.c
+++ b/sim/mcuboot-sys/csupport/run.c
@@ -24,6 +24,7 @@
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR
#include <bootutil/bootutil_log.h>
+#include "bootutil/crypto/common.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
@@ -91,15 +92,15 @@
return -6;
}
- if (mbedtls_asn1_get_mpi(p, end, &ctx->N) != 0) {
+ if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(N)) != 0) {
return -7;
}
- if (mbedtls_asn1_get_mpi(p, end, &ctx->E) != 0) {
+ if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(E)) != 0) {
return -8;
}
- ctx->len = mbedtls_mpi_size(&ctx->N);
+ ctx->MBEDTLS_CONTEXT_MEMBER(len) = mbedtls_mpi_size(&ctx->MBEDTLS_CONTEXT_MEMBER(N));
if (*p != end) {
return -9;
@@ -141,7 +142,12 @@
mbedtls_platform_set_calloc_free(calloc, free);
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+ mbedtls_rsa_init(&ctx);
+ mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+#else
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+#endif
cp = (uint8_t *)pubkey;
cpend = cp + pubkey_len;
@@ -151,8 +157,13 @@
goto done;
}
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+ rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL,
+ NULL, 0, seckey_len, seckey, encbuf);
+#else
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, MBEDTLS_RSA_PUBLIC,
NULL, 0, seckey_len, seckey, encbuf);
+#endif
if (rc) {
goto done;
}