Update mbedtls to mbedtls-3.0.0
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com> Change-Id: If406625c09949cca7575d234807e49c00cbc2fa7
This commit is contained in:
Sherry Zhang
Dávid Vincze
parent
8bdac69921
commit
f4580cb672
|
|
@ -1 +1 @@
|
|||
Subproject commit 74692aeb8c7e2c1c0f273592d87472a6f2aabacf
|
||||
Subproject commit 8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b
|
||||
|
|
@ -75,15 +75,15 @@ fn main() {
|
|||
}
|
||||
conf.define("MCUBOOT_USE_MBED_TLS", None);
|
||||
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
conf.file("csupport/keys.c");
|
||||
|
||||
conf.file("../../ext/mbedtls/crypto/library/rsa.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/library/rsa.c");
|
||||
conf.file("../../ext/mbedtls/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/asn1parse.c");
|
||||
} else if sig_ecdsa {
|
||||
conf.define("MCUBOOT_SIGN_EC256", None);
|
||||
conf.define("MCUBOOT_USE_TINYCRYPT", None);
|
||||
|
|
@ -100,24 +100,24 @@ fn main() {
|
|||
conf.file("../../ext/tinycrypt/lib/source/ecc.c");
|
||||
conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c");
|
||||
conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c");
|
||||
|
||||
conf.include("../../ext/mbedtls/library");
|
||||
conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
|
||||
conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
|
||||
} else if sig_ecdsa_mbedtls {
|
||||
conf.define("MCUBOOT_SIGN_EC256", None);
|
||||
conf.define("MCUBOOT_USE_MBED_TLS", None);
|
||||
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
conf.file("csupport/keys.c");
|
||||
|
||||
conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecdsa.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecp.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/library/ecdsa.c");
|
||||
conf.file("../../ext/mbedtls/library/ecp.c");
|
||||
conf.file("../../ext/mbedtls/library/ecp_curves.c");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
} else if sig_ed25519 {
|
||||
conf.define("MCUBOOT_SIGN_ED25519", None);
|
||||
conf.define("MCUBOOT_USE_TINYCRYPT", None);
|
||||
|
|
@ -137,8 +137,9 @@ fn main() {
|
|||
// configuration file bundled with mbedTLS is sufficient.
|
||||
// When using ECIES-P256 rely on Tinycrypt.
|
||||
conf.define("MCUBOOT_USE_MBED_TLS", None);
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
}
|
||||
|
||||
if overwrite_only {
|
||||
|
|
@ -163,17 +164,18 @@ fn main() {
|
|||
conf.file("../../boot/bootutil/src/encrypted.c");
|
||||
conf.file("csupport/keys.c");
|
||||
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.include("../../ext/mbedtls/library");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/rsa.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/rsa_internal.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/md.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/rsa.c");
|
||||
conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c");
|
||||
conf.file("../../ext/mbedtls/library/md.c");
|
||||
conf.file("../../ext/mbedtls/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/library/asn1parse.c");
|
||||
}
|
||||
|
||||
if enc_kw || enc_aes256_kw {
|
||||
|
|
@ -187,17 +189,18 @@ fn main() {
|
|||
conf.file("csupport/keys.c");
|
||||
|
||||
if sig_rsa || sig_rsa3072 {
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
}
|
||||
|
||||
/* Simulator uses Mbed-TLS to wrap keys */
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/nist_kw.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/cipher.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/cipher_wrap.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/aes.c");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.include("../../ext/mbedtls/library");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/nist_kw.c");
|
||||
conf.file("../../ext/mbedtls/library/cipher.c");
|
||||
conf.file("../../ext/mbedtls/library/cipher_wrap.c");
|
||||
conf.file("../../ext/mbedtls/library/aes.c");
|
||||
|
||||
if sig_ecdsa {
|
||||
conf.define("MCUBOOT_USE_TINYCRYPT", None);
|
||||
|
|
@ -253,19 +256,19 @@ fn main() {
|
|||
conf.define("MCUBOOT_USE_MBED_TLS", None);
|
||||
conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
|
||||
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
|
||||
conf.file("../../boot/bootutil/src/encrypted.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecdh.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/md.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecp.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/library/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/library/bignum.c");
|
||||
conf.file("../../ext/mbedtls/library/ecdh.c");
|
||||
conf.file("../../ext/mbedtls/library/md.c");
|
||||
conf.file("../../ext/mbedtls/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/library/ecp.c");
|
||||
conf.file("../../ext/mbedtls/library/ecp_curves.c");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
conf.file("csupport/keys.c");
|
||||
}
|
||||
|
||||
|
|
@ -306,16 +309,17 @@ fn main() {
|
|||
conf.file("../../boot/bootutil/src/encrypted.c");
|
||||
conf.file("csupport/keys.c");
|
||||
|
||||
conf.include("../../ext/mbedtls/crypto/include");
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.include("../../ext/mbedtls-asn1/include");
|
||||
conf.file("../../ext/fiat/src/curve25519.c");
|
||||
conf.file("../../ext/mbedtls-asn1/src/platform_util.c");
|
||||
conf.file("../../ext/mbedtls-asn1/src/asn1parse.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/md.c");
|
||||
conf.file("../../ext/mbedtls/crypto/library/sha512.c");
|
||||
conf.file("../../ext/mbedtls/library/platform.c");
|
||||
conf.file("../../ext/mbedtls/library/platform_util.c");
|
||||
conf.file("../../ext/mbedtls/library/aes.c");
|
||||
conf.file("../../ext/mbedtls/library/sha256.c");
|
||||
conf.file("../../ext/mbedtls/library/md.c");
|
||||
conf.file("../../ext/mbedtls/library/sha512.c");
|
||||
}
|
||||
|
||||
if sig_rsa && enc_kw {
|
||||
|
|
@ -338,6 +342,7 @@ fn main() {
|
|||
if sig_rsa || sig_rsa3072 {
|
||||
conf.file("../../boot/bootutil/src/image_rsa.c");
|
||||
} else if sig_ecdsa || sig_ecdsa_mbedtls {
|
||||
conf.include("../../ext/mbedtls/include");
|
||||
conf.file("../../boot/bootutil/src/image_ec256.c");
|
||||
} else if sig_ed25519 {
|
||||
conf.file("../../boot/bootutil/src/image_ed25519.c");
|
||||
|
|
@ -370,8 +375,8 @@ fn main() {
|
|||
walk_dir("../../ext/tinycrypt/lib/source").unwrap();
|
||||
walk_dir("../../ext/mbedtls-asn1").unwrap();
|
||||
walk_dir("csupport").unwrap();
|
||||
walk_dir("../../ext/mbedtls/crypto/include").unwrap();
|
||||
walk_dir("../../ext/mbedtls/crypto/library").unwrap();
|
||||
walk_dir("../../ext/mbedtls/include").unwrap();
|
||||
walk_dir("../../ext/mbedtls/library").unwrap();
|
||||
}
|
||||
|
||||
// Output the names of all files within a directory so that Cargo knows when to rebuild.
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
|
||||
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR
|
||||
#include <bootutil/bootutil_log.h>
|
||||
#include "bootutil/crypto/common.h"
|
||||
|
||||
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
||||
|
||||
|
|
@ -91,15 +92,15 @@ parse_pubkey(mbedtls_rsa_context *ctx, uint8_t **p, uint8_t *end)
|
|||
return -6;
|
||||
}
|
||||
|
||||
if (mbedtls_asn1_get_mpi(p, end, &ctx->N) != 0) {
|
||||
if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(N)) != 0) {
|
||||
return -7;
|
||||
}
|
||||
|
||||
if (mbedtls_asn1_get_mpi(p, end, &ctx->E) != 0) {
|
||||
if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(E)) != 0) {
|
||||
return -8;
|
||||
}
|
||||
|
||||
ctx->len = mbedtls_mpi_size(&ctx->N);
|
||||
ctx->MBEDTLS_CONTEXT_MEMBER(len) = mbedtls_mpi_size(&ctx->MBEDTLS_CONTEXT_MEMBER(N));
|
||||
|
||||
if (*p != end) {
|
||||
return -9;
|
||||
|
|
@ -141,7 +142,12 @@ int rsa_oaep_encrypt_(const uint8_t *pubkey, unsigned pubkey_len,
|
|||
|
||||
mbedtls_platform_set_calloc_free(calloc, free);
|
||||
|
||||
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
|
||||
mbedtls_rsa_init(&ctx);
|
||||
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
|
||||
#else
|
||||
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
|
||||
#endif
|
||||
|
||||
cp = (uint8_t *)pubkey;
|
||||
cpend = cp + pubkey_len;
|
||||
|
|
@ -151,8 +157,13 @@ int rsa_oaep_encrypt_(const uint8_t *pubkey, unsigned pubkey_len,
|
|||
goto done;
|
||||
}
|
||||
|
||||
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
|
||||
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL,
|
||||
NULL, 0, seckey_len, seckey, encbuf);
|
||||
#else
|
||||
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
NULL, 0, seckey_len, seckey, encbuf);
|
||||
#endif
|
||||
if (rc) {
|
||||
goto done;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue