From f4580cb6729ff287c66436fccdf622469d3c150b Mon Sep 17 00:00:00 2001 From: Sherry Zhang Date: Tue, 13 Jul 2021 22:07:31 +0800 Subject: [PATCH] Update mbedtls to mbedtls-3.0.0 Signed-off-by: Sherry Zhang Change-Id: If406625c09949cca7575d234807e49c00cbc2fa7 --- ext/mbedtls | 2 +- sim/mcuboot-sys/build.rs | 119 +++++++++++++++++---------------- sim/mcuboot-sys/csupport/run.c | 17 ++++- 3 files changed, 77 insertions(+), 61 deletions(-) diff --git a/ext/mbedtls b/ext/mbedtls index 74692aeb..8df2f8e7 160000 --- a/ext/mbedtls +++ b/ext/mbedtls @@ -1 +1 @@ -Subproject commit 74692aeb8c7e2c1c0f273592d87472a6f2aabacf +Subproject commit 8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs index 082899c9..6f16f041 100644 --- a/sim/mcuboot-sys/build.rs +++ b/sim/mcuboot-sys/build.rs @@ -75,15 +75,15 @@ fn main() { } conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.include("../../ext/mbedtls/crypto/include"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); + conf.include("../../ext/mbedtls/include"); + conf.file("../../ext/mbedtls/library/sha256.c"); conf.file("csupport/keys.c"); - conf.file("../../ext/mbedtls/crypto/library/rsa.c"); - conf.file("../../ext/mbedtls/crypto/library/bignum.c"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); - conf.file("../../ext/mbedtls/crypto/library/asn1parse.c"); + conf.file("../../ext/mbedtls/library/rsa.c"); + conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/asn1parse.c"); } else if sig_ecdsa { conf.define("MCUBOOT_SIGN_EC256", None); conf.define("MCUBOOT_USE_TINYCRYPT", None); @@ -100,24 +100,24 @@ fn main() { conf.file("../../ext/tinycrypt/lib/source/ecc.c"); conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c"); conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c"); - + conf.include("../../ext/mbedtls/library"); conf.file("../../ext/mbedtls-asn1/src/platform_util.c"); conf.file("../../ext/mbedtls-asn1/src/asn1parse.c"); } else if sig_ecdsa_mbedtls { conf.define("MCUBOOT_SIGN_EC256", None); conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.include("../../ext/mbedtls/crypto/include"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); + conf.include("../../ext/mbedtls/include"); + conf.file("../../ext/mbedtls/library/sha256.c"); conf.file("csupport/keys.c"); - conf.file("../../ext/mbedtls/crypto/library/asn1parse.c"); - conf.file("../../ext/mbedtls/crypto/library/bignum.c"); - conf.file("../../ext/mbedtls/crypto/library/ecdsa.c"); - conf.file("../../ext/mbedtls/crypto/library/ecp.c"); - conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/ecdsa.c"); + conf.file("../../ext/mbedtls/library/ecp.c"); + conf.file("../../ext/mbedtls/library/ecp_curves.c"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); } else if sig_ed25519 { conf.define("MCUBOOT_SIGN_ED25519", None); conf.define("MCUBOOT_USE_TINYCRYPT", None); @@ -137,8 +137,9 @@ fn main() { // configuration file bundled with mbedTLS is sufficient. // When using ECIES-P256 rely on Tinycrypt. conf.define("MCUBOOT_USE_MBED_TLS", None); - conf.include("../../ext/mbedtls/crypto/include"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); + conf.include("../../ext/mbedtls/include"); + conf.file("../../ext/mbedtls/library/sha256.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); } if overwrite_only { @@ -163,17 +164,18 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.include("../../ext/mbedtls/crypto/include"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); + conf.include("../../ext/mbedtls/include"); + conf.include("../../ext/mbedtls/library"); + conf.file("../../ext/mbedtls/library/sha256.c"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); - conf.file("../../ext/mbedtls/crypto/library/rsa.c"); - conf.file("../../ext/mbedtls/crypto/library/rsa_internal.c"); - conf.file("../../ext/mbedtls/crypto/library/md.c"); - conf.file("../../ext/mbedtls/crypto/library/aes.c"); - conf.file("../../ext/mbedtls/crypto/library/bignum.c"); - conf.file("../../ext/mbedtls/crypto/library/asn1parse.c"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/rsa.c"); + conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c"); + conf.file("../../ext/mbedtls/library/md.c"); + conf.file("../../ext/mbedtls/library/aes.c"); + conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/asn1parse.c"); } if enc_kw || enc_aes256_kw { @@ -187,17 +189,18 @@ fn main() { conf.file("csupport/keys.c"); if sig_rsa || sig_rsa3072 { - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); + conf.file("../../ext/mbedtls/library/sha256.c"); } /* Simulator uses Mbed-TLS to wrap keys */ - conf.include("../../ext/mbedtls/crypto/include"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); - conf.file("../../ext/mbedtls/crypto/library/nist_kw.c"); - conf.file("../../ext/mbedtls/crypto/library/cipher.c"); - conf.file("../../ext/mbedtls/crypto/library/cipher_wrap.c"); - conf.file("../../ext/mbedtls/crypto/library/aes.c"); + conf.include("../../ext/mbedtls/include"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.include("../../ext/mbedtls/library"); + conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/nist_kw.c"); + conf.file("../../ext/mbedtls/library/cipher.c"); + conf.file("../../ext/mbedtls/library/cipher_wrap.c"); + conf.file("../../ext/mbedtls/library/aes.c"); if sig_ecdsa { conf.define("MCUBOOT_USE_TINYCRYPT", None); @@ -253,19 +256,19 @@ fn main() { conf.define("MCUBOOT_USE_MBED_TLS", None); conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None); - conf.include("../../ext/mbedtls/crypto/include"); + conf.include("../../ext/mbedtls/include"); conf.file("../../boot/bootutil/src/encrypted.c"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); - conf.file("../../ext/mbedtls/crypto/library/asn1parse.c"); - conf.file("../../ext/mbedtls/crypto/library/bignum.c"); - conf.file("../../ext/mbedtls/crypto/library/ecdh.c"); - conf.file("../../ext/mbedtls/crypto/library/md.c"); - conf.file("../../ext/mbedtls/crypto/library/aes.c"); - conf.file("../../ext/mbedtls/crypto/library/ecp.c"); - conf.file("../../ext/mbedtls/crypto/library/ecp_curves.c"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/sha256.c"); + conf.file("../../ext/mbedtls/library/asn1parse.c"); + conf.file("../../ext/mbedtls/library/bignum.c"); + conf.file("../../ext/mbedtls/library/ecdh.c"); + conf.file("../../ext/mbedtls/library/md.c"); + conf.file("../../ext/mbedtls/library/aes.c"); + conf.file("../../ext/mbedtls/library/ecp.c"); + conf.file("../../ext/mbedtls/library/ecp_curves.c"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); conf.file("csupport/keys.c"); } @@ -306,16 +309,17 @@ fn main() { conf.file("../../boot/bootutil/src/encrypted.c"); conf.file("csupport/keys.c"); - conf.include("../../ext/mbedtls/crypto/include"); + conf.include("../../ext/mbedtls/include"); + conf.include("../../ext/mbedtls-asn1/include"); conf.file("../../ext/fiat/src/curve25519.c"); conf.file("../../ext/mbedtls-asn1/src/platform_util.c"); conf.file("../../ext/mbedtls-asn1/src/asn1parse.c"); - conf.file("../../ext/mbedtls/crypto/library/platform.c"); - conf.file("../../ext/mbedtls/crypto/library/platform_util.c"); - conf.file("../../ext/mbedtls/crypto/library/aes.c"); - conf.file("../../ext/mbedtls/crypto/library/sha256.c"); - conf.file("../../ext/mbedtls/crypto/library/md.c"); - conf.file("../../ext/mbedtls/crypto/library/sha512.c"); + conf.file("../../ext/mbedtls/library/platform.c"); + conf.file("../../ext/mbedtls/library/platform_util.c"); + conf.file("../../ext/mbedtls/library/aes.c"); + conf.file("../../ext/mbedtls/library/sha256.c"); + conf.file("../../ext/mbedtls/library/md.c"); + conf.file("../../ext/mbedtls/library/sha512.c"); } if sig_rsa && enc_kw { @@ -338,6 +342,7 @@ fn main() { if sig_rsa || sig_rsa3072 { conf.file("../../boot/bootutil/src/image_rsa.c"); } else if sig_ecdsa || sig_ecdsa_mbedtls { + conf.include("../../ext/mbedtls/include"); conf.file("../../boot/bootutil/src/image_ec256.c"); } else if sig_ed25519 { conf.file("../../boot/bootutil/src/image_ed25519.c"); @@ -370,8 +375,8 @@ fn main() { walk_dir("../../ext/tinycrypt/lib/source").unwrap(); walk_dir("../../ext/mbedtls-asn1").unwrap(); walk_dir("csupport").unwrap(); - walk_dir("../../ext/mbedtls/crypto/include").unwrap(); - walk_dir("../../ext/mbedtls/crypto/library").unwrap(); + walk_dir("../../ext/mbedtls/include").unwrap(); + walk_dir("../../ext/mbedtls/library").unwrap(); } // Output the names of all files within a directory so that Cargo knows when to rebuild. diff --git a/sim/mcuboot-sys/csupport/run.c b/sim/mcuboot-sys/csupport/run.c index 201b50ba..78b273a1 100644 --- a/sim/mcuboot-sys/csupport/run.c +++ b/sim/mcuboot-sys/csupport/run.c @@ -24,6 +24,7 @@ #define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR #include +#include "bootutil/crypto/common.h" #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) @@ -91,15 +92,15 @@ parse_pubkey(mbedtls_rsa_context *ctx, uint8_t **p, uint8_t *end) return -6; } - if (mbedtls_asn1_get_mpi(p, end, &ctx->N) != 0) { + if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(N)) != 0) { return -7; } - if (mbedtls_asn1_get_mpi(p, end, &ctx->E) != 0) { + if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(E)) != 0) { return -8; } - ctx->len = mbedtls_mpi_size(&ctx->N); + ctx->MBEDTLS_CONTEXT_MEMBER(len) = mbedtls_mpi_size(&ctx->MBEDTLS_CONTEXT_MEMBER(N)); if (*p != end) { return -9; @@ -141,7 +142,12 @@ int rsa_oaep_encrypt_(const uint8_t *pubkey, unsigned pubkey_len, mbedtls_platform_set_calloc_free(calloc, free); +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + mbedtls_rsa_init(&ctx); + mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); +#else mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); +#endif cp = (uint8_t *)pubkey; cpend = cp + pubkey_len; @@ -151,8 +157,13 @@ int rsa_oaep_encrypt_(const uint8_t *pubkey, unsigned pubkey_len, goto done; } +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, + NULL, 0, seckey_len, seckey, encbuf); +#else rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, MBEDTLS_RSA_PUBLIC, NULL, 0, seckey_len, seckey, encbuf); +#endif if (rc) { goto done; }