Merge pull request #12767 from Patater/update-to-tls-2.21.0

Upgrade to Mbed TLS 2.21.0 and Mbed Crypto 3.1.0

TESTS/mbed-crypto/sanity/main.cpp

@@ -262,13 +262,13 @@ void test_crypto_asymmetric_sign_verify(void)
  psa_set_key_algorithm(&attributes, alg);
  psa_set_key_type(&attributes, key_type);
  TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
- TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
-  signature, sizeof(signature), &signature_len));
+ TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_sign_hash(key_handle, alg, input, sizeof(input),
+ signature, sizeof(signature), &signature_len));
  TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
  TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_signature, signature, signature_len);
 
- TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_verify(key_handle, alg, input, sizeof(input),
-  signature, signature_len));
+ TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_verify_hash(key_handle, alg, input, sizeof(input),
+ signature, signature_len));
  TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
 }
 

TESTS/psa/attestation/main.cpp

@@ -98,7 +98,7 @@ static void check_initial_attestation_get_token()
  TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
  status = psa_attestation_inject_key(private_key_data,
  sizeof(private_key_data),
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1),
  exported,
  sizeof(exported),
  &exported_length);

TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp

@@ -348,7 +348,7 @@ void test_use_other_partition_key_aead(void)
 void test_use_other_partition_key_asymmetric_sign_verify(void)
 {
  static const psa_key_id_t key_id = 999;
- static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1);
+ static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1);
  static const psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
  static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
  static const size_t key_bits = 256;
@@ -373,12 +373,12 @@ void test_use_other_partition_key_asymmetric_sign_verify(void)
  TEST_ASSERT_NOT_EQUAL(0, key_handle);
 
  /* try to asymmetric sign using the key that was created by the test partition */
- TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_sign(key_handle, key_alg, input, sizeof(input),
-  signature, sizeof(signature), &len));
+ TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_sign_hash(key_handle, key_alg, input, sizeof(input),
+ signature, sizeof(signature), &len));
 
  /* try to asymmetric verify using the key that was created by the test partition */
- TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_verify(key_handle, key_alg, input, sizeof(input),
-  signature, sizeof(signature)));
+ TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_verify_hash(key_handle, key_alg, input, sizeof(input),
+ signature, sizeof(signature)));
 
  /* via test partition - destroy the key created by the test partition */
  TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c

@@ -58,13 +58,13 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
  return T_COSE_ERR_NO_KID;
  }
 
- crypto_ret = psa_asymmetric_sign(handle,
-  PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
-  hash_to_sign.ptr,
-  hash_to_sign.len,
-  signature_buffer.ptr,
-  signature_buffer.len,
-  &(signature->len));
+ crypto_ret = psa_sign_hash(handle,
+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+ hash_to_sign.ptr,
+ hash_to_sign.len,
+ signature_buffer.ptr,
+ signature_buffer.len,
+ &(signature->len));
 
 
  if (crypto_ret != PSA_SUCCESS)

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c

@@ -48,21 +48,12 @@ static psa_status_t get_curve(psa_key_type_t type, enum ecc_curve_t *curve_type)
 {
  psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE(type);
  switch (curve) {
- case PSA_ECC_CURVE_SECP256R1:
+ case PSA_ECC_CURVE_SECP_R1:
  *curve_type = P_256;
  break;
- case PSA_ECC_CURVE_SECP384R1:
- *curve_type = P_384;
- break;
- case PSA_ECC_CURVE_SECP521R1:
- *curve_type = P_521;
- break;
- case PSA_ECC_CURVE_CURVE25519:
+ case PSA_ECC_CURVE_MONTGOMERY:
  *curve_type = X25519;
  break;
- case PSA_ECC_CURVE_CURVE448:
- *curve_type = X448;
- break;
  default:
  return (PSA_ERROR_NOT_SUPPORTED);
  }

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c

@@ -942,7 +942,7 @@ attest_create_token(struct useful_buf_c *challenge,
 
 /* Limitations of the current implementation:
  * - Token is not signed yet properly, just a fake signature is added to the
- * token due to lack of psa_asymmetric_sign() implementation in crypto
+ * token due to lack of psa_sign_hash() implementation in crypto
  * service.
  */
 enum psa_attest_err_t

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -87,8 +87,8 @@ typedef enum psa_sec_function_s {
  PSA_AEAD_FINISH,
  PSA_AEAD_VERIFY,
  PSA_AEAD_ABORT,
- PSA_ASYMMETRIC_SIGN,
- PSA_ASYMMETRIC_VERIFY,
+ PSA_SIGN_HASH,
+ PSA_VERIFY_HASH,
  PSA_ASYMMETRIC_ENCRYPT,
  PSA_ASYMMETRIC_DECRYPT,
  PSA_KEY_DERIVATION_SETUP,

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

@@ -1216,16 +1216,16 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
  return ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true);
 }
 
-psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
-  psa_algorithm_t alg,
-  const uint8_t *hash,
-  size_t hash_length,
-  uint8_t *signature,
-  size_t signature_size,
-  size_t *signature_length)
+psa_status_t psa_sign_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
 {
  psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
- .func = PSA_ASYMMETRIC_SIGN,
+ .func = PSA_SIGN_HASH,
  .handle = handle,
  .alg = alg,
  .input_length = 0,
@@ -1246,15 +1246,15 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
  return (status);
 }
 
-psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
-  psa_algorithm_t alg,
-  const uint8_t *hash,
-  size_t hash_length,
-  const uint8_t *signature,
-  size_t signature_size)
+psa_status_t psa_verify_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_size)
 {
  psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
- .func = PSA_ASYMMETRIC_VERIFY,
+ .func = PSA_VERIFY_HASH,
  .handle = handle,
  .alg = alg,
  .input_length = 0,

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -59,8 +59,8 @@ extern "C" {
 #define psa_aead_finish psa_sec_aead_finish
 #define psa_aead_verify psa_sec_aead_verify
 #define psa_aead_abort psa_sec_aead_abort
-#define psa_asymmetric_sign psa_sec_asymmetric_sign
-#define psa_asymmetric_verify psa_sec_asymmetric_verify
+#define psa_sign_hash psa_sec_sign_hash
+#define psa_verify_hash psa_sec_verify_hash
 #define psa_asymmetric_encrypt psa_sec_asymmetric_encrypt
 #define psa_asymmetric_decrypt psa_sec_asymmetric_decrypt
 #define psa_key_derivation_setup psa_sec_key_derivation_setup

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

@@ -989,7 +989,7 @@ static void psa_asymmetric_operation(void)
  }
 
  switch (psa_crypto.func) {
- case PSA_ASYMMETRIC_SIGN: {
+ case PSA_SIGN_HASH: {
  uint8_t *signature = NULL;
  uint8_t *hash = NULL;
  size_t signature_length = 0,
@@ -1015,9 +1015,9 @@ static void psa_asymmetric_operation(void)
  }
 
  if (status == PSA_SUCCESS) {
- status = psa_asymmetric_sign(psa_crypto.handle, psa_crypto.alg,
-  hash, hash_size,
-  signature, signature_size, &signature_length);
+ status = psa_sign_hash(psa_crypto.handle, psa_crypto.alg,
+ hash, hash_size,
+ signature, signature_size, &signature_length);
 
  if (status == PSA_SUCCESS) {
  psa_write(msg.handle, 0, signature, signature_length);
@@ -1030,7 +1030,7 @@ static void psa_asymmetric_operation(void)
  break;
  }
 
- case PSA_ASYMMETRIC_VERIFY: {
+ case PSA_VERIFY_HASH: {
  uint8_t *signature = NULL;
  uint8_t *hash = NULL;
  size_t signature_size = msg.in_size[1],
@@ -1060,9 +1060,9 @@ static void psa_asymmetric_operation(void)
  }
 
  if (status == PSA_SUCCESS) {
- status = psa_asymmetric_verify(psa_crypto.handle, psa_crypto.alg,
-  hash, hash_size,
-  signature, signature_size);
+ status = psa_verify_hash(psa_crypto.handle, psa_crypto.alg,
+ hash, hash_size,
+ signature, signature_size);
  }
 
  mbedtls_free(signature);

features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp

@@ -63,7 +63,7 @@ static void psa_attestation_inject_key_for_test(void)
  psa_attestation_destroy_key_for_test();
  psa_attestation_inject_key(private_key_data,
  sizeof(private_key_data),
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1),
  exported,
  sizeof(exported),
  &exported_length);

features/mbedtls/VERSION.txt

@@ -1 +1 @@
-mbedtls-2.20.0d0
+mbedtls-2.21.0

features/mbedtls/importer/Makefile

@@ -27,8 +27,8 @@
 #
 
 # Set the mbed TLS release to import (this can/should be edited before import)
-MBED_TLS_RELEASE ?= mbedtls-2.20.0d0
-MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git
+MBED_TLS_RELEASE ?= mbedtls-2.21.0
+MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls.git
 
 # Translate between mbed TLS namespace and mbed namespace
 TARGET_PREFIX:=../

features/mbedtls/inc/mbedtls/check_config.h

@@ -342,6 +342,14 @@
 #error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_PKCS11_C)
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
+#elif defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
+#endif
+#endif /* MBEDTLS_PKCS11_C */
+
 #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
 #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
 #endif
@@ -769,6 +777,22 @@
 #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
 #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
 
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
+#elif defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
+#endif
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
+#elif defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
+#endif
+#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+
 /*
  * Avoid warning from -pedantic. This is a convenient place for this
  * workaround since this is included by every single file before the

features/mbedtls/inc/mbedtls/config.h

@@ -249,27 +249,27 @@
 /**
  * \def MBEDTLS_DEPRECATED_WARNING
  *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
+ * Mark deprecated functions and features so that they generate a warning if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
  *
  * This only works with GCC and Clang. With other compilers, you may want to
  * use MBEDTLS_DEPRECATED_REMOVED
  *
- * Uncomment to get warnings on using deprecated functions.
+ * Uncomment to get warnings on using deprecated functions and features.
  */
 //#define MBEDTLS_DEPRECATED_WARNING
 
 /**
  * \def MBEDTLS_DEPRECATED_REMOVED
  *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
+ * Remove deprecated functions and features so that they generate an error if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
  *
- * Uncomment to get errors on using deprecated functions.
+ * Uncomment to get errors on using deprecated functions and features.
  */
 //#define MBEDTLS_DEPRECATED_REMOVED
 
@@ -1587,6 +1587,9 @@
  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
  * SSL Server module (MBEDTLS_SSL_SRV_C).
  *
+ * \deprecated This option is deprecated and will be removed in a future
+ * version of Mbed TLS.
+ *
  * Uncomment this macro to enable support for SSLv2 Client Hello messages.
  */
 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1618,6 +1621,9 @@
  * Requires: MBEDTLS_MD5_C
  * MBEDTLS_SHA1_C
  *
+ * \deprecated This option is deprecated and will be removed in a future
+ * version of Mbed TLS.
+ *
  * Comment this macro to disable support for SSL 3.0
  */
 //#define MBEDTLS_SSL_PROTO_SSL3
@@ -2828,7 +2834,10 @@
 /**
  * \def MBEDTLS_PKCS11_C
  *
- * Enable wrapper for PKCS#11 smartcard support.
+ * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
+ *
+ * \deprecated This option is deprecated and will be removed in a future
+ * version of Mbed TLS.
  *
  * Module: library/pkcs11.c
  * Caller: library/pk.c

features/mbedtls/inc/mbedtls/error.h

@@ -52,9 +52,10 @@
  * For historical reasons, low-level error codes are divided in even and odd,
  * even codes were assigned first, and -1 is reserved for other errors.
  *
- * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
+ * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
  *
  * Module Nr Codes assigned
+ * ERROR 2 0x006E 0x0001
  * MPI 7 0x0002-0x0010
  * GCM 3 0x0012-0x0014 0x0013-0x0013
  * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
@@ -86,7 +87,7 @@
  * CHACHA20 3 0x0051-0x0055
  * POLY1305 3 0x0057-0x005B
  * CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM 1 0x0070-0x0072
+ * PLATFORM 2 0x0070-0x0072
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name ID Nr of Errors
@@ -112,6 +113,9 @@
 extern "C" {
 #endif
 
+#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */
+#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */
+
 /**
  * \brief Translate a mbed TLS error code into a string representation,
  * Result is truncated if necessary and always includes a terminating