Merge pull request #88 from hug-dev/mbedtls-3.0

Move to Mbed TLS version 3.0.0
parallaxsecond · Jul 16, 2021 · f8f1272 · f8f1272
2 parents 0c70386 + fe7cd01
commit f8f1272
Show file tree

Hide file tree

Showing 9 changed files with 99 additions and 71 deletions.
diff --git a/ci.sh b/ci.sh
@@ -57,19 +57,19 @@ cargo build --no-default-features --features no-std
 # Test dynamic linking
 git clone https://github.com/ARMmbed/mbedtls.git
 pushd mbedtls
-git checkout mbedtls-2.25.0
+git checkout v3.0.0
 ./scripts/config.py crypto
 SHARED=1 make
 popd
 
+# Clean before to only build the interface
+cargo clean
+MBEDTLS_INCLUDE_DIR=$(pwd)/mbedtls/include cargo build --release --no-default-features --features interface
+
 # Clean before to force dynamic linking
 cargo clean
 MBEDTLS_LIB_DIR=$(pwd)/mbedtls/library MBEDTLS_INCLUDE_DIR=$(pwd)/mbedtls/include cargo build --release
 
 # Clean before to force static linking
 cargo clean
 MBEDTLS_LIB_DIR=$(pwd)/mbedtls/library MBEDTLS_INCLUDE_DIR=$(pwd)/mbedtls/include MBEDCRYPTO_STATIC=1 cargo build --release
-
-# Clean before to only build the interface
-cargo clean
-MBEDTLS_INCLUDE_DIR=$(pwd)/mbedtls/include cargo build --release --no-default-features --features interface
diff --git a/psa-crypto-sys/src/c/shim.c b/psa-crypto-sys/src/c/shim.c
@@ -280,12 +280,12 @@ shim_PSA_ALG_FULL_LENGTH_MAC(psa_algorithm_t mac_alg) {
 
 psa_algorithm_t
 shim_PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(psa_algorithm_t aead_alg) {
- return PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg);
+ return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg);
 }
 
 psa_algorithm_t
 shim_PSA_ALG_AEAD_WITH_SHORTENED_TAG(psa_algorithm_t aead_alg, size_t tag_length) {
- return PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length);
+ return PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length);
 }
 
 psa_algorithm_t
@@ -399,21 +399,21 @@ shim_PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits
 }
 
 size_t
-shim_PSA_KEY_EXPORT_MAX_SIZE(psa_key_type_t key_type, size_t key_bits)
+shim_PSA_EXPORT_KEY_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits)
 {
- return PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
+ return PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
 }
 
 size_t
 shim_PSA_HASH_LENGTH(psa_algorithm_t alg)
 {
- return PSA_HASH_SIZE(alg);
+ return PSA_HASH_LENGTH(alg);
 }
 
 size_t
 shim_PSA_MAC_LENGTH(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg)
 {
- return PSA_MAC_FINAL_SIZE(key_type, key_bits, alg);
+ return PSA_MAC_LENGTH(key_type, key_bits, alg);
 }
 
 size_t
@@ -423,19 +423,19 @@ shim_PSA_MAC_TRUNCATED_LENGTH(psa_algorithm_t alg)
 }
 
 size_t
-shim_PSA_AEAD_TAG_LENGTH(/*psa_key_type_t key_type, size_t key_bits, Spec states these are required */psa_algorithm_t alg)
+shim_PSA_AEAD_TAG_LENGTH(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg)
 {
- return PSA_AEAD_TAG_LENGTH(/*key_type, key_bits, Spec states these are required*/ alg);
+ return PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg);
 }
 
 size_t
-shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(psa_algorithm_t aead_alg, size_t plaintext_bytes)
+shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(psa_key_type_t key_type, psa_algorithm_t aead_alg, size_t plaintext_length)
 {
- return PSA_AEAD_ENCRYPT_OUTPUT_SIZE(aead_alg, plaintext_bytes);
+ return PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, aead_alg, plaintext_length);
 }
 
 size_t
-shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(psa_algorithm_t aead_alg, size_t ciphertext_bytes)
+shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(psa_key_type_t key_type, psa_algorithm_t aead_alg, size_t ciphertext_length)
 {
- return PSA_AEAD_DECRYPT_OUTPUT_SIZE(aead_alg, ciphertext_bytes);
+ return PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, aead_alg, ciphertext_length);
 }
diff --git a/psa-crypto-sys/src/c/shim.h b/psa-crypto-sys/src/c/shim.h
@@ -83,10 +83,10 @@ psa_key_type_t shim_PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_key_type_t key_type)
 size_t shim_PSA_SIGN_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg);
 size_t shim_PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg);
 size_t shim_PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg);
-size_t shim_PSA_KEY_EXPORT_MAX_SIZE(psa_key_type_t key_type, size_t key_bits);
+size_t shim_PSA_EXPORT_KEY_OUTPUT_SIZE(psa_key_type_t key_type, size_t key_bits);
 size_t shim_PSA_HASH_LENGTH(psa_algorithm_t alg);
 size_t shim_PSA_MAC_LENGTH(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg);
 size_t shim_PSA_MAC_TRUNCATED_LENGTH(psa_algorithm_t alg);
-size_t shim_PSA_AEAD_TAG_LENGTH(/*psa_key_type_t key_type, size_t key_bits, Spec states these are required*/psa_algorithm_t alg);
-size_t shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(psa_algorithm_t aead_alg, size_t plaintext_bytes);
-size_t shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(psa_algorithm_t aead_alg, size_t ciphertext_bytes);
+size_t shim_PSA_AEAD_TAG_LENGTH(psa_key_type_t key_type, size_t key_bits, psa_algorithm_t alg);
+size_t shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(psa_key_type_t key_type, psa_algorithm_t aead_alg, size_t plaintext_length);
+size_t shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(psa_key_type_t key_type, psa_algorithm_t aead_alg, size_t ciphertext_length);
diff --git a/psa-crypto-sys/src/shim.rs b/psa-crypto-sys/src/shim.rs
@@ -333,7 +333,7 @@ pub unsafe fn PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(
 }
 
 pub unsafe fn PSA_EXPORT_KEY_OUTPUT_SIZE(key_type: psa_key_type_t, key_bits: usize) -> usize {
- psa_crypto_binding::shim_PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits)
+ psa_crypto_binding::shim_PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits)
 }
 
 pub fn PSA_HASH_LENGTH(alg: psa_algorithm_t) -> usize {
@@ -354,23 +354,25 @@ pub unsafe fn PSA_MAC_TRUNCATED_LENGTH(alg: psa_algorithm_t) -> usize {
 }
 
 pub fn PSA_AEAD_TAG_LENGTH(
- /*key_type: psa_key_type_t,
+ key_type: psa_key_type_t,
  key_bits: usize,
- Spec states these are requried
- */
  alg: psa_algorithm_t,
 ) -> usize {
- unsafe {
- psa_crypto_binding::shim_PSA_AEAD_TAG_LENGTH(
- /*key_type, key_bits, Spec states these are required */ alg,
- )
- }
+ unsafe { psa_crypto_binding::shim_PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) }
 }
 
-pub unsafe fn PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg: psa_algorithm_t, plaintext_bytes: usize) -> usize {
- psa_crypto_binding::shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_bytes)
+pub unsafe fn PSA_AEAD_ENCRYPT_OUTPUT_SIZE(
+ key_type: psa_key_type_t,
+ alg: psa_algorithm_t,
+ plaintext_length: usize,
+) -> usize {
+ psa_crypto_binding::shim_PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length)
 }
 
-pub unsafe fn PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg: psa_algorithm_t, ciphertext_bytes: usize) -> usize {
- psa_crypto_binding::shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_bytes)
+pub unsafe fn PSA_AEAD_DECRYPT_OUTPUT_SIZE(
+ key_type: psa_key_type_t,
+ alg: psa_algorithm_t,
+ ciphertext_length: usize,
+) -> usize {
+ psa_crypto_binding::shim_PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length)
 }
diff --git a/psa-crypto-sys/vendor b/psa-crypto-sys/vendor
diff --git a/psa-crypto/src/types/key.rs b/psa-crypto/src/types/key.rs
@@ -439,7 +439,7 @@ impl Attributes {
  self.compatible_with_alg(alg.into())?;
  Ok(unsafe {
  psa_crypto_sys::PSA_AEAD_ENCRYPT_OUTPUT_SIZE(
- /*self.key_type.try_into() PSA API specifies including this parameter*/
+ self.key_type.try_into()?,
  alg.into(),
  plaintext_len,
  )
@@ -452,7 +452,7 @@ impl Attributes {
  self.compatible_with_alg(alg.into())?;
  Ok(unsafe {
  psa_crypto_sys::PSA_AEAD_DECRYPT_OUTPUT_SIZE(
- /*self.key_type.try_into() PSA API specifies including this parameter*/
+ self.key_type.try_into()?,
  alg.into(),
  ciphertext_len,
  )
@@ -464,7 +464,8 @@ impl Attributes {
  pub fn aead_tag_length(self, alg: Aead) -> Result<usize> {
  self.compatible_with_alg(alg.into())?;
  Ok(psa_crypto_sys::PSA_AEAD_TAG_LENGTH(
- /*self.key_type.try_into()?, self.bits, Spec states these are requried */
+ self.key_type.try_into()?,
+ self.bits,
  alg.into(),
  ))
  }
@@ -769,96 +770,96 @@ pub struct UsageFlags {
 
 impl UsageFlags {
  ///Setter for the export flag
- pub fn set_export(&mut self) -> &mut Self{
+ pub fn set_export(&mut self) -> &mut Self {
  self.export = true;
  self
  }
  ///Getter for the export flag
  pub fn export(&self) -> bool {
- return self.export;
+ self.export
  }
  ///Setter for the copy flag
- pub fn set_copy(&mut self) -> &mut Self{
+ pub fn set_copy(&mut self) -> &mut Self {
  self.copy = true;
  self
  }
  ///Getter for the copy flag
  pub fn copy(&self) -> bool {
- return self.copy;
+ self.copy
  }
  ///Setter for the cache flag
- pub fn set_cache(&mut self) -> &mut Self{
+ pub fn set_cache(&mut self) -> &mut Self {
  self.cache = true;
  self
  }
  ///Getter for the cache flag
  pub fn cache(&self) -> bool {
- return self.cache;
+ self.cache
  }
  ///Setter for the encrypt flag
- pub fn set_encrypt(&mut self) -> &mut Self{
+ pub fn set_encrypt(&mut self) -> &mut Self {
  self.encrypt = true;
  self
  }
  ///Getter for the encrypt flag
  pub fn encrypt(&self) -> bool {
- return self.encrypt;
+ self.encrypt
  }
  ///Setter for the decrypt flag
- pub fn set_decrypt(&mut self) -> &mut Self{
+ pub fn set_decrypt(&mut self) -> &mut Self {
  self.decrypt = true;
  self
  }
  ///Getter for the decrypt flag
  pub fn decrypt(&self) -> bool {
- return self.decrypt;
+ self.decrypt
  }
  ///Setter for the sign_hash flag (also sets the sign_message flag)
- pub fn set_sign_hash(&mut self) -> &mut Self{
+ pub fn set_sign_hash(&mut self) -> &mut Self {
  self.sign_hash = true;
  self.sign_message = true;
  self
  }
  ///Getter for the sign_hash flag
  pub fn sign_hash(&self) -> bool {
- return self.sign_hash;
+ self.sign_hash
  }
  ///Setter for the sign_message flag
- pub fn set_sign_message(&mut self) -> &mut Self{
+ pub fn set_sign_message(&mut self) -> &mut Self {
  self.sign_message = true;
  self
  }
  ///Getter for the sign_message flag
  pub fn sign_message(&self) -> bool {
- return self.sign_message;
+ self.sign_message
  }
  ///Setter for the verify_hash flag (also sets the varify_message flag)
- pub fn set_verify_hash(&mut self) -> &mut Self{
+ pub fn set_verify_hash(&mut self) -> &mut Self {
  self.verify_hash = true;
  self.verify_message = true;
  self
  }
  ///Getter for the verify_hash flag
  pub fn verify_hash(&self) -> bool {
- return self.verify_hash;
+ self.verify_hash
  }
  ///Setter for the verify_message flag
- pub fn set_verify_message(&mut self) -> &mut Self{
+ pub fn set_verify_message(&mut self) -> &mut Self {
  self.verify_message = true;
  self
  }
  ///Getter for the verify_message flag
  pub fn verify_message(&self) -> bool {
- return self.verify_message;
+ self.verify_message
  }
  ///Setter for the derive flag
- pub fn set_derive(&mut self) -> &mut Self{
+ pub fn set_derive(&mut self) -> &mut Self {
  self.derive = true;
  self
  }
  ///Getter for the derive flag
  pub fn derive(&self) -> bool {
- return self.derive;
+ self.derive
  }
 }